I have no way to contact Lena, but she's back. So let's talk?
You could've talked to me, what's up? I have a FUCK ton of work put into the guide, over the past years, and you just swoop down from your high horse? Let's chat. Seriously. Your site's broken, your links don't work at all, the design is meh. Not saying I'm not glad you're back, but this isn't how we do things around here. You can be cool and come talk to me.
Please? Let's squash this beef you have where you saw my work and decided it wasn't good enough? Years of working on a personal project gone, for what? I have so much more to put into this project. The whole organization is basically still under my control, but now I don't have a platform. I control the Open Collective, the anonymousplanet.net domain, I have the knowledge, and you know you need me for this. Why are you cutting me off? Why not just come back and talk? Do people ever just call or text or email anymore? Before shoving a knife in someone's gut...
Lots of source additions here from long-standing notes over the past few
months. Squashed to make it neater than 219 commits.
- bump version to v1.2.4, Jun 2026
- expand Tor section with new "Traffic analysis and the limits of Tor" subsection
guard node persistence, website fingerprinting, and a practical breakdown of
when Tor is and is not sufficient
- expand hardware/firmware threat section with new subsections on firmware
implants, USB attack hardware (O.MG Cable, Rubber Ducky), Evil Maid attacks,
supply chain compromise, and a physical inspection checklist
- rename "Removing Metadata from Files/Documents/Pictures" section to "Metadata
auditing"; add reference table of tools by file type; expand EXIF/XMP coverage,
PDF metadata (font fingerprinting), and DOCX revision history with real-world
source identification cases; restructure subsections
- add introductory paragraph to "Your Metadata" section
- add new appendix B8: operational security failure case studies with common
threads
- add new appendix B9: post-quantum cryptography covering HNDL threat, NIST PQC
standards, Signal's PQXDH, browser hybrid KEM, PGP limitations, VPN guidance,
and Monero note
- add new appendix C1: stylometric analysis and writing style covering features
measured, deployed tools, real cases (J.K. Rowling), effective and ineffective
countermeasures including AI rewriting
- fix Dangerzone GitHub URL (firstlook -> freedomofpress)
- Remove duplicate footnote [^500]; minor wording fixes ("users" -> "people",
passive voice tweaks, cross-reference updates)
- docs/index.md: both MSK and RSK GPG fingerprints in a collapsible tip admonition
instead of bare text
- docs/about/index.md: convert Note admonitions to tip; reformat social media
links into collapsible tip block
- docs/mirrors/index.md: simplify PDF download instructions to point to Releases;
- README.md: add star history chart
- mkdocs.yml: rename site to "The Hitchhiker's Guide"; update site description
with hashtags
- sign.yml: remove commented-out workflow_run trigger and if: condition; add
verify job that runs after sign, downloads artifacts, runs verify_pdf.py, and
writes a full job summary with hashes; update artifact upload description; minor
comment and whitespace cleanup
- release.yml, changelog.yml: replace decorative banner comments with single-line
comments; fix trailing-space style in permissions block
- publish.yml: remove stale comment about nomaterial theme
- verify_pdf.py: full rewrite: replace single-hash-file lookup with flexible
resolver that checks both bare hash files (.sha256, .b2sum) and two-column
sumfiles (sha256sums.txt, b2sums.txt); add BLAKE2b verification alongside
SHA-256; fix signature extension (.asc not .sig); improve CLI (--file,
--export-dir flags; remove --all; default runs all checks); improve VirusTotal
output with direct link; cleaner output formatting with ruled separators
- release.yml now generates release-YYYYMMDD-<sha> tags automatically
- changelog.yml requires explicit version input, no auto-increment from tags
- sign.yml normalises extensions to .asc and .b2sum
- build-sign-release.yml neutered to a no-op with descriptive error
- tag_release.py archived to scripts/archived/
- update_changelog.py: version_from_changelog() is now primary version source
- .gitignore: fix export/ tracking to match actual file extensions
- docs/code/develop.md: fully rewritten to reflect new manual four-step flow
Keep it clean, simple, only include the semver tag:
LATEST=$(git tag --list 'v*' --sort=-version:refname \
| grep -E '^v[0-9]+\.[0-9]+\.[0-9]+
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
commits_since(): when no prior tag exists, scope to commits not yet on
origin/main via merge-base instead of walking the entire history. This
is what caused the v2.0.1 entry to contain every commit back to project
inception.
categorise(): replace the minimal skip pattern with a compiled NOISE
regex that also drops:
- numbered series commits (3/8, 7/8, etc.)
- vague WIP messages (Tweaking, Moving some, Still broken, pt2...)
- one-word infrastructure fixes (Fix workflow, Fix path, Fix README)
- oops commits (Forgot to, Revert "...")
- joke messages (One job to rule them all)
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
Previous filesystem edits to _save_images_as_pdf did not persist to
disk. Rewrote the function: quantize each dark-themed RGB image to
palette mode (256 colours, FASTOCTREE) so Pillow uses zlib/deflate
instead of JPEG (no libjpeg needed), save each as a single-page PDF,
then merge with qpdf. qpdf only accepts PDF inputs to --pages.
Also restores the orphaned footnote citations [^536] and [^537] in
docs/guide/index.md at the key disclosure law paragraph (line 8586).
Previous edit also did not persist to disk.
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
Previously the script crashed with a FileNotFoundError traceback when
system tools were absent. Now _check_dependencies() runs before any
work begins and prints install instructions for Linux/WSL, macOS, and
a pointer to develop.md for Windows.
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
Replaces the thin stub describing the old monolithic workflow with a
full developer reference covering:
- Prerequisites (Linux/macOS/Windows tabs)
- Repository layout
- Local build instructions for both PDFs and the MkDocs site
- Pipeline flow diagram (build → sign → release → changelog)
- What to check before pushing
- Every GitHub Secret: what it is, how to generate it, what breaks
without it, and a summary table
- Step-by-step release process using tag_release.py
- Release verification instructions (GPG + hash checks)
- Troubleshooting section for every known CI failure mode
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
Interactive script for maintainers to create GPG-signed annotated tags.
Checks clean tree and branch, auto-increments version from latest tag,
pulls the message from the matching changelog entry, resolves the release
signing key (default: 9FA5436D0EE360985157382517ECA05F768DEDF6),
creates the tag, verifies the signature, then prints the push command.
Usage:
python scripts/tag_release.py # auto version
python scripts/tag_release.py --version v1.2.4
python scripts/tag_release.py --dry-run # preview only
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
convert.py: Pillow's PDF writer requires libjpeg for RGB images, which
is not available in the CI Python environment. Replace all Pillow PDF
saves with _save_images_as_pdf(), which writes pages as lossless PNGs
and assembles them with qpdf — no JPEG dependency needed.
build.yml: install mkdocs-material[imaging] instead of mkdocs-material
to satisfy the cairosvg dependency required by the social plugin.
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
Adds export/thgtoa.pdf.b2 and export/thgtoa-dark.pdf.b2 alongside
the existing .sha256 and .sig entries.
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
Merges the v1.2.2 and v1.2.3 draft entries into a single clean
release. Removes duplicate bullets, internal implementation noise,
and half-finished notes. Switches admonitions to success/warning/bug
types for better visual scanning. Adds a plain-English summary line
per version.
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
update_changelog.py reads git log since the last version tag,
categorises commits by conventional-commit prefix, and prepends a
new ## [vX.Y.Z] entry to docs/changelog/index.md. changelog.yml
runs after build.yml succeeds and commits the result back to main
with [skip ci]. Supports dry_run and manual_version dispatch inputs.
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
build.yml — builds PDFs, uploads artifact, no secrets required
sign.yml — hashes (SHA-256 + BLAKE2b) and GPG-signs, triggered via
workflow_run after build or manually with a build_run_id
release.yml — downloads artifacts, uploads to VirusTotal, publishes
tagged GitHub Release with all 12 assets attached
All three chain automatically on push to main. Each can be re-run or
triggered independently against any historical run.
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
Removes the dead Chromium dark mode path and BeautifulSoup CSS
injection code. Dark PDF is now produced by calling convert.py on the
finished light PDF. --both builds light then dark; --dark alone works
if the light PDF already exists.
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
Replaces the broken --prefers-color-scheme=dark Chromium flag with a
pixel-level converter. Rasterizes pages via pdftoppm, remaps colors to
the hacker theme (#1f1f31 bg, #e0e0e0 text, #5e8bde links), and
reassembles with qpdf. Processes in batches of 50 pages to avoid OOM
on large documents like the 414-page guide.
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
And also move the develop workflow information to docs/code to cleanup
the guide documents, preventing accidental addition to the PDF.
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
nopeitsnothing