mirror of
https://github.com/jakejarvis/jarv.is.git
synced 2025-11-05 09:05:39 -05:00
restore image captions in markdown with a "clever" (messy) css hack
This commit is contained in:
@@ -62,18 +62,19 @@ Defenders of the BERN app have pointed out that the information used is already
|
||||
There were even unverified claims that [BERN was leaking voter ID numbers](https://info.idagent.com/blog/bern-app-exposes-150m-voter-records), which are the same as one's driver's license ID numbers in some states, through JSON responses in the first few days after its release. There don't be appear to be strict rate limits on calls to the API either, potentially inviting malicious actors from around the world — wink wink — to scrape personal data on tens of millions of Americans en masse.
|
||||
|
||||
|
||||
_BERN's API response in Chrome DevTools_
|
||||
|
||||
Others have noted that web-based organizing tools like BERN have been used by campaigns at all levels since President Obama's well-oiled, futuristic machine in 2007. This is also true, and I'm a big fan of the trend they started.
|
||||
|
||||
But the latter category of databases — like [NationBuilder](https://nationbuilder.com/) and, more notably, [NGP VAN's VoteBuilder](https://act.ngpvan.com/votebuilder) software based on the Obama campaign's inventions and now used by almost all Democratic campaigns across the United States — are secured and strictly guarded. Volunteer accounts need to be created and approved by paid campaign organizers and are locked down to provide the bare minimum amount of information necessary for one to canvass or phone bank a shortlist of voters. Every single click is also recorded in a [detailed log](/static/bernie-sanders-bern-app-data/sanders-campaign-audit.pdf) down to the millisecond. (This is how [Bernie's organizers got busted](https://time.com/4155185/bernie-sanders-hillary-clinton-data/) snooping around Hillary's VoteBuilder data last cycle, by the way.)
|
||||
|
||||
|
||||
|
||||
_[NGP VAN's audit of the Sanders campaign's VoteBuilder activity](/static/bernie-sanders-bern-app-data/sanders-campaign-audit.pdf)_
|
||||
|
||||
BERN is taking this to an unprecedented level. Allowing anybody on the internet to sign up and add others' personal information to the campaign's database without their knowledge is troubling, especially when you consider the gamified "points" system they've added as an incentive to report as much information on as many people as possible.
|
||||
|
||||
|
||||
|
||||
_[BERN discussion on /r/SandersForPresident thread](https://www.reddit.com/r/SandersForPresident/comments/bi15la/new_get_the_official_bernie_sanders_2020_app_bern/elxi85m/)_
|
||||
|
||||
In addition to the points system, it was revealed in the webinar mentioned above that the campaign is planning on giving out shiny rewards based on how many friends one adds, setting expectations at 50+ contacts to reach the "Bernie Super Bundler" tier — whatever that means.
|
||||
|
||||
|
||||
@@ -16,6 +16,7 @@ image: ./email.png
|
||||
I've been a loyal Dropbox user since its inception as a [Y Combinator startup](https://www.ycombinator.com/apply/dropbox/) ten years ago. Having a folder on all of my devices that instantly synchronized with each other was a game-changer for me, and I grew dependent on it more and more as they gave out free storage like candy — 48 GB for having a Samsung Chromebook, 1 GB for "Posting \<3 to Twitter," and so on — until I needed to upgrade to Dropbox Pro. But this month I canceled my Pro subscription after a few too many strikes.
|
||||
|
||||
|
||||
_Deleting 401,907 files from Dropbox... 😬_
|
||||
|
||||
## Five strikes, you're out...
|
||||
|
||||
|
||||
@@ -18,8 +18,8 @@ A **subdomain takeover** occurs when a subdomain (like _example_.jarv.is) points
|
||||
|
||||
Not only are takeovers a fun way to dip your toes into [penetration testing](https://www.cloudflare.com/learning/security/glossary/what-is-penetration-testing/), but they can also be incredibly lucrative thanks to [bug bounty programs](https://en.wikipedia.org/wiki/Bug_bounty_program) on services like [HackerOne](https://hackerone.com/hacktivity?order_direction=DESC&order_field=popular&filter=type%3Aall&querystring=subdomain%20takeover) and [Bugcrowd](https://bugcrowd.com/programs), where corporations pay pentesters for their discoveries.
|
||||
|
||||
|
||||
|
||||
_[Huge rewards for subdomain takeovers on HackerOne!](https://hackerone.com/hacktivity?querystring=subdomain%20takeover)_
|
||||
|
||||
For a deep dive on the implications of takeovers, which can be a pretty serious vector of attack for malicious actors to obtain information from users of the targeted company, [Patrik Hudak](https://twitter.com/0xpatrik) wrote a [great post here](https://0xpatrik.com/subdomain-takeover/). Definitely take some time to skim through it and come back here when you're ready to hunt for a potential takeover yourself.
|
||||
|
||||
|
||||
@@ -20,6 +20,7 @@ Since being accepted into the beta for [GitHub Actions](https://github.com/featu
|
||||
My favorite so far is my [Lighthouse Audit action](https://github.com/jakejarvis/lighthouse-action), which spins up a headless Google Chrome instance in an Ubuntu container and runs [Google's Lighthouse tool](https://developers.google.com/web/tools/lighthouse), which scores webpages on performance, accessibility, SEO, etc. and provides actual suggestions to improve them. It's a perfect example of the power of combining containers with Git workflows.
|
||||
|
||||
|
||||
_The results of a Lighthouse audit on this website, after running tests in a headless Google Chrome._
|
||||
|
||||
It's also been a fantastic avenue to dip my feet into the collaborative nature of GitHub and the open-source community. I've made some small apps in the past but these are the first projects where I'm regularly receiving new issues to help out with and impressive pull requests to merge. It's a great feeling!
|
||||
|
||||
|
||||
@@ -15,6 +15,7 @@ image: ./apocalypse.png
|
||||
---
|
||||
|
||||
|
||||
_**The Cloud-pocalypse:** Coming soon(er than you think) to a server near you._
|
||||
|
||||
Last month, the founder of [a small startup](https://raisup.com/) got quite a bit of [attention on Twitter](https://twitter.com/w3Nicolas/status/1134529316904153089) (and [Hacker News](https://news.ycombinator.com/item?id=20064169)) when he called out [DigitalOcean](https://www.digitalocean.com/) who, in his words, "killed" his company. Long story short: DigitalOcean's automated abuse system flagged the startup's account after they spun up about ten powerful droplets for some CPU-intensive jobs and deleted them shortly after — which is literally **the biggest selling point** of a "servers by the hour" company like DigitalOcean, by the way — and, after replying to the support ticket, an unsympathetic customer support agent [declined to reactivate](https://twitter.com/w3Nicolas/status/1134529372172509184) the account without explanation. [Nicolas](https://twitter.com/w3Nicolas) had no way of even accessing his data, turning the inconvenient but trivial task of migrating servers into a potentially fatal situation for his company.
|
||||
|
||||
|
||||
@@ -14,6 +14,7 @@ image: ./screen-shot-2018-12-07-at-2-04-04-pm.png
|
||||
---
|
||||
|
||||
|
||||
_`df -dh` = WTF_
|
||||
|
||||
**[VMware Workstation](https://www.vmware.com/products/workstation-pro.html)** and **[Fusion](https://www.vmware.com/products/fusion.html)** normally work hard to minimize the size of virtual hard disks for optimizing the amount of storage needed on your host machine . On Windows virtual machines, [VMware has a "clean up" function](https://docs.vmware.com/en/VMware-Fusion/11/com.vmware.fusion.using.doc/GUID-6BB29187-F47F-41D1-AD92-1754036DACD9.html), which detects newly unused space and makes the size of the virtual hard disk smaller accordingly. You'll notice that even if you create a virtual machine with a capacity of 60 GB, for example, the actual size of the VMDK file will dynamically resize to fit the usage of the guest operating system. 60 GB is simply the maximum amount of storage allowed; if your guest operating system and its files amount to 20 GB, the VMDK file will simply be 20 GB.
|
||||
|
||||
|
||||
@@ -16,6 +16,7 @@ noComments: true
|
||||
---
|
||||
|
||||
|
||||
_ [Hillary for New Hampshire](https://medium.com/@HillaryForNH) Winter Fellows with [Hillary Clinton](https://medium.com/@HillaryClinton) in Derry, NH ([February 3, 2016](https://www.flickr.com/photos/hillaryclinton/24707394571/))_
|
||||
|
||||
## Keeping in mind the big picture...
|
||||
|
||||
@@ -28,6 +29,7 @@ My goal here isn't to convince every Bernie believer to jump ship and support he
|
||||
After working for months as a fellow on Hillary's campaign in New Hampshire leading up to the first primary in the country, I could feed you all the standard campaign talking points in my sleep: After graduating from Yale Law she went to work at the [Children's Defense Fund](https://www.childrensdefense.org/), not a high-paying New York law firm. She [went undercover](https://www.nytimes.com/2015/12/28/us/politics/how-hillary-clinton-went-undercover-to-examine-race-in-education.html?_r=0) in Alabama to investigate discrimination in public schools. She [got juveniles out of adult prisons](https://www.huffingtonpost.com/entry/huffpost-criminal-justice-survey-democratics_us_56bb85eae4b0b40245c5038b). She [gave 8 million children healthcare](https://www.hillaryclinton.com/briefing/factsheets/2015/12/23/hillary-clintons-lifelong-fight-for-quality-affordable-health-care-for-all-americans/). But there's just one thing that, for some reason, is hard for people to believe: at her core she is a good, caring, and loving person who has had only selfless intentions her entire life. I promise you.
|
||||
|
||||
|
||||
_The best birthday gift. 🎉_
|
||||
|
||||
I had the incredible chance to meet Hillary the weekend before the New Hampshire primary. Her motorcade plowed through a quiet suburb in Manchester around noon and she hopped out to go knock on the doors of some lucky families. As neighbors started coming out of their houses to shake her hand, I couldn't restrain myself from at least trying to get close and wave hello. (By the way, it's amazing how casual the people in New Hampshire are about meeting presidential candidates.)
|
||||
|
||||
|
||||
@@ -26,6 +26,7 @@ Hopefully we can all look back at our first projects and be proud of how far we'
|
||||
---
|
||||
|
||||
|
||||
_[Jake's Bulletin Board](https://github.com/jakejarvis/jbb)_
|
||||
|
||||
Aside from my [first HTML creation](https://jakejarvis.github.io/my-first-website/) (circa 2001), my first real coding project was in 2003: a PHP 4 masterpiece creatively titled **Jake's Bulletin Board**. I've published the [source code in full on GitHub](https://github.com/jakejarvis/jbb) for your viewing pleasure and highlighted the best/worst parts below.
|
||||
|
||||
@@ -155,9 +156,12 @@ while ($topic = mysql_fetch_object($result30)) {
|
||||
The installation "wizard" (that's the joke, I presume...) ([sql_submit.php](https://github.com/jakejarvis/jbb/blob/87b606797414b2fe563af85e269566fc5e076cc5/setup/sql_submit.php))
|
||||
|
||||
|
||||
_JBB Installation Wizard_
|
||||
|
||||
And finally, JBB's actual interface... or literally as much of it as I could get to function in 2019. ([index.php](https://github.com/jakejarvis/jbb/blob/87b606797414b2fe563af85e269566fc5e076cc5/index.php))
|
||||
|
||||
|
||||
_JBB Homepage_
|
||||
|
||||
|
||||
_JBB Post_
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 603 KiB |
@@ -11,6 +11,7 @@ image: ./obama-laughing.jpg
|
||||
---
|
||||
|
||||
|
||||
_President Barack H. Obama, probably ranking some of these 404 pages._
|
||||
|
||||
Ever since [President Obama injected technology](https://arstechnica.com/information-technology/2012/11/built-to-win-deep-inside-obamas-campaign-tech/) into presidential politics in a historic way, one of the few bright spots of the incredibly long and exhausting race for me has been inspecting each candidate's campaign website. They end up revealing a great deal about how much each of them is willing to invest in the internet, and how young and innovative (and potentially funny) the staff members they attract are.
|
||||
|
||||
@@ -26,7 +27,15 @@ I'm a _huge_ sucker for Kate McKinnon's spot-on impression of Warren on Saturday
|
||||
|
||||
Although the designer who selected this GIF likely had _thousands_ of choices when searching "[Bernie finger wagging GIF](https://www.google.com/search?q=Bernie+finger+wagging+GIF&tbm=isch&tbs=itp:animated)," the text beside it is well-written and funny — even though we both know putting a page at [berniesanders.com/zxcliaosid](https://berniesanders.com/zxcliaosid/) probably won't be a top priority of a President Sanders.
|
||||
|
||||
|
||||
<Video
|
||||
src={[
|
||||
"https://bcm6wnmyyzj1p5ls.public.blob.vercel-storage.com/videos/presidential-candidates-404-pages/sanders-2sIwomxG5hOZHATR5FyuydOOhMJlSU.webm",
|
||||
"https://bcm6wnmyyzj1p5ls.public.blob.vercel-storage.com/videos/presidential-candidates-404-pages/sanders-zBvLCRqdH6oKkntUYYq4GsvFmnU1V9.mp4",
|
||||
]}
|
||||
crossOrigin="anonymous"
|
||||
autoplay
|
||||
responsive={false}
|
||||
/>
|
||||
|
||||
## 3. Joe Biden — [joebiden.com](https://joebiden.com/asdfasdf404)
|
||||
|
||||
@@ -38,13 +47,29 @@ Uncle Joe has a nice and simple 404 page. I like it, along with the Ray-Bans and
|
||||
|
||||
A ballsy move, considering Beto's infamous [DUI arrest](https://www.politifact.com/texas/statements/2019/mar/14/club-growth/beto-orourke-arrested-dwi-flee-scene/) in the '90s — but still a clever ask for a donation and a great use of a GIF, even if it's left over from his Senate campaign.
|
||||
|
||||
|
||||
<Video
|
||||
src={[
|
||||
"https://bcm6wnmyyzj1p5ls.public.blob.vercel-storage.com/videos/presidential-candidates-404-pages/orourke-Gb6r4nH8kQQMiMCSQWqzPBlUKYvXrE.webm",
|
||||
"https://bcm6wnmyyzj1p5ls.public.blob.vercel-storage.com/videos/presidential-candidates-404-pages/orourke-hDco7RvlKxwNU8FI0PoanLhUX2ws7f.mp4",
|
||||
]}
|
||||
crossOrigin="anonymous"
|
||||
autoplay
|
||||
responsive={false}
|
||||
/>
|
||||
|
||||
## 5. Kamala Harris — [kamalaharris.org](https://kamalaharris.org/asdfasdf404)
|
||||
|
||||
Another clean and simple page with a top-notch GIF. It injected some emotion into visiting [kamalaharris.com/alskdjf](https://kamalaharris.com/alskdjf).
|
||||
|
||||
|
||||
<Video
|
||||
src={[
|
||||
"https://bcm6wnmyyzj1p5ls.public.blob.vercel-storage.com/videos/presidential-candidates-404-pages/harris-B8WK3WNG68JrOm5aKOWFpGJbbWg22W.webm",
|
||||
"https://bcm6wnmyyzj1p5ls.public.blob.vercel-storage.com/videos/presidential-candidates-404-pages/harris-0Kk60PH5LXfMANg9yStHK0WFx9V1LB.mp4",
|
||||
]}
|
||||
crossOrigin="anonymous"
|
||||
autoplay
|
||||
responsive={false}
|
||||
/>
|
||||
|
||||
## 6. Pete Buttigeg — [peteforamerica.com](https://peteforamerica.com/asdfasdf404/)
|
||||
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 2.0 MiB |
Binary file not shown.
|
Before Width: | Height: | Size: 819 KiB |
@@ -14,6 +14,7 @@ image: ./security-headers.png
|
||||
---
|
||||
|
||||
|
||||
_An [A+ security grade](https://securityheaders.com/?q=jarv.is&followRedirects=on) for this website!_
|
||||
|
||||
In 2019, it's becoming more and more important to harden websites via HTTP response headers, which all modern browsers parse and enforce. Multiple standards have been introduced over the past few years to protect users from various attack vectors, including `Content-Security-Policy` for injection protection, `Strict-Transport-Security` for HTTPS enforcement, `X-XSS-Protection` for cross-site scripting prevention, `X-Content-Type-Options` to enforce correct MIME types, `Referrer-Policy` to limit information sent with external links, [and many, many more](https://www.netsparker.com/whitepaper-http-security-headers/).
|
||||
|
||||
|
||||
@@ -17,6 +17,7 @@ image: ./shodan.png
|
||||
Over time, I've collected an assortment of interesting, funny, and depressing search queries to plug into [Shodan](https://www.shodan.io/), the ([literal](https://www.vice.com/en_uk/article/9bvxmd/shodan-exposes-the-dark-side-of-the-net)) internet search engine. Some return facepalm-inducing results, while others return serious and/or ancient vulnerabilities in the wild.
|
||||
|
||||
|
||||
_[**Most search filters require a Shodan account.**](https://account.shodan.io/register)_
|
||||
|
||||
You can assume these queries only return unsecured/open instances when possible. For your own legal benefit, do not attempt to login (even with default passwords) if they aren't! Narrow down results by adding filters like `country:US` or `org:"Harvard University"` or `hostname:"nasa.gov"` to the end.
|
||||
|
||||
@@ -198,6 +199,7 @@ Secured by default, thankfully, but these 1,700+ machines still [have no busines
|
||||
[Shodan Images](https://images.shodan.io/) is a great supplementary tool to browse screenshots, by the way! [🔎 →](https://images.shodan.io/?query=%22authentication+disabled%22+%21screenshot.label%3Ablank)
|
||||
|
||||
|
||||
_The first result right now. 😞_
|
||||
|
||||
### Windows RDP [🔎 →](https://www.shodan.io/search?query=%22%5Cx03%5Cx00%5Cx00%5Cx0b%5Cx06%5Cxd0%5Cx00%5Cx00%5Cx124%5Cx00%22)
|
||||
|
||||
|
||||
@@ -14,9 +14,10 @@ image: ./screenshot.png
|
||||
|
||||
A few months ago, I stumbled upon [my first website ever](https://jakejarvis.github.io/my-first-website/) on an old floppy disk. Despite the instant cringing, I [uploaded it](https://github.com/jakejarvis/my-first-website) to GitHub, [collected other iterations](/previously/), and made an [#awesome-list](https://github.com/jakejarvis/awesome-first-code) of others who were brave and/or shameless enough to do the same. But why not take that ~~one~~ 1,000 steps further?
|
||||
|
||||
Introducing the [**Y2K Sandbox**](/y2k/) — with fully-featured, fully-isolated, on-demand [**Windows Millennium Edition®**](https://www.youtube.com/watch?v=CaNDeyYP98A) virtual machines, simply to experience my first website in its natural Internet Explorer 5 habitat. And maybe play some [3D Pinball: Space Cadet](https://en.wikipedia.org/wiki/Full_Tilt!_Pinball#3D_Pinball_for_Windows_%E2%80%93_Space_Cadet). Oh, and [Microsoft Bob](https://en.wikipedia.org/wiki/Microsoft_Bob) is there too if you want to say hello and catch up. 🤓
|
||||
Introducing the [**Y2K Sandbox**](/y2k) — with fully-featured, fully-isolated, on-demand [**Windows Millennium Edition®**](https://www.youtube.com/watch?v=CaNDeyYP98A) virtual machines, simply to experience my first website in its natural Internet Explorer 5 habitat. And maybe play some [3D Pinball: Space Cadet](https://en.wikipedia.org/wiki/Full_Tilt!_Pinball#3D_Pinball_for_Windows_%E2%80%93_Space_Cadet). Oh, and [Microsoft Bob](https://en.wikipedia.org/wiki/Microsoft_Bob) is there too if you want to say hello and catch up. 🤓
|
||||
|
||||
|
||||
_[**Play in the Y2K Sandbox, at your own risk.**](/y2k)_
|
||||
|
||||
The backend is powered by [**QEMU**](https://www.qemu.org/) (as a Pentium III emulator) inside isolated **Docker** containers, [**websocketd**](https://github.com/joewalnes/websocketd) (an **_awesome_** lightweight WebSockets server written in Go), and [**Cloudflare Tunnels**](https://www.cloudflare.com/products/tunnel/) (for some protection), all tied together with some [Ruby code](https://github.com/jakejarvis/y2k/blob/main/container/bin/boot.rb) and [shell scripts](https://github.com/jakejarvis/y2k/tree/main/host). ~~I'll push the backend scripts up to GitHub once I have a chance to untangle the spaghetti code. 🍝~~
|
||||
|
||||
@@ -27,6 +28,7 @@ The frontend is _much_ simpler with [a few lines of JavaScript](https://github.c
|
||||
I must give credit to both [charlie.bz](https://charlie.bz/) and [benjojo.co.uk](https://benjojo.co.uk/), similar websites I was enamored with when they were posted on Hacker News a few years ago. Think we'll see some websites like these with Windows 29 in a decade?
|
||||
|
||||
|
||||
_**@microsoft** Please don't sue me._
|
||||
|
||||
Feel free to [open an issue on GitHub](https://github.com/jakejarvis/y2k/issues) if you run into connection glitches or have any nostalgic inspiration for software you think would be cool to install persistently on the OS image. I certainly can't help with any actual Windows Me crashes, though — it was beyond help a long, long time ago. Like, [the day it came out](https://books.google.com/books?id=Jbft8HXJZwQC&lpg=PP1&pg=PA76#v=onepage&q&f=false). But it will always have a soft spot in my heart.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user