Um, actually, Kittybox is a dynamic web server, but the HTML it serves as the post content (i.e. the text you are reading right now) is a string stored in the database as part of the MF2-JSON object.

This means that to inject a style in a post, I need to somehow hash the style block and then communicate the CSP hash to the web-server (maybe as a technical property on the HTML blob inside the MF2-JSON I store in the database?).

Parsing the HTML is the hard part, but I guess as I already have a parser for Webmention processing, I could reuse the same parser for that. Storing the hashes somewhere and injecting them into the post is also not easy, as I'd have to combine two CSP headers into one (subsequent CSP headers can only restrict the policy). This should probably be done on middleware layer, I guess.

In other words, I'm lazy! ✨ (For now. Until it hurts too much and I'll bite the bullet)

Wait, how would you make client certificate auth work on a subpath, if it works on a layer below HTTP? One thing that comes to mind is making client certs optional and doing a 401/403 on pages that should require auth, but that should absolutely be doable with a liberal application of subroutes in Caddy. (The server will still request certificates, because it doesn't know which page you're visiting until the TLS handshake completes, but since the server indicates which roots it trusts, this shouldn't be a problem for random visitors — their user agent will skip the prompt if there are no suitable certificates.)

Oh, finally remembered that I can put resize set width command into a for_window clause to get some of my GTK apps resized to a small sidebar on my display. Bowl looks much nicer on a small display; mainly because only the post composer widget is implemented, and a two-column layout that I'm thinking of will require a few more things the app lacks for now.)

Now, if only Sway included a positioning command that puts windows relative to the top-right or bottom-right corner...

(I suppose that is not hard to implement; I was able to implement it using an external script, but an external script incurs a delay that native commands do not. Thus it would be beneficial to patch Sway to support corner-relative window moves.)

TIL that HTML forms with method="POST" and an absent action (meaning the form POSTs to the same URL it was loaded from) do not clear the query string, allowing to pass through the query string that was initially passed to the page of a form.

Random thought: perhaps modern LLM interfaces are oversimplified, which leads users to unnecessarily overestimating their capabilities (such as ascribing "intelligence" or "sentience" to the models).

Perhaps a good LLM interface should expose its guts and details so it is obvious how it works.

Deliberate friction or dizzying complexity might be sobering for the end user a little.

Oh wow. Turns out Bandcamp's billing system accepts an overseas card I happen to have. Isn't that nice?

I really need to take a break from programming, but the ideas keep flowing into my head and I find it hard to stop.

Had a fight with the Content-Security-Policy header today. Turns out, I won, but not without sacrifices.

Apparently I can't just insert <style> tags into my posts anymore, because otherwise I'd have to somehow either put nonces on them, or hash their content (which would be more preferrable, because that way it remains static).

I could probably do the latter by rewriting HTML at publish-time, but I'd need to hook into my Markdown parser and process HTML for that, and, well, that's really complicated, isn't it? (It probably is no harder than searching for Webmention links, and I'm overthinking it.)

I'm constantly tired lately. I hope I don't burn out.

Oh, it looks like refresh tokens actually work in Bowl. Nice. I had to add some tweaks to the detection functions, but, oh well...

I really need to make something to syndicate to Bluesky. It seems wonderful to have a new alternative to the now-dead Twitter, but I still want to post to my blog first.

ATProto feels a tiny bit overengineered. It was obviously built to have a semi-centralized reach layer, and that shows in its design. Plain HTML pages and/or microformats2 are a much simpler format, and at times richer than Bluesky's default Lexicon.

I want to gain benefits of both.

Mozilla is playing with fire. I don't like their latest "AI" pivot. AI doesn't exist and never will, and whatever is called AI right now is not it. And is not worth using.

Seriously, "AI text" "detectors"? They don't really work that well. They sometimes also misidentify input texts written by someone not proficient with language as LLM output.

happy birthday to me! 🎉🎉🎉

Tailscale, without any sort of warning or public announcement, seems to have banned all Russian IPs from connecting to its coordination server.

I had to spend an entire workday migrating my setup to Headscale, the self-hosted alternative! I could've spent this time playing games or working, if not for this bullshit!

This "pseudo-sanctions compliance" virtue signalling must stop. All lawyers and PR personnel responsible for this should be fired and shunned. VPNs are critical to allow people in oppressive countries to get truth via the Internet, and just banning them from connecting to VPNs is exactly what the oppressors want.

My markdown parser refuses to accept HTML input for some reason. I wonder why. This is not really compliant with the Markdown standard.

If I were to include a quote made by a language model on my website, I'd like them to be specifically highlighted to make it obvious that the output was not written by a human.

Something like this, maybe?

figure.llm-quote {
  background: #ddd;
  border-left: 0.5em solid black;
  border-image: repeating-linear-gradient(45deg, #000000, #000000 0.75em, #FFFF00 0.75em, #FFFF00 1.5em) 8;
  padding: 0.5em;
  padding-left: 0.75em;
  margin-left: 3em;
}
figure.llm-quote > figcaption {
  font-size: 0.95em;
  font-style: italic;
}
@media (prefers-color-scheme: dark) {
  figure.llm-quote {
    color: #f0f0f0;
    background-color: #242424;
  }
}

And use it like this:

<figure class="llm-quote">
  <blockquote>
<p>I'm an artificial intelligence model known as Llama. Llama stands for "Large Language Model Meta AI."</p>
  </blockquote>
  <figcaption>
    Output generated by Llama 3.2-3B
  </figcaption>
</figure>

To get something like this (I sure hope this will display correctly! I still need to tweak my Markdown parser a bit.):