kota's memex

bookmarks

rss

browsers

qutebrowser

A minimal web browser with vim-like hotkeys. It uses the blink renderer and it's fast and can render even some of the jankiest websites.

firefox

The once great open source browser.

servers

nginx

Extremely fast reverse proxy or static webserver.

caddy

Dead simple and easy to configure webserver.

openbsd httpd

Very simple and secure webserver.

darkhttpd

When you need a web server in a hurry.

lighttpd

Extremely fast and simple webserver. Reliable enough to host big important sites.

goaccess

Access web log analyzer.

development

html

The HTML standard is not a standard.

css

Pretty colors.

svg

Handwritten only.

js

🙃

sql

Storing data somewhat reliably.

hugo

Fast static site generator written in go.

httpie

CLI http tester.

restish

CLI http tester with lots of nice built-in features and caching.

wget

Easy command-line downloading client.

graphql

A query language for your API.

foreman

Quickly setup and run multi-process webapps.

mkcert

Generate trusted developer certs for your local machine.

docker

Create a virtual machine for every fuckin program you're running lol.

font stack

https://modernfontstacks.com/

resources

https://seirdy.one/posts/2020/11/23/website-best-practices

A good overview on web best practices (which I tend to agree with).

https://kevincox.ca/2024/08/24/cors/

Detailed breakdown of the cross origin site request vulnerability (XSRF). Essentially, a website can ask your browser to make a request to another website, like your bank, and your browser will stupidly send your bank's cookies and make the request by default.

The default CORS policy prevents the attacking site from reading the response at least, but doesn't prevent them from making the request. In other words this will still work:

POST https://your-bank.example/transfer?to=fungames&amount=1000000000

To prevent this you'll want to set the SameSite=lax or SameSite=strict cookie attributes. In go the scs library sets lax by default. Lax makes it to cross-origin get requests are allowed, but not post or anything else. Strict blocks everything, BUT will make the user appear logged out for the first page load after following a cross-origin link (as that request will lack cookies). So when using lax it's extremely important that none of your GET requests mutate state in any way!

https://developer.mozilla.org/en-US/observatory

Gives a beginner-friendly https score.

https://www.ssllabs.com/ssltest/analyze.html

Gives a more strict https score.

https://colorandcontrast.com/

A detailed guide to the current research and advice on color and contrast.

https://www.whocanuse.com/

Shows an estimation of how your colors will be viewed with different impairments.

https://randoma11y.com/

Generate random AAA color schemes.

https://alistapart.com/article/dao/

Great writing about embracing the web as a medium rather than attempting to control and force specific fonts and styles. Think of web design as "influencing page layout". Yourself being the browser's mentor rather than micro-manager.

https://browser.engineering/

A book on writing a basic web browser (with some js support) in about 1,000 lines of python.

https://plausible.io/

If someone asks about a "non-evil" analytics system. This one seems good.

meta

https://www.takahe.org.nz/heat-death-of-the-internet/

Great article about the slow death of the internet.