self-reliantly posting on the #Fediverse with painless hosting and security in mind. 1. Rent any web space from EUR 2 monthly with a domain-name as your enduring digital property (e.g. … https://demo.mro.name/shaarligo

Marcus Rohrmoser 6e8bd743c5 end tags at zero-width space. hai 1 ano
static a5a94b8a80 - bookmarklet scrapes client-side (from DOM) %!s(int64=3) %!d(string=hai) anos
testdata d61a97e196 also use <title>. %!s(int64=5) %!d(string=hai) anos
tpl a5a94b8a80 - bookmarklet scrapes client-side (from DOM) %!s(int64=3) %!d(string=hai) anos
.gitattributes c87dc3136a fix github language detection %!s(int64=6) %!d(string=hai) anos
.gitignore b693ae130c Add en theme and make default. %!s(int64=4) %!d(string=hai) anos
.travis.yml 341d8989b7 template & travis %!s(int64=5) %!d(string=hai) anos
README.md cb798ebfae phase out 0x4c.de %!s(int64=3) %!d(string=hai) anos
ShaarliGo.go c80fe1d558 go fmt hai 1 ano
ShaarliGo_test.go a5a94b8a80 - bookmarklet scrapes client-side (from DOM) %!s(int64=3) %!d(string=hai) anos
api0.go 67f9c334d5 on wrong uid/pwd: add a clickable link to the currently unthemed, blank screen as a fallback when the automatic redirect doesn't trigger. Prbly due to CSP. %!s(int64=3) %!d(string=hai) anos
api0_test.go c80fe1d558 go fmt hai 1 ano
atom.go 8430460b30 Copyright %!s(int64=4) %!d(string=hai) anos
atom_test.go 8430460b30 Copyright %!s(int64=4) %!d(string=hai) anos
ban.go 8430460b30 Copyright %!s(int64=4) %!d(string=hai) anos
ban_test.go 8430460b30 Copyright %!s(int64=4) %!d(string=hai) anos
bookmarklet.msc a5a94b8a80 - bookmarklet scrapes client-side (from DOM) %!s(int64=3) %!d(string=hai) anos
build.sh 6e8bd743c5 end tags at zero-width space. hai 1 ano
cgi-fake.sh f82137e2c2 - rename, 2nd. %!s(int64=7) %!d(string=hai) anos
comb.go 8430460b30 Copyright %!s(int64=4) %!d(string=hai) anos
comb_test.go 8430460b30 Copyright %!s(int64=4) %!d(string=hai) anos
config-core.go 8430460b30 Copyright %!s(int64=4) %!d(string=hai) anos
config-core_test.go 8430460b30 Copyright %!s(int64=4) %!d(string=hai) anos
config.go 8430460b30 Copyright %!s(int64=4) %!d(string=hai) anos
config_test.go 8430460b30 Copyright %!s(int64=4) %!d(string=hai) anos
doap.rdf e6b32436d4 Brush up. %!s(int64=4) %!d(string=hai) anos
emoji_map.go 942ac74720 make #§ and #† proper tags and make emojis implicit tags. %!s(int64=6) %!d(string=hai) anos
feedwriter.go 871e0ebede comply with go version go1.15.6 darwin/amd64 %!s(int64=4) %!d(string=hai) anos
feedwriter_test.go 8430460b30 Copyright %!s(int64=4) %!d(string=hai) anos
flow.dot f82137e2c2 - rename, 2nd. %!s(int64=7) %!d(string=hai) anos
go.mod ea5361b033 update to go 1.16 toolchain, migrate to modules. %!s(int64=3) %!d(string=hai) anos
go.sum ea5361b033 update to go 1.16 toolchain, migrate to modules. %!s(int64=3) %!d(string=hai) anos
http.go 8430460b30 Copyright %!s(int64=4) %!d(string=hai) anos
mastodon.go c80fe1d558 go fmt hai 1 ano
mini-build.sh 6e8bd743c5 end tags at zero-width space. hai 1 ano
pinboard.go 8430460b30 Copyright %!s(int64=4) %!d(string=hai) anos
pinboard_test.go 8430460b30 Copyright %!s(int64=4) %!d(string=hai) anos
post-test.sh 2c5481d0e5 - trailing slashes %!s(int64=7) %!d(string=hai) anos
search.go 8430460b30 Copyright %!s(int64=4) %!d(string=hai) anos
search_test.go 8430460b30 Copyright %!s(int64=4) %!d(string=hai) anos
tags.go 6e8bd743c5 end tags at zero-width space. hai 1 ano
tags_test.go 6e8bd743c5 end tags at zero-width space. hai 1 ano
tools.go 8430460b30 Copyright %!s(int64=4) %!d(string=hai) anos
tools_test.go 8430460b30 Copyright %!s(int64=4) %!d(string=hai) anos
version.go 24491e7c0b version bump. %!s(int64=6) %!d(string=hai) anos

README.md

🌩 Lightning Talk at the 34c3 🚀

Build Status

ShaarliGo

🌺 Self-reliant publishing for laypeople like your loved ones and mine. Have a say and not be subjected to any T&Cs, just local law. All without setup headaches, but truly self-sustained and enduringly independent:

Install / Update

  1. Rent any web space from EUR 2 monthly with a domain-name as your enduring digital property (e.g. https://variomedia.de/hosting),
  2. download https://mro.name/Linux-x86_64/shaarligo.cgi and
  3. copy it to the webspace, see e.g. https://www.variomedia.de/faq/Wie-uebertrage-ich-meine-Seite-auf-den-Server/article/177,
  4. set the file permissions (chmod) to read-only+execute for all (numeric 555), see e.g. https://wiki.filezilla-project.org/Other_Features#Chmod,
  5. visit http://example.com/shaarligo.cgi and off you go!

That's if the webserver is Apache (Linux, 64 bit, modules cgi and rewrite) as common with shared hosting.

For lighttpd see static/app/lighttpd.conf. Nginx lacks CGI support (srsly?).

Or build from source at http://mro.name/ShaarliGo

Responsible Disclosure

In case you are reluctant to file a public issue, feel free to email security@mro.name (🔏key).

POSSE

POSSE is an abbreviation for Publish (on your) Own Site, Syndicate Elsewhere, a content publishing model that starts with posting content on your own domain first, then syndicating out copies to 3rd party services with permashortlinks back to the original on your site.

(says https://indieweb.org/POSSE)

You can POSSE to

Pinboard.in

enter your Pinboard Auth Token from https://pinboard.in/settings/password at the end of app/config.yaml like this

posse:
- pinboard: https://api.pinboard.in/v1?auth_token=johndoe:XOG6EJIYMIZZ
  prefix:

It's ok to leave prefix empty. Each pinboard post gets a backlink as an additional footer line. If prefix is set, the footer line is prefix + id.

Mastodon

at first manually obtain an access token (example server here is https://social.tchncs.de/):

  1. create an application in https://social.tchncs.de/settings/applications
  2. give it permission write:statuses
  3. note the access token and enter it below.

Then enter the server endpoint plus /api/v1/ and access token into app/config.yaml like so:

posse:
- mastodon: https://social.tchncs.de/api/v1/
  token: …boph1koomie4eikaiG…
  prefix:

It's ok to leave prefix empty. Each mastodon post gets a backlink as an additional footer line. If prefix is set, the footer line is prefix + id.

Also, if you don't know the token but the endpoint accepts basic auth (pleroma), you may add the credentials to the url for the time being until I figure out how to get a token from pleroma or do proper OAuth2.

Design Goals

  • backwards compatible posting (https://code.mro.name/mro/Shaarli-API-test)
  • trivial installation and minimal hosting requirements (run on simple hosted webspace),
  • keep server lean, especially for readers,
  • standards compliant (Atom, Atompub, WebSub),
  • easy migration from existing shaarlis,
  • run ok without javascript,
  • visitor reading operates on static flat files only (no server code),
  • secure against brute force login attacks,
  • easy translation & skinning,
  • leverage existing, widely deployed web tec (CGI, XSLT, HTML, CSS),
  • easy fail2ban integration / DOS mitigation,
Quality very good good normal irrelevant
Functionality ×
Reliability ×
Usability ×
Efficiency ×
Changeability ×
Portability ×

Dependencies

tl;dr: a webserver that can execute CGIs and serve files from disc.

ShaarliGo is an old-school CGI binary executable, so it needs a webserver to drive it. Configurations come for Apache (automatic, see static/.htaccess) and Lighttpd (see static/app/lighttpd.conf).

As a self-contained, statically linked, Go executable, it has no runtime dependencies and works on a variety of platforms.

ShaarliGo needs write access to the webroot filesystem to once unpack the web assets and when posting update the content.

Storage footprint is <25 KiB per post.

When posting a page, it is once accessed via HTTP GET to infer title, tags and a thumbnail image URL.

Todos

  1. pinned posts,
  2. private posts,
  3. PuSH/PubSubhubbub / WebSub,
  4. import shaarlis (login?),
  5. pwd reset (maybe deleting from app/config.yaml is acceptable),
  6. images/enclosures,
  7. comments,
  8. trackback/pingback

Credits

inspired by and compatible to http://sebsauvage.net/wiki/doku.php?id=php:shaarli.