SHIM Security Improvements

The other day I noticed that SHIM was vulnerable to CSRF attacks, so I decided to fix that. To do this I used nosurf. It ended up being pretty simple: just plug in nosurf as middleware for your requests, and then plug the token values in a hidden <input> element somewhere inside your <form>. While implementing this, I also saw that SHIM’s Delete Post page had a security vulnerability: it didn’t follow the HTTP specification.

A Blog... with Comments!

As Jeff Atwood says, a blog without comments is not a blog. That means that today is the day that my blog becomes an actual blog! Comments have always been an issue on this site, since I run it using a static site generator with a pretty UI on top. Thus, my site has been just plain files - and it’s been pretty darn fast. But how can a static website have dynamic comments?

An Update on SHIM & My Other Projects

I’ve started working on my open source stuff again, and it’s exactly as fun as I remembered it! I’m now developing code on Gitlab instead of Github, because of the recent acquisition of the latter. Despite Microsoft’s recent efforts to be more friendly to the libre software community, their actions are still detrimental. Patents, DRM, and vendor lock-in are terrible for the end-user’s freedom. Thus, I am taking a principled stance and moving my personal projects to Gitlab.


SHIM is a web-based front-end for Hugo. It combines the ease-of-use for dyamic site platforms with Hugo’s raw speed. Repo: Description: Hugo-based CMS License: AGPL 3.0 or later Description I started writing SHIM when Ghost became too fat and slow for my website. I loved how easy it was to use, but it was so damn slow! Because of that, I decided to make my own blogging platform with blackjack and strippers too speed as the top priority.