About

The site is fully functional without third-party JavaScript (excluding CDN & DNS) and cookies as I browse the Internet (including my own blog) with uBlock Origin hard mode on.

Optional first-party JavaScript, GDPR compliant

The only first-party JavaScript used are here to provide these functions:

  • cusdis.umd.js, iframe.umd.js & possibly zh-cn.js (in CJK posts): self-hosted Cusdis w/ security patches, an open-source & lightweight (less than 10kB) comment system. You can disable it by blocking https://log.vinfall.com/js/* Down for now as no one is really commenting and I’m tired of maintaining such a deprecated project.
  • script.js1: self-hosted umami, an open source Google Analytics alternative. It’s GDPR compliant by default plus my bonus setting to respect Do Not Track header in case anyone still use it. Moreover, it’s hosted in the data center of Frankfurt, Germany to improve privacy at the expense of speed. Of course Germany is still included in 14 Eyes countries but this is already the best choice on Vercel. Let’s go back to the topic, uBlock Origin would block the default umami.js in v1 and script.js in v2 as I don’t obfuscate the name. If that is not the case, you can disable it by blocking https://stat.vinfall.com/stats/script.js
  • katex.min.js & auto-render.min.js: KaTeX library for math typesetting, only loaded in posts with LaTeX support enabled. It’s supposed to work without client side JavaScript, but I have not found an elegant solution yet.

As you can see from the footer, this site is built by a static site generator named Hugo with all possible privacy enhanced settings turned on. Also, starting from 2024-01-28, there would be no new X (Twitter) outlinks to avoid Elon’s walled garden, which, to my surprise, is very easy since there is only one post containing such link.

There is no annoying cookie placeholder (with so-called essential cookies always enabled) you don’t care about or intrusive Enable JavaScript to Browse the Site banner. I make sure it’s hustle-free by default so you don’t have to.

Terminal friendly, and accessibility

Besides that, if you use good old TBB (Text-Based Browser) like W3M or Lynx, bare reading, created/updated date and word count will work fine. The only thing (excluding JavaScript/image ofc) not working is the Font Awesome CSS in the sidebar (or footer in portrait orientation), which should have rendered a few icons of my socials.

If you are using W3M, press <Shift> + <l> will list all links on the page including those social links.

It’s easier in Lynx: lynx -listonly -dump $URL. The hidden links are what you need.

I rarely add images/videos in posts as they usually have no benefit but distraction, but when I do, they are all converted using ImageMagick/FFmpeg into AVIF2/WebM formats and have proper name & alternative text so you get the idea without loading it in the first place.

I wished to add alternative typeface like OpenDyslexic to improve accessibility. But judging from google/fonts#558, it seems that such fonts are misleading and do not work much as intended.

Full-text RSS, even for tags

The site provides native full-text RSS. It’s also possible to receive updates for certain tags/categories simply by adding a /index.xml suffix. For example, if you only want a RSS for /tags/dev, just use /tags/dev/index.xml as your feed URL.

iCalendar subscription

iCalendar (ICS) subscription is also available as an alternative to RSS. Initially I wished to provide a post calendar view, just like the one Curl maintainer Daniel Stenberg has on his blog, but settled on this. You can subscribe ICS to have that on your local calendar instead.

SSL/TLS Full, HSTS and TLS 1.3

It’s almost common sense that we should go HTTPS and drop TLS 1.0/1.1, as SSL Labs (Nov 2023) reports over 99.5% of top sites have secure renegotiation.

The site is set to SSL/TLS Full (but not strict) in Cloudflare dashboard, with HTTP Strict Transport Security (HSTS) including subdomains enabled (but I have not set a Max-Age). It also have TLS 1.3 support of course, but that’s Vercel’s business. The minimum TLS version is set to TLS 1.2 as I see no request with lower versions for a long time.

Dark Theme

This is personal and may not be an awesome feature for many. But as one of those who values their retinas when working at 3 AM, I take pride in the membership of darktheme.club.

PGP-Signed Page

One killer feature of my previous blog framework bm is the ability to generate a signature for every output file in the built static site. It’s the only site generator I know about that has this feature, no matter dynamic or static.

I really miss this feature and could not find any resource to achieve this, except the blog of bm’s own author. And even himself does not use it now.So I spent a whole night and implemented it myself3.

We use about in this example (self-reference/fractal🤣):

# Import public key into GnuPG
wget https://blog.vinfall.com/pubkey.asc
gpg --import ./pubkey.asc

# Download and verify
wget https://blog.vinfall.com/about/
wget https://blog.vinfall.com/about/index.html.asc
TZ=UTC gpg --no-options --keyid-format long --verify index.html.asc index.html

The above should output a message containing Good signature, otherwise the file is corrupted. By the way, as long as you download the public key from the site and its fingerprint is A61AF15A44205E4B2BABFEA09A92DEDB762B3A03, you may safely discard any additional warning.

PS: If you are interested in adding this feature to your site, check Add PGP Signature to Hugo/Hexo/Any Static Site.

Todo

A list copied from my personal wiki, and provided as a demonstration of possible upcoming features. They may or may not get implemented anyway.

  • Add bio
  • Add Tartarus (personal blocklist)
  • Redirect certain HTTP Status Code to http.cat or HTTP Status Dogs
  • Add PGP public key to contact me
  • /random (need further investigation)
  • Copy code button (no JavaScript?)
  • Overlay image in pure CSS
  • Blog data visualization
  • Improve accessibility
  • Reading status bar/minimap
  • Add Lingva-translate button to page template
  • Add ABC Notation support
  • Alternative Internet protocol (doubt if anyone except me will use it…)
  • 3D model rendering
  • Mermaid rendering
  • Colored tags
  • Admonitions (Callouts)
  • Binary map mini-game…

The End

OK, so much talk on a site that transfers only 70 kB data4 when visiting this page. It cannot beat the speed of sourcehut5, but it gets most of my aesthetics & philosophy delivered.

  1. Blacklight reported 0 tracker by the way. ↩︎

  2. Starting from 2024-02-02 since MSEdge 121 rolls out with AVIF support in Jan 2024. ↩︎

  3. Please note I sign pages only (not images, CSS, non-existent JavaScript etc). ↩︎

  4. Open developer tools and check it yourself. Note in LaTeX-enabled posts this would be significantly larger but still relatively small ↩︎

  5. Sourcehut is the fastest. So what? ↩︎

Vinfall's Geekademy

VENI VIDI VICI

Awesome features the site offers.

Created 2022-10-06
Updated 2024-05-01
Contain 1104 words

#dev #writing #www