colophon1

This page details the more technical aspects of how this website is built. But not all details, because what kind of BOFH would I be if I told you all my little secrets. OpSec begins, as the saying goes, at 127.0.0.12.

The presentation layer is discussed in theme, and the structure in /ia.

Raison d’être

motivation := exist → be encountered → be recognised → be selected

Services

A trilogy3 of services are available:

IdP
It acts as an identity provider; this is technology with many acronyms and bad names: OAuth, OIDC, IndieAuth.
www
It acts as a web site, serving up pages of wisdom (like this very thing you are reading now) because it’s effectively a Content and Information Management System on steroids. The hidden in plain site/sight truth is that http is just a transport layer and that what you transport doesn’t necessarily have to be HTML, CSS, GIFs, etc.

Pages (or information units if we want to be precise) are stored in a variety of formats (e.g. html, md, mf2+json, txt) and converted4 as needed.

social
It acts as an ActivityPub node for participation in the fediverse5.
wkd
Web Key Distribution, because dealing with PGP Keys should be easier than it currently is.
one
It is built for One6.

Ways of Seeing

Survival

No LAMP/LEMP here. It is not 2003. And it is such a naïve and narrow-focused perspective. We do not like loosely-typed languages coupled to generic web servers because that is a level of mediocrity and boring that is hard to stomach today. We are not a shallow four-letter façade.

Inquiry

improvise → adapt → overcome

As a Gen X, with BOFH tendencies, sleeves become rolled-up, we say “Fine, I’ll do it myself”, then deliver this “monster”", this “product”, because we consider all the layers of the layer cake and how we use them in a coherent and deliberate manner.

Cake is good. Layer cake even better.

The OSI came up with this seven-layer cake called the OSI model. It was a big thing in the 1980s. Put on your networking glasses, and this is what you get.

layer 7
Application
layer 6
Presentation
layer 5
Session
layer 4
Transport
layer 3
Network
layer 2
Data Link
layer 1
Physical

Like most things that came out of a committee, it is conceptually strong but implementably weak: pure not applied.

And while OSI layer 7 is about the UI/UX, it fails to consider layer 8: the user or consumer; this presumption has led to a lot of problems, particularly when treating meatware like silicon and vice versa.

It also means countless jokes about layer 1 problems being caused by layer 8: user pulled network plug out socket and now complains the blinking lights no longer blink.

Sophistication

We flâneur across more layers of the OSI cake than most people can comfortably comprehend, let alone derivative to more than 1 decimal place. Many people limit their concerns to a few layers, because specialism is de rigueur, we consider the whole system.

The big secret about layer cake is that not only you can slice it anyway you want, but that there is more than one kind of layer cake.

And so, we consider not just the OSI layer cake, but our place within it, and its place within ours. We bake our own cake to our unique recipe. Our glasses allow a more holistic perspective of the milieu we mediate.

1 + 7 = 8

layer 8
The Consumer
Respect the consumer and their agency
Serve not engage
layer 7
UI / UX
Intentional Design: Uses a “content-first” philosophy. Focuses on information hierarchy and accessibility (a11y), ensuring the site is navigable via screen readers and keyboard-only input.
WCAG compliance & Information Architecture
Near-instant “First Contentful Paint” (FCP) times. 100% page speed insight scores.
layer 6
Front-End / Presentation
The user-agent for natural persons, the web browser, consuming html and css. Vanilla CSS & Semantic HTML. No JavaScript frameworks, instead thoughtful content.
The user-agent for machines, provision of data as appropriate and applicable. Structured. Parsable without fuss. Respects boundaries. Observes CIA.
layer 5
API / Integration
Our native API is protocol buffers, the only rational choice for today.
Integration using open protocols, the pragmatic choice, even if it means we have to suffer overly-complicated poorly-performing formats that have not aged well because irrational ones unfortunately stick.
layer 4
The Engine (a unified “Web Server” and “App Logic”)
No httpd (sorry Apache). No Lighttpd7. No Caddy8, etc) fronting an application. A native Go listener and router, in a surprisingly few lines of code. We really like Go9.
For the engine, we didn’t take something like Hugo and embed or pipe it, because that is the lazy path. Instead a custom generator, that eats markdown or whatever we feed into it, and then spits out HTML or whatever if applicable for the consumer: think of a meld between Go’s templating language and some very bespoke templating functions, with an embedded sed to do some very cool stuff (like the expansion of $LastModified), and an embedded ssi using embedded lisp for flow control and other things. We really like to embed things in things because, conceptually, it is a pipeline built to the Matryoshka Principle.
layer 3
Repository
No flabby RDBMS. Instead lean-and-mean sparse data in the file space, and a brutal key-value index when needed.
layer 2
Deployment Architecture
DevOps / Infra
3-in-1. Not the oil. It is literally one binary that is deployed into a server. And that binary is primarily a daemon that provides the services, but is also a CLI to administer the daemon. Neat, eh? Some might even say sublime: atomic deployment; no version mismatch between the admin CLI and the server logic daemon because they are conjoined; no external runtime; no shared libraries to exploit; performant; something a Real Programmer and BOFH would do.
Static Binary Deployment. Automated. Secure.
layer 1
Networking
Active Security: The stack monitors incoming traffic and programmatically interacts with the OS Firewall (iptables/nftables). It drops malicious packets at the kernel level before they even reach the web server
Automated IP Banning & WAF
layer 0
Hosting
All we need is *nix and a TCP stack.
We are agnostic, as long as its *nix10.
Deliberate Hosting: Choosing hardware/jurisdictions, because you can not not ignore geopolitical reality11

And it shall be called

LBKVGO12:

$LastModified: 2026-05-15 17:59:24Z (Fri, 15 May 2026) $

  1. From the greek meaning designer talks bollocks that only other designers care about↩︎

  2. Or ::1 for those who have migrated to ipv6. Nice to meet all 4 of you. ↩︎

  3. And just like that other famous trilogy (the Hitch Hikers Guide to the Galaxy), our use of the word trilogy is more of a target than a ceiling. ↩︎

  4. Using HTTP’s content-negotiation facility. If Tantek or any of his IndieWebOrg acolytes read this, they are probably having an absolute cow now because he and hence they are so against it. Seriously, just get over it. Conneg has been in the HTTP spec since day 1 (ask TimBL), and sure, in the early days people have fluffed the implementation, but if after 20 years you still can’t program conneg then you don’t have the right to call yourself a programmer. ↩︎

  5. What is the fediverse? It sounds so nebulous, and almost futuristic, which is probably the direction that somebody, whoever somebody is, was going for by adopting the space metaphor. The quiet part said out loud is that fediverse is a stupid name and the metaphor doesn’t really work, especially as many people still live, work, and die within a few kms of where they were born and don’t have the capacity to imagine things of such grand scale. Essentially, people are bad at naming things, metaphors don’t translate, and we’re stuck with it until the next better thing comes along. ↩︎

  6. One what I hear you ask. A single word can have multiple related meanings. If you hear “one” and think “1, singular, cardinal number thing”, you will be disappointed. There are, last time we checked, four possible interpretations for what “one” could mean; polysemy is a wonderful thing. ↩︎

  7. We used “Lighty” for a few years and really liked it; we have a soft spot for lean-and-mean C code that gets the job done. ↩︎

  8. We did use this for a time, but got put off by Holt’s hyperbole. And the whole telemetry thing did not end well either. You probably missed it, but it was the usual opt-out vs opt-in debate and we don’t appreciate anybody using the “but you can opt-out” excuse. Its opt-in or GTFO. There was a mild snigger when his telemetry infra bucked under the weight of all the data it received because his system was written like it was done by a student who was still wet behind the ears and had had no idea what they were letting themselves in for (which, of course, is exactly the point). ↩︎

  9. If it wasn’t Go, it may have been Rust, or even Erlang. But we come from C, and Go is like C but grown-up (unlike C++ which only a Quiche Eater would use). Some of Rust’s proponents (especially when mouthing off on Reddit or HN) look down on Go because it uses GC, which means that latency is unpredictable, and apparently you can get STW pauses that will cause civilization to collapse. This sounds like zealotry, not pragmatism: Go has drastically improved its GC so it is hardly noticeable (the order of magnitude is tiny, negligible in most use cases); you can use pools to ensure that any impact is reduced; and unless you are working in some very special safety-critical industries (and your code is regulated and needs to be certified), you can do more with less in Go than you can with Rust. Erlang is something for us to look into when we have time to ponder the deeper meaning of life. ↩︎

  10. And we don’t care which one it is, as long as it has systemd so we can start a daemon, has a bit of storage for some file, and does tcp/ip without too many headaches. ↩︎

  11. If you ignore geopolitics, sure, that is your prerogative because you have agency, and all that, but by ignoring it you become its victim as reality steps in13, unless, of course, you are a politician where the “rule for thee but not for me” seems to apply; duplicity is the norm, unfortunately. ↩︎

  12. If you were expecting a cute and cuddly backronym, sorry to disappoint. Actually, not sorry. Sorry. ↩︎

  13. As the Boromir meme says, one does not simply ignore geopolitical reality. Reality is frequently inaccurate, unfortunately, not in this case. That darn exception that proves the rule. ↩︎