Navigation
Home
Home
RSSGit ServerBrowse Site on Tor
Welcome Image - LargeWelcome Image - SmallNixx's Blog
Welcome to my Magical Realm.
1 2 3 4 Next

Making a Popularity Contest out of my Website

A few of you may have noticed that I've just added a page detailing the 'popularity' of all my articles - in other words, how many 'GET' requests (individual downloads, from server to client) they have had.

It was something I had thought about doing for a while, and decided on a whim to do it today. It was easier to implement than I expected, taking an afternoon, and runs surprisingly quickly.

Being based wholly on user-agent information, there is no real privacy concerns to be seen here (as it is simple enough to spoof your user-agent and use Tor if you are concerned), it only tracks the times a page has individually been downloaded. The script may come to be useful for people looking to achieve a similar thing, although it is long enough it would be impractical to just paste and describe all of the script here.

The script looks for articles (I do not have to tell it which links to look for manually), uses grep to see how often a GET request occurs for each file in the nginx host logs, and does very basic arithmetic to calculate the size of bars to eventually display as HTML.

Findings

Most of what I found made sense, and has reassured me that everything is working correctly.

For example, my post on making a Tor mirror site as expected had more Tor hits than clearnet, although Tor users make up a minority on my site everywhere else. My latest article on 'Tetsuo: The Iron Man' is the lowest ranking, because it is new and has not had much traction yet.

And as I expected, my posts on how to approach shell scripting, Touhou, and YouTube on the terminal are among the highest ranking.

However, I didn't expect my Cloudflare rant to rank so high, neither my bad ASCII art post. I said 'bad' for a reason, guys.

This script will update nightly, and it should start ranking this post also. It should be interesting. That's all for now.

2021.01.09 22:32 GMTArticle Page

DIY Thigh Implants

If you hadn't already guessed, I'm referring to the film 'Tetsuo: The Iron Man' (鉄男: The Iron Man). I hope you didn't think I was planning on jamming a metal rod into a wound on my thigh, and are now disappointed.

I've still not entirely established to myself whatever it is I want to talk about on this website, but seeing as I've discussed a variety of things - some of which not belonging to me, such as my post on Qutebrowser or my post on PC-98 era Touhou games, there's no reason I can't talk about a film I really enjoy.

A frame from Tetsuo

There are a couple of reasons I feel like talking about it. I'm interested in a lot of media and various types of art, and you may notice references around my site, but I may not necessarily talk about them: this is generally because they're well-known. I feel Tetsuo is somewhat known, but not nearly as much as it should be.

And I get the feeling, among those following my site, there are many people that would enjoy a low-tech low-life body horror film. Tetsuo is referenced as a "cyberpunk" film, but Eastern and Western conceptualisations of "cyberpunk" wildly differ - Japanese cyberpunk tends to a depiction of industrial, metallic imagery, and a narrative that can lean more or less towards being incomprehensible. A good, better-known example may be the manga series/animated film Akira. Because of Tetsuo's dark and vivid imagery, surreal pacing, and low-budget underground production, I imagine many here would appreciate it. That, and it packs a lot into the space of an hour. I'm sure you can spare an hour.

I'm sure it goes without saying, but this is an adult film, neither for young children or the faint of heart. I mean, come on.

The production also stands as an example of how much you can do on a severely restricted budget. The camera is monochrome. The animation is done with stop-motion. The metal growth was produced by taping discarded electronics to the actors' bodies. And it looks fantastic. The thought put into the lighting, angle, and perspective of the camera shows. Occasionally the film drops into long indulgent footage, scrawling over wiring, metal, and industrial components to the enthralling beat of the original soundtrack by Chu Ishikawa (石川忠). Everything adds up, contributing to the vivid, claustrophobic, unhinged feeling of the film. That being said, it is rumoured that the production was such a painful experience most of the crew aside from the actors had left, and the director - Shinya Tsukamoto (塚本 晋也) - almost burned the negatives.

Animated scene from Tetsuo, of the maggot infested wound

Tetsuo does have an underlying plot - it isn't just a film about metal monstrosities beating each other around (though there's enough of that to taste). The plot itself is fairly straightforward, though requires some attention. I'll give a rough summary of the plot below, skip to avoid spoilers. This summary explains things (as far as I understand them) chronologically, rather than revealing secrets in the same order as the film, so if you've already seen it may help you understand.

Plot (spoilers, obviously)

The metal fetishist (MF) has a chunk of metal lodged into his brain. The doctor is surprised he is still breathing and has made it to a hospital. This may explain his fascination with implanting metal into his body, or may be a consequence of it. MF is at his hideout, full of rusted scrap metal and pictures of athletes. He rips open his thigh, and thrusts a metal rod inside. Presumably later, he unwraps it, to discover the wound is infested with maggots. Terrified, he runs out onto the road, and is hit by the car of a salaryman and his girlfriend (SM and GF). He dies upon being hit. SM and GF discard the body in a forest, having sex afterwards, in front of his makeshift grave. SM is tormented by daydreams and visions of industrial machinery. A metal spike protrudes from his cheek, which he covers. GF cannot stop thinking about the accident. On SM's way to work, a woman sitting next to him notices an amalgamation of flesh and metal on the ground, pokes it, and quickly becomes a puppet of MF's spirit. SM flees in terror to hide in a toilet, but is able to kill her with his own growing metal powers. SM later dreams of GF sodomising him with a giant metal phallus. SM and GF have sex after he has woken up. They eat a meal, but SM cannot stop thinking about metal, the chewing food sounds like scraping metal. SM's transformation accelerates. His penis has been transformed into a large metal drill. SM hides from GF, afraid to let her see him. GF convinces him to come out. GF is horrified, and her rejection of him after her confidence angers SM, and he attacks her. GF stabs him in the neck with a kitchen knife, and believing to have killed him, commits suicide by impaling herself on his spinning drill. As SM regains consciousness, MF laughs at him. SM has completed his transformation, and now MF is coming to hunt him down. SM tries to commit suicide by electrocution, but in his transformed state it only stimulates him further. SM possesses the body of GF, destroying all metal in his wake. MF easily overpowers SM, and shows him a vision of the "New World" - a world overcome by metal, depicting SM as a human trapped in a pod, then screaming, consumed by metal pipes and wires and stripped of flesh. MF chases SM through the city, beating him around, before MF is incapacitated by a vision from his childhood of being beaten by a vagrant with a metal stick. MF gets up and attempts to attack SM, but SM is now too powerful, and they absorb each other, becoming a single tank-like monstrosity. They claim with the power of their love, they will burn the world and return it to a rusted ball in space.

I found the whole thing weirdly moving, almost sympathetic. If I've not convinced you yet, you should listen to my jam, it's amazing. And if you've already seen and like it, you should find more of Shinya Tsukamoto's works, other films of Kei Fujiwara (不二稿 京) such as 'Organ', and try out some music from Chu Ishikawa.

Neither the image or the animation in this article belongs to me, they are taken from '鉄男: The Iron Man' and credit goes to respective parties.

2021.01.09 22:32 GMTArticle Page

All my Sites are Available on Tor

It's been a while. The longest I've left it actually, about a month or so. I make no promises to improve this track record, because I prefer quality to quantity, but it is good to be back. Life has been quite chaotic for some time.

Is there life on Tor?

My sites are now on the Tor network, and any further subdomains I make create will also be on the Tor network. For those less familiar, it may seem strange to host a site on the clearnet and associated with an IP address already as a hidden service, but there are anonymity advantages to never leaving at an "exit-node" and remaining on the Tor network.

And now, the links:

The sites are largely the same as their clearnet mirrors. There are two differences you may note with concealed.world - I don't bother to report on IP-based analytics (I can't see your IP), and I curate the Lainchan webring links to bring more focus to sites also on the Tor network.

As for git.concealed.world, yes, you can clone repositories directly from it. You would probably need to use torsocks, or something similar.

I won't make a separate post about how I set this up, as it is stuff you can all find fairly easily on the internet. I will point you to Tor's own documentation on running services and this "best practices" guide.

All the other work I have done is creating shell scripts for far easier housekeeping - rsync, chown, chmod, and dealing with systemd - but this is all the kind of thing you've seen elsewhere from me. As always, it's much easier to run something like 'sudo onion -c' than deal with a whole bunch of rsyncs and permission issues manually.

The dates on articles are wrong

You may also note that the dates on my articles no longer reflect when they were posted. If you were online around 9 PM GMT on the 8th (unlikely, but I'm sure you found it hilarious if you were), you will have seen that I accidentally deleted my whole site.

Yes, don't ask. I'd been doing a lot of fiddling at the back-end. I'm ashamed of me too.

Thankfully I had kept backups of most things, and only had to retype a few articles from my newsboat cache, and check it over in paranoia for a while.

I had never tried to claim that the dates were anything more that when an article file was last modified, but it's still annoying. For archival purposes, I'll mention this site got its first post on the 6th of July 2020, was first fiddled with over April (before I got distracted by video games), and posts following that were made in groups every few weeks. Based on the when I pushed to my Git server, you can tell approximately when I was active.

2021.01.09 22:32 GMTArticle Page

Automating Writing HTML

What kind of psychopath goes as far as to automate writing plain HTML? Well, me apparently.

At first I didn't think that going this far for automation would be worth it. It was actually my friend over at Saltorn that had suggested the idea to me, seeing as he can automate such things with Emacs when writing things of his own. I thought it would be too far to go in the name of automation, and that the returns would be diminishing.

But in actuality taking out more of the manual effort in writing allows a lot more free flow of consciousness, I tend to find I write more quickly and easily now.

You can find the script here. Although it's suited to my particular usage, you could quite easily adapt it yourself if you're looking to do something similar. I realised that the components I use in my articles could easily be boiled down to a dozen or so different elements, which I could write quick shorthand for.

The elements start consistently with a '@', which is a character I would rarely use, and end consistently with a ';'. Using non-frequent characters means it's less likely there will ever be a case in which it breaks.

And yes, I did write this article using the script, too. It's nice.

2021.01.09 22:31 GMTArticle Page

Making a Mess of an E-mail Host

I made an attempt at making my own e-mail server. I was talked into it by Qorg, who reminded me of the existence of the original emailwiz script by Luke Smith. Seeing as I run an Arch Linux server, rather than a Debian-derivative, I would attempt to port it.

I intended to finish this completely, if only for the sake of credibility when I share my findings regarding the process of setting up an e-mail server, but in the end I have left it 98% finished. For various reasons I'll talk about, it wasn't quite worth finishing for me. But still, nonetheless, I hope what I have learned from it can be of use to someone.

How would this in theory be done?

I have made a port of the script, to Arch Linux, which you can find here. If you use a Debian-derivative you can make use of the original script, but for the other handful of weirdos out there that use Arch as a server OS, this may help you. I've taken the time to test most aspects of the script and iron out bugs caused by the peculiarities between Debian and Arch. The README details much of the prerequisites, and the process involved in set-up.

As I have said, I got 98% of the way there before throwing in the towel, not 100%. I am confident that this script should get you most of the way there. It will not get you all of the way there, there will be debugging to be done, but it should make your set-up process substantially simpler than it would have been otherwise.

Is this a good idea to try?

Eh, maybe. Here's some criteria that may help you make up your mind on whether or not you should try it yourself, if you are interested.

You must be able to set up a PTR record (reverse DNS) to your e-mail host. You may need to negotiate it with your ISP, or your server provider. This also typically means you have a static IP. I suspect this was the stumbling block that made my set-up much more difficult, and without it your e-mail server will be much less useful (large providers will filter you).

You should meet more than half of these criteria:

Debugging is your friend

You will in all likelihood run into issues. Here's some good things to try:

Thoughts on the pros and cons of self-hosting mail

Privacy

Naturally, self-hosting will always be better from a privacy standpoint. The number of components you need to trust is smaller. Any other mail provider will be able to read your e-mails if they want to. Even if they offer server-side encryption in the event of a possible attack, this doesn't mean they can't decrypt it themselves.

Client-side encryption will to a degree somewhat level the playing field here. With client-side encryption, any mail you send is illegible to anyone par the sender and the recipient, provided your keys do not become compromised, no matter what e-mail provider you are using. Of course, if your e-mail provider has things like your real name, your phone number, and so on as part of registration, you are screwed anyway.

Security

This one will probably go to larger e-mail providers, rather than to small individual projects. Unless you really think you know security and administration better than teams of people serving thousands - if you do, I have no idea how you got here and why you're reading this. In most cases you will need to thoroughly educate yourself to be able to utilise a comparable level of security - although, it can be argued that a mail client serving a single individual or a few people is also a smaller and less enticing target for attacks.

Reliability

This could go either way. If you can guarantee the physical safety of your server, the lack of network traffic, you may find it to be more reliable and faster than a large provider. Or you may not. It really depends on your server, which you should know better than anyone.

Why have I left the e-mail server unfinished?

Mainly because it would not be worth it to me. As I mentioned, I cannot get a PTR record as I do not have a static IP address, so no reverse DNS lookups. This would make my e-mail less useful, as the e-mail I would send to large providers would be silently dropped and never reach their destination. I planned to finish this largely for the credibility in what I'm talking about. But, I decided to cut this short, because I'm beginning to build up a backlog of other things I'd like to do and things I would prefer to talk about.

My thoughts on some e-mail providers

If you've read all of the above, and would prefer to find a better, more privacy-respecting provider, but without going as far as making your own server, I have experience with some.

Cock.li

Their privacy policy is not bad, you can see for yourself. You can use your own clients. You can sign up via Tor (Cock.li additionally has a Tor address), there are no Captchas last I checked, no personal information is required, and there are no mandatory fees.

Note however that Cock.li is fairly honest about the fact that it's entirely possible to read your e-mails. They are transparent about this on their home page:

Cock.li doesn't parse your E-mail to provide you with targeted ads, nor does cock.li read E-mail contents unless it's for a legal court order. However, it is 100% possible for me to read E-mail, and IMAP/SMTP doesn't provide user-side/client-side encryption, so you're just going to have to take my word for it. Any encryption implementation would still technically allow me to read E-mail, too. This was true for Lavabit as well -- while your E-mail was stored encrypted (only if you were a paid member, which most people forget), E-mail could still technically be intercepted while being received / sent (SMTP), or while being read by your mail client (IMAP). For privacy, we recommend encrypting your E-mails using PGP using a mail client add-on like Enigmail, or downloading your mail locally with POP and regularly deleting your mail from our server.

With the lack of sign-up requirements and the ability to use your own clients - and when combined with use of client-side encryption - I find Cock.li works well for my use case. It sells itself as a joke service, but there are a few serious-sounding domains. People complain that it goes down, but in my experience that has been a number of times I could count on my hand in the last year, for a few hours at most.

Dismail.de

Dismail supports alternative mail clients, you may sign up with Tor without filling a Captcha, and it requires no personal information. The process of signing up requires you to respond to an automated message over XMPP, which in my experience I was waiting an hour or so.

Their terms of service do not sound ideal, and give the impression there are many ways in which you could be banned. One example is below:

sending of messages with the aim of harming or destroying, violate privacy, infringe the intellectual property, to issue statements offensive, fraudulent, obscene, racist, xenophobic, discriminatory, or any other form of content prohibited by law.

Why not Disroot/RiseUp/other privacy-respecting mail service?

As I said, I have tried many, and I found trying to apply to them impractical. RiseUp is an insider-invite-only service, and Disroot has a large list of potential offences you could fall under. Additionally, when signing up to Disroot, I was told to wait because it was the weekend. I came back during the week, and I was told to wait because it was the weekend. I try to balance maximising my privacy with ensuring actual practicality.

2021.01.09 22:31 GMTArticle Page

Fighting with Web Standards and the Scrollbar Fiasco

It has been a while. About a month, precisely, although you can see that I've still been alive due to the new posts on my music list. I hope you didn't think I had abandoned you yet.

And as I have done before and will certainly do again, I've got a backlog of posts to spam, that will probably come out over the next couple of days, on various subjects. (For example, the fact that I am writing this post in my own crude markup language, rather than plain HTML).

But first and foremost, to the most immediate change, and in reference to the title of this article. I've been having a back-and-forth with Qorg in regards to this - I like my website without a scrollbar.

A while back it was brought to my attention that this doesn't work with Pale Moon browser - it isn't entirely up-to-date with its CSS seemingly, and if I hide the scrollbar, it is impossible to scroll. I initially thought I had resolved this, although the fix was rather crude, relying purely on the user-agent.

Eventually I needed to create a solution that would work for those that use Pale Moon, but understandably (for privacy, and to avoid dealing those such as Cloudflare) spoof their user-agent. They would not be able to browse my site. And any browsers I did not know of that had the same issue, would also not be able to browse my site. And what if you just preferred to browse with the scrollbar?

So, I have now created the option to browse with a scrollbar, dependant on a single first-party cookie. See the change here. You can visit this page begin using this site with a scrollbar. I personally don't prefer it, but it's not a bad thing for people to have the choice.

2021.01.09 22:31 GMTArticle Page
Search All Posts
1 2 3 4 Next

Send me something interesting: nixx@firemail.cc