Fix code indentation

This commit closes #59.

about.xhtml

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - About -->
-<!-- Version: 10.0.1 -->
+<!-- Version: 10.0.2-alpha.1 -->
 
 <!-- Copyright 2022 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->
@@ -90,30 +90,21 @@
 			<section id="about_me">
 				<h2><a href="#about_me">About Me</a></h2>
 					<img class="avatar" src="asset/img/avatar/inference.png" alt="My avatar."/>
-										<p>I am Jake Winters, also known by my pseudonym
+					<p>I am Jake Winters, also known by my pseudonym "Inference", a security researcher based in United
-										"Inference", a security researcher based in United
 					Kingdom.</p>
-										<p>I am the founder, lead developer, and administrator, of
+					<p>I am the founder, lead developer, and administrator, of Inferencium.</p>
-										Inferencium.</p>
+					<p>All opinions are my own, and are not necessarily shared with projects or people I am affiliated
-										<p>All opinions are my own, and are not necessarily shared
+					with.</p>
-										with projects or people I am affiliated with.</p>
+					<p>I write about my research and experience in cybersecurity and also physical security. Most of my
-										<p>I write about my research and experience in cybersecurity
+					postings are security-related, but I occasionally post about other aspects of my life.</p>
-										and also physical security. Most of my postings are
+					<p>I am an open source advocate for the preservation and modifiability of source code. I believe
-										security-related, but I occasionally post about other
+					source code should be considered human knowledge as much as past knowledge and teachings were; it is
-										aspects of my life.</p>
+					how modern humanity survives and runs. Source code being modifiable allows it to be adapted for use
-										<p>I am an open source advocate for the preservation and
+					by anyone, whether to add features, harden it for increased security and/or privacy, or provide
-										modifiability of source code. I believe source code should
+					accessibility for disabled users.</p>
-										be considered human knowledge as much as past knowledge and
+					<p>I am also a modular design advocate for the ability to securely and robustly make changes to
-										teachings were; it is how modern humanity survives and runs.
+					hardware and software without the entire system being affected.</p>
-										Source code being modifiable allows it to be adapted for use
+					<p>I run multiple XMPP channels; a directory of channels can be found on the
-										by anyone, whether to add features, harden it for increased
-										security and/or privacy, or provide accessibility for
-										disabled users.</p>
-										<p>I am also a modular design advocate for the ability to
-										securely and robustly make changes to hardware and software
-										without the entire system being affected.</p>
-										<p>I run multiple XMPP channels; a directory of channels can
-										be found on the
 					<a href="https://inferencium.net/directory.xhtml">directory</a>
 					webpage.</p>
 					<p>If you wish to contact me for any reason, you can use my
@@ -123,14 +114,11 @@
 				<h2><a href="#date_time">Date and Time</a></h2>
 					<p>All dates and times across my services are
 					<a href="https://en.wikipedia.org/wiki/ISO_8601">ISO 8601</a>-compliant.
-										The short-form format <code>YYYY-MM-DD</code> is used for
+					The short-form format <code>YYYY-MM-DD</code> is used for dates, and <code>hh:mm:ss</code> is used
-										dates, and <code>hh:mm:ss</code> is used for times, with
+					for times, with display of seconds being based on required level of accuracy. The full expression
-										display of seconds being based on required level of
+					may be used when necessary; <code>YYYYMMDDThhmmssZ</code> (UTC without offset),
-										accuracy. The full expression may be used when necessary;
+					<code>YYYYMMDDThhmmss+hhmm</code> (with positive offset), or <code>YYYYMMDDThhmmss-hhmm</code> (with
-										<code>YYYYMMDDThhmmssZ</code> (UTC without offset),
+					negative offset).</p>
-										<code>YYYYMMDDThhmmss+hhmm</code> (with positive offset), or
-										<code>YYYYMMDDThhmmss-hhmm</code> (with negative
-										offset).</p>
 			</section>
 			<section id="languages">
 				<h2><a href="#languages">Languages</a></h2>
@@ -145,100 +133,69 @@
 							languages whenever possible.</p>
 							<section id="languages-markup-xhtml">
 								<h4><a href="#languages-markup-xhtml">XHTML</a></h4>
-																				<p>XHTML is preferred for most content
+									<p>XHTML is preferred for most content due to its HTML-based design and syntax, with
-																				due to its HTML-based design and syntax,
+									advantages over HTML, including strict parsing checks which assist with achieving
-																				with advantages over HTML, including
+									code-correctness, and being XML-compliant to allow widespread usage even outside of
-																				strict parsing checks which assist with
+									the intended HTML-based use case.</p>
-																				achieving code-correctness, and being
+									<p>HTML has multiple flaws, including allowing broken code to be loaded in the
-																				XML-compliant to allow widespread usage
+									user's web browser, not informing the developer of broken code or mismatching tags,
-																				even outside of the intended HTML-based
+									and using non-standard, highly-permissive syntax which is non-portable. XHTML
-																				use case.</p>
+									mitigates or completely fixes these issues via its XML namespace.</p>
-																				<p>HTML has multiple flaws, including
-																				allowing broken code to be loaded in the
-																				user's web browser, not informing the
-																				developer of broken code or mismatching
-																				tags, and using non-standard, highly
-																				permissive syntax which is
-																				non-portable. XHTML mitigates or
-																				completely fixes these issues via
-																				its XML namespace.</p>
 							</section>
 							<section id="languages-markup-asciidoc">
 								<h4><a href="#languages-markup-asciidoc">AsciiDoc</a></h4>
-																				<p>AsciiDoc is used when portability is
+									<p>AsciiDoc is used when portability is a concern, as it allows easy conversion to
-																				a concern, as it allows easy conversion
+									other file formats, including HTML and PDF. AsciiDoc can also be read as-is, due to
-																				to other file formats, including HTML
+									it having clean markup and high readability when viewed as plaintext.</p>
-																				and PDF. AsciiDoc can also be read
-																				as-is, due to it having clean markup and
-																				high readability when viewed as
-																				plaintext.</p>
 							</section>
 					</section>
 					<section id="languages-programming">
 						<h3><a href="#languages-programming">Programming</a></h3>
-														<p>The following programming languages are used in my code, with
+							<p>The following programming languages are used in my code, with rationale provided for the
-														rationale provided for the usage of each language.</p>
+							usage of each language.</p>
-														<p>Note that derivations of non-Inferencium codebases, such as
+							<p>Note that derivations of non-Inferencium codebases, such as forks, may not contain the
-														forks, may not contain the programming languages listed here due
+							programming languages listed here due to the work involved in replacing all code, but will
-														to the work involved in replacing all code, but will be
+							be rewritten whenever possible, and new code will be written in my preferred languages
-														rewritten whenever possible, and new code will be written in my
+							whenever possible.</p>
-														preferred languages whenever possible.</p>
 							<section id="languages-programming-rust">
 								<h4><a href="#languages-programming-rust">Rust</a></h4>
-																				<p>Rust is a partially object-oriented
+									<p>Rust is a partially object-oriented programming language with a focus on security
-																				programming language with a focus on
+									and performance. It has strict compile-time checks to verify the memory-safety and
-																				security and performance. It has strict
+									thread-safety of code, is memory-efficient, has no garbage collection, is highly
-																				compile-time checks to verify the
+									portable, has great support for integration with other languages, and is suitable
-																				memory-safety and thread-safety of code,
+									for both high-level and low-level code.</p>
-																				is memory-efficient, has no garbage
+									<p>Rust is the modern replacement for C++.</p>
-																				collection, is highly portable, has
-																				great support for integration with other
-																				languages, and is suitable for both
-																				high-level and low-level code.</p>
-																				<p>Rust is the modern replacement for
-																				C++.</p>
 							</section>
 							<section id="languages-programming-go">
 								<h4><a href="#languages-programming-go">Go</a></h4>
-																				<p>Go is a functional programming
+									<p>Go is a functional programming language with a focus on performance. It is easy
-																				language with a focus on performance. It
+									to use, has garbage collection, allows clean codebases, and is suitable for
-																				is easy to use, has garbage collection,
+									high-level code.</p>
-																				allows clean codebases, and is suitable
+									<p>Go is the modern replacement for C.</p>
-																				for high-level code.</p>
-																				<p>Go is the modern replacement for
-																				C.</p>
 							</section>
 					</section>
 			</section>
 			<section id="licensing">
 				<h2><a href="#licensing">Licensing</a></h2>
-										<p>I care about upstreaming and sharing code, strongly
+					<p>I care about upstreaming and sharing code, strongly preferring licenses which have high license
-										preferring licenses which have high license compatibility in
+					compatibility in order to permit sharing code with as many other projects as possible; for this
-										order to permit sharing code with as many other projects as
+					reason, permissive licenses are mypreferred choice, while avoiding copyleft licenses and other
-										possible; for this reason, permissive licenses are my
+					licenses which place restrictions on how my code may be used, and prevent me from including
-										preferred choice, while avoiding copyleft licenses and other
+					important proprietary code, such as firmware, which can patch security vulnerabilities, privacy
-										licenses which place restrictions on how my code may be
+					issues, and stability issues.</p>
-										used, and prevent me from including important proprietary
+					<p>All of my code is and will be permissively-licensed unless specific circumstances make it
-										code, such as firmware, which can patch security
+					impractical or infeasible to do so. My goal is to share code which has the least amount of
-										vulnerabilities, privacy issues, and stability issues.</p>
+					restrictions as possible, to allow wider propagation of my code and allow more use cases and
-										<p>All of my code is and will be permissively licensed
+					possibilities, as well as ensuring proprietary code, whenever required, is permitted to be included
-										unless specific circumstances make it impractical or
+					and/or linked to.</p>
-										infeasible to do so. My goal is to share code which has the
-										least amount of restrictions as possible, to allow wider
-										propagation of my code and allow more use cases and
-										possibilities, as well as ensuring proprietary code,
-										whenever required, is permitted to be included and/or linked
-										to.</p>
 					<p><a href="https://iso.org/standard/81870.html">ISO 5962:2021</a>
 					is used for licensing, in the format
-										<code>SPDX-License-Identifier: <var>&lt;license&gt;</var></code>;
+					<code>SPDX-License-Identifier: <var>&lt;license&gt;</var></code>; see the
-										see the
 					<a href="https://spdx.org/licenses/">SPDX License List</a>
 					for the full list of available licenses under this
 					standard.</p>
-										<p>My preferred licenses and rationale for using them are
+					<p>My preferred licenses and rationale for using them are below; any licenses not listed are chosen
-										below; any licenses not listed are chosen on a case-by-case
+					on a case-by-case basis.</p>
-										basis.</p>
 					<section id="licensing-code">
 						<h3><a href="#licensing-code">Code</a></h3>
 							<section id="licensing-code-bsd3clause">
@@ -246,17 +203,11 @@
 									<p><b>SPDX License Identifier:</b> <code>BSD-3-Clause</code></p>
 									<p><b>Type: Permissive</b></p>
 									<p><a href="https://spdx.org/licenses/BSD-3-Clause.html">BSD 3-Clause License</a>
-																				is a highly permissive license which
+									is a highly permissive license which allows content licensed under it to be used in
-																				allows content licensed under it to be
+									any way, whether in source or binary form, and allows sublicensing under a different
-																				used in any way, whether in source or
+									license, with the only restrictions being the original copyright notice must be kept
-																				binary form, and allows sublicensing
+									in order to attribute the original creator of the licensed content, and the name of
-																				under a different license, with the only
+									the project and/or its contributors may not be used to endorse or promote products
-																				restrictions being the original
-																				copyright notice must be kept in order
-																				to attribute the original creator of the
-																				licensed content, and the name of the
-																				project and/or its contributors may not
-																				be used to endorse or promote products
 									derived from the original project.</p>
 							</section>
 							<section id="licensing-code-gpl2.0only">
@@ -264,31 +215,18 @@
 									<p><b>SPDX License Identifier:</b> <code>GPL-2.0-only</code></p>
 									<p><b>Type: Copyleft</b></p>
 									<p><a href="https://spdx.org/licenses/GPL-2.0-only.html">GNU General Public License v2.0</a>
-																				is a strong copyleft license which
+									is a strong copyleft license which restricts use of content licensed under it by
-																				restricts use of content licensed under
+									requiring all source code of the content to be publicly available, making
-																				it by requiring all source code of the
+									binary-only form and inclusion of proprietary code impossible, requiring all
-																				content to be publicly available, making
+									derivatives to be licensed under the same license (allowing sublicensing under only
-																				binary-only form and inclusion of
+									newer GPL licenses if <code>GPL-2.0-or-later</code> is specified in the SPDX License
-																				proprietary code impossible, requiring
+									Identifier), and requiring the original copyright notice to be kept in order to
-																				all derivatives to be licensed under the
+									attribute the original creator of the licensed content.</p>
-																				same license (allowing sublicensing
+									<p>Due to the restrictive and invasive nature of this license, it is avoided unless
-																				under only newer GPL licenses if
+									such restrictions would be beneficial to my code; whenever this is the case, the GNU
-																				<code>GPL-2.0-or-later</code> is
+									General Public License v2.0 will be used, rather than the more restrictive
-																				specified in the SPDX License
-																				Identifier), and requiring the original
-																				copyright notice to be kept in order to
-																				attribute the original creator of the
-																				licensed content.</p>
-																				<p>Due to the restrictive and invasive
-																				nature of this license, it is avoided
-																				unless such restrictions would be
-																				beneficial to my code; whenever this is
-																				the case, the GNU General Public License
-																				v2.0 will be used, rather than the more
-																				restrictive
 									<a href="https://spdx.org/licenses/GPL-3.0-only.html">GNU General Public License v3.0</a>,
-																				and relicensing derivatives under the
+									and relicensing derivatives under the GNU General Public License v3.0 will be
-																				GNU General Public License v3.0 will be
 									disallowed.</p>
 							</section>
 					</section>
@@ -299,24 +237,18 @@
 									<p><b>SPDX License Identifier:</b> <code>CC-BY-4.0</code></p>
 									<p><b>Type: Permissive</b></p>
 									<p><a href="https://spdx.org/licenses/CC-BY-4.0.html">Creative Commons Attribution 4.0 International</a>
-																				is a highly permissive license which
+									is a highly-permissive license which allows content licensed under it to be used in
-																				allows content licensed under it to be
+									any way, in any medium, with the only restriction being the original copyright
-																				used in any way, in any medium, with the
+									notice must be kept in order to attribute the original creator of the licensed
-																				only restriction being the original
+									content.</p>
-																				copyright notice must be kept in order
-																				to attribute the original creator of the
-																				licensed content.</p>
 							</section>
 					</section>
 					<section id="licensing-open_source_vs_free_software">
 						<h3><a href="#licensing-open_source_vs_free_software">Do I Distinguish Between Open Source and Free Software?</a></h3>
-																<p>No. If code is not released under an open-source
+							<p>No. If code is not released under an open-source license and places restrictions on how
-																license and places restrictions on how the code may be
+							the code may be used, it is either source-available (if viewing the code is permitted) or
-																used, it is either source-available (if viewing the code
+							proprietary. "Free software" only causes confusion and exists to push an ideology by a
-																is permitted) or proprietary. "Free software" only
+							specific group of people. If software isn't "free", it's not open-source, either.</p>
-																causes confusion and exists to push an ideology by a
-																specific group of people. If software isn't "free", it's
-																not open-source, either.</p>
 					</section>
 			</section>
 			<section id="versioning">
@@ -325,131 +257,105 @@
 						<h3><a href="#versioning-numbering_scheme">What is the Numbering Scheme?</a></h3>
 							<p>All code uses
 							<a href="https://semver.org">Semantic Versioning</a>.
-														The numbering scheme divided into 3 blocks (herein referred to
+							The numbering scheme is divided into 3 blocks (herein referred to as Block 0, Block 1, and
-														as Block 0, Block 1, and Block 2, in left-to-right order); the
+							Block 2, in left-to-right order); the version blocks are separated by periods. When a
-														version blocks are separated by periods. When a version number
+							version number block is incremented, all blocks to the right of it are reset to 0. The
-														block is incremented, all blocks to the right of it are reset to
+							legacy versioning scheme was a similar numerical versioning scheme which lacked
-														0. The legacy versioning scheme was a similar numerical
+							standardisation.</p>
-														versioning scheme which lacked standardisation.</p>
+							<p>Block 0 contains the <code><var>MAJOR</var></code> version; this number is incremented
-														<p>Block 0 contains the <code><var>MAJOR</var></code> version;
+							whenever an API-incompatible change is made to the code.</p>
-														this number is incremented whenever an API-incompatible change
+							<p>Block 1 contains the <code><var>MINOR</var></code> version; this number is incremented
-														is made to the code.</p>
+							whenever an API-compatible, substantial change is made to the code, such as adding a
-														<p>Block 1 contains the <code><var>MINOR</var></code> version;
-														this number is incremented whenever an API-compatible,
-														substantial change is made to the code, such as adding a
 							feature.</p>
-														<p>Block 2 contains the <code><var>PATCH</var></code> version;
+							<p>Block 2 contains the <code><var>PATCH</var></code> version; this number is incremented
-														this number is incremented whenever an API-compatible,
+							whenever an API-compatible, unsubstantial change is made to the code, such as fixing or
-														unsubstantial change is made to the code, such as fixing or
 							optimising the code.</p>
-														<p>Development and pre-release versions are suffixed with
+							<p>Development and pre-release versions are suffixed with a hyphen, followed by their phase,
-														a hyphen, followed by their phase, a period, then the version of
+							a period, then the version of that phase; for example, <code>-alpha.<var>n</var></code> for
-														that phase; for example, <code>-alpha.<var>n</var></code> for an
+							an alpha version, <code>-beta.<var>n</var></code> for a beta version, and
-														alpha version, <code>-beta.<var>n</var></code> for a beta
+							<code>-rc.<var>n</var></code> for a release candidate version, with
-														version, and <code>-rc.<var>n</var></code> for a release
+							<code><var>n</var></code> being a non-negative integer. Stable versions have no suffix.</p>
-														candidate version, with <code><var>n</var></code> being a
-														non-negative integer. Stable versions have no suffix.</p>
 					</section>
 					<section id="versioning-phases">
 						<h3><a href="#versioning-phases">What Are the Phases?</a></h3>
-														<p>There are 4 phases of development. Each phase typically has
+							<p>There are 4 phases of development. Each phase typically has its own branch in each source
-														its own branch in each source code repository. The phases are as
+							code repository. The phases are as follows:</p>
-														follows:</p>
 								<ol>
-																<li>Alpha: Pre-alpha development and alpha testing
+									<li>Alpha: Pre-alpha development and alpha testing occurs in this phase. Features
-																occurs in this phase. Features are added, modified,
+									are added, modified, and/or removed. Fixes and optimisations may also occur if they
-																and/or removed. Fixes and optimisations may also occur
+									are caught during this phase. This is where the majority of changes occur and where
-																if they are caught during this phase. This is where the
+									the fine-grained commits can be found. Breakage is highly likely within this phase
-																majority of changes occur and where the fine-grained
+									as it makes no attempt to be stable or usable due to being where the most rapid
-																commits can be found. Breakage is highly likely within
+									development occurs. Code is tested internally in a fine-grained manner and is moved
-																this phase as it makes no attempt to be stable or usable
+									to the next phase only when it is deemed feature-complete and reasonably stable for
-																due to being where the most rapid development occurs.
+									broader public testing. If you would like to assist in testing code in this phase,
-																Code is tested internally in a fine-grained manner and
+									you must use the code and/or tags from the source code repositories due to it not
-																is moved to the next phase only when it is deemed
+									being available publicly outside of them.</li>
-																feature-complete and reasonably stable for broader
+									<li>Beta: Feature-complete testing occurs in this phase. Only bug fixes and
-																public testing. If you would like to assist in testing
+									optimisations occur in this phase, such as stability and security fixes. This phase
-																code in this phase, you must use the code and/or tags
+									is classified as stable enough for broad public testing and is made available
-																from the source code repositories due to it not being
+									publicly in many cases without having to use the source code repositories. Since
-																available publicly outside of them.</li>
+									this phase contains only feature-complete code, no features will be added, modified,
-																<li>Beta: Feature-complete testing occurs in this phase.
+									or removed in this phase.</li>
-																Only bug fixes and optimisations occur in this phase,
+									<li>Release candidate (RC): Feature-complete testing occurs in this phase. Code in
-																such as stability and security fixes. This phase is
+									the RC phase is often stable enough for production usage, but is not yet completely
-																classified as stable enough for broad public testing and
+									acceptable to be classified as stable by my standards. This phase is often skipped
-																is made available publicly in many cases without having
+									due to most bugs being caught in the beta phase, but will be used should the need
-																to use the source code repositories. Since this phase
+									arise for finer-grained testing beyond what the beta phase can provide. Like the
-																contains only feature-complete code, no features will be
+									beta phase, code in this phase is available publicly without requiring usage of the
-																added, modified, or removed in this phase.</li>
+									source code repositories.</li>
-																<li>Release candidate (RC): Feature-complete testing
+									<li>Stable: Feature-complete and well-tested code is moved to this phase. Code in
-																occurs in this phase. Code in the RC phase is often
+									this phase is deemed to be stable enough for production usage and full support is
-																stable enough for production usage, but is not yet
-																completely acceptable to be classified as stable by my
-																standards. This phase is often skipped due to most bugs
-																being caught in the beta phase, but will be used should
-																the need arise for finer-grained testing beyond what the
-																beta phase can provide. Like the beta phase, code in
-																this phase is available publicly without requiring usage
-																of the source code repositories.</li>
-																<li>Stable: Feature-complete and well-tested code is
-																moved to this phase. Code in this phase is deemed to be
-																stable enough for production usage and full support is
 									provided.</li>
 								</ol>
-														<p>When development of a new version has begun, the code within
+							<p>When development of a new version has begun, the code within the alpha phase is rebased
-														the alpha phase is rebased onto the most recent code from the
+							onto the most recent code from the stable phase before work commences. This cycle continues
-														stable phase before work commences. This cycle continues for the
+							for the lifetime of the code.</p>
-														lifetime of the code.</p>
 					</section>
 			</section>
 			<section id="services">
 				<h2><a href="#services">Services</a></h2>
 					<p>This list contains the policies and practices of my services.</p>
-										<p>My policies and practices are heavily security- and privacy-focused, with
+					<p>My policies and practices are heavily security- and privacy-focused, with improvements made on an
-										improvements made on an ongoing basis as new technologies, protocols, and
+					ongoing basis as new technologies, protocols, and software become available.</p>
-										software become available.</p>
 						<h3 id="services-websites"><a href="#services-websites">Websites</a></h3>
 							<ul>
-														<li>Unnecessary logging avoided (only logs required for security
+								<li>Unnecessary logging avoided (only logs required for security and debugging
-														and debugging purposes)</li>
+								purposes)</li>
 								<li>All server logs purged every 14 days</li>
-														<li>User IP addresses used only for security and debugging
+								<li>User IP addresses used only for security and debugging purposes (purged along with
-														purposes (purged along with logs)</li>
+								logs)</li>
 								<li>All connections made via
 								<a href="https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.3">TLS 1.3</a>
 								only to ensure the most secure
 								<a href="https://en.wikipedia.org/wiki/Authenticated_encryption">AEAD</a>
 								ciphers are used, along with
 								<a href="https://en.wikipedia.org/wiki/Forward_secrecy">forward secrecy</a></li>
-														<li>All connections made via high-security AEAD ciphers,
+								<li>All connections made via high-security AEAD ciphers, preferring AES-256-GCM for
-														preferring AES-256-GCM for devices with AES
+								devices with AES hardware acceleration, and ChaCha20-Poly1305 for devices without AES
-														hardware acceleration, and ChaCha20-Poly1305 for devices without
+								hardware acceleration, with AES-128-GCM as a fallback (AES-128-GCM is mandated for TLS
-														AES hardware acceleration, with AES-128-GCM as a fallback
+								1.3 by
-														(AES-128-GCM is mandated for TLS 1.3 by
 								<a href="https://datatracker.ietf.org/doc/rfc8446#section-9.1">IETF RFC8446 section 9.1</a>)</li>
-														<li>All connections are made via high-security key exchange
+								<li>All connections are made via high-security key exchange protocols, preferring
-														protocols, preferring X25519, with secp256r1 as a fallback
+								X25519, with secp256r1 as a fallback (secp256r1 is mandated for TLS 1.3 by IETF RFC8446
-														(secp256r1 is mandated for TLS 1.3 by IETF RFC8446 section
+								section 9.1)</li>
-														9.1)</li>
 								<li><a href="https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions">Domain Name System Security Extensions (DNSSEC)</a>
-														enabled to provide a root-of-trust for encryption and
+								enabled to provide a root-of-trust for encryption and authentication for domain and
-														authentication for domain and server configuration</li>
+								server configuration</li>
 								<li><a href="https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization">Certification Authority Authorization (CAA)</a>
-														records enabled to prevent all certificate authorities other
+								records enabled to prevent all certificate authorities other than
-														than
 								<a href="https://letsencrypt.org/">Let's Encrypt</a> from
 								issuing TLS certificates for my domains</li>
 								<li><a href="https://en.wikipedia.org/wiki/SSHFP_record">Secure Shell fingerprint (SSHFP)</a>
-														records enabled to provide a DNS-based root-of-trust for SSH
+								records enabled to provide a DNS-based root-of-trust for SSH connections to my
-														connections to my domains</li>
+								domains</li>
-														<li>Referrer headers disabled to prevent knowing where a user
+								<li>Referrer headers disabled to prevent knowing where a user was redirected from</li>
-														was redirected from</li>
+								<li>All content sourced from my own domains, with third-party content prohibited via
-														<li>All content sourced from my own domains, with third-party
-														content prohibited via
 								<a href="https://en.wikipedia.org/wiki/Content_Security_Policy">Content Security Policy</a>
 								configuration</li>
-														<li>All servers physically under my control (no VPS or other
+								<li>All servers physically under my control (no VPS or other hosting providers)</li>
-														hosting providers)</li>
+								<li>No proprietary services, ensuring I have complete control over my services, and
-														<li>No proprietary services, ensuring I have complete control
+								vendor lock-in does not occur</li>
-														over my services, and vendor lock-in does not occur</li>
 							</ul>
 			</section>
 			<section id="recommendations">
@@ -480,102 +386,78 @@
 													<th id="hardware-smartphone-smartphone">Smartphone</th>
 													<th id ="google-pixel" headers="hardware hardware-smartphone-smartphone">
 													<img src="asset/img/google-pixel_8_pro.png" width="100" height="100" alt="Front and rear view of a Google Pixel 8 Pro in Obsidian colour"/><br/>
-																										Google Pixel
+													Google Pixel</th>
-																										</th>
 													<td class="desc" headers="hardware-description google-pixel">
 														<h5>Security/Privacy</h5>
-																														<p>Google Pixel devices	are the best
+															<p>Google Pixel devices	are the best Android devices
-																														Android devices available on the market
+															available on the market for
-																														for
 															<a href="https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html">security and privacy</a>.</p>
-																														<p>They allow locking the bootloader
+															<p>They allow locking the bootloader with a
-																														with a
 															<a href="https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later">custom Android Verified Boot (AVB) key</a>
-																														in order to preserve security and
+															in order to preserve security and privacy features when
-																														privacy features when installing a
+															installing a custom operating system, such as
-																														custom operating system, such as
 															<a href="https://source.android.com/docs/security/features/verifiedboot/">verified boot</a>
-																														which verifies that the OS has not been
+															which verifies that the OS has not been corrupted or tampered with, and
-																														corrupted or tampered with, and
 															<a href="https://source.android.com/docs/security/features/verifiedboot/verified-boot#rollback-protection">rollback protection</a>
-																														which prevents an adversary from rolling
+															which prevents an adversary from rolling back the OS or
-																														back the OS or firmware version to a
+															firmware version to a previous version with known security
-																														previous version with known security
 															vulnerabilities.</p>
 															<p>They also include a
 															<a href="https://developer.android.com/training/articles/keystore#HardwareSecurityModule">hardware security module</a>
-																														(Titan M2, improving on the previous
+															(Titan M2, improving on the previous generation
-																														generation
 															<a href="https://security.googleblog.com/2018/10/building-titan-better-security-through.html">Titan M</a>)
-																														which is extremely resistant to both
+															which is extremely resistant to both remote and physical
-																														remote and physical attacks due to being
+															attacks due to being completely isolated from the rest of
-																														completely isolated from the rest of the
+															the system, including the operating system. Titan M2 ensures
-																														system, including the operating system.
+															that the device cannot be remotely compromised by requiring
-																														Titan M2 ensures that the device cannot
+															the side buttons of the device to be physically pressed for
-																														be remotely compromised by requiring the
+															some sensitive operations. Titan M2 also takes the role of
-																														side buttons of the device to be
-																														physically pressed for some sensitive
-																														operations. Titan M2 also takes the role
-																														of
 															<a href="https://source.android.com/docs/security/best-practices/hardware#strongbox-keymaster">Android StrongBox Keymaster</a>,
 															a
 															<a href="https://source.android.com/docs/security/features/keystore">hardware-backed Keystore</a>
-																														containing sensitive user keys which are
+															containing sensitive user keys which are unavailable to the
-																														unavailable to the OS or apps running on
+															OS or apps running on it without authorisation from Titan M2
-																														it without authorisation from Titan M2
 															itself.
 															<a href="https://android-developers.googleblog.com/2018/05/insider-attack-resistance.html">Insider attack resistance</a>
-																														ensures that Titan M2 firmware can be
+															ensures that Titan M2 firmware can be flashed only if the
-																														flashed only if the user PIN/password is
+															user PIN/password is already known, making it impossible to
-																														already known, making it impossible to
+															backdoor the device without already knowing these secrets.</p>
-																														backdoor the device without already
+															<p>Google Pixel device kernels are compiled with
-																														knowing these secrets.</p>
-																														<p>Google Pixel device kernels are
-																														compiled with
 															<a href="https://android-developers.googleblog.com/2018/10/control-flow-integrity-in-android-kernel.html">forward-edge control-flow integrity</a>
 															and
 															<a href="https://security.googleblog.com/2019/10/protecting-against-code-reuse-in-linux_30.html">backward-edge control-flow integrity</a>
-																														to prevent code reuse attacks against
+															to prevent code reuse attacks against the kernel. MAC
-																														the kernel. MAC address randomisation is
+															address randomisation is
 															<a href="https://android-developers.googleblog.com/2017/04/changes-to-device-identifiers-in.html">implemented well, along with minimal probe requests and randomised initial sequence numbers</a>.</p>
 															<p>Google releases
 															<a href="https://source.android.com/docs/security/bulletin/pixel/">guaranteed monthly security updates</a>,
-																														ensuring Google Pixel devices are
+															ensuring Google Pixel devices are up-to-date and quickly
-																														up-to-date and quickly protected against
+															protected against security vulnerabilities.</p>
-																														security vulnerabilities.</p>
+															<p>Pixel 6-series and 7-series devices are a large
-																														<p>Pixel 6-series and 7-series devices
+															improvement over the already very secure and private
-																														are a large improvement over the already
+															previous generation Pixel devices. They replace ARM-based
-																														very secure and private previous
+															Titan M with RISC-V-based Titan M2, reducing trust by
-																														generation Pixel devices. They replace
+															removing ARM from the equation. Titan M2 is more resiliant
-																														ARM-based Titan M with RISC-V-based
+															to attacks than Titan M, and is
-																														Titan M2, reducing trust by removing ARM
-																														from the equation. Titan M2 is more
-																														resiliant to attacks than Titan M, and
-																														is
 															<a href="https://www.tuv-nederland.nl/assets/files/cerfiticaten/2022/09/nscib-cc-22-0228971-cert-final.pdf">AVA_VAN.5 certified</a>,
-																														the highest level of vulnerability
+															the highest level of vulnerability assessment. Google's
-																														assessment. Google's in-house Tensor
+															in-house Tensor System-on-Chip includes Tensor Security
-																														System-on-Chip includes Tensor Security
+															Core, further improving device security.</p>
-																														Core, further improving device
-																														security.</p>
 															<p>Pixel 8-series includes Armv9's
 															<a href="https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/enhanced-security-through-mte">Memory Tagging Extension</a>,
-																														which dramatically increases device
+															which dramatically increases device security by eliminating
-																														security by eliminating up to 95% of all
+															up to 95% of all security issues caused by
-																														security issues caused by
 															memory-unsafety.</p>
 														<h5>Support</h5>
 															<p>Pixel 5a is supported for a
 															<a href="https://support.google.com/nexus/answer/4457705#zippy=%2Cpixel-a-g-pixel-pixel-a-g-pixel-a-pixel-xl-pixel">minimum of 3 years from launch</a>.</p>
-																														<p>Pixel 6-series, Pixel 7-series, Pixel
+															<p>Pixel 6-series, Pixel 7-series, Pixel Fold, and Pixel
-																														Fold, and Pixel Tablet are supported for
+															Tablet are supported for a
-																														a
 															<a href="https://support.google.com/nexus/answer/4457705#zippy=%2Cpixel-a-pixel-pixel-pro-pixel-a-pixel-pixel-pro-pixel-fold">minimum of 5 years from launch</a>.</p>
 															<p>Pixel 8-series is supported for a
 															<a href="https://support.google.com/nexus/answer/4457705#zippy=%2Cpixel-pro">minimum of 7 years from launch</a>.</p>
 													</td>
-																										<td headers="hardware-smartphone-source_model google-pixel">
+													<td headers="hardware-smartphone-source_model google-pixel"></td>
-																										</td>
 												</tr>
 											</tbody>
 										</table>
@@ -608,50 +490,41 @@
 													<th id="software-pc-os">Operating system</th>
 													<th id="gentoo_linux" headers="software-pc software-pc-os">
 													<img src="asset/img/logo/gentoo_linux.png" width="100" height="100" alt="Gentoo Linux logo"/><br/>
-																										Gentoo Linux
+													Gentoo Linux</th>
-																										</th>
 													<td class="desc" headers="software-pc-description gentoo_linux">
 														<p><a href="https://www.gentoo.org/">Gentoo Linux</a>
-																												is a highly modular, source-based, Linux-based
+														is a highly modular, source-based, Linux-based operating system
-																												operating system which allows vast customisation
+														which allows vast customisation to tailor the operating system
-																												to tailor the operating system to suit your
+														to suit your specific needs. There are many advantages to such
-																												specific needs. There are many advantages to
+														an operating system, with the most notable being the ability to
-																												such an operating system, with the most notable
+														optimise the software for security, privacy, performance, or
-																												being the ability to optimise the software for
+														power usage; however, there are effectively unlimited other use
-																												security, privacy, performance, or power usage;
+														cases, or a combination of multiple use cases.</p>
-																												however, there are effectively unlimited other
+														<p>I have focused on security hardening and privacy hardening,
-																												use cases, or a combination of multiple use
+														placing performance below those aspects, although my system is
-																												cases.</p>
+														still very performant. Some of the hardening I apply includes
-																												<p>I have focused on security hardening and
-																												privacy hardening, placing performance below
-																												those aspects, although my system is still very
-																												performant. Some of the hardening I apply
-																												includes
 														<a href="https://en.wikipedia.org/wiki/Buffer_overflow_protection">stack protection</a>,
 														<a href="https://en.wikipedia.org/wiki/Integer_overflow">signed integer overflow trapping</a>,
 														and GrapheneOS'
 														<a href="https://github.com/GrapheneOS/hardened_malloc/">hardened_malloc</a>
 														memory allocator.</p>
-																												<p>You can find my Gentoo Linux configurations
+														<p>You can find my Gentoo Linux configurations in my
-																												in my
 														<a href="https://src.inferencium.net/Inferencium/cfg/">configuration respository</a>.</p>
 													</td>
 													<td headers="software-pc-source_model gentoo_linux">
 													Open-source<br/>
-																												(GPL-2.0-only)
+													(GPL-2.0-only)</td>
-																										</td>
 												</tr>
 												<tr>
 													<th id="software-web_browser">Web browser</th>
 													<th id="chromium" headers="software-pc software-web_browser">
 													<img src="asset/img/logo/chromium.png" width="100" height="100" alt="Chromium logo"/><br/>
-																										Chromium
+													Chromium</th>
-																										</th>
 													<td class="desc" headers="software-pc-description chromium">
 														<p><a href="https://chromium.org/">Chromium</a>
-																												is a highly secure web browser which is often ahead
+														is a highly secure web browser which is often ahead of other web
-																												of other web browsers in security aspects. It has a
+														browsers in security aspects. It has a dedicated security team
-																												dedicated security team and a very impressive
+														and a very impressive
 														<a href="https://www.chromium.org/Home/chromium-security/brag-sheet/">security brag sheet</a>.
 														Chromium's security features include a strong
 														<a href="https://code.google.com/p/chromium/wiki/LinuxSandboxing">multi-layer sandbox</a>,
@@ -659,11 +532,11 @@
 														<a href="https://www.chromium.org/Home/chromium-security/site-isolation">site isolation</a>,
 														<a href="https://www.chromium.org/Home/chromium-security/binding-integrity">Binding Integrity</a>
 														memory hardening, and
-																												<a href="https://www.chromium.org/developers/testing/control-flow-integrity/">control-flow integrity (CFI)</a>.</p></td>
+														<a href="https://www.chromium.org/developers/testing/control-flow-integrity/">control-flow integrity (CFI)</a>.</p>
+													</td>
 													<td headers="software-pc-source_model chromium">
 													Open-source<br/>
-																												(BSD-3-Clause)
+													(BSD-3-Clause)</td>
-																										</td>
 												</tr>
 											</tbody>
 										</table>
@@ -693,146 +566,125 @@
 													<th id="software-smartphone-os">Operating system</th>
 													<th id="grapheneos" headers="software-smartphone software-smartphone-os">
 													<img src="asset/img/logo/grapheneos.png" width="100" height="100" alt="GrapheneOS logo"/><br/>
-																										GrapheneOS
+													GrapheneOS</th>
-																										</th>
 													<td class="desc" headers="software-smartphone-description grapheneos">
 														<p><a href="https://grapheneos.org/">GrapheneOS</a>
-																												is a security-hardened, privacy-hardened,
+														is a security-hardened, privacy-hardened, secure-by-default,
-																												secure-by-default, Android-based operating
+														Android-based operating system which implements extensive,
-																												system which implements extensive, systemic
+														systemic security and privacy hardening to the Android Open
-																												security and privacy hardening to the Android
+														Source Project used as its base codebase.</p>
-																												Open Source Project used as its base
+														<p>Its hardening includes closing gaps for apps to access
-																												codebase.</p>
+														sensitive system information, a secure app spawning feature
-																												<p>Its hardening includes closing gaps for apps
+														which avoids sharing address space layout and other secrets
-																												to access sensitive system information, a secure
+														AOSP's default Zygote app spawning model would share,
-																												app spawning feature which avoids sharing
-																												address space layout and other secrets AOSP's
-																												default Zygote app spawning model would share,
 														<a href="https://github.com/GrapheneOS/kernel_gs-gs101/">hardened kernel</a>,
 														hardened memory allocator
 														(<a href="https://github.com/GrapheneOS/hardened_malloc/">hardened_malloc</a>)
-																												to protect against common memory corruption
+														to protect against common memory corruption vulnerabilities,
-																												vulnerabilities,
 														<a href="https://github.com/GrapheneOS/platform_bionic/">hardened Bionic standard C library</a>,
 														<a href="https://github.com/GrapheneOS/platform_system_sepolicy/">stricter SELinux policies</a>,
 														and local and remote hardware-backed attestation
 														(<a href="https://attestation.app/about/">Auditor</a>)
-																												to ensure the OS has not been corrupted or
+														to ensure the OS has not been corrupted or tampered with.</p>
-																												tampered with.</p>
 														<p>GrapheneOS only supports
 														<a href="https://grapheneos.org/faq#device-support">high-security and well-supported devices</a>
-																												which receive full support from their
+														which receive full support from their manufacturers, including
-																												manufacturers, including firmware updates, long
+														firmware updates, long support lifecycles, secure hardware, and
-																												support lifecycles, secure hardware, and overall
+														overall high-security practices.</p>
-																												high-security practices.</p>
+														<p>For an extensive list of features GrapheneOS provides, visit
-																												<p>For an extensive list of features GrapheneOS
+														its
-																												provides, visit its
 														<a href="https://grapheneos.org/features/">official features list</a>
 														which provides extensive documentation.</p>
 													</td>
 													<td headers="software-smartphone-source_model grapheneos">
 													Open-source<br/>
-																												(MIT)
+													(MIT)</td>
-																										</td>
 												</tr>
 												<tr>
 													<th id="software-smartphone-web_browser">Web browser</th>
 													<th id="vanadium" headers="software-smartphone software-smartphone-web_browser">
 													<img src="asset/img/logo/vanadium.png" width="100" height="100" alt="Vanadium logo"/><br/>
-																										Vanadium
+													Vanadium</th>
-																										</th>
 													<td class="desc" headers="software-smartphone-description vanadium">
-																												<p>Vanadium is a security-hardened,
+														<p>Vanadium is a security-hardened, privacy-hardened,
-																												privacy-hardened, Chromium-based web browser
+														Chromium-based web browser which utilises GrapheneOS' operating
-																												which utilises GrapheneOS' operating system
+														system hardening to implement stronger defenses to the already
-																												hardening to implement stronger defenses to the
+														very secure Chromium web browser.</p>
-																												already very secure Chromium web browser.</p>
+														<p>Its hardening alongside Chromium's base security features
-																												<p>Its hardening alongside Chromium's base
+														includes
-																												security features includes
 														<a href="https://github.com/GrapheneOS/Vanadium/blob/13/patches/0081-Implement-UI-for-JIT-site-settings.patch">disabling JavaScript just-in-time (JIT) compilation by default</a>,
 														<a href="https://github.com/GrapheneOS/Vanadium/blob/13/patches/0051-stub-out-the-battery-status-API.patch">stubbing out the battery status API to prevent abuse of it</a>,
 														and
 														<a href="https://github.com/GrapheneOS/Vanadium/blob/13/patches/0084-Toggle-for-navigating-external-URL-in-incognito.patch">always-on Incognito mode as an option</a>.</p>
-																												<p>Vanadium's source code, including its Chromium
+														<p>Vanadium's source code, including its Chromium patch-set, can
-																												patch-set, can be found in its
+														be found in its
 														<a href="https://github.com/GrapheneOS/Vanadium/">official repository</a>.</p>
 													</td>
 													<td headers="software-smartphone-source_model vanadium">
 													Open-source<br/>
-																												(GPL-2.0-only)
+													(GPL-2.0-only)</td>
-																										</td>
 												</tr>
 												<tr>
 													<th rowspan="2" id="software-smartphone-messenger">Messenger</th>
 													<th id="molly" headers="software-smartphone software-smartphone-messenger">
 													<img src="asset/img/logo/molly.png" width="100" height="100" alt="Molly logo"/><br/>
-																										Molly
+													Molly</th>
-																										</th>
 													<td class="desc" headers="software-smartphone-description molly">
 														<p><a href="https://molly.im/">Molly</a>
 														is a security-hardened, privacy-hardened
 														<a href="https://signal.org/">Signal</a>
-																												client which hardens Signal by using a variety
+														client which hardens Signal by using a variety of
-																												of
 														<a href="https://github.com/mollyim/mollyim-android#features">unique features</a>,
 														allowing
 														<a href="https://github.com/mollyim/mollyim-android/wiki/Data-Encryption-At-Rest">locking the database when not in use</a>,
 														and
 														<a href="https://github.com/mollyim/mollyim-android/blob/a81ff7d120adc9d427be17239107343146bad704/app/src/main/java/org/thoughtcrime/securesms/crypto/MasterSecretUtil.java#L91">utilising Android StrongBox</a>
-																												to protect user keys using the device's hardware
+														to protect user keys using the device's hardware security
-																												security module.</p>
+														module.</p>
 														<p>Molly is available in
 														<a href="https://github.com/mollyim/mollyim-android#free-and-open-source">2 flavours</a>:</p>
 															<ul>
-																														<li>Molly, which includes the same
+																<li>Molly, which includes the same proprietary Google
-																														proprietary Google code as Signal to
+																code as Signal to support more features</li>
-																														support more features</li>
+																<li>Molly-FOSS, which removes the proprietary Google
-																														<li>Molly-FOSS, which removes the
+																code to provide an entirely open-source client</li>
-																														proprietary Google code to provide an
-																														entirely open-source client</li>
 															</ul>
 													</td>
 													<td headers="software-smartphone-source_model molly">
 													Open-source<br/>
-																												(GPL-3.0-only)
+													(GPL-3.0-only)</td>
-																										</td>
 												</tr>
 												<tr>
 													<th id="conversations" headers="software-smartphone software-smartphone-messenger">
 													<img src="asset/img/logo/conversations.png" width="100" height="100" alt="Conversations logo"/><br/>
-																										Conversations
+													Conversations</th>
-																										</th>
 													<td class="desc" headers="software-smartphone-description conversations">
 														<p><a href="https://conversations.im/">Conversations</a>
 														is a well-designed Android
 														<a href="https://xmpp.org/">XMPP</a>
-																												client which serves as the de facto XMPP
+														client which serves as the de facto XMPP reference client and
-																												reference client and has great usability.</p>
+														has great usability.</p>
 													</td>
 													<td headers="software-smartphone-source_model conversations">
 													Open-source<br/>
-																												(GPL-3.0-only)
+													(GPL-3.0-only)</td>
-																										</td>
 												</tr>
 												<tr>
 													<th id="software-smartphone-viewer">Viewer</th>
 													<th id="gallery" headers="software-smartphone software-smartphone-viewer">
 													<img src="asset/img/logo/gallery.png" width="100" height="100" alt="Gallery logo"/><br/>
-																										Gallery
+													Gallery</th>
-																										</th>
 													<td class="desc" headers="software-smartphone-description gallery">
 														<p><a href="https://github.com/IacobIonut01/Gallery">Gallery</a>
-																												is a lightweight image and video viewer with
+														is a lightweight image and video viewer with image editing
-																												image editing capabilities.</p>
+														capabilities.</p>
-																												<p>It has a clean and modern design without
+														<p>It has a clean and modern design without including
-																												including unnecessary features, and runs
+														unnecessary features, and runs smoothly. It provides both
-																												smoothly. It provides both individual image and
+														individual image and video file view, and folder view.</p>
-																												video file view, and folder view.</p>
 													</td>
 													<td headers="software-smartphone-source_model gallery">
 													Open-source<br/>
-																												(Apache-2.0)
+													(Apache-2.0)</td>
-																										</td>
 												</tr>
 											</tbody>
 										</table>
@@ -841,28 +693,21 @@
 					</section>
 					<section id="recommendations-music">
 						<h3><a href="#recommendations-music">Music</a></h3>
-														<p>For a curated list of music I enjoy,
+							<p>For a curated list of music I enjoy, visit my
-														visit my
 							<a href="music.xhtml">music page</a>.</p>
 					</section>
 			</section>
 			<section id="gnulinux_or_linux">
 				<h2><a href="#gnulinux_or_linux">Is it GNU/Linux or Just Linux?</a></h2>
-										<p>It's just Linux. GNU is unrelated to Linux, which is a
+					<p>It's just Linux. GNU is unrelated to Linux, which is a kernel developed by
-										kernel developed by
 					<a href="https://en.wikipedia.org/wiki/Linus_Torvalds">Linus Torvalds</a>.
-										Linux can be used entirely without GNU software in
+					Linux can be used entirely without GNU software in userspace, and the kernel can be compiled without
-										userspace, and the kernel can be compiled without the use of
+					the use of GNU tools. Just because GNU tools were used to initally develop and compile the kernel,
-										GNU tools. Just because GNU tools were used to initally
+					and were initially the only available tools for userspace, does not make this true today, and it
-										develop and compile the kernel, and were initially the only
+					never made GNU a part of Linux itself at any point of time.</p>
-										available tools for userspace, does not make this true
+					<p>Where are all of the other forward-slashes for every other piece of software on a Linux-based
-										today, and it never made GNU a part of Linux itself at any
+					system which makes it just as usable? If a system is running "GNU/Linux", it should be using more
-										point of time.</p>
+					than a single forward-slash when there is more to the system than only GNU.</p>
-										<p>Where are all of the other forward-slashes for every
-										other piece of software on a Linux-based system which makes
-										it just as usable? If a system is running "GNU/Linux", it
-										should be using more than a single forward-slash when there
-										is more to the system than only GNU.</p>
 			</section>
 		<div class="sitemap-small"><a href="sitemap.xhtml">Sitemap</a></div>
 	</body>

blog.xhtml

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - Blog -->
-<!-- Version: 8.0.0 -->
+<!-- Version: 8.0.1-alpha.1 -->
 
 <!-- Copyright 2022 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->

blog/foss_is_working_against_itself.xhtml

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - Blog - #0 -->
-<!-- Version: 9.0.0 -->
+<!-- Version: 9.0.1-alpha.1 -->
 
 <!-- Copyright 2022 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->
@@ -48,39 +48,35 @@
 				</nav>
 				<section id="introduction">
 					<h2><a href="#introduction">Introduction</a></h2>
-										<p>The world has become a dangerous, privacy invading, human rights stripping,
+						<p>The world has become a dangerous, privacy invading, human rights stripping, totalitarian
-										totalitarian place; in order to combat this, people are joining a growing, and
+						place; in order to combat this, people are joining a growing, and dangerous, trend, which I will
-										dangerous, trend, which I will refer to in this post as the "Free and Open
+						refer to in this post as the "Free and Open Source (FOSS) movement". With that stated, I will
-										Source (FOSS) movement". With that stated, I will now debunk the misinformation
+						now debunk the misinformation being spread inside of this extremely flawed movement.</p>
-										being spread inside of this extremely flawed movement.</p>
 						<p>The
 						<a href="https://en.wikipedia.org/wiki/Free_software">FOSS</a>
 						movement is an attempt to regain
 						<a href="https://en.wikipedia.org/wiki/Privacy">privacy</a>
 						and
 						<a href="https://en.wikipedia.org/wiki/Control_(psychology)">control</a>
-										over our devices and data, but the entire concept of FOSS-only, at the current
+						over our devices and data, but the entire concept of FOSS-only, at the current time, is
-										time, is severely, and dangerously, flawed. What the FOSS community does not
+						severely, and dangerously, flawed. What the FOSS community does not seem to understand is the
-										seem to understand is the fact that most FOSS software cares not about
+						fact that most FOSS software cares not about
 						<a href="https://en.wikipedia.org/wiki/Security">security</a>.
-										"Security"; keep that word in mind as you progress through this article. What is
+						"Security"; keep that word in mind as you progress through this article. What is security?
-										security? Security is being safe and secure from adversaries and unwanted
+						Security is being safe and secure from adversaries and unwanted consequences; security protects
-										consequences; security protects our rights and allows us to protect ourselves.
+						our rights and allows us to protect ourselves. Without security, we have no protection, and
-										Without security, we have no protection, and without protection, we have a lack
+						without protection, we have a lack of certainty of everything else, including privacy and
-										of certainty of everything else, including privacy and control, which is what
+						control, which is what the FOSS movement is seeking.</p>
-										the FOSS movement is seeking.</p>
+						<p>FOSS projects rarely take security into account; they simply look at the surface level,
-										<p>FOSS projects rarely take security into account; they simply look at the
+						rather than the actual
-										surface level, rather than the actual
 						<a href="https://en.wikipedia.org/wiki/Root_cause_analysis">root cause</a>
-										of the issues they are attempting to fight against. In this case, the focus is
+						of the issues they are attempting to fight against. In this case, the focus is on privacy and
-										on privacy and control. Without security mechanisms to protect the privacy
+						control. Without security mechanisms to protect the privacy features and the ability to control
-										features and the ability to control your devices and data, it can be stripped
+						your devices and data, it can be stripped away as if it never existed in the first place, which,
-										away as if it never existed in the first place, which, inevitably, leads us back
+						inevitably, leads us back to the beginning, and the cycle repeats. With this
-										to the beginning, and the cycle repeats. With this
 						<a href="https://en.wikipedia.org/wiki/Ideology">ideology</a>,
-										privacy and control will <em>never</em> be achieved. There is no foundation to
+						privacy and control will <em>never</em> be achieved. There is no foundation to build privacy or
-										build privacy or control upon. It is impossible to build a solid, freedom
+						control upon. It is impossible to build a solid, freedom respecting platform on this model.</p>
-										respecting platform on this model.</p>
 				</section>
 				<section id="examples">
 					<h2><a href="#examples">Examples</a></h2>
@@ -88,107 +84,91 @@
 							<h3><a href="#examples-smartphones">Smartphones</a></h3>
 								<p>A FOSS phone, especially so-called
 								"<a href="https://en.wikipedia.org/wiki/Linux_for_mobile_devices#Smartphones">Linux phones</a>"
-														are completely detrimental to privacy and control, because they
+								are completely detrimental to privacy and control, because they do not have the security
-														do not have the security necessary to enforce that privacy.
+								necessary to enforce that privacy.
 								<a href="https://en.wikipedia.org/wiki/Bootloader_unlocking">Unlocked bootloaders</a>
 								prevent the device from
 								<a href="https://source.android.com/docs/security/features/verifiedboot/">verifying the integrity of the boot chain</a>,
-														including the OS, meaning any adversary, whether a stranger who
+								including the OS, meaning any adversary, whether a stranger who happens to pick up the
-														happens to pick up the device, or a big tech or government
+								device, or a big tech or government entity, can simply inject malicious code into your
-														entity, can simply inject malicious code into your software and
+								software and you wouldn't have any idea it was there. If that's not enough of a backdoor
-														you wouldn't have any idea it was there. If that's not enough of
+								for you to reconsider your position, how about the trivial
-														a backdoor for you to reconsider your position, how about the
-														trivial
 								<a href="https://en.wikipedia.org/wiki/Evil_maid_attack">evil maid</a>
-														and data extraction attacks which could be executed on your
+								and data extraction attacks which could be executed on your device, without coercion?
-														device, without coercion? With Android phones, this is bad
+								With Android phones, this is bad enough to completely break the privacy and control the
-														enough to completely break the privacy and control the FOSS
+								FOSS movement seeks, but "Linux phones" take it a step further by implementing barely
-														movement seeks, but "Linux phones" take it a step further by
+								any security, if any at all.
-														implementing barely any security, if any at all.
 								<a href="https://en.wikipedia.org/wiki/Privilege_escalation">Privilege escalation</a>
-														is trivial to achieve on any Linux system, which is the reason
+								is trivial to achieve on any Linux system, which is the reason Linux
-														Linux
 								<a href="https://en.wikipedia.org/wiki/Hardening_(computing)">hardening</a>
-														strategies often include restricting access to the root account;
+								strategies often include restricting access to the root account; if you
-														if you
 								<a href="https://en.wikipedia.org/wiki/Rooting_(Android)">root your Android phone</a>,
-														or use a "Linux phone", you've already destroyed the security
+								or use a "Linux phone", you've already destroyed the security model, and thus privacy
-														model, and thus privacy and control model you were attempting to
+								and control model you were attempting to achieve. Not only are these side effects of
-														achieve. Not only are these side effects of FOSS, so is the
+								FOSS, so is the absolutely illogical restriction of not being able to, or making it
-														absolutely illogical restriction of not being able to, or making
+								unnecessarily difficult to, install and update critical components of the system, such
-														it unnecessarily difficult to, install and update critical
+								as proprietary
-														components of the system, such as proprietary
 								<a href="https://en.wikipedia.org/wiki/Firmware">firmware</a>,
-														which just so happens to be almost all of them. "Linux phones"
+								which just so happens to be almost all of them. "Linux phones" are not as free as they
-														are not as free as they proclaim to be.</p>
+								proclaim to be.</p>
 								<p>You may ask "What's so bad about using
 								<a href="https://lineageos.org/">LineageOS</a>?",
-														to which I answer with "What's not bad about it?".
+								to which I answer with "What's not bad about it?".</p>
 									<ul>
 										<li>LineageOS uses
 										<a href="https://github.com/LineageOS/hudson/blob/master/lineage-build-targets">debug builds</a>,
 										not safe and secure release builds.</li>
-																		<li>LineageOS requires an unlocked bootloader.
+										<li>LineageOS requires an unlocked bootloader. Even when installed on devices
-																		Even when installed on devices which support
+										which support custom Android Verified Boot (AVB) keys, the bootloader cannot be
-																		custom Android Verified Boot (AVB) keys, the
+										locked due to lack of the OS being signed.</li>
-																		bootloader cannot be locked due to lack of the
+										<li>LineageOS does not install critically important firmware without manual
-																		OS being signed.</li>
+										flashing, requiring users to perform a second update to install this firmware;
-																		<li>LineageOS does not install critically
+										this likely causes users to ignore the notification or miss firmware
-																		important firmware without manual flashing,
-																		requiring users to perform a second update to
-																		install this firmware; this likely causes users
-																		to ignore the notification or miss firmware
 										updates.</li>
 										<li>LineageOS does not implement
 										<a href="https://source.android.com/docs/security/features/verifiedboot/verified-boot#rollback-protection">rollback protection</a>,
-																		meaning any adversary, from a stranger who
+										meaning any adversary, from a stranger who physically picks up the device, to a
-																		physically picks up the device, to a goverment
+										goverment entity remotely, can simply downgrade the OS to a previous version in
-																		entity remotely, can simply downgrade the OS to
+										order to exploit known
-																		a previous version in order to exploit known
 										<a href="https://en.wikipedia.org/wiki/Vulnerability_(computing)">security vulnerabilities</a>.</li>
 									</ul>
-														</p>
+								<p>LineageOS is not the only Android OS (commonly, and incorrectly, referred to as a
-														<p>LineageOS is not the only Android OS (commonly, and
+								"ROM") with such issues, but it is one of the worst. The only things such insecure OSes
-														incorrectly, referred to as a "ROM") with such issues, but it is
+								can provide you are customisation abilities, and a backdoor to your data. They are best
-														one of the worst. The only things such insecure OSes can provide
+								suited as a development OS, not a production OS.</p>
-														you are customisation abilities, and a backdoor to your data.
-														They are best suited as a development OS, not a production
-														OS.</p>
 						</section>
 				</section>
 				<section id="solution">
 					<h2><a href="#solution">Solution</a></h2>
-										<p>What can you do about this? The answer is simple; however, it does require
+						<p>What can you do about this? The answer is simple; however, it does require you to use logic,
-										you to use logic, fact, and evidence, not emotion, which is a difficult pill for
+						fact, and evidence, not emotion, which is a difficult pill for most people to swallow. Use your
-										most people to swallow. Use your adversaries' weapons against them. The only way
+						adversaries' weapons against them. The only way to effectively combat the privacy invasion and
-										to effectively combat the privacy invasion and lack of control of our devices
+						lack of control of our devices and data is to become a
-										and data is to become a
 						<a href="https://en.wikipedia.org/wiki/Turncoat">renegade</a>
-										and not take sides. Yes, that means not taking sides with the closed-source,
+						and not take sides. Yes, that means not taking sides with the closed-source, proprietary, big
-										proprietary, big tech and government entities, but it also means not taking
+						tech and government entities, but it also means not taking sides with any FOSS entities. The
-										sides with any FOSS entities. The only way to win this war is to take
+						only way to win this war is to take <em>whatever</em> hardware and software you can, and use it
-										<em>whatever</em> hardware and software you can, and use it tactically.</p>
+						tactically.</p>
-										<p>The best solution for device security, privacy, and control, is to use a
+						<p>The best solution for device security, privacy, and control, is to use a Google Pixel
-										Google Pixel (currently, Pixel 5a or newer) running
+						(currently, Pixel 5a or newer) running
 						<a href="https://grapheneos.org/">GrapheneOS</a>.
 						Google Pixel devices allow you complete bootloader freedom, including the
 						<a href="https://android.googlesource.com/platform/external/avb/+/master/README.md#pixel-2-and-later">ability to lock the bootloader after flashing a custom OS</a>
-										(GrapheneOS includes a custom OS signing key to allow locking the bootloader and
+						(GrapheneOS includes a custom OS signing key to allow locking the bootloader and enabling
-										enabling verified boot to prevent
+						verified boot to prevent
 						<a href="https://en.wikipedia.org/wiki/Malware">malware</a>
 						persistence, evil maid attacks, and boot chain
 						<a href="https://en.wikipedia.org/wiki/Data_corruption">corruption</a>),
 						<a href="https://support.google.com/nexus/answer/4457705">long device support lifecycles</a>
-										(minimum 3 years for Pixel 5a, minimum 5 years for Pixel 6-series and 7-series,
+						(minimum 3 years for Pixel 5a, minimum 5 years for Pixel 6-series and 7-series, and minimum 7
-										and minimum 7 years for Pixel 8-series and newer), and
+						years for Pixel 8-series and newer), and
 						<a href="https://source.android.com/docs/security/bulletin/pixel/">guaranteed monthly security updates</a>
 						for the entire support timeframe of the devices.</p>
 				</section>
 				<section id="conclusion">
 					<h2><a href="#conclusion">Conclusion</a></h2>
-										<p>Use what you can, and do what you can. By neglecting security, you are, even
+						<p>Use what you can, and do what you can. By neglecting security, you are, even if
-										if unintentionally, neglecting exactly what you are trying to gain; privacy and
+						unintentionally, neglecting exactly what you are trying to gain; privacy and control.</p>
-										control.</p>
 				</section>
 		<div class="sitemap-small"><a href="../sitemap.xhtml">Sitemap</a></div>
 	</body>

blog/systemd_insecurity.xhtml

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - Blog - #1 -->
-<!-- Version: 9.0.0 -->
+<!-- Version: 9.0.1-alpha.1 -->
 
 <!-- Copyright 2022 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->
@@ -47,8 +47,7 @@
 				developer doesn't care about your security at all.</p>
 				<section id="issue-0">
 					<h2><a href="#issue-0">Issue #0 - Against CVE Assignment</a></h2>
-										<blockquote>"You don't assign CVEs to every single random bugfix we do, do
+						<blockquote>"You don't assign CVEs to every single random bugfix we do, do you?"</blockquote>
-										you?"</blockquote>
 						<p>- Lennart Poettering, systemd lead developer</p>
 						<p><b>My thoughts:</b> Yes, if they're security-related.</p>
 						<p>Source:
@@ -56,41 +55,38 @@
 				</section>
 				<section id="issue-1">
 					<h2><a href="#issue-1">Issue #1 - CVEs Are Not Useful</a></h2>
-										<blockquote>"Humpf, I am not convinced this is the right way to announce this.
+						<blockquote>"Humpf, I am not convinced this is the right way to announce this. We never did
-										We never did that, and half the CVEs aren't useful anyway, hence I am not sure
+						that, and half the CVEs aren't useful anyway, hence I am not sure we should start with that now,
-										we should start with that now, because it is either inherently incomplete or
+						because it is either inherently incomplete or blesses the nonsensical part of the CVE circus
-										blesses the nonsensical part of the CVE circus which we really shouldn't
+						which we really shouldn't bless..."</blockquote>
-										bless..."</blockquote>
 						<p>- Lennart Poettering, systemd lead developer</p>
-										<p><b>My thoughts:</b> CVEs are supposed to be for security, and a log of when they
+						<p><b>My thoughts:</b> CVEs are supposed to be for security, and a log of when they were found
-										were found and their severity, so yes, it <em>is</em> the correct way to
+						and their severity, so yes, it <em>is</em> the correct way to announce it. It seems as if over
-										announce it. It seems as if over 95 security-concious people think the same.</p>
+						95 security-concious people think the same.</p>
 						<p>Source:
 						<a href="https://github.com/systemd/systemd/pull/6225#issuecomment-311739869">systemd GitHub Issue 6225</a></p>
 				</section>
 				<section id="issue-2">
 					<h2><a href="#issue-2">Issue #2 - Security is a Circus</a></h2>
-										<blockquote>"I am not sure I buy enough into the security circus to do that
+						<blockquote>"I am not sure I buy enough into the security circus to do that though for any minor
-										though for any minor issue..."</blockquote>
+						issue..."</blockquote>
 						<p>- Lennart Poettering, systemd lead developer</p>
 						<p>Source:
 						<a href="https://github.com/systemd/systemd/issues/5144#issuecomment-276740654">systemd GitHub Issue 5144</a></p>
 				</section>
 				<section id="issue-3">
 					<h2><a href="#issue-3">Issue #3 - Blaming the User</a></h2>
-										<blockquote><p>"Yes, as you found out "0day" is not a valid username. I wonder
+						<blockquote><p>"Yes, as you found out "0day" is not a valid username. I wonder which tool
-										which tool permitted you to create it in the first place. Note that not
+						permitted you to create it in the first place. Note that not permitting numeric first characters
-										permitting numeric first characters is done on purpose: to avoid ambiguities
+						is done on purpose: to avoid ambiguities between numeric UID and textual user names.</p>
-										between numeric UID and textual user names.</p>
+						<p>systemd will validate all configuration data you drop at it, making it hard to generate
-										<p>systemd will validate all configuration data you drop at it, making it hard to
+						invalid configuration. Hence, yes, it's a feature that we don't permit invalid user names, and
-										generate invalid configuration. Hence, yes, it's a feature that we don't permit
+						I'd consider it a limitation of xinetd that it doesn't refuse an invalid username.</p>
-										invalid user names, and I'd consider it a limitation of xinetd that it doesn't
+						<p>So, yeah, I don't think there's anything to fix in systemd here. I understand this is
-										refuse an invalid username.</p>
+						annoying, but still: the username is clearly not valid."</p></blockquote>
-										<p>So, yeah, I don't think there's anything to fix in systemd here. I understand
-										this is annoying, but still: the username is clearly not valid."</p></blockquote>
 						<p>- Lennart Poettering, systemd lead developer</p>
-										<p><b>My thoughts:</b> systemd was the thing that allowed root access just because a
+						<p><b>My thoughts:</b> systemd was the thing that allowed root access just because a username
-										username started with a number, then Poettering blamed the user.</p>
+						started with a number, then Poettering blamed the user.</p>
 						<p>Source:
 						<a href="https://github.com/systemd/systemd/issues/6237#issuecomment-311900864">systemd GitHub Issue 6237</a></p>
 				</section>

blog/the_chromium_monopoly.xhtml

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - Blog - #3 -->
-<!-- Version: 9.0.0 -->
+<!-- Version: 9.0.0-alpha.1 -->
 
 <!-- Copyright 2022 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->
@@ -44,68 +44,56 @@
 				</nav>
 				<section id="introduction">
 					<h2><a href="#introduction">Introduction</a></h2>
-										<p>It's no secret that I'm an advocate of Chromium and will use it for the
+						<p>It's no secret that I'm an advocate of Chromium and will use it for the foreseeable future.
-										foreseeable future. It is a highly secure web browser which provides strong
+						It is a highly secure web browser which provides strong protection against malicious wesbites
-										protection against malicious wesbites and the code they run, and, while I am not
+						and the code they run, and, while I am not too interested in high performance, it is a very
-										too interested in high performance, it is a very performant web browser, despite
+						performant web browser, despite its security features.</p>
-										its security features.</p>
+						<p>However, the intention of this blog post is not to promote Chromium for any reason, but
-										<p>However, the intention of this blog post is not to promote Chromium for any
+						rather show an issue with it; an issue which is larger than may be realised by web-surfing
-										reason, but rather show an issue with it; an issue which is larger than may be
+						users. That issue is the large monopoly Chromium has in the web browser market;
-										realised by web-surfing users. That issue is the large monopoly Chromium has in
-										the web browser market;
 						<a href="https://en.wikipedia.org/wiki/Usage_share_of_web_browsers#Summary_tables">Chromium's market share is around 65%</a>,
-										making it the largest slice of the cake. The issue becomes even deeper and more
+						making it the largest slice of the cake. The issue becomes even deeper and more problematic when
-										problematic when you realise that the second-place web browser, Safari, has only
+						you realise that the second-place web browser, Safari, has only an 18% market share.</p>
-										an 18% market share.</p>
+						<p>The main issue with this type of monopoly is the large amounts of power and influence it
-										<p>The main issue with this type of monopoly is the large amounts of power and
+						gives Chromium, which can lead to, and is leading to, excessive authority of how the web should
-										influence it gives Chromium, which can lead to, and is leading to, excessive
+						work, and the standards which are implemented, which all other web browsers must comply with in
-										authority of how the web should work, and the standards which are implemented,
+						order to have a fully working web.</p>
-										which all other web browsers must comply with in order to have a fully working
-										web.</p>
 				</section>
 				<section id="solution">
 					<h2><a href="#solution">Solution</a></h2>
-										<p>In order to combat the Chromium monopoly, users typically go over to
+						<p>In order to combat the Chromium monopoly, users typically go over to Chromium's classical
-										Chromium's classical rival, Firefox. However, Firefox is dying and has lost
+						rival, Firefox. However, Firefox is dying and has lost almost all of its userbase over the last
-										almost all of its userbase over the last 2-3 years; the reason for this is a
+						2-3 years; the reason for this is a tale of selfishness and greed, caused by Firefox's parent
-										tale of selfishness and greed, caused by Firefox's parent company to go off
+						company to go off course and lose its original goal of providing a freedom-respecting, open web.
-										course and lose its original goal of providing a freedom-respecting, open web.
+						Mozilla caused self-inflicted damage which it cannot recover from, and, to me, is already dead.
-										Mozilla caused self-inflicted damage which it cannot recover from, and, to me,
+						The vultures are simply waiting for the final, small group of users to abandon the project
-										is already dead. The vultures are simply waiting for the final, small group of
+						before Firefox finally succumbs to its own demise; the demise it caused itself.</p>
-										users to abandon the project before Firefox finally succumbs to its own demise;
+						<p>If attempting to increase Firefox's market share to previous levels will be in vain, what is
-										the demise it caused itself.</p>
+						the solution? How can we prevent Chromium from completely taking over the web and dictating
-										<p>If attempting to increase Firefox's market share to previous levels will be
+						everything we do and how the web should be designed and used?</p>
-										in vain, what is the solution? How can we prevent Chromium from completely
+						<p>To find the answer to these important but difficult questions, we must go to the alternatives
-										taking over the web and dictating everything we do and how the web should be
+						which still have a fighting chance. Safari, developed by Apple, is based on WebKit, an engine
-										designed and used?</p>
+						completely independent of Chromium and Firefox.</p>
-										<p>To find the answer to these important but difficult questions, we must go to
+						<p>Just using a non-Chromium-based web browser is not enough; the choice must already have
-										the alternatives which still have a fighting chance. Safari, developed by Apple,
+						enough market share to still be relevant, and be capable of gaining new users. Safari, being
-										is based on WebKit, an engine completely independent of Chromium and
+						preinstalled on Apple devices including iPhone and Mac, already has a great advantage over
-										Firefox.</p>
+						Firefox. Apple devices, especially iPhone, is abundant in streets everywhere on the planet.
-										<p>Just using a non-Chromium-based web browser is not enough; the choice must
+						Safari is the default choice for Apple users and has a large market share simply because of how
-										already have enough market share to still be relevant, and be capable of gaining
+						widespread it is. Exploiting this fact is the only way to gain more market share and take down
-										new users. Safari, being preinstalled on Apple devices including iPhone and Mac,
+						Chromium before it is too late; the clock is ticking, and Apple are the only ones preventing
-										already has a great advantage over Firefox. Apple devices, especially iPhone, is
+						Chromium from completely taking over the web. Backing Safari instead of Firefox will keep the
-										abundant in streets everywhere on the planet. Safari is the default choice for
+						WebKit market share from falling to a critically low percentage, making it impossible to make a
-										Apple users and has a large market share simply because of how widespread it is.
+						comeback, as has happened to Firefox. Sometimes, directly supporting a political party is not
-										Exploiting this fact is the only way to gain more market share and take down
+						the way to get them into power, supporting the second-place alternative is, in order to keep the
-										Chromium before it is too late; the clock is ticking, and Apple are the only
+						one you don't want out of power, giving the party you do want in power an advantage. To win this
-										ones preventing Chromium from completely taking over the web. Backing Safari
+						war against the Chromium monopoly, we must be tactical, not emotional.</p>
-										instead of Firefox will keep the WebKit market share from falling to a
-										critically low percentage, making it impossible to make a comeback, as has
-										happened to Firefox. Sometimes, directly supporting a political party is not the
-										way to get them into power, supporting the second-place alternative is, in order
-										to keep the one you don't want out of power, giving the party you do want in
-										power an advantage. To win this war against the Chromium monopoly, we must be
-										tactical, not emotional.</p>
 				</section>
 				<section id="conclusion">
 					<h2><a href="#conclusion">Conclusion</a></h2>
-										<p>Supporting Safari is the first step in supporting WebKit and promoting usage
+						<p>Supporting Safari is the first step in supporting WebKit and promoting usage of the
-										of the independent web engine. Buying time while supporting and contributing to
+						independent web engine. Buying time while supporting and contributing to WebKit browser projects
-										WebKit browser projects is the best and only chance anyone has at competing with
+						is the best and only chance anyone has at competing with Chromium, and preventing it from
-										Chromium, and preventing it from increasing its dominance to unstoppable levels,
+						increasing its dominance to unstoppable levels, at which point there will be no return.</p>
-										at which point there will be no return.</p>
 				</section>
 		<div class="sitemap-small"><a href="../sitemap">Sitemap</a></div>
 	</body>

blog/untrusted_the_issue_with_decentralisation.xhtml

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - Blog - #2 -->
-<!-- Version: 9.0.0 -->
+<!-- Version: 9.0.1-alpha.1 -->
 
 <!-- Copyright 2022 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->
@@ -48,120 +48,99 @@
 				</nav>
 				<section id="introduction">
 					<h2><a href="#introduction">Introduction</a></h2>
-										<p>A recent trend is seeing people move towards decentralised services and
+						<p>A recent trend is seeing people move towards decentralised services and platforms. While this
-										platforms. While this is reasonable and I can understand why they are doing such
+						is reasonable and I can understand why they are doing such a thing, they are seemingly doing it
-										a thing, they are seemingly doing it without thinking about the possible
+						without thinking about the possible consequences of doing so. The issue with decentralisation is
-										consequences of doing so. The issue with decentralisation is trust; there is no
+						trust; there is no way to pin a key to a specific person, to ensure that you are communicating
-										way to pin a key to a specific person, to ensure that you are communicating with
+						with the same person you are supposed to be communicating with. In this article, I will discuss
-										the same person you are supposed to be communicating with. In this article, I
+						some of the security issues with the decentralised model.</p>
-										will discuss some of the security issues with the decentralised model.</p>
 				</section>
 				<section id="examples">
 					<h2><a href="#examples">Examples</a></h2>
 						<section id="examples-messaging">
 							<h3><a href="#examples-messaging">Messaging</a></h3>
-														<p>When it comes to messaging your contacts on a centralised
+								<p>When it comes to messaging your contacts on a centralised platform, such as Twitter
-														platform, such as Twitter or Facebook, the keys are pinned to
+								or Facebook, the keys are pinned to that user account, using the user's password as the
-														that user account, using the user's password as the method of
+								method of identification. This approach makes it impossible to log in as a specific user
-														identification. This approach makes it impossible to log in as a
+								without their password, should it be strong enough to not be guessed, whether via
-														specific user without their password, should it be strong enough
+								personal guessing or exhaustive search. The trust in this centralised model is the high
-														to not be guessed, whether via personal guessing or exhaustive
+								security these platforms have. It is extremely unlikely that anyone other than a
-														search. The trust in this centralised model is the high security
+								government would be able to access the accounts stored on such platforms' servers, which
-														these platforms have. It is extremely unlikely that anyone other
+								makes the physical security trusted. As for remote security, should a user's password be
-														than a government would be able to access the accounts stored on
+								compromised, it can typically be reset if the user can prove they are the owner of the
-														such platforms' servers, which makes the physical security
+								account via some form of identification; this is where the trust issue of
-														trusted. As for remote security, should a user's password be
-														compromised, it can typically be reset if the user can prove
-														they are the owner of the account via some form of
-														identification; this is where the trust issue of
 								decentralisation occurs.</p>
-														<p>In the decentralised model, keys are kept on the users'
+								<p>In the decentralised model, keys are kept on the users' devices, in their possession.
-														devices, in their possession. While this soveriegnty is
+								While this soveriegnty is welcomed, it introduces a critical flaw in the security of
-														welcomed, it introduces a critical flaw in the security of
+								communicating with anyone via a decentralised platform; should a user's device be lost,
-														communicating with anyone via a decentralised platform; should a
+								stolen, or otherwise compromised, there is no way to know it happened and what the new
-														user's device be lost, stolen, or otherwise compromised, there
+								keys really are, and if the same user generated those keys. There is no centralised
-														is no way to know it happened and what the new keys really are,
+								point where anyone can go to check if the compromised user has updated their keys, which
-														and if the same user generated those keys. There is no
+								means there must already have been at least one other secure channel in place before the
-														centralised point where anyone can go to check if the
+								compromise occurred. Even if there was, the security of endpoint devices, especially
-														compromised user has updated their keys, which means there must
+								typical users, is much lower than a well protected corporation's servers, making even
-														already have been at least one other secure channel in place
+								those secure channels questionable to trust. Should all secure channels be compromised,
-														before the compromise occurred. Even if there was, the security
+								there is literally no way to know if the person you are communicating with is the real
-														of endpoint devices, especially typical users, is much lower
+								person or an imposter; there is no root of trust. This point is fatal; game over. The
-														than a well protected corporation's servers, making even those
+								only way to establish trust again would be to physically meet and exchange keys.</p>
-														secure channels questionable to trust. Should all secure
-														channels be compromised, there is literally no way to know if
-														the person you are communicating with is the real person or an
-														imposter; there is no root of trust. This point is fatal; game
-														over. The only way to establish trust again would be to
-														physically meet and exchange keys.</p>
 						</section>
 				</section>
 				<section id="solution">
 					<h2><a href="#solution">Solution</a></h2>
-										<p>I'll cut to the chase; there isn't a definitive solution. The best way to
+						<p>I'll cut to the chase; there isn't a definitive solution. The best way to handle this
-										handle this situation is to design your threat model and think about your
+						situation is to design your threat model and think about your reasoning for avoiding centralised
-										reasoning for avoiding centralised platforms. Is it lack of trust of a specific
+						platforms. Is it lack of trust of a specific company? Is it the possibility of centralised
-										company? Is it the possibility of centralised platforms going offline? Only by
+						platforms going offline? Only by thinking logically and tactically can you solve both the issue
-										thinking logically and tactically can you solve both the issue of centralisation
+						of centralisation and decentralisation. Often, one size fits all is never the correct approach,
-										and decentralisation. Often, one size fits all is never the correct approach,
 						nor does it typically work.</p>
-										<p>In order to avoid the issue of loss of trust due to lack of root of trust,
+						<p>In order to avoid the issue of loss of trust due to lack of root of trust, all users' keys
-										all users' keys must be stored in a centralised location where all contacts are
+						must be stored in a centralised location where all contacts are able to go to in case of
-										able to go to in case of compromise or to periodically check the state of keys
+						compromise or to periodically check the state of keys and to see if they have changed. This
-										and to see if they have changed. This centralised location requires some sort of
+						centralised location requires some sort of identification to ensure that the user changing their
-										identification to ensure that the user changing their keys is really the same
+						keys is really the same person who initially signed up for the platform, using a
-										person who initially signed up for the platform, using a trust-on-first-use
+						trust-on-first-use (TOFU) model, which isn't much different than what today's centralised
-										(TOFU) model, which isn't much different than what today's centralised platforms
+						platforms are already doing; the only difference is who is controlling the location; trust is
-										are already doing; the only difference is who is controlling the location; trust
+						still present and required.</p>
-										is still present and required.</p>
 						<p>In order to have a root of trust, I have posted my keys to my website, which
-										is protected by multiple layers of security:
+						is protected by multiple layers of security:</p>
 							<ol>
-														<li>I have provided identification to my domain name registrar,
+								<li>I have provided identification to my domain name registrar, to ensure I can access
-														to ensure I can access the website I rightfully own, should it
+								the website I rightfully own, should it be compromised, by providing identification to
-														be compromised, by providing identification to the domain name
+								the domain name registrar.</li>
-														registrar.</li>
+								<li>I have provided identification to my virtual private server host, to ensure I can
-														<li>I have provided identification to my virtual private server
+								access the virtual private servers I rightfully rent, should they be compromised, by
-														host, to ensure I can access the virtual private servers I
+								providing identification to the virtual private server host.</li>
-														rightfully rent, should they be compromised, by providing
+								<li>I have pinned my website to a globally trusted certificate authority, Let's Encrypt,
-														identification to the virtual private server host.</li>
+								which is a trusted party to manage TLS certificates and ensure ownership of the domain
-														<li>I have pinned my website to a globally trusted certificate
+								when connecting to it.</li>
-														authority, Let's Encrypt, which is a trusted party to manage TLS
+								<li>I have enabled DNSSEC on my domain, so it is extremely difficult to spoof my domain
-														certificates and ensure ownership of the domain when connecting
+								to make you believe you're connecting to it when you're actually connecting to someone
-														to it.</li>
-														<li>I have enabled DNSSEC on my domain, so it is extremely
-														difficult to spoof my domain to make you believe you're
-														connecting to it when you're actually connecting to someone
 								else's.</li>
 							</ol>
-										</p>
+						<p>While not the most secure implementation of a root of trust, it is the most secure
-										<p>While not the most secure implementation of a root of trust, it is the most
+						implementation currently available to me. While the domain name registrar or virtual private
-										secure implementation currently available to me. While the domain name registrar
+						server host could tamper with my domain and data, they are the most trustworthy parties
-										or virtual private server host could tamper with my domain and data, they are
+						available. In its current form, decentralisation would make this impossible to implement in any
-										the most trustworthy parties available. In its current form, decentralisation
+						form.</p>
-										would make this impossible to implement in any form.</p>
 				</section>
 				<section id="conclusion">
 					<h2><a href="#conclusion">Conclusion</a></h2>
-										<p>Do not demand anonymity; demand privacy and control of your own data.
+						<p>Do not demand anonymity; demand privacy and control of your own data. Complete anonymity
-										Complete anonymity makes it impossible to have a root of trust, and is typically
+						makes it impossible to have a root of trust, and is typically never necessary. It is possible
-										never necessary. It is possible for someone else to hold your keys, without them
+						for someone else to hold your keys, without them taking control of them and dictating what you
-										taking control of them and dictating what you can and cannot do (X's
+						can and cannot do (X's misinformation policy comes to mind). If a platform is not listening to
-										misinformation policy comes to mind). If a platform is not listening to your or
+						your or other people's concerns about how it is being run, show those platforms that you will
-										other people's concerns about how it is being run, show those platforms that you
+						not stand for it, and move to a different one. This may not be ideal, but it's not different to
-										will not stand for it, and move to a different one. This may not be ideal, but
+						moving from one decentralised platform to another. Centralisation is not what is evil, the
-										it's not different to moving from one decentralised platform to another.
+						people in control of the platforms are what is potentially evil. Carefully, logically, and
-										Centralisation is not what is evil, the people in control of the platforms are
+						tactically, choose who to trust. Decentralisation doesn't do much for trust when you must still
-										what is potentially evil. Carefully, logically, and tactically, choose who to
+						trust the operator of the decentralised platform, and are still subject to the possibly
-										trust. Decentralisation doesn't do much for trust when you must still trust the
+						draconian policies of that decentralised platform. If government is what you are trying to
-										operator of the decentralised platform, and are still subject to the possibly
+						avoid, there is no denying it is feasibly impossible to avoid it; a government could always take
-										draconian policies of that decentralised platform. If government is what you are
+						down the decentralised platform, forcing you to move to another, and they could also take down
-										trying to avoid, there is no denying it is feasibly impossible to avoid it; a
+						the centralised key storage site mentioned earlier in this article. A government is not
-										government could always take down the decentralised platform, forcing you to
+						something you can so easily avoid. Decentralisation does not solve the government issue. In
-										move to another, and they could also take down the centralised key storage site
+						order to live a happy, fun, and fulfilled life, while protecting yourself against logical
-										mentioned earlier in this article. A government is not something you can so
-										easily avoid. Decentralisation does not solve the government issue. In order to
-										live a happy, fun, and fulfilled life, while protecting yourself against logical
 						threats, there are only two words you must live by: Threat model.</p>
 				</section>
 		<div class="sitemap-small"><a href="../sitemap">Sitemap</a></div>

changelog.xhtml

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - Changelog -->
-<!-- Version: 6.0.0 -->
+<!-- Version: 6.0.1-alpha.1 -->
 
 <!-- Copyright 2023 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->

changelog/firmware-aa000-0.xhtml

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - Changelog - Firmware - aa000-0 -->
-<!-- Version: 5.0.0 -->
+<!-- Version: 5.0.1-alpha.1 -->
 
 <!-- Copyright 2023 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->
@@ -106,8 +106,7 @@
 					<p>Changelog (since version 2.0.0.3):</p>
 						<ul>
 							<li>Update WHENCE</li>
-														<li>Update AMD GPU Navy Flounder DMCUB firmware to version
+							<li>Update AMD GPU Navy Flounder DMCUB firmware to version 0.0.172.0</li>
-														0.0.172.0</li>
 						</ul>
 			</article>
 			<article id="2.0.0.3">
@@ -119,8 +118,7 @@
 					<p>Changelog (since version 1.0.0.2):</p>
 						<ul>
 							<li>Update readme</li>
-														<li>Switch AMD CPU microcode readme from plaintext formatting to
+							<li>Switch AMD CPU microcode readme from plaintext formatting to AsciiDoc formatting</li>
-														AsciiDoc formatting</li>
 							<li>Update AMD CPU microcode readme</li>
 							<li>Update WHENCE</li>
 							<li>Update AMD GPU Navy Flounder DMCUB firmware</li>

changelog/firmware-xa000-0.xhtml

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - Changelog - Firmware - xa000-0 -->
-<!-- Version: 5.0.0 -->
+<!-- Version: 5.0.1-alpha.1 -->
 
 <!-- Copyright 2023 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->

changelog/firmware-xb000-0.xhtml

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - Changelog - Firmware - xb000-0 -->
-<!-- Version: 5.0.0 -->
+<!-- Version: 5.0.1-alpha.1 -->
 
 <!-- Copyright 2023 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->

contact.xhtml

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - Contact -->
-<!-- Version: 10.1.0 -->
+<!-- Version: 10.1.1-alpha.1 -->
 
 <!-- Copyright 2022 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->
@@ -46,46 +46,38 @@
 				<h2><a href="#e2ee">End-to-end Encrypted Contact Methods</a></h2>
 					<section id="e2ee-preferred">
 						<h3><a href="#e2ee-preferred">Preferred</a></h3>
-														<p>Whenever possible, use the following contact methods; they
+							<p>Whenever possible, use the following contact methods; they allow verification to mitigate
-														allow verification to mitigate man-in-the-middle attacks, have
+							man-in-the-middle attacks, have high security, and reasonable privacy.</p>
-														high security, and reasonable privacy.</p>
 							<p><strong>Use the
 							<a href="key.xhtml">keys</a>
 							for each contact method to verify my devices.</strong></p>
-														<p>Note: Verification does not verify a person, only their devices,
+							<p>Note: Verification does not verify a person, only their devices, and can be defeated via
-														and can be defeated via coercion or other force.</p>
+							coercion or other force.</p>
-														<p><img src="asset/img/logo/signal.png" class="logo-small" width="40" height="40" alt="Signal logo"/>Signal
+							<p><img src="asset/img/logo/signal.png" class="logo-small" width="40" height="40" alt="Signal logo"/>Signal</p>
 								<ul>
 									<li><a href="https://signal.me/#eu/rXOem_06yX9bsIXE2IM4wAqu6MdZKrEeepdhm28bo0M82s2UXo1GHrew2grpTIkJ">inference.01</a></li>
 								</ul>
-														</p>
+							<p><img src="asset/img/logo/xmpp.png" class="logo-small" width="40" height="40" alt="XMPP logo"/>XMPP</p>
-														<p><img src="asset/img/logo/xmpp.png" class="logo-small" width="40" height="40" alt="XMPP logo"/>XMPP
 								<ul>
 									<li><a href="xmpp://inference@inferencium.net">inference@inferencium.net</a> (Main) - (<a href="key.xhtml#xmpp-inferencium">Key</a>)</li>
 								</ul>
-														</p>
 					</section>
 					<!--
 					<section id="e2ee-metadatafree">
 						<h3><a href="#e2ee-metadatafree">Metadata-free</a></h3>
-														<p>If metadata leakage is an issue for you, you can use the
+							<p>If metadata leakage is an issue for you, you can use the following contact methods.</p>
-														following contact methods.</p>
+							<p>These services do not have verification functionality and will be treated as less secure;
-														<p>These services do not have verification functionality and
+							<strong>unless you really need to use these services, use a preferred method
-														will be treated as less secure; <strong>unless you really need
-														to use these services, use a preferred method
 							instead.</strong></p>
 					</section>
-										-->
-						</section>
-						<!--
 					<section id="nonprivate">
 							<h2><a href="#nonprivate" class="h2">Non-private Contact Methods</a></h2>
-										<p>The following contact methods do not utilise end-to-end encryption, or I do
+								<p>The following contact methods do not utilise end-to-end encryption, or I do not use
-										not use such functionality; they are suitable for public contact only, including
+								such functionality; they are suitable for public contact only, including directly and
-										directly and groups. Do not use these methods if confidentiality and/or privacy
+								groups. Do not use these methods if confidentiality and/or privacy is required.</p>
-										is required.</p>
 					</section>
 					-->
+			</section>
 		<div class="sitemap-small"><a href="sitemap.xhtml">Sitemap</a></div>
 	</body>
 </html>

directory.xhtml

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - Directory -->
-<!-- Version: 5.0.1 -->
+<!-- Version: 5.0.2-alpha.1 -->
 
 <!-- Copyright 2023 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->
@@ -33,15 +33,14 @@
 		<h1>Directory</h1>
 			<section id="xmpp">
 				<h2><a href="#xmpp">XMPP</a></h2>
-										<p>This is a list of XMPP channels hosted by me. Channels branded as
+					<p>This is a list of XMPP channels hosted by me. Channels branded as Inferencium are run by me.
-										Inferencium are run by me. Channels not under Inferencium branding are
+					Channels not under Inferencium branding are either run by me or other people, but are hosted on
-										either run by me or other people, but are hosted on Inferencium servers.</p>
+					Inferencium servers.</p>
-										<p>Public channels can be joined by anyone without an invitation. Non-public
+					<p>Public channels can be joined by anyone without an invitation. Non-public channels require an
-										channels require an invitation; requirements for invitations differ
+					invitation; requirements for invitations differ per channel.</p>
-										per channel.</p>
+					<p>For assistance within any channel, contact a moderator of the channel. If an issue is related to
-										<p>For assistance within any channel, contact a moderator of the channel. If an
+					a moderator, contact an administrator; administrators should not be contacted unless the issue
-										issue is related to a moderator, contact an administrator; administrators should
+					cannot be resolved by a moderator.</p>
-										not be contacted unless the issue cannot be resolved by a moderator.</p>
 					<div style="overflow-x: auto;">
 						<table class="lrg">
 							<colgroup>
@@ -65,14 +64,10 @@
 									<th id="inf"><a href="xmpp://gojayi@muc.xmpp.inferencium.net?join">Inferencium</a></th>
 									<td class="desc" headers="description inf">
 										<p>Inferencium general channel.</p>
-																				<p><b>Topic:</b> Any, excluding
+										<p><b>Topic:</b> Any, excluding NSFW.</p>
-																				NSFW.</p>
+										<p>Multimedia prohibited unless part of discussion.</p>
-																				<p>Multimedia prohibited unless
-																				part of discussion.</p>
-																		</td>
-																		<td class="red" headers="public inf">
-																				No
 									</td>
+									<td class="red" headers="public inf">No</td>
 									<td class="desc" headers="moderator inf">
 										<ul>
 											<li><a href="xmpp://homejacob@inferencium.net">homejacob@inferencium.net</a></li>
@@ -89,13 +84,10 @@
 									<th id="inf-moderation"><a href="xmpp://moderation@muc.xmpp.inferencium.net?join">Inferencium - Moderation</a></th>
 									<td class="desc" headers="description inf-moderation">
 										<p>Inferencium moderation channel.</p>
-																				<p><b>Topic:</b> Moderation of all XMPP
+										<p><b>Topic:</b> Moderation of all XMPP channels hosted by Inferencium.</p>
-																				channels hosted by Inferencium.</p>
 										<p>Inferencium moderators only.</p>
 									</td>
-																		<td class="red" headers="public inf-moderation">
+									<td class="red" headers="public inf-moderation">No</td>
-																				No
-																		</td>
 									<td class="desc" headers="moderator inf-moderation">
 										<ul>
 											<li><a href="xmpp://homejacob@inferencium.net">homejacob@inferencium.net</a></li>
@@ -112,10 +104,8 @@
 									<th id="inf-multimedia"><a href="xmpp://multimedia@muc.xmpp.inferencium.net?join">Inferencium - Multimedia</a></th>
 									<td class="desc" headers="description inf-multimedia">
 										<p>Inferencium multimedia channel.</p>
-																				<p><b>Topic:</b> Any, excluding
+										<p><b>Topic:</b> Any, excluding NSFW.</p>
-																				NSFW.</p>
+										<p>Discussion prohibited outside of multimedia discussion.</p>
-																				<p>Discussion prohibited outside of
-																				multimedia discussion.</p>
 									</td>
 									<td class="red" headers="public inf-multimedia">
 									No
@@ -135,14 +125,11 @@
 								<tr>
 									<th id="sys-hardening"><a href="xmpp://sys-hardening@muc.xmpp.inferencium.net?join">Systems Hardening</a></th>
 									<td class="desc" headers="description sys-hardening">
-																				<p>Systems Hardening security and
+										<p>Systems Hardening security and privacy channel.</p>
-																				privacy channel.</p>
+										<p><b>Topic:</b> General security and privacy.</p>
-																				<p><b>Topic:</b> General security
-																				and privacy.</p>
-																		</td>
-																		<td class="green" headers="public sys-hardening">
-																				Yes (Temporarily unavailable)
 									</td>
+									<td class="green" headers="public sys-hardening">Yes
+									(Temporarily unavailable)</td>
 									<td class="desc" headers="moderator sys-hardening">
 										<ul>
 											<li><a href="xmpp://homejacob@inferencium.net">homejacob@inferencium.net</a></li>
@@ -158,14 +145,11 @@
 								<tr>
 									<th id="sys-hardening-ot"><a href="xmpp://sys-hardening-ot@muc.xmpp.inferencium.net?join">Systems Hardening - Off-topic</a></th>
 									<td class="desc" headers="description sys-hardening-ot">
-																				<p>Systems Hardening off-topic
+										<p>Systems Hardening off-topic channel.</p>
-																				channel.</p>
+										<p><b>Topic:</b> Any, excluding NSFW, security, and privacy.</p>
-																				<p><b>Topic:</b> Any, excluding NSFW,
-																				security, and privacy.</p>
-																		</td>
-																		<td class="green" headers="public sys-hardening-ot">
-																				Yes (Temporarily unavailable)
 									</td>
+									<td class="green" headers="public sys-hardening-ot">Yes
+									(Temporarily unavailable)</td>
 									<td class="desc" headers="moderator sys-hardening-ot">
 										<ul>
 											<li><a href="xmpp://homejacob@inferencium.net">homejacob@inferencium.net</a></li>

documentation.xhtml

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - Documentation -->
-<!-- Version: 5.0.0 -->
+<!-- Version: 5.0.1-alpha.1 -->
 
 <!-- Copyright 2023 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->

documentation/hardened_malloc.xhtml

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - Documentation - hardened_malloc -->
-<!-- Version: 5.0.0 -->
+<!-- Version: 5.0.1-alpha.1 -->
 
 <!-- Copyright 2023 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->
@@ -34,14 +34,12 @@
 			<section id="introduction">
 				<p>This documentation contains instructions to use
 				<a href="https://github.com/GrapheneOS/hardened_malloc">hardened_malloc</a>
-										memory allocator as the system's default memory allocator. These instructions
+				memory allocator as the system's default memory allocator. These instructions apply to both musl and
-										apply to both musl and glibc C libraries on Unix-based and Unix-like
+				glibc C libraries on Unix-based and Unix-like systems.</p>
-										systems.</p>
+				<p>hardened_malloc can also be used per-application and/or per-user, in which case root permissions are
-										<p>hardened_malloc can also be used per-application and/or per-user, in which
+				not required; this documentation focuses on system-wide usage of hardened_malloc, assumes root
-										case root permissions are not required; this documentation focuses on
+				privileges, and assumes the compiled library will be located in a path readable and executable by all
-										system-wide usage of hardened_malloc, assumes root privileges, and assumes the
+				users of the system.</p>
-										compiled library will be located in a path readable and executable by all users
-										of the system.</p>
 				<p>For the complete hardened_malloc documentation, visit its
 				<a href="https://github.com/GrapheneOS/hardened_malloc#hardened_malloc">official documentation</a>.</p>
 				<p>This documentation is also available in portable AsciiDoc format in my
@@ -60,9 +58,8 @@
 			</nav>
 			<section id="memory_pages">
 				<h2><a href="#memory_pages">Increase Permitted Amount of Memory Pages</a></h2>
-										<p>Add <code>vm.max_map_count = 1048576</code> to
+					<p>Add <code>vm.max_map_count = 1048576</code> to <code>/etc/sysctl.conf</code> to accommodate
-										<code>/etc/sysctl.conf</code> to accommodate hardened_malloc's large amount of
+					hardened_malloc's large amount of guard pages.</p>
-										guard pages.</p>
 			</section>
 			<section id="clone_source_code">
 				<h2><a href="#clone_source_code">Clone hardened_malloc Source Code</a></h2>
@@ -75,13 +72,12 @@
 			<section id="compile">
 				<h2><a href="#compile">Compile hardened_malloc</a></h2>
 					<p><code>$ make <var>&lt;arguments&gt;</var></code></p>
-										<p><code>CONFIG_N_ARENA=<var>n</var></code> can be adjusted to increase parallel
+					<p><code>CONFIG_N_ARENA=<var>n</var></code> can be adjusted to increase parallel performance at the
-										performance at the expense of memory usage, or decrease memory usage at the
+					expense of memory usage, or decrease memory usage at the expense of parallel performance, where
-										expense of parallel performance, where <code><var>n</var></code> is a
+					<code><var>n</var></code> is a non-negative integer. Higher values prefer parallel performance,
-										non-negative integer. Higher values prefer parallel performance, whereas lower
+					whereas lower values prefer lower memory usage. Note that having too many arenas may cause memory
-										values prefer lower memory usage. Note that having too many arenas may cause
+					fragmentation and decrease system performance. The number of arenas has no impact on the security
-										memory fragmentation and decrease system performance. The number of arenas has
+					properties of hardened_malloc.</p>
-										no impact on the security properties of hardened_malloc.</p>
 						<table align="center">
 							<thead>
 								<tr>
@@ -98,19 +94,17 @@
 								</tr>
 							</tbody>
 						</table>
-										<p>For extra security, <code>CONFIG_SEAL_METADATA=true</code> can be used in
+					<p>For extra security, <code>CONFIG_SEAL_METADATA=true</code> can be used in order to control
-										order to control whether
+					whether
 					<a href="https://www.kernel.org/doc/html/v6.7/core-api/protection-keys.html">Memory Protection Keys</a>
-										are used to disable access to all writable allocator state outside of the memory
+					are used to disable access to all writable allocator state outside of the memory allocator code.
-										allocator code. It's currently disabled by default due to a significant
+					It's currently disabled by default due to a significant performance cost for this use case on
-										performance cost for this use case on current-generation hardware. Whether or
+					current-generation hardware. Whether or not this feature is enabled, the metadata is all contained
-										not this feature is enabled, the metadata is all contained within an isolated
+					within an isolated memory region with high-entropy random guard regions around it.</p>
-										memory region with high-entropy random guard regions around it.</p>
+					<p>For low-memory systems, <code>VARIANT=light</code> can be used to compile the light variant of
-										<p>For low-memory systems, <code>VARIANT=light</code> can be used to compile the
+					hardened_malloc, which sacrifices some security for much less memory usage. This option still
-										light variant of hardened_malloc, which sacrifices some security for much less
+					produces a more hardened memory allocator than both the default musl and glibc allocators, despite
-										memory usage. This option still produces a more hardened memory allocator than
+					the security sacrifices over the full variant.</p>
-										both the default musl and glibc allocators, despite the security sacrifices over
-										the full variant.</p>
 					<p>For all compile-time options, see the
 					<a href="https://github.com/GrapheneOS/hardened_malloc#configuration">configuration section</a>
 					of hardened_malloc's extensive official documentation.</p>
@@ -121,11 +115,9 @@
 			</section>
 			<section id="preload_on_boot">
 				<h2><a href="#preload_on_boot">Set System to Preload hardened_malloc on Boot</a></h2>
-										<p><b>musl-based systems:</b> Add
+					<p><b>musl-based systems:</b> Add <code>LD_PRELOAD=<var>&lt;hardened_malloc path&gt;</var></code> to
-										<code>LD_PRELOAD=<var>&lt;hardened_malloc path&gt;</var></code> to
 					<code>/etc/environment</code></p>
-										<p><b>glibc-based systems:</b> Add
+					<p><b>glibc-based systems:</b> Add <code><var>&lt;hardened_malloc path&gt;</var></code> to
-										<code><var>&lt;hardened_malloc path&gt;</var></code> to
 					<code>/etc/ld.so.preload</code></p>
 			</section>
 		<div class="sitemap-small"><a href="../sitemap.xhtml">Sitemap</a></div>

documentation/openssl_selfsigned_certificate_chain.xhtml

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - Documentation - OpenSSL Self-signed Certificate Chain -->
-<!-- Version: 5.0.0 -->
+<!-- Version: 5.0.1-alpha.1 -->
 
 <!-- Copyright 2023 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->
@@ -32,13 +32,12 @@
 		</nav>
 		<h1 id="openssl_selfsigned_certificate_chain"><a href="#openssl_selfsigned_certificate_chain">Documentation - OpenSSL Self-signed Certificate Chain</a></h1>
 			<section id="introduction">
-								<p>This documentation contains the complete set of commands to create a new OpenSSL
+				<p>This documentation contains the complete set of commands to create a new OpenSSL self-signed
-								self-signed certificate chain with V3 subjectAltName (SAN) extensions enabled. Multiple
+				certificate chain with V3 subjectAltName (SAN) extensions enabled. Multiple SANs can be included in a
-								SANs can be included in a certificate by adding each domain as a comma-delimited string.
+				certificate by adding each domain as a comma-delimited string. Each key can be encrypted or unencrypted,
-								Each key can be encrypted or unencrypted, with multiple encryption options; AES
+				with multiple encryption options; AES (<code>aes128</code> or <code>aes256</code>) is recommended.
-								(<code>aes128</code> or <code>aes256</code>) is recommended. Optional verification can
+				Optional verification can also be performed between multiple levels of certificates to ensure the chain
-								also be performed between multiple levels of certificates to ensure the chain of trust
+				of trust is valid.</p>
-								is valid.</p>
 				<p>This documentation is also available in portable AsciiDoc format in my
 				<a href="https://src.inferencium.net/Inferencium/doc/src/branch/stable/security/openssl_selfsigned_certificate_chain.adoc">documentation source code repository</a>.</p>
 			</section>
@@ -66,7 +65,8 @@
 			</nav>
 			<section id="create_certificate_authority_key">
 				<h2><a href="#create_certificate_authority_key">Create Certificate Authority Key</a></h2>
-										<p><code>openssl genrsa <var>&lt;encryption type&gt;</var> -out <var>&lt;CA key name&gt;</var>.pem <var>&lt;key size&gt;</var></code></p>
+					<p><code>openssl genrsa <var>&lt;encryption type&gt;</var> -out <var>&lt;CA key name&gt;</var>.pem
+					<var>&lt;key size&gt;</var></code></p>
 			</section>
 			<section id="verify_certificate_authority_key">
 				<h2><a href="#verify_certificate_authority_key">Verify Certificate Authority Key</a></h2>
@@ -74,11 +74,13 @@
 			</section>
 			<section id="create_certificate_authority_certificate">
 				<h2><a href="#create_certificate_authority_certificate">Create Certificate Authority Certificate</a></h2>
-										<p><code>openssl req -new -x509 -days <var>&lt;days of validity&gt;</var> -extensions v3_ca -key <var>&lt;CA key name&gt;</var>.pem -out <var>&lt;CA certificate name&gt;</var>.pem</code></p>
+					<p><code>openssl req -new -x509 -days <var>&lt;days of validity&gt;</var> -extensions v3_ca -key
+					<var>&lt;CA key name&gt;</var>.pem -out <var>&lt;CA certificate name&gt;</var>.pem</code></p>
 			</section>
 			<section id="convert_certificate_to_pem_format">
 				<h2><a href="#convert_certificate_to_pem_format">Convert Certificate to PEM Format</a></h2>
-										<p><code>openssl x509 -in <var>&lt;CA certificate name&gt;</var>.pem -out <var>&lt;CA certificate name&gt;</var>.pem -outform PEM</code></p>
+					<p><code>openssl x509 -in <var>&lt;CA certificate name&gt;</var>.pem -out
+					<var>&lt;CA certificate name&gt;</var>.pem -outform PEM</code></p>
 			</section>
 			<section id="verify_certificate_authority_certificate">
 				<h2><a href="#verify_certificate_authority_certificate">Verify Certificate Authority Certificate</a></h2>
@@ -86,7 +88,8 @@
 			</section>
 			<section id="create_intermediate_certificate_authority_key">
 				<h2><a href="#create_intermediate_certificate_authority_key">Create Intermediate Certificate Authority Key</a></h2>
-										<p><code>openssl genrsa <var>&lt;encryption type&gt;</var> -out <var>&lt;intermediate CA key name&gt;</var>.pem <var>&lt;key size&gt;</var></code></p>
+					<p><code>openssl genrsa <var>&lt;encryption type&gt;</var> -out
+					<var>&lt;intermediate CA key name&gt;</var>.pem <var>&lt;key size&gt;</var></code></p>
 			</section>
 			<section id="verify_intermediate_certificate_authority_key">
 				<h2><a href="#verify_intermediate_certificate_authority_key">Verify Intermediate Certificate Authority Key</a></h2>
@@ -94,23 +97,30 @@
 			</section>
 			<section id="create_intermediate_certificate_authority_signing_request">
 				<h2><a href="#create_intermediate_certificate_authority_signing_request">Create Intermediate Certificate Authority Signing Request</a></h2>
-										<p><code>openssl req -new -sha256 -key <var>&lt;intermediate CA key name&gt;</var>.pem -out <var>&lt;intermediate CA certificate signing request name&gt;</var>.pem</code></p>
+					<p><code>openssl req -new -sha256 -key <var>&lt;intermediate CA key name&gt;</var>.pem -out
+					<var>&lt;intermediate CA certificate signing request name&gt;</var>.pem</code></p>
 			</section>
 			<section id="create_intermediate_certificate_authority_certificate">
 				<h2><a href="#create_intermediate_certificate_authority_certificate">Create Intermediate Certificate Authority Certificate</a></h2>
-										<p><code>openssl ca -config <var>&lt;intermediate CA configuration file&gt;</var> -extensions v3_intermediate_ca -days <var>&lt;days of validity&gt;</var> -notext -md sha256 -in <var>&lt;intermediate CA signing request name&gt;</var>.pem -out <var>&lt;intermediate CA certificate name&gt;</var>.pem</code></p>
+					<p><code>openssl ca -config <var>&lt;intermediate CA configuration file&gt;</var> -extensions
+					v3_intermediate_ca -days <var>&lt;days of validity&gt;</var> -notext -md sha256 -in
+					<var>&lt;intermediate CA signing request name&gt;</var>.pem -out
+					<var>&lt;intermediate CA certificate name&gt;</var>.pem</code></p>
 			</section>
 			<section id="verify_intermediate_certificate_authority_certificate">
 				<h2><a href="#verify_intermediate_certificate_authority_certificate">Verify Intermediate Certificate Authority Certificate</a></h2>
-										<p><code>openssl x509 -noout -text -in <var>&lt;intermediate CA certificate name&gt;</var>.pem</code></p>
+					<p><code>openssl x509 -noout -text -in
+					<var>&lt;intermediate CA certificate name&gt;</var>.pem</code></p>
 			</section>
 			<section id="verify_chain_of_trust-ca_to_intermediate">
 				<h2><a href="#verify_chain_of_trust-ca_to_intermediate">Verify Chain of Trust (CA to Intermediate)</a></h2>
-										<p><code>openssl verify -CAfile <var>&lt;CA certificate name&gt;</var>.pem <var>&lt;intermediate CA certificate name&gt;</var>.pem</code></p>
+					<p><code>openssl verify -CAfile <var>&lt;CA certificate name&gt;</var>.pem
+					<var>&lt;intermediate CA certificate name&gt;</var>.pem</code></p>
 			</section>
 			<section id="create_server_key">
 				<h2><a href="#create_server_key">Create Server Key</a></h2>
-										<p><code>openssl genrsa <var>&lt;encryption type&gt;</var> -out <var>&lt;server key name&gt;</var>.pem <var>&lt;key size&gt;</var></code></p>
+					<p><code>openssl genrsa <var>&lt;encryption type&gt;</var> -out
+					<var>&lt;server key name&gt;</var>.pem <var>&lt;key size&gt;</var></code></p>
 			</section>
 			<section id="verify_server_key">
 				<h2><a href="#verify_server_key">Verify Server Key</a></h2>
@@ -118,11 +128,19 @@
 			</section>
 			<section id="create_server_certificate_signing_request">
 				<h2><a href="#create_server_certificate_signing_request">Create Server Certificate Signing Request</a></h2>
-										<p><code>openssl req -new -sha256 -subj "/C=<var>&lt;country&gt;</var>/ST=<var>&lt;state/province&gt;</var>/L=<var>&lt;locality&gt;</var>/O=<var>&lt;organization&gt;</var>/CN=<var>&lt;common name&gt;</var>" -addext "subjectAltName = DNS.1:<var>&lt;alternative DNS entry&gt;</var>" -key <var>&lt;server key name&gt;</var>.pem -out <var>&lt;server certificate signing request name&gt;</var>.pem</code></p>
+					<p><code>openssl req -new -sha256 -subj "/C=<var>&lt;country&gt;</var>/ST=<var>&lt;state/province&gt;</var>/L=<var>&lt;locality&gt;</var>/O=<var>&lt;organization&gt;</var>/CN=<var>&lt;common name&gt;</var>"
+					-addext "subjectAltName = DNS.1:<var>&lt;alternative DNS entry&gt;</var>" -key
+					<var>&lt;server key name&gt;</var>.pem -out
+					<var>&lt;server certificate signing request name&gt;</var>.pem</code></p>
 			</section>
 			<section id="create_server_certificate">
 				<h2><a href="#create_server_certificate">Create Server Certificate</a></h2>
-										<p><code>openssl x509 -sha256 -req  -days <var>&lt;days of validity&gt;</var> -in <var>&lt;server certificate signing request name&gt;</var>.pem -CA <var>&lt;intermediate CA certificate name&gt;</var>.pem -CAkey <var>&lt;intermediate CA key name&gt;</var>.pem -extensions SAN -extfile &lt;(cat /etc/ssl/openssl.cnf &lt;(printf "\n[SAN]\nsubjectAltName=DNS.1:")) -out <var>&lt;server certificate name&gt;</var>.pem</code></p>
+					<p><code>openssl x509 -sha256 -req  -days <var>&lt;days of validity&gt;</var> -in
+					<var>&lt;server certificate signing request name&gt;</var>.pem -CA
+					<var>&lt;intermediate CA certificate name&gt;</var>.pem -CAkey
+					<var>&lt;intermediate CA key name&gt;</var>.pem -extensions SAN -extfile &lt;(cat
+					/etc/ssl/openssl.cnf &lt;(printf "\n[SAN]\nsubjectAltName=DNS.1:")) -out
+					<var>&lt;server certificate name&gt;</var>.pem</code></p>
 			</section>
 			<section id="verify_server_certificate">
 				<h2><a href="#verify_server_certificate">Verify Server Certificate</a></h2>
@@ -130,7 +148,8 @@
 			</section>
 			<section id="verify_chain_of_trust-intermediate_to_server">
 				<h2><a href="#verify_chain_of_trust-intermediate_to_server">Verify Chain of Trust (Intermediate to Server)</a></h2>
-										<p><code>openssl verify -CAfile <var>&lt;intermediate CA certificate name&gt;</var>.pem <var>&lt;server certificate&gt;</var>.pem</code></p>
+					<p><code>openssl verify -CAfile <var>&lt;intermediate CA certificate name&gt;</var>.pem
+					<var>&lt;server certificate&gt;</var>.pem</code></p>
 			</section>
 		<div class="sitemap-small"><a href="../sitemap.xhtml">Sitemap</a></div>
 	</body>

index.xhtml

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - Index -->
-<!-- Version: 7.0.0 -->
+<!-- Version: 7.0.1-alpha.1 -->
 
 <!-- Copyright 2022 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->

key.xhtml

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - Key -->
-<!-- Version: 9.0.0 -->
+<!-- Version: 9.0.1-alpha.1 -->
 
 <!-- Copyright 2022 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->
@@ -76,8 +76,8 @@
 						and
 						<a href="https://codeberg.org/inference/key">Codeberg</a>
 						in order to check for discrepancies between the keys</li>
-												<li>Verification does not verify a person, only their devices, and can
+						<li>Verification does not verify a person, only their devices, and can be defeated via coercion
-												be defeated via coercion or other force</li>
+						or other force</li>
 					</ul>
 			</section>
 			<section id="e2ee">
@@ -91,15 +91,11 @@
 							<h4 id="xmpp-inferencium"><a href="#xmpp-inferencium">inference@inferencium.net (Main)</a></h4>
 								<h5 id="xmpp-inferencium-current"><a href="#xmpp-inferencium-current">Current</a></h5>
 									<h6 id="xmpp-inferencium-current-1"><a href="#xmpp-inferencium-current-1">#1</a></h6>
-																				<code>
+										<code>67ee49da 37bcc392 691d9151 851e4240 6b5e80c2 e7d060b5 78dfdb41 443f9c52</code>
-																						67ee49da 37bcc392 691d9151 851e4240 6b5e80c2 e7d060b5 78dfdb41 443f9c52
-																				</code>
 										<p><a href="xmpp:inference@inferencium.net?omemo-sid-1641576775=67ee49da37bcc392691d9151851e42406b5e80c2e7d060b578dfdb41443f9c52">xmpp:inference@inferencium.net?omemo-sid-1641576775=67ee49da37bcc392691d9151851e42406b5e80c2e7d060b578dfdb41443f9c52</a></p>
 								<h5 id="xmpp-inferencium-legacy"><a href="#xmpp-inferencium-legacy">Legacy</a></h5>
 									<h6 id="xmpp-inferencium-legacy-0"><a href="#xmpp-inferencium-legacy-0">#0</a></h6>
-																				<code>
+										<code>1bd03c6a 5e011655 2fafd697 da4fce70 63de5a83 a264a34a fcce78fe 6b06820c</code>
-																						1bd03c6a 5e011655 2fafd697 da4fce70 63de5a83 a264a34a fcce78fe 6b06820c
-																				</code>
 										<p><a href="xmpp:inference@inferencium.net?omemo-sid-1586888206=1bd03c6a5e0116552fafd697da4fce7063de5a83a264a34afcce78fe6b06820c">xmpp:inference@inferencium.net?omemo-sid-1586888206=1bd03c6a5e0116552fafd697da4fce7063de5a83a264a34afcce78fe6b06820c</a></p>
 					</section>
 			</section>
@@ -108,28 +104,20 @@
 					<section id="ssh">
 						<h3><a href="#ssh">SSH</a></h3>
 							<p class="update_date">Updated: 2023-07-27 (UTC+00:00)</p>
-														<p>Each SSH key is signed by the previous key, allowing verification of
+							<p>Each SSH key is signed by the previous key, allowing verification of the chain of keys,
-														the chain of keys, and root of trust.</p>
+							and root of trust.</p>
 							<h4 id="ssh-current"><a href="ssh-current">Current</a></h4>
 								<h5 id="ssh-current-1"><a href="#ssh-current-1">#1 (2023-07-27 - present)</a></h5>
 									<h6 id="ssh-current-1-fingerprint"><a href="#ssh-current-1-fingerprint">Fingerprint</a></h6>
-																				<code>
+										<code>SHA256:FtEVfx1CmTKMy40VwZvF4k+3TC+QhCWy+EmPRg50Nnc</code>
-																						SHA256:FtEVfx1CmTKMy40VwZvF4k+3TC+QhCWy+EmPRg50Nnc
-																				</code>
 									<h6 id="ssh-current-1-key"><a href="#ssh-current-1-key">Key</a></h6>
-																				<code>
+										<code>ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILHPGnrIg7dI7GUqA+lTztJSrn+7QyRceajqs4iaU8UG</code>
-																						ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILHPGnrIg7dI7GUqA+lTztJSrn+7QyRceajqs4iaU8UG
-																				</code>
 							<h4 id="ssh-legacy"><a href="#ssh-legacy">Legacy</a></h4>
 								<h5 id="ssh-legacy-0"><a href="#ssh-legacy-0">#0 (2023-01-01 - 2023-07-27)</a></h5>
 									<h6 id="ssh-legacy-0-fingerprint"><a href="#ssh-legacy-0-fingerprint">Fingerprint</a></h6>
-																				<code>
+										<code>SHA256:9Pl0nZ2UJacgm+IeEtLSZ4FOESgP1eKCtRflfPfdX9M</code>
-																						SHA256:9Pl0nZ2UJacgm+IeEtLSZ4FOESgP1eKCtRflfPfdX9M
-																				</code>
 									<h6 id="ssh-legacy-0-key"><a href="#ssh-legacy-0-key">Key</a></h6>
-																				<code>
+										<code>ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINs8UH2hVmNSg0qKig/9ZQt07IuOHsorRfw1doEgMuJ8</code>
-																						ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINs8UH2hVmNSg0qKig/9ZQt07IuOHsorRfw1doEgMuJ8
-																				</code>
 					</section>
 			</section>
 		<div class="sitemap-small"><a href="sitemap.xhtml">Sitemap</a></div>

main.css

@@ -1,10 +1,12 @@
 /* Inferencium - Website - CSS - Main */
-/* Version: 12.0.1 */
+/* Version: 12.0.2-alpha.1 */
 
 /* Copyright 2022 Jake Winters */
 /* SPDX-License-Identifier: BSD-3-Clause */
 
 
+/* Display Size - Large
+Colour Scheme - Dark */
 /* Body */
 body {
 	padding-top: 40px;
@@ -19,7 +21,8 @@ body {
 
 
 /* Headings */
-h1, h1 a, h1 a:visited, h2, h2 a, h2 a:visited, h3, h3 a, h3 a:visited, h4, h4 a, h4 a:visited, h5, h5 a, h5 a:visited, h6, h6 a, h6 a:visited {
+h1, h1 a, h1 a:visited, h2, h2 a, h2 a:visited, h3, h3 a, h3 a:visited, h4, h4 a, h4 a:visited, h5, h5 a, h5 a:visited,
+h6, h6 a, h6 a:visited {
 	text-align: left;
 	line-height: 130%;
 	color: #ffffff;
@@ -205,13 +208,12 @@ nav.navbar div.sitemap a, nav.navbar div.sitemap a:visited {
 	font-size: 14px;
 }
 
-
 div.sitemap-small {
 	display: none;
 }
 
 
-/* Media */
+/* Display Size - Small */
 @media (max-width: 600px) {
 
 	body {
@@ -285,6 +287,7 @@ div.sitemap-small {
 }
 
 
+/* Colour Scheme - Light */
 @media (prefers-color-scheme: light) {
 
 	body {
@@ -292,7 +295,8 @@ div.sitemap-small {
 		color: #000000;
 	}
 
-		h1, h1 a, h1 a:visited, h2, h2 a, h2 a:visited, h3, h3 a, h3 a:visited, h4, h4 a, h4 a:visited, h5, h5 a, h5 a:visited, h6, h6 a, h6 a:visited, code {
+	h1, h1 a, h1 a:visited, h2, h2 a, h2 a:visited, h3, h3 a, h3 a:visited, h4, h4 a, h4 a:visited, h5, h5 a,
+	h5 a:visited, h6, h6 a, h6 a:visited, code {
 		color: #000000;
 	}
 

music.xhtml

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - Music -->
-<!-- Version: 7.0.0 -->
+<!-- Version: 7.0.1-alpha.1 -->
 
 <!-- Copyright 2023 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->
@@ -32,15 +32,12 @@
 		</nav>
 		<h1 id="music"><a href="#music">Music</a></h1>
 			<section id="music_list">
-								<p>This is a curated list of my personally-enjoyed music. The list
+				<p>This is a curated list of my personally-enjoyed music. The list is alphabetically-sorted A-Z, based
-								is alphabetically-sorted A-Z, based on artist name, followed by
+				on artist name, followed by track name, and is formatted as <code><var>ARTIST</var> -
-								track name, and is formatted as
+				<var>TRACK</var></code>. Each item in the list has its own individual link which will take you to an
-								<code><var>ARTIST</var> - <var>TRACK</var></code>. Each item in the
+				official source of the item (or the best alternative when an official source is unavailable). It is your
-								list has its own individual link which will take you to an official
+				responsibility to comply with any local laws when following these links and/or consuming any media found
-								source of the item (or the best alternative when an official source
+				in this list.</p>
-								is unavailable). It is your responsibility to comply with any local
-								laws when following these links and/or consuming any media found in
-								this list.</p>
 					<ul>
 						<li><a href="https://youtube.com/watch?v=_Eq_qQUPvGQ">Altare - Impulse</a></li>
 						<li><a href="https://youtube.com/watch?v=mXWhf35hOXA">Anomy5 - Predator</a></li>

news.xhtml

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - News -->
-<!-- Version: 1.0.0 -->
+<!-- Version: 1.0.1-alpha.1 -->
 
 <!-- Copyright 2024 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->
@@ -47,12 +47,10 @@
 							<p><a href="https://src.inferencium.net/Inferencium">Inferencium source code repositories</a>
 							are now mirrored at
 							<a href="https://codeberg.org/Inferencium">Codeberg</a>.
-														In case of service disruption of the main Inferencium source
+							In case of service disruption of the main Inferencium source code repositories, the mirrors
-														code repositories, the mirrors can be used to access the source
+							can be used to access the source code.</p>
-														code.</p>
+							<p>Due to terms of service restrictions, proprietary code and related repositories, such as
-														<p>Due to terms of service restrictions, proprietary code and
+							firmware, are unable to be mirrored to Codeberg.</p>
-														related repositories, such as firmware, are unable to be
-														mirrored to Codeberg.</p>
 					</article>
 			</section>
 		<div class="sitemap-small"><a href="sitemap.xhtml">Sitemap</a></div>

sitemap.xhtml

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - Sitemap (HTML) -->
-<!-- Version: 1.0.0 -->
+<!-- Version: 1.0.1-alpha.1 -->
 
 <!-- Copyright 2024 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->

sitemap.xml

@@ -1,15 +1,14 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
 <!-- Inferencium - Website - Sitemap (XML) -->
-<!-- Version: 1.0.0 -->
+<!-- Version: 1.0.1-alpha.1 -->
 
 <!-- Copyright 2024 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->
 
 
-<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
+<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-		xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9 http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd">
-		xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9 http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd">
 	<url>
 		<loc>https://inferencium.net/</loc>
 		<priority>0.5</priority>

source.xhtml

@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - Source -->
-<!-- Version: 8.0.0 -->
+<!-- Version: 8.0.1-alpha.1 -->
 
 <!-- Copyright 2022 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->