Inter font on AMP pages (and other small tweaks)

assets/sass/abstracts/_functions.scss

@@ -14,7 +14,7 @@
 
 // Web fonts (see components/_fonts.scss)
 @mixin font-face($family, $src,
-                 $style: normal, $weight: normal, $display: swap) {
+                 $weight: normal, $style: normal, $display: swap) {
 	@font-face {
     font-family: $family;
     font-style: $style;

assets/sass/components/_fonts.scss

@@ -1,6 +1,6 @@
 @charset "UTF-8";
 
 /*! Inter UI | SIL Open Font License 1.1 | https://rsms.me/inter/ */
-@include font-face("Inter", "./fonts/inter-regular", normal, 400);
+@include font-face("Inter", "./fonts/inter-regular", 400);
-@include font-face("Inter", "./fonts/inter-medium", normal, 500);
+@include font-face("Inter", "./fonts/inter-medium", 500);
-@include font-face("Inter", "./fonts/inter-bold", normal, 700);
+@include font-face("Inter", "./fonts/inter-bold", 700);

assets/sass/pages/_home.scss

@@ -11,7 +11,7 @@ main#home {
     margin: 0 0 0.6em 0;
     font-size: 1.6em;
     font-weight: 500;
-    letter-spacing: -0.015em;
+    letter-spacing: -0.014em;
     line-height: 1.2;
   }
 
@@ -19,13 +19,13 @@ main#home {
     margin: 0.6em 0;
     font-size: 1.3em;
     font-weight: 400;
-    letter-spacing: -0.025em;
+    letter-spacing: -0.022em;
     line-height: 1.4;
   }
 
   p {
     margin: 0.8em 0;
-    letter-spacing: -0.02em;
+    letter-spacing: -0.018em;
     line-height: 1.55;
   }
 
@@ -34,7 +34,6 @@ main#home {
     font-size: 0.5em;
     letter-spacing: -0.005em;
     line-height: 0;
-    margin-right: 0.1em;
     position: relative;
     vertical-align: middle;
   }

assets/sass/pages/_list.scss

@@ -23,7 +23,7 @@ main#list {
 
     li {
       display: flex;
-      letter-spacing: -0.015em;
+      letter-spacing: -0.011em;
 
       div.date {
         color: $color-medium;

assets/sass/pages/_single.scss

@@ -129,6 +129,7 @@ main#single {
         font-family: $system-fonts-monospace;
         background: $color-super-light;
         font-size: 0.9em;
+        letter-spacing: 0;
         page-break-inside: avoid;
       }
 

assets/sass/pages/_videos.scss

@@ -17,7 +17,7 @@ main#video {
 
   p {
     font-size: 0.85em;
-    letter-spacing: -0.01em;
+    letter-spacing: -0.005em;
     line-height: 1.5;
     color: #777777;
     margin: 1.25em;

content/notes/cloudflare-dns-archive-is-blocked/index.md

@@ -1,7 +1,7 @@
 ---
 title: "Does Cloudflare's 1.1.1.1 DNS Block Archive.is?"
 date: 2019-05-04 09:35:12-0400
-description: "Short answer: no. Quite the opposite, actually -- Archive.is is intentionally blocking 1.1.1.1 users. Here's why."
+description: "Short answer: no. Quite the opposite, actually — Archive.is is intentionally blocking 1.1.1.1 users. Here's why."
 tags:
   - Cloudflare
   - DNS
@@ -12,11 +12,11 @@ image: "archive-is.png"
 draft: false
 ---
 
-**tl;dr:** No. Quite the opposite, actually -- [Archive.is](https://archive.is/)'s owner is intentionally blocking 1.1.1.1 users.
+**tl;dr:** No. Quite the opposite, actually — [Archive.is](https://archive.is/)'s owner is intentionally blocking 1.1.1.1 users.
 
 {{< image src="images/archive-is.png" alt="Archive.today screenshot" />}}
 
-A [recent post on Hacker News](https://news.ycombinator.com/item?id=19828317) pointed out something I've noticed myself over the past year -- the [Archive.is](https://archive.is/) website archiving tool (aka [Archive.today](https://archive.today/) and a few other TLDs) appears unresponsive when I'm on my home network, where I use Cloudflare's fantastic public DNS service, [1.1.1.1](https://1.1.1.1/). I didn't connect the two variables until I read this post, where somebody noticed that the Archive.is domain resolves for [Google's 8.8.8.8](https://developers.google.com/speed/public-dns/) DNS, but not 1.1.1.1. An interesting and timeless debate on [privacy versus convenience](https://www.adweek.com/digital/why-consumers-are-increasingly-willing-to-trade-privacy-for-convenience/) ensued.
+A [recent post on Hacker News](https://news.ycombinator.com/item?id=19828317) pointed out something I've noticed myself over the past year — the [Archive.is](https://archive.is/) website archiving tool (aka [Archive.today](https://archive.today/) and a few other TLDs) appears unresponsive when I'm on my home network, where I use Cloudflare's fantastic public DNS service, [1.1.1.1](https://1.1.1.1/). I didn't connect the two variables until I read this post, where somebody noticed that the Archive.is domain resolves for [Google's 8.8.8.8](https://developers.google.com/speed/public-dns/) DNS, but not 1.1.1.1. An interesting and timeless debate on [privacy versus convenience](https://www.adweek.com/digital/why-consumers-are-increasingly-willing-to-trade-privacy-for-convenience/) ensued.
 
 [Matthew Prince](https://twitter.com/eastdakota), the CEO and co-founder of [Cloudflare](https://www.cloudflare.com/) (who's also [very active](https://news.ycombinator.com/user?id=eastdakota) on Hacker News), responded to the observation [with a detailed explanation](https://news.ycombinator.com/item?id=19828702) of what's happening behind the scenes, revealing that Archive.is's owner is actively refusing to resolve their own website for 1.1.1.1 users because Cloudflare's DNS offers ***too much*** privacy. Excerpt below, emphasis mine:
 
@@ -26,7 +26,7 @@ In other words, Archive.is's nameservers throw a hissy fit and return a bogus IP
 
 {{< tweet 1018691421182791680 >}}
 
-He's even gone as far as [replying to support requests](https://community.cloudflare.com/t/archive-is-error-1001/18227/7) by telling people to switch to Google's DNS, which -- surprise! -- offers your location to nameservers [with pleasure](https://developers.google.com/speed/public-dns/docs/ecs).
+He's even gone as far as [replying to support requests](https://community.cloudflare.com/t/archive-is-error-1001/18227/7) by telling people to switch to Google's DNS, which — surprise! — offers your location to nameservers [with pleasure](https://developers.google.com/speed/public-dns/docs/ecs).
 
 I wrote the [following reply](https://news.ycombinator.com/item?id=19828898) to Matthew, praising his team's focus on the big picture:
 

content/notes/css-waving-hand-emoji/index.md

@@ -45,7 +45,7 @@ span.wave {
 
 ### HTML:
 
-```html
+```html {linenos=false}
 <span class="wave">👋</span>
 ```
 

content/notes/finding-candidates-subdomain-takeovers/index.md

@@ -49,19 +49,19 @@ One of their free monthly datasets is called [Forward DNS](https://opendata.rapi
 ./sonar.sh 2019-03-30-1553989414 sonar_output.txt
 ```
 
-This new text file contains *both active and abandoned* subdomains pointing to any of the services listed above -- we still need to narrow it down to the takeover candidates by attempting to actually resolve each of them, which is where `subtake` comes into play. To install `subtake`, make sure [Go is installed first](https://golang.org/doc/install#install) and run the following:
+This new text file contains *both active and abandoned* subdomains pointing to any of the services listed above — we still need to narrow it down to the takeover candidates by attempting to actually resolve each of them, which is where `subtake` comes into play. To install `subtake`, make sure [Go is installed first](https://golang.org/doc/install#install) and run the following:
 
 ```bash {linenos=false}
 go get github.com/jakejarvis/subtake
 ```
 
-For a detailed description of the different options you can play around with, see the [full readme on GitHub](https://github.com/jakejarvis/subtake#usage) -- but here's a simple example command that uses 50 threads to take the CNAMEs listed in `sonar_output.txt` and outputs potentially vulnerable subdomains to `vulnerable.txt`.
+For a detailed description of the different options you can play around with, see the [full readme on GitHub](https://github.com/jakejarvis/subtake#usage) — but here's a simple example command that uses 50 threads to take the CNAMEs listed in `sonar_output.txt` and outputs potentially vulnerable subdomains to `vulnerable.txt`.
 
 ```bash {linenos=false}
 subtake -f sonar_output.txt -c fingerprints.json -t 50 -ssl -a -o vulnerable.txt
 ```
 
-This could take quite a while -- up to a day, depending on your CPU, memory, and bandwidth -- so I usually run it on a VM in the cloud and use [Linux's `screen` command](https://www.howtoforge.com/linux_screen) to keep it running and check in periodically. There will also be many unavoidable false positives that you'll need to check yourself by trying to claim the abandoned name on the corresponding service's portal, which is why I keep using the term *potential* takeovers. 
+This could take quite a while — up to a day, depending on your CPU, memory, and bandwidth — so I usually run it on a VM in the cloud and use [Linux's `screen` command](https://www.howtoforge.com/linux_screen) to keep it running and check in periodically. There will also be many unavoidable false positives that you'll need to check yourself by trying to claim the abandoned name on the corresponding service's portal, which is why I keep using the term *potential* takeovers. 
 
 I also have a collection of root domains of companies offering bounties through [HackerOne](https://hackerone.com/directory/) or [Bugcrowd](https://bugcrowd.com/programs) at a [different GitHub repository](https://github.com/jakejarvis/bounty-domains/). Using the [`grep`-friendly text file](https://github.com/jakejarvis/bounty-domains/blob/master/grep.txt), it's easy to use [`grep`](http://man7.org/linux/man-pages/man1/grep.1.html) to narrow down your `vulnerable.txt` list even more:
 
@@ -73,7 +73,7 @@ grep -f grep.txt vulnerable.txt
 
 In my view, takeovers are a fantastic way to begin a side hustle in bug bounties, simply due to the fact that once you've taken over a subdomain, you don't need to worry about another hunter beating you to the punch and reporting it before you.
 
-Since you have this luxury of time, it becomes ***extremely important*** that you let your adrenaline subside and follow [responsible disclosure](https://www.bugcrowd.com/resource/what-is-responsible-disclosure/) guidelines -- especially in the creation of a "proof of concept" file with your username at an obscure location, **not** at `index.html`. I won't go over the details of writing a report because [Patrik Hudak](https://twitter.com/0xpatrik) wrote another [great post about it here](https://0xpatrik.com/takeover-proofs/). This is an example of one of my own reports (company name censored because it has not been publicly disclosed) on [Bugcrowd](https://bugcrowd.com/programs):
+Since you have this luxury of time, it becomes ***extremely important*** that you let your adrenaline subside and follow [responsible disclosure](https://www.bugcrowd.com/resource/what-is-responsible-disclosure/) guidelines — especially in the creation of a "proof of concept" file with your username at an obscure location, **not** at `index.html`. I won't go over the details of writing a report because [Patrik Hudak](https://twitter.com/0xpatrik) wrote another [great post about it here](https://0xpatrik.com/takeover-proofs/). This is an example of one of my own reports (company name censored because it has not been publicly disclosed) on [Bugcrowd](https://bugcrowd.com/programs):
 
 > I have found three subdomains of ********.com vulnerable to takeovers via unclaimed endpoints at [Azure's Traffic Manager](https://azure.microsoft.com/en-us/services/traffic-manager/). I have claimed these endpoints and redirected them to a blank page to prevent a bad actor from doing so in the meantime, and hosted a POC file at obscure URLs. These are the following domains I discovered and the outdated endpoints on Azure to which they point:
 >
@@ -95,7 +95,7 @@ Since you have this luxury of time, it becomes ***extremely important*** that yo
 >
 > Please let me know when you've received this report and I'll delete the endpoints from my personal Azure account, so you can either reclaim them or remove the subdomains entirely from your DNS records. Thanks!
 
-I removed the company's name because an important part of responsible *disclosure* is the *disclosure*, or lack thereof. Until the company explicitly gives permission to publicly disclose the vulnerability after patching it -- and there are built-in features on both HackerOne and Bugcrowd to request this -- it's **not okay** to talk about it publicly.
+I removed the company's name because an important part of responsible *disclosure* is the *disclosure*, or lack thereof. Until the company explicitly gives permission to publicly disclose the vulnerability after patching it — and there are built-in features on both HackerOne and Bugcrowd to request this — it's **not okay** to talk about it publicly.
 
 The `poc-d4ca9e8ceb.html` proof-of-concept file contained this single, hidden line:
 

layouts/_default/single.amp.html

@@ -19,11 +19,42 @@
     <meta name="author" content="{{ .Site.Author.name }}">
     {{ partial "head/open-graph" . }}
 
-    <link href="https://fonts.googleapis.com/css?family=Roboto:400,500,700" rel="stylesheet">
     <style amp-boilerplate>body{-webkit-animation:-amp-start 8s steps(1,end) 0s 1 normal both;-moz-animation:-amp-start 8s steps(1,end) 0s 1 normal both;-ms-animation:-amp-start 8s steps(1,end) 0s 1 normal both;animation:-amp-start 8s steps(1,end) 0s 1 normal both}@-webkit-keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}@-moz-keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}@-ms-keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}@-o-keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}@keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}</style><noscript><style amp-boilerplate>body{-webkit-animation:none;-moz-animation:none;-ms-animation:none;animation:none}</style></noscript>
     <style amp-custom>
+      @font-face {
+        font-family: "Inter";
+        font-style: normal;
+        font-weight: 400;
+        font-display: swap;
+        src: url("{{ "fonts/inter-regular.woff2" | absURL }}") format("woff2"),
+             url("{{ "fonts/inter-regular.woff" | absURL }}") format("woff");
+        unicode-range: U+0000-00FF, U+2000-206F, U+20A0-20CF,
+                       U+2190-21FF, U+2200-22FF, U+2122;
+      }
+      @font-face {
+        font-family: "Inter";
+        font-style: normal;
+        font-weight: 500;
+        font-display: swap;
+        src: url("{{ "fonts/inter-medium.woff2" | absURL }}") format("woff2"),
+             url("{{ "fonts/inter-medium.woff" | absURL }}") format("woff");
+        unicode-range: U+0000-00FF, U+2000-206F, U+20A0-20CF,
+                       U+2190-21FF, U+2200-22FF, U+2122;
+      }
+      @font-face {
+        font-family: "Inter";
+        font-style: normal;
+        font-weight: 700;
+        font-display: swap;
+        src: url("{{ "fonts/inter-bold.woff2" | absURL }}") format("woff2"),
+             url("{{ "fonts/inter-bold.woff" | absURL }}") format("woff");
+        unicode-range: U+0000-00FF, U+2000-206F, U+20A0-20CF,
+                       U+2190-21FF, U+2200-22FF, U+2122;
+      }
+
       body {
-        font-family: "Roboto", sans-serif;
+        font-family: "Inter", sans-serif;
+        letter-spacing: -0.011em;
         background: #ffffff;
         color: #222222;
         -webkit-text-size-adjust: 100%;
@@ -135,6 +166,7 @@
         font-family: "SFMono-Regular", "Consolas", "Liberation Mono", "Menlo", "Courier", monospace;
         background: #f4f4f4;
         font-size: 0.9em;
+        letter-spacing: 0;
         page-break-inside: avoid;
       }
       p code {

yarn.lock

@@ -7219,9 +7219,9 @@ resolve-url@^0.2.1:
   integrity sha1-LGN/53yJOv0qZj/iGqkIAGjiBSo=
 
 resolve@^1.10.0, resolve@^1.12.0, resolve@^1.14.2, resolve@^1.3.2:
-  version "1.14.2"
+  version "1.15.0"
-  resolved "https://registry.yarnpkg.com/resolve/-/resolve-1.14.2.tgz#dbf31d0fa98b1f29aa5169783b9c290cb865fea2"
+  resolved "https://registry.yarnpkg.com/resolve/-/resolve-1.15.0.tgz#1b7ca96073ebb52e741ffd799f6b39ea462c67f5"
-  integrity sha512-EjlOBLBO1kxsUxsKjLt7TAECyKW6fOh1VRkykQkKGzcBbjjPIxBqGh0jf7GJ3k/f5mxMqW3htMD3WdTUVtW8HQ==
+  integrity sha512-+hTmAldEGE80U2wJJDC1lebb5jWqvTYAfm3YZ1ckk1gBr0MnCqUKlwK1e+anaFljIl+F5tR5IoZcm4ZDA1zMQw==
   dependencies:
     path-parse "^1.0.6"