🥳 JavaScript Database (JSDB)¹ version 7.0.0 released
Breaking change JSTable.PERSIST event now uses a parameter object with properties for type, keypath, value, change, and table. This should make listening for events on your databases much nicer to author. e.g., a snippet from Catalyst² I’m working on:
const settingsTable = db.settings['__table__']
const JSTable = settingsTable.constructor
settingsTable.addListener(JSTable.PERSIST, ({ keypath, value }) => {
switch (keypath) {
case 'servers.serverPoolSize':
console.info('New server pool size requested', value)
this.updateServerPool()
break
// etc.
}
})
This new version of JSDB is not in the latest Kitten³ yet as it is a breaking change and I want to make sure I update my sites/apps first if needed. I should have it integrated tomorrow.
To see the simple use case for JSDB in Kitten (the default untyped database that’s easy to get started with and perfect for quick experiments, little sites, etc.), see: https://kitten.small-web.org/tutorials/persistence/
So a little while back, @laura wrote an excellent introductory book on accessibility and inclusive design called Accessibility for Everyone for A Book Apart.
Then, A Book Apart folded and the authors managed to get their rights back.
And yesterday, after Laura put a huge amount of work adapting the book into a beautiful website she built using Kitten*, we republished the book under Small Technology Foundation Press.
If you want to support our work that makes such things possible, please consider becoming a patron of Small Technology Foundation. We’re tiny, independent, and not for profit. We reject all types of equity investment (VC, etc.) and won’t be sponsored by or otherwise allow our legitimacy to be used to whitewash Big Tech.
The built-in database backup and restore feature in Kitten¹ (that actually works and is in the Kitten Settings section of every Kitten app) just saved my ass (again) :)
This will restore your Small Web place from a full backup of your data. That includes your internal database (so your identity, secret, etc.) as well as the app database and uploads (if any).
Label: Data backup file (.kitten.data.tar.gz)
File upload control: [Choose file] button. No file chosen
Restore button
Added information on HTML, CSS, and Markdown Fragments to the Kitten Components and Fragments tutorial, including a little TypeScript type declarations file you can add to your projects so you don’t get type warnings for them when you import them in your projects:
Hah… just noticed something interesting that looks like it’s going to be another advantage to Web Numbers¹… look at these Kitten² screenshots and tell me if you can spot something unexpected.
Hint: it’s what’s missing.
There are no 404 errors for common hack attempts trying to exploit WordPress vulnerabilities, etc. In fact, it’s entirely quiet. Because those folks watch DNS :)
A talk I gave six years ago that I’d highly urge you to watch. Still entirely relevant today, if not more so (sadly).
(What I call the Indienet in the talk is what I now call the Small Web; a peer-to-peer Web owned and controlled by people not corporations or governments.)
Here’s me talking about why I’m building what I’m building from back then (“Ethical Technology or Feudalism?”), back when I was calling the Small Web the Indienet (and we were Ind.ie, before we were Small Technology Foundation):
• Auto Encrypt 5.1.0: Moves automatic IP address detection from top-level await to asynchronous createServer() method to enable servers that import to run offline when they’re running on localhost) and exports IPAddresses class so servers can carry out their own automatic IP address detection (IPv4 and IPv6) if they want full control over exactly which domains and IP addresses are included in provisioned TLS certificates.¹
• @small-tech/https: Re-exports IPAddresses class so servers (like Kitten²) can have full control over exactly which domains and IP addresses are included in provisioned TLS certificates.³
These releases bring short-lived certificates, IP Address (IPv4 and IPv6) support, and ACME Renewal Information (ARI) support to Auto Encrypt and @small-tech/https, implement a consistent asynchronous API across all three packages, and include loads of little fixes and code quality improvements.
This brings us very close to getting Web Numbers¹ support implemented natively in Kitten².
OCSP support is removed from Auto Encrypt and Windows support is dropped from all three packages as Microsoft is complicit in Israel’s genocide of the Palestinian people³ and Small Technology Foundation⁴ stands in solidarity with the Boycott, Divestment, and Sanctions (BDS) movement. Furthermore, Windows is an ad-infested and surveillance-ridden dumpster fire of an operating system and, alongside supporting genocide, you are putting both yourself and others at risk by using it.
So, going forward, Auto Encrypt¹, Kitten², and Catalyst³ will be seamlessly (automatically; with zero config) supporting Web Numbers⁴ (IPv4, IPv6), and, of course, should you want to point one at your server for old time’s sake, legacy domain names too.
I still have some dev to do on this on the Kitten side of things but I’m hugely excited about being able to remove another centralised component – DNS – from the Small Web⁵ (peer-to-peer, personal web) as we inch nearer to making it available this year to everyday people who use technology as an everyday thing.
The release of version 1.1.0 deprecates and removes support for this small module that normalised hostname reporting between Linux/macOS and Windows.
We no longer support Windows as Microsoft is complicit in Israel’s genocide of the Palestinian people¹ and Small Technology Foundation² stands in solidarity with the Boycott, Divestment, and Sanctions (BDS) movement³.
Windows is an ad-infested and surveillance-ridden dumpster fire of an operating system and, alongside supporting genocide, you are putting both yourself and others at risk by using it.
When supporting Linux/macOS, just use the built-in os.hostname() method which works the same way on both platforms.
🥳 @small-tech/auto-encrypt-localhost version 9.0.1 released
Automatically provisions and installs locally-trusted TLS certificates for Node.js https servers (including Polka, Express.js, etc.) Unlike mkcert, 100% written in JavaScript with no external/binary dependencies. As used in Kitten¹
• Windows is no longer supported as Microsoft is complicit in Israel’s genocide of the Palestinian people¹ and Small Technology Foundation² stands in solidarity with the Boycott, Divestment, and Sanctions (BDS) movement³. Windows is an ad-infested and surveillance-ridden dumpster fire of an operating system and, alongside supporting genocide, you are putting both yourself and others at risk by using it.
Auto Encrypt Localhost is similar to the Go utility mkcert but with the following important differences:
It’s written in pure JavaScript for Node.js.
It does not require certutil to be installed.
It uses a different technique to install its certificate authority in the system trust store of macOS.
It uses enterprise policies on all platforms to get Firefox to include its certificate authority from the system trust store.
In addition to its Command-Line Interface, it can be used programmatically to automatically handle local development certificate provisioning while creating your server.
Auto-Encrypt Localhost is licensed under AGPL version 3.0.
We escaped SMS for prettier apps,
but when money moves and doors unlock,
the old signal still rings first.
Apps whisper when they feel like it.
Infrastructure insists.
That’s why banks still text you.
Not nostalgia ; accountability.
Sometimes the least exciting light
is the one that never fails. #LighthouseLore#DigitalTrust#SmallTech#RCS#SMS#CalmTech#EveningWatch
Caught a bug over the holidays so I’m mostly resting, feeling sorry for myself, and taking the time to at least carry out some mindless housekeeping tasks (updating dependencies, etc.) on some of my Node modules.
Released updates to the following packages yesterday:
Just added Web Reachability API (at least that’s what I’m calling it) support to https://ip.small-web.org.
It’s for testing the reachability of your Small Web servers (using a domain or, more importantly, an IPv4/IPv6 address). I’m using it to implement Web Numbers¹ support in Auto Encrypt² and Kitten³.
Protocol:
• At https://ip.small-web.org/reach/an empty HTTP 200 response that includes the following custom header: 'web-reachability-id': ‘<uuid>'
• Hit: https://ip.small-web.org/reach/<endpoint>/<uuid>/
• If you get a 200 response back, your endpoint is reachable. Anything else signals an error.
Thanks to the lovely folks at Let’s Encrypt tagging a new release of Pebble last night¹ (version 2.9.0), there’s now a new version of Node Pebble that uses it :)
• Reduces minimum Bash version requirement for installing Kitten to Bash 3.2+ (was previously Bash 5+). This removes the requirement for people on macOS to upgrade the ancient version of Bash that Apple ships with their desktop operating system. (If you’re on Linux none of this was ever an issue for you.)¹
• Updates runtime to Node 24.12.0, the latest long-term support (LTS) version.
¹ While it’s easy enough to update your version of Bash on macOS using Homebrew, that only works (as we discovered on Friday https://mastodon.ar.al/@aral/115706233541301655) if you’re running one of the latest three versions of macOS and thus excludes people with perfectly functional older computers. (Don’t get me started on why Apple ships an ancient version of Bash as we’ll go down the rabbit hole of open as in “open for business” vs “free as in freedom” and corporate capture and how capitalism will happily be the end of us if we let it. Aren’t you glad you didn’t get me started?) ;)
So I’m teaching a friend who doesn’t have any development knowledge how to get started with Small Web development and I thought it would be a good opportunity to start creating and sharing the course on the Kitten web site, one lesson at a time.
It’s a work in progress that I’ll be adding to along with our lessons but the draft of the first one, on setting up your development environment (which I whipped up in the pub last night, so expect typos) is here:
Please feel free to follow along and file issues if you have thoughts for improvements, etc.
The Setting Up lesson will actually likely end up being the second one with the first being a theoretical one on Small (peer-to-peer) Web development and how it is similar to and differs from Big (centralised) Web development.