under the hood
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nulla eu dui tellus. Mauris nisi enim, posuere id laoreet eget, laoreet sagittis ante. Vivamus finibus arcu id metus molestie vehicula.
Just kidding. Always good to start off a page with a fresh batch of Lorem ipsum, especially on a tech page exuberantly bubbling with cheerful technobabble. Anyway, herein is even more technical stuff – everything you always wanted to know but not necessarily today. By the way, your basic desktop browser will more easy-to-use for this page, what with the hashes and copy-and-paste of code and whatnot.
all your hash are belong to us
For fun, we build a unique robot for each web page with information derived from that web page. The robot, then, is a simple image representing that web page. If the robot changes, the web page must have changed. If the web page changes, the robot changes. (Of course, the website is served with HTTPS, ensuring what is rendered in your browser is really what was intended.)
Robot graphics are generated by a local copy of the most excellent RoboHash code created by Colin Davis. See this write up about RoboHash. The RoboHash code takes a string, any string, and constructs a robot based on that string. For our robots, the string is a hash (also called a “message digest”) generated with a cryptographic hash function from preprocessed web page markup, processed with our secret brew of interlocking code gears, pulleys, and steam piston). So, before it is hashed, the the web page markup (XHTML5 in this case), is flattened, reduced, and normalized down to a block of only alpha characters. There are several benefits of, and compelling arguments for, some sort of reduction before hashing which might be worth more paragraphs in the future, which will probably happen here due to tight binding glue of several time machine algorithims.
So, suffice to say, the web page hashes are spun up with our own vaguely secret prep-then-hash mechanisms and, yes, you, too, can do the same thing and generate a hash and see if matches. After generating the web page markup in our vast, underground secret web factories, we hash it. For this work, hashing is done with SHA256. If only building the unique Robohash robots with a small number of permutations relative to a hash’s permutations, we could get by with MD5, say, and not worry about collisions and whatnot. However, SHA256 moves us to a more useful place, versatile for later useful verifications we might want to do.
Note that this is not a comprensive hash of everything that results in the final rendered web page. For example, cascading style sheets (CSS) and images (PNG, SVG, JPEG) are not hashed, just the markup, and not all of the markup at that. The preprocessing of the markup is a arbitrary compression scheme that tosses out data (more on that in a moment). The tossed data is not part of the hash, so to speak, therefore comparing hashes isn’t a complete validation. Even so, utilitarian enough at this level, weighing practical risks of, say, just the punctuation being compromised.
Anyway, want to see the secret code? Keep reading, it’s up just ahead. Indeed, it’s not every day that such light lunch reading magically appears.
first, preprocess and then hash the web page’s markup
There are a million stories in Hash Prep City and this is just one of them. By the way, you can hash anything “as is” – it doesn’t have to be prepped. We prep to reduce and simplify what we are hashing, yet not so reduced that uniqueness is lost. Think of it as one variation on lossy compression. In this arbitrarily determined process, we first flatten the web page markup with the quite useful program tr(1) to ensure a predictable, reduced block of text for hashing by simply stripping out spaces, blanks, punctuation, digits, control characters, and finally anything left that is not printable. This gives a reduced, predictable, consistent block of “enough content that counts,” minimizing error possibility, say, from retrieval or platform text differences. Then we pipe that reduced block of text to the program sha256(1) which outputs the SHA256 hash. Here’s the code snippet, written for ksh(1).
function htmlhash
{
tr -cd "[:print:]" | tr -d "[:space:]" | \\
tr -d "[:punct:]" | tr -d "[:digit]" | sha256
}
get the web page
Now, pull down the website code with curl(1) and pipe it to the htmlhash function.
curl -s [pageurl] | htmlhash > somehash
then, compare hashes
Then diff(1) it with the hash listed for the page.
diff somehash publishedhash
As a practical matter for determining validity, there will be an off-line protected list of hashes to diff with hashes generated from retrieved web page stuff. In other words, obviously if the website is compromised, anything can be compromised, including the list of hashes on this page. And, of course, the robots. But this exercise using the published list suffices for trivial proof of concept and other cool buzzphrases.
Note that the program names mentioned above are written in Unix notation style of the program name followed by manual page number in parentheses, generalized as name(section). See man(1), Unix, and Unix-like.
page hashes and related spiffy robots
A motley crew, indeed. Notably, this page is the only page not listed. Wait, what? A mystery! The answer to which is left as an exercise for the reader.
looming-texas-summer
c770b6bada320d448e8c13b9a822bfbf7e8c43aaebef3bb0ef139efa574422d6
the-ship
b3dac04aae4ccb3bf410a52a92e44cdb5b179043f2857e551e23b73c66336b93
back-in-the-prc
62feabb82e83d7b25f76da4aed0aff64b0c7db1dff078593f6960a39901e5e36
concern-and-confusion-over-a-name
a9953902f0845340d47fc3e2fe5d347c2b38559a32e04c9672712d538fe290b5
battle-within
ecfbda536e6b7a75e3406795606c7b100870f14b14070e337b1865a87d3fa32d
late-night-brewskies
9cf7a0fbf909b23fcbeeb5b51bc0352d77fac20931f78281f0b0193ff7203926
domestic-quarrel
6b699fcf80e7c23814aed2a8ca3d8a803c1ca99742b4a9324ecd57a93e56a435
two-thousand
b07cb2dcd2ba29ee5f5323eae6321c191b994a5a2bd3abaabc01f56a63fdfff3
rounding-up-stuff
117e247d9b1fe56c9fef846a2cd9cdffa5e91d2216ea11bfa83293637791fad3
red-balloons
b74400927fceb573a4bfc47469d66f91af16e1d3b0557c2f2464e4a663c79a0e
cooper-dogs
e7edae411538cba0c0ccf7ab91e9ff142f78ef0701fee0917a763b6e3e6e62cf
security-and-iot
217015e966fad87e4b96c8efbe2f32b61d28b072b104005d53ec2b5c9d690894
chapter-about-a-bar
74787751e528a8b30264cf8e575917da48fe98198760ebb013c1334e5fa082f6
index
5afbac670e60dbb1082dfcf02fee3b32767e120aaabaad9bf3c226ff1d5a0c81
typefaces
Typefaces are courtesy Google Fonts and Font Squirrel. Licenses are documented for each typeface on their respective web pages linked in the colophon.
Web font format is WOFF2 and is the only font format delivered by this site. Nothing but cutting edge here. Typeface data is embedded in CSS for performance. The CSS property control font-variant-ligatures is in play. So is some kerning magic.
In theory, font rendering should only depend on your browser but, for example, in the case of Mac OS X, the OS version is also a factor; WOFF2 is not supported Mac OS X Yosemite and lower even with the very-latest new-fangled WOFF2-capable modern browsers. Peruse browser WOFF2 support.
If your browser of choice can’t handle WOFF2, the browser will roll back to generic defaults, which in any case will be far less of a typographical experience than designed and intended and maybe even cause your computing device to suddenly fold into a black hole, perhaps leaping time and space back to, say, 1874, with no electrical grid, internets or webtubulars to be found. Upgrading is no doubt prudent in that case.
Body fallbacks are typically Georgia and serif. Heading fallbacks are usually HelveticaNeue‑CondensedBold, Arial, and sans-serif.
modular scale
We use a modular scale to calculate heading sizes. In specific, the ratio of choice here is 1.250 otherwise known as Major Third. H2 and H3 are the only headings used through out, at least with this edition. Heading sizes calculated with Jeremy Church’s magical type scale. The relative value rem is used throughout the CSS, with just a tiny part using px or em. Plenty of good articles on the web about all this and more, starting with this excellent treatise on rem and em.
your browser’s secret life
For light lunch reading, check your browser’s ideally excellent support for HTML5 and CSS3.
the source and only the source
Coming soon! All the source, served by mercurial. Yep, no plans to use git around here. Source, no doubt, will definitely include the magical pumpkin code.
share
Note that sharing with Twitter does not invoke the usual Twitter Card because Twitter cannot handle application/xhtml+xml. Not a problem with Facebook and OpenGraph.
follow
As probably noticed by readers stopping by here, no where to post comments to the stories and essays herein. However, for those so inclined, comments can be posted to the weekly blip landing zones on Twitter or Facebook or both. We drop in now and then for a brief while. Sometimes.
copyright and license
Copyright ©2008–2019 Arden J. Henderson
All Rights Reserved In The World, Known Universe and Multiverses.
Content by Arden Henderson is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License. The most prudent way to share this content is just provide a link.
about weeklyblip
Any resemblance of anyone in these fiction stories and seemingly disassociated ramblings about anybody living, dead, or in altered states is purely coincidental, all the character names are absolutely made up or chosen from thin air, products of overworked minds, figments of our imaginations, just a coincidence, stuff that occurred to us while driving to work or standing in line at the grocery store, above reproach, maybe a bit o’ satire now and then if we knew how to write satire, clearly an accident, we have no clue, ask our therapist, buy a Texas Lottery number, plant a tree, not our fault, we have no idea what happened, we were in Lonesome Town at that time or some other place, who knows, we don’t know, no one knows, and if we did know, we’d write a story about it. Written by Arden Henderson.
colophon
Body typeface is Goudy Bookletter 1911, principal design by Barry Schwartz based on Frederic Goudy’s Kennerley Oldstyle. Heading typeface is specified as Cabin Condensed SemiBold, principal design by Impallari Type. See typeface notes. And, by the way, how about that purposeful off-kilter header skewing and chopping? The power of stuff. Like CSS. And magical pixels. Pixies. No, pixels.
tech stuff
Notably and specifically, this website is designed to render awesomely only on the very latest modern browsers. No real rails here, meaning no clever detecting and alerts of ancient browsers, hand-holding, and comforting. Either the site will look awesome or not. Older stuff may implode into a shower of disappearing pixels. But you’re not running out-of-date, not-secure, quirkish browsers, right? More on how your browser stacks up is here.
A hearty thanks shout out to all of the fine toolsmakers and brewers of powerful magic and goodness mentioned herein forthwith. Here be our accolades: Content written in Markdown, processed by MultiMarkdown then plowed, tilled, forged, assembled, bundled, and bolted together with Arden Henderson’s quantum-powered, time-and-space-bending ksh scripts baked endlessly in our vast coding ovens, afterwards served up piping hot by OpenBSD’s httpd rumbling under OpenBSD. CSS3 spindled, slice, diced, and mercilessly crushed with Sass. HTML5 scrubbed with Tidy. Inkscape used to preemptively bulldoze SVG files. Then, SVG and PNG files scrubbed, pulverized, and then melted into molecular wafer-thin shards with the million-ton steel presses scour and pngcrush, respectively. Certificates provided by Let’s Encrypt™. TLS/crypto stack is LibreSSL. Rock-solid hosting by ARP Networks.
This site is responsive design, 100% static, well-formed XML, studiously crafted in XHTML5 (XML-serialized HTML5 aka polyglot markup), and CSS3, delivered encrypted by HTTPS via IPv4 and IPv6, and fortified with DNSSEC goodness. Robots cheerfully delivered by code from RoboHash, created by Colin Davis. Web page hashes spun up with our own arbitrary pre-processed hashing machinery. Bushels of favicons for herds of devices generated by RealFaviconGenerator. Nary a snippet of JavaScript or any other such mad thing served as far as the eye can see. And no JavaScript hiding in the SVG files, either. We leave it as an exercise for the reader to compare and contrast “well-formed XML” with “valid XML.”
a bunch of validation
TLS validation courtesy of Qualys. XHTML5 and CSS3 validation by W3C. HTTP resources checked via REDbot created by Mark Nottingham. IPv6 validation courtesy of ipv6-test.com. DNSSEC validation courtesy of Verisign DNSSEC Debugger.
That’s the end of the tech stuff section for now. Sad? Looking for good treadmill reading material? Safe sleep aid? See more exciting tech remarks, notes, secret algorithms, and recipes for magical pumpkin pie code in the under-the-hood page.
attributions and other stuff our lawyer robots make us say
After our vast army of lawyer robots perused reams of trademark pages and correspondence, we’re pretty sure use of all the logos above is cool. It is explicitly noted that use of any logos here is not an endorsement or certification or any other such thing by the related organizations. All trademarks within are property of their respective holders. Here be the logos and brands acknowledgements, attributions, and references: Sass brand guidelines. W3C Scalable Vector Graphics Logos and Policies. OpenBSD Puffy and LibreSSL graphics license. Let’s Encrypt™ trademark policy. RedBot website bitmap logo reference teleported to SVG format by Arden Henderson and used with permission provided by @redbotorg. ARP Networks logo provided by Support. IPv6 badge provided by ipv6-test.com. Original artwork HTML5✔, CSS3✔, HTTPS✔ SVG graphics created by Arden Henderson, covered under this web page’s copyright and licensing.