bookmarks
rss
browsers
qutebrowser
A minimal web browser with vim-like hotkeys. It uses the blink renderer and it's fast and can render even some of the jankiest websites.
firefox
The once great open source browser.
servers
nginx
Extremely fast reverse proxy or static webserver.
caddy
Dead simple and easy to configure webserver.
openbsd httpd
Very simple and secure webserver.
darkhttpd
When you need a web server in a hurry.
lighttpd
Extremely fast and simple webserver. Reliable enough to host big important sites.
goaccess
Access web log analyzer.
development
html
The HTML standard is not a standard.
css
Pretty colors.
svg
Handwritten only.
js
🙃
sql
Storing data somewhat reliably.
hugo
Fast static site generator written in go.
httpie
CLI http tester.
restish
CLI http tester with lots of nice built-in features and caching.
wget
Easy command-line downloading client.
graphql
A query language for your API.
foreman
Quickly setup and run multi-process webapps.
mkcert
Generate trusted developer certs for your local machine.
docker
Create a virtual machine for every fuckin program you're running lol.
font stack
resources
https://seirdy.one/posts/2020/11/23/website-best-practices
A good overview on web best practices (which I tend to agree with).
https://kevincox.ca/2024/08/24/cors/
Detailed breakdown of the cross origin site request vulnerability (XSRF). Essentially, a website can ask your browser to make a request to another website, like your bank, and your browser will stupidly send your bank's cookies and make the request by default.
The default CORS policy prevents the attacking site from reading the response at least, but doesn't prevent them from making the request. In other words this will still work:
POST https://your-bank.example/transfer?to=fungames&amount=1000000000
To prevent this you'll want to set the SameSite=lax
or SameSite=strict
cookie attributes. In go the scs library sets lax by default. Lax makes it to
cross-origin get requests are allowed, but not post or anything else. Strict
blocks everything, BUT will make the user appear logged out for the first page
load after following a cross-origin link (as that request will lack cookies). So
when using lax it's extremely important that none of your GET requests mutate
state in any way!
https://developer.mozilla.org/en-US/observatory
Gives a beginner-friendly https score.
https://www.ssllabs.com/ssltest/analyze.html
Gives a more strict https score.
https://colorandcontrast.com/
A detailed guide to the current research and advice on color and contrast.
https://www.whocanuse.com/
Shows an estimation of how your colors will be viewed with different impairments.
https://randoma11y.com/
Generate random AAA color schemes.
https://alistapart.com/article/dao/
Great writing about embracing the web as a medium rather than attempting to control and force specific fonts and styles. Think of web design as "influencing page layout". Yourself being the browser's mentor rather than micro-manager.
https://browser.engineering/
A book on writing a basic web browser (with some js support) in about 1,000 lines of python.
https://plausible.io/
If someone asks about a "non-evil" analytics system. This one seems good.
meta
https://www.takahe.org.nz/heat-death-of-the-internet/
Great article about the slow death of the internet.