What I wanna know at this point @bender@twtxt.net is this; What is this “Notes” thing. Is it just a uugo static site you maintain or something else? 🤔 Did you write all the CSS yourself? 😅

Linking and shrinking Rust static libraries: a tale of fire
Comments ⌘ Read more

Zensical: A modern static site generator
Comments ⌘ Read more

The Pivot
Comments ⌘ Read more

I brain coded a static image gallery in a few hours
Comments ⌘ Read more

@prologic@twtxt.net That zs looks pretty cool! I love simple static site generators, and look forward to trying it on my next web site project. Kudos!

@prologic@twtxt.net Yeah, it’s not a strong sandbox in jenny’s case, it could still read my SSH private key (in case of an exploit of some sort). But I still like it.

I think my main takeaway is this: Knowing that technologies like Landlock/pledge/unveil exist and knowing that they are very easy to use, will probably nudge me into writing software differently in the future.

jenny was never meant to be sandboxed, so it can’t make great use of it. Future software might be different.

(And this is finally a strong argument for static linking.)

Another example:

$ setpriv \
    --landlock-access fs \
    --landlock-rule path-beneath:execute,read-file:/bin/ls-static \
    --landlock-rule path-beneath:read-dir:/tmp \
    /bin/ls-static /tmp/tmp/xorg.atom

The first argument --landlock-access fs says that nothing is allowed.

--landlock-rule path-beneath:execute,read-file:/bin/ls-static says that reading and executing that file is allowed. It’s a statically linked ls program (not GNU ls).

--landlock-rule path-beneath:read-dir:/tmp says that reading the /tmp directory and everything below it is allowed.

The output of the ls-static program is this line:

─rw─r──r────x 3000 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom

It was able to read the directory, see the file, do stat() on it and everything, the little x indicates that getting xattrs also worked.

3000 and 200 are user name and group name – they are shown as numeric, because the program does not have access to /etc/passwd and /etc/group.

Adding --landlock-rule path-beneath:read-file:/etc/passwd, for example, allows resolving users and yields this:

─rw─r──r────x cathy 200 07-12 09:19 22'491 │ /tmp/tmp/xorg.atom

How can one write blazing fast yet useful compilers (for lazy pure functional languages)?
I’ve decided enough is enough and I want to write my own compiler (seems I caught a bug and lobste.rs is definitely not discouraging it). The language I have in mind is a basic (lazy?) statically-typed pure functional programming language with do notation and records (i.e. mostly Haskell-lite).

I have other ideas I’d like to explore as well, but mainly, I want the compiler to be so fast (w/ optimisations) that … ⌘ Read more

Artiflakery, an easy way to distribute static Nix flake artifacts
Comments ⌘ Read more

Pallene: a statically typed ahead-of-time compiled sister language to Lua, with a focus on performance
Comments ⌘ Read more

static site generators make website-ing so fun like i wanna do so much with my site now

that site of mine i mentioned earlier? well it’s now statically generated with astro, AND it automatically builds and deploys after i push changes to my own git instance, with the power of sourcehut builds! this is so cool

i got so emo about my site not being statically generated and instead hand coded but it’s like i don’t even know if i want that because i feel most SSGs are built for blogging and continuous posting and i don’t want that i just want to make my silly pages….

that being said, the one i’d use if i did switch to one would be astro and that one is so flexible i could really do anything with it including keeping my pages as is mostly without doing the blog stuff. idk! something to consider

made the HTML for one of my static handwritten sites semantic!

Lume 3 was released
After several months of work, I’d like to share with you the release of a new major of Lume, a static site generator for Deno. Apologies for the autopromotion 🙏

Comments ⌘ Read more

Tuscolo Static Certificate Transparency Log
Comments ⌘ Read more

Static as a Server
Comments ⌘ Read more

@movq@www.uninformativ.de LMAO the power of static pages!

So, the “AI” bots have reached my website. Looks like they’re just slowly crawling everything at the moment – no DDoS-like attack yet. I wonder if that has something to do with my website being 100% static HTML. There are no GET parameters they can tweak and, at the end of the day, there’s not that much data on my server anyway … And maybe they have no idea what stagit is, so it doesn’t trigger “standard behavior”, like “this is a Gitea instance, let’s crawl this like crazy!”?

** Rack::Static Vulnerability Exposes Ruby Servers to Data Breaches! **

Image

Hold onto your keyboards, Ruby developers! 😱 A critical security flaw in the Rack::Static middleware has been uncovered, potentially…

[Continue reading on InfoS … ⌘ Read more

On my blog: Free Culture Book Club — Secrets in the Static https://john.colagioia.net/blog/2025/04/19/secrets-static.html #freeculture #bookclub

hello friends i spent a couple hours today using a random string generator by charm CLI called hotdiva2000 to make a script that 1) generates a static index.html page 2) the page is a prompt generator where all the prompts are from hotdiva2000!!!!!

this makes more sense if you look at it check it out

https://prompts.4-walls.net/hotdiva2004/

wahhh i wanna work towards my dream of offering pay as you can web hosting (static & dynamic) but i don’t know how!!!!! i keep drifting towards hosting panels but i don’t exactly have fresh linux servers for those nor do i like the level of access they require. so i’m like ok i can do the static site part with SFTP chroot jails and a front-end like filebrowser or something…. but then what about the dynamic sites!!!!!!! UGH

granted i doubt i’d get much interest in dynamic sites but i’d like to do this old school where i can offer people isolated mySQL databases or something for some project (i’m thinking PHP based fanlistings), which means i could do it the old school way of… people ask me to run it and i do it for them. but i kind of want to let people have access to be able to do it themselves just short of giving them SSH access which isn’t happening

Rucknium publicly releases all OSPEAD-related documents and code after 3+ years of research
Rucknium1 has published all of the HackerOne 2 and CCS (M1-M2)3 document and code submissions related to their Optimal Static Parametric Estimation of Arbitrary Distributions (OSPEAD) 4 project, after 3+ years of research:

The OSPEAD documents and code are being publicly released now because there is now an implementable solution to the problems I raised in my … ⌘ Read more

@prologic@twtxt.net I wish getting a static IP and a (more) stable internet connection wasn’t so hard over here. Then I could do proper self-hosting as well. But as it stands, I need some rented VPS.

I could go ahead and just use the VPS for the IP, i.e. forward all traffic through Wireguard to a box here at home. Big downside is that the network connection would be even slower than it already is and my ISP breaks down all the time for a few minutes … it’s just bad overall and much easier/better to rent a VPS. 🫤

Oasis: a small, statically-linked Linux system
You might think the world of Linux distributions is a rather boring, settled affair, but there’s actually a ton of interesting experimentation going on in the Linux world. From things like NixOS with its unique packaging framework, to the various immutable distributions out there like the Fedora Atomic editions, there’s enough uniqueness to go around to find a lid for every pot. Oasis Linux surely falls into this category. One of its main … ⌘ Read more

Run Linux inside a PDF file via a RISC-V emulator
You might expect PDF files to only be comprised of static documents, but surprisingly, the PDF file format supports Javascript with its own separate standard library. Modern browsers (Chromium, Firefox) implement this as part of their PDF engines. However, the APIs that are available in the browser are much more limited. The full specfication for the JS in PDFs was only ever implemented by Adobe Acrobat, and it contains some ridicul … ⌘ Read more

@prologic@twtxt.net I know! I know! 🤣 and it feels like I won’t be either, at least for a while … On the bright #Go side, I’m trying to switch everything (static web stuff and reverse-proxy) to #Caddy

Rucknium completes second milestone for OSPEAD CCS
Rucknium1 has completed2 the second milestone for their Optimal Static Parametric Estimation of Arbitrary Distributions (OSPEAD)3 CCS proposal4:

The OSPEAD initial probability density function has been transmitted to the scientific review panel, which consists of ArticMine, isthmus, and hyc.

Read the full PGP signed message on Gitlab2.

Consult the previous Monero Observer report[5](#fn: … ⌘ Read more

Noice!

Image

@lyse@lyse.isobeef.org yep, I gave it a spin locally! I freaking love the cute logo and the UI is fiiiine 👌 my TUI browsers love it just as much …

Image

@lyse@lyse.isobeef.org yeah! as long as it’s fun :D experimenting with it like picking up the camera every once in a while to point somewhere else, or in editing inserting more video in between the static angles, that could be fun!

@lyse@lyse.isobeef.org it’d be a blast to record too with my camcorder! i’d have to figure out positioning and stuff like you said but i could probably figure something out with a bit of testing :P yeah it probably does make the project itself longer than it should be but i feel like if you make it a cozy kinda “sew with me” video where people watch you sew and film it with a static angle instead of like, showing every step? i think that’d be nice even if a bit boring. so i could absolutely try that.

magnetic tape camcorders omg!!! mine is digital but i’d LOVE to get a tape camcorder

messing with gemini again, this time a static site generator called gssg - https://git.sr.ht/~gsthnz/gssg

my capsule is linked in my profile but just in case it’s over at gemini://lazuli.sayitditto.net

@prologic@twtxt.net Well I just mirrored yarnd’s JSON in my webfinger endpoint and lookup, so not much else to do for standardization.

And for people who don’t like PHP you can always just go with Added WebFinger support to my email address using one rewrite rule and one static file. or simply putting a static JSON in place for .well-know/webfinger

@2024-10-08T19:36:38-07:00@a.9srv.net Thanks for the followup. I agrees with most of it - especially:

Please nobody suggest sticking the content type in more metadata. 🙄

Yes, URL can be considered ugly, but they work and are understandable by both humans and machines. And its trivial for any client to hide the URLs used as reference in replies/treading.

Webfinger can be an add-on to help lookup people, and it can be made independent of the nick by just serving the same json regardless of the nick as people do with static sites and a as I implemented it on darch.dk (wf endpoint). Try RANDOMSTRING@darch.dk on http://darch.dk/wf-lookup.php (wf lookup) or RANDOMSTRING@garrido.io on https://webfinger.net

From my bed, I can hear a noise outside that is most likely a confluence of insects and distant freight trains but sounds eerily like the static-laden cacophany of an old radio. I would go out to see what it is, but a small part of me is worried I might end up walking into an episode of “Are You Afraid of the Dark?” if I do.

@prologic@twtxt.net Yes I suppose that is true. There is an article on Tailscale’s site that explains it all quite a bit: https://tailscale.com/blog/how-nat-traversal-works

To me, with CGNAT, it’s a small miracle that a direct connection can be made between peers (as opposed to going through a relay constantly) but it does indeed work. I guess to host it at home you would need to have it WAN accessible, and if you’ve already gone to the trouble of port forwarding etc… well 😅
Not that I could personally do that, but for those with static IPs etc.

How AI enhances static application security testing (SAST)
Here’s how SAST tools combine generative AI with code scanning to help you deliver features faster and keep vulnerabilities out of code.

The post How AI enhances static application security testing (SAST) appeared first on The GitHub Blog. ⌘ Read more

ICYMI: improved C++ vulnerability coverage and CodeQL support for Lombok
The effectiveness of a static application security solution hinges on its ability to provide extensive vulnerability coverage and support for a wide range of languages and frameworks. Today, we’re highlighting two releases that’ll help you discover more vulnerabilities in your codebase, so you can ship more secure software.

The post [ICYMI: improved C++ vulnerability coverage and CodeQL support … ⌘ Read more

CodeQL zero to hero part 2: getting started with CodeQL
Learn the basics of CodeQL and how to use it for security research! In this blog, we will teach you how to leverage GitHub’s static analysis tool CodeQL to write custom CodeQL queries. ⌘ Read more

CodeQL zero to hero part 1: the fundamentals of static analysis for vulnerability research
Learn more about static analysis and how to use it for security research!
In this blog post series, we will take a closer look at static analysis concepts, present GitHub’s static analysis tool CodeQL, and teach you how to leverage static analysis for security research by writing custom CodeQL queries. ⌘ Read more

Hey @manton I got this email this morning from name.com – Just wondering if I could have my prologic.blog domain transferred to me? 🤔 Whilst I have enjoyed using my micro.blog service I’d like to move away off of micro.blog and host my own blog, which I intend to use my own static tool for.

Thank you for providing such a great service over the years I’ve used micro.blog 🙇‍♂️

Image

@movq@www.uninformativ.de I remember that time. I built my own mess, then used someone else’s mess (WordPress). I then switched to Jekyll when Tom released it, then to Hugo, which I use today. I also love static web stuff!

Everybody is building one because, you know, why not? Why I built my own static site generator.

Announcing third-party code scanning tools: static analysis & developer security training ⌘ https://github.blog/2020-10-05-announcing-third-party-code-scanning-tools-static-analysis-and-developer-security-training/

statically generated my twtxt feed here: https://pbat.ch/wiki/twtxt.html. learning how to be social on this thing comes next.

@71m@timmorgan.org: why web when it is local? I use sxiv for local browsing and llgal to generate a static gallery from a directory: https://github.com/bgoglin/llgal. If you want something more CGI-ish, you could build it with a few lines of perl: https://metacpan.org/pod/CGI::Application::PhotoGallery

@nblade@nblade.sdf.org I could probably put something together, but I went this route originally because existing generators felt like they took too much control from me over the exact output. I want very small, static pages I can throw behind nginx, and I want to know exactly what the contents are. My current mess of spaghetti Racket is getting hairy since I’m halfway through an unfinished rewrite I started a while ago and forgot about, but at least I know exactly what it’s doing.