It's been nearly 10 years since I created this blog
and for that entire time it's been using the Pelican
static site generator. It's been pretty good, but lately I've wanted to improve
and change some things, so I've taken the opportunity to rewrite it from
mostly scratch.
b2 is a Rust program that takes
an input folder of markdown files and spits out a complete HTML directory
of the blog. The templates and theme are taken from my fork of pelican-sober.
For the most part nothing has changed, I've just taken the opportunity to
adjust the CSS and improve some of the HTML output.
b2 is pretty specific for my usecase, I'm not planning to turn it into a
general purpose static site generator, though you're more than welcome to
fork it for your own needs.
Originally posted on securedrop.org.
As the SecureDrop team previously announced, we’re shifting our focus in order to graduate SecureDrop Workstation from its pilot phase. One of the first steps we’ve taken in this direction is to reorganize and consolidate the project's Git repositories to make development and releases easier and faster.
In summary:
Read the full post on the SecureDrop blog.
In 2018 I announced the creation of my "Skip Mobile Wikipedia" Firefox add-on, which automatically
redirects you to the desktop version of the site. At the time it worked on both standard desktop Firefox and in Firefox for Android, life was great.
Unfortunately at some point, Firefox stopped allowing arbitrary add-ons on Android and it was disabled. It was still usable in the "Nightly" edition, but that wasn't very user friendly.
Anyways, fast-forward to earlier this month, Firefox has re-enabled general add-on support, so
"Skip Mobile Wikipedia" is installable and works again on Android. The source code is the same, I haven't had any need to update it since 2020.
I personally use the responsive Timeless skin, which I think provides a nicer viewing and editing experience from my phone. Happy browsing!
I am privileged to work for a non-profit organization, the Freedom of the Press Foundation, which allows me to work full-time on free and open-source software, namely SecureDrop. It also pays the bills and lets me spend me free time doing other stuff that's good for humanity, like contributing to wikis, running a Mastodon server and riding bikes.
FPF accomplished a lot of important things this year, but like every other non-profit, we're currently doing our end of the year fundraising drive, hence this blog post.
If you like my work, whether on SecureDrop or just in general, and have the means to do so, I'd appreciate you donating to FPF: https://freedom.press/donate/ (if you live in the US, this donation is tax deductible). Click the checkbox that says "This donation is in tribute of someone", and then say the gift is in honor of me, "Kunal". (You're also welcome to type other stuff, like "legos" or "boba tea".)
Hate my work? That's fine too, just pick the option that says "This gift is in opposition to" and mention my name. You could also type other stuff here, like "the Kragle" or "boba tea haters".
Now that you've read this far, I'll also mention that we have a merch store with FPF and SecureDrop swag, including stickers! If you use the coupon code "FPF2023" you'll get a 15% discount (only on Nov. 27 aka Cyber Monday).
Thanks.
I haven't been very good with writing about what I've been working on in SecureDrop-land, but here is: Migrating SecureDrop’s PGP backend from GnuPG to Sequoia
over on the SecureDrop website. You should read it, and then come back to read the rest of this.
We had been discussing Sequoia internally for a while, but I officially filed an issue titled "Use Sequoia-PGP instead of gpg/pretty_bad_protocol" in April 2022. I pushed
a first WIP of the Rust code to a branch named oxidize on July 8, 2022 and had it working in the development environment by the 14th. TBH that was the easy part, migrating existing sources from GPG to Sequoia was going to be
the hard part.
Small tangent, I was very fortunate to grow up around a lot of Sequoia trees, and I have very fond memories of visiting Muir Woods National Monument as a kid. So when I had
to pick a name for the Rust crate, I tried to stay with the theme, and went to the Wikipedia disambiguation page for Sequoia, clicked on the first link, Sequoioideae,
read "...commonly referred to as redwoods", and then immediately ran cargo new redwood --lib. I anticipated we'd switch to a generic, boring, name like rust but that didn't end up happening :-).
Exporting public keys is pretty easy, but GPG stores secret keys in its own custom s-expression thing (documented as "...easier to read and edit by human beings", okay.), which we would have to write something
custom to read. I flailed around trying to do so but never really got anywhere. Sequoia opened a ticket on their end for supporting GPG's format, but as of this writing, it hasn't seen any real progress (which is fine and understandable!).
Also I got busy with other SecureDrop things (e.g. "Reorganize Debian packaging, have debhelper do most of the work", which deserves its own blog post).
At the end of December 2022, Sequoia announced their chameleon project to replace the gpg CLI. In January 2023 (this year!) I discussed whether using that was an
option in the Sequoia IRC channel, and Neal (who is fantastic), suggested just using GPG directly. Great idea!
Now that we had a real migration plan, February and March had some internal discussions on whether to move forward with this, and I started working on it for real in May. The first PR
was up by the end of May and landed the first week of June.
The second major PR was posted mid-July and merged at the beginning of October! There were a number of smaller
PRs in the middle, but that was "step 2" in my high-level roadmap.
There was a lot of good back and forth during review from SecureDrop team members, Sequoia developers and other volunteer contributors. And related PRs from other SecureDrop team members.
Everything else landed in October, and then this week I finished running some benchmarking, which, surprise surprise, showed that calling the Sequoia Rust code was faster than
shelling out to GPG.
SecureDrop 2.7.0 powered by Sequoia should be (knocks on wood) released in a few days, which will be the largest milestone to date of this multi-year project. And as the blog post pointed out, there's still a lot of work to do.
This is the first Rust project that I've worked on that is being shipped to production users (all the wiki bots I've written really don't count), and it's been a blast. It certainly won't be the last ;-)
I tend to spend a lot of time reading. When I was a kid it was as many books I could carry home from the library; later it would become newspapers, blogs and online things.
I never bothered to track what I was reading, because there was so much of it and re-reading something you enjoyed isn't that bad. It also felt invasive (in a privacy sense), but that was mostly because everyone was using the
Amazon-owned Goodreads. For a while I used the perfectly named "Badreads" app, but I never felt comfortable with it.
Anyways, this is all to say that I now have an account on bookrastinating.com (also perfectly named!!), which runs the ActivityPub-enabled BookWyrm software.
You can follow me as: @legoktm@bookrastinating.com.
I've been posting everything as followers-only, and I'm planning to only approve people I know well (my current vague criteria is that we've met in real life).
The actual federation from Mastodon is pretty meh, you can see when I add books to my "to read"
list and when I start and finish books, but can't read the actual reviews I've been writing. I'm curious to see if it's better for people who are federating from other BookWyrm instances.
If I end up writing something brilliant that I want public I'll probably publish it on my blog.
In any case, I'm fine with those limitations for now, this is largely an exercise in tracking what I read rather than trying to be uh, social about what I read. I appreciate that BookWyrm seems to have some actual privacy controls in place instead
of Mastodon's "everything is public".
