make: Add the btrfs-rec email

This isn't quite verbatim checking in the email as I did in
btrfs-progs-ng.git, I fussed with it a bit to get my blog engine to do
sane things with it.

1 files changed, 49 insertions, 13 deletions

diff --git a/public/crt-sh-architecture.html b/public/crt-sh-architecture.html
index 3783a50..84d7a0d 100644
--- a/public/crt-sh-architecture.html
+++ b/public/crt-sh-architecture.html
@@ -9,32 +9,68 @@
 <body>
 <header><a href="/">Luke Shumaker</a> » <a href=/blog>blog</a> » crt-sh-architecture</header>
 <article>
-<h1 id="the-interesting-architecture-of-crt.sh">The interesting architecture of crt.sh</h1>
-<p>A while back I wrote myself a little dashboard for monitoring TLS certificates for my domains. Right now it works by talking to <a href="https://crt.sh/" class="uri">https://crt.sh/</a>. Sometimes this works great, but sometimes crt.sh is really slow. Plus, it’s another thing that could be compromised.</p>
+<h1 id="the-interesting-architecture-of-crt.sh">The interesting
+architecture of crt.sh</h1>
+<p>A while back I wrote myself a little dashboard for monitoring TLS
+certificates for my domains. Right now it works by talking to <a
+href="https://crt.sh/" class="uri">https://crt.sh/</a>. Sometimes this
+works great, but sometimes crt.sh is really slow. Plus, it’s another
+thing that could be compromised.</p>
 <p>So, I started looking at how crt.sh works. It’s kinda cool.</p>
 <p>There are only 3 separate processes:</p>
 <ul>
 <li>Cron
 <ul>
-<li><a href="https://github.com/crtsh/ct_monitor"><code>ct_monitor</code></a> is program that uses libcurl to get CT log changes and libpq to put them into the database.</li>
+<li><a
+href="https://github.com/crtsh/ct_monitor"><code>ct_monitor</code></a>
+is program that uses libcurl to get CT log changes and libpq to put them
+into the database.</li>
 </ul></li>
 <li>PostgreSQL
 <ul>
-<li><a href="https://github.com/crtsh/certwatch_db"><code>certwatch_db</code></a> is the core web application, written in PL/pgSQL. It even includes the HTML templating and query parameter handling. Of course, there are a couple of things not entirely done in pgSQL…</li>
-<li><a href="https://github.com/crtsh/libx509pq"><code>libx509pq</code></a> adds a set of <code>x509_*</code> functions callable from pgSQL for parsing X509 certificates.</li>
-<li><a href="https://github.com/crtsh/libcablintpq"><code>libcablintpq</code></a> adds the <code>cablint_embedded(bytea)</code> function to pgSQL.</li>
-<li><a href="https://github.com/crtsh/libx509lintpq"><code>libx509lintpq</code></a> adds the <code>x509lint_embedded(bytea,integer)</code> function to pgSQL.</li>
+<li><a
+href="https://github.com/crtsh/certwatch_db"><code>certwatch_db</code></a>
+is the core web application, written in PL/pgSQL. It even includes the
+HTML templating and query parameter handling. Of course, there are a
+couple of things not entirely done in pgSQL…</li>
+<li><a
+href="https://github.com/crtsh/libx509pq"><code>libx509pq</code></a>
+adds a set of <code>x509_*</code> functions callable from pgSQL for
+parsing X509 certificates.</li>
+<li><a
+href="https://github.com/crtsh/libcablintpq"><code>libcablintpq</code></a>
+adds the <code>cablint_embedded(bytea)</code> function to pgSQL.</li>
+<li><a
+href="https://github.com/crtsh/libx509lintpq"><code>libx509lintpq</code></a>
+adds the <code>x509lint_embedded(bytea,integer)</code> function to
+pgSQL.</li>
 </ul></li>
 <li>Apache HTTPD
 <ul>
-<li><a href="https://github.com/crtsh/mod_certwatch"><code>mod_certwatch</code></a> is a pretty thin wrapper that turns every HTTP request into an SQL statement sent to PostgreSQL, via…</li>
-<li><a href="https://github.com/crtsh/mod_pgconn"><code>mod_pgconn</code></a>, which manages PostgreSQL connections.</li>
+<li><a
+href="https://github.com/crtsh/mod_certwatch"><code>mod_certwatch</code></a>
+is a pretty thin wrapper that turns every HTTP request into an SQL
+statement sent to PostgreSQL, via…</li>
+<li><a
+href="https://github.com/crtsh/mod_pgconn"><code>mod_pgconn</code></a>,
+which manages PostgreSQL connections.</li>
 </ul></li>
 </ul>
-<p>The interface exposes HTML, ATOM, and JSON. All from code written in SQL.</p>
-<p>And then I guess it’s behind an nginx-based load-balancer or somesuch (based on the 504 Gateway Timout messages it’s given me). But that’s not interesting.</p>
-<p>The actual website is <a href="https://groups.google.com/d/msg/mozilla.dev.security.policy/EPv_u9V06n0/gPJY5T7ILlQJ">run from a read-only slave</a> of the master DB that the <code>ct_monitor</code> cron-job updates; which makes several security considerations go away, and makes horizontal scaling easy.</p>
-<p>Anyway, I thought it was neat that so much of it runs inside the database; you don’t see that terribly often. I also thought the little shims to make that possible were neat. I didn’t get deep enough in to it to end up running my own instance or clone, but I thought my notes on it were worth sharing.</p>
+<p>The interface exposes HTML, ATOM, and JSON. All from code written in
+SQL.</p>
+<p>And then I guess it’s behind an nginx-based load-balancer or somesuch
+(based on the 504 Gateway Timout messages it’s given me). But that’s not
+interesting.</p>
+<p>The actual website is <a
+href="https://groups.google.com/d/msg/mozilla.dev.security.policy/EPv_u9V06n0/gPJY5T7ILlQJ">run
+from a read-only slave</a> of the master DB that the
+<code>ct_monitor</code> cron-job updates; which makes several security
+considerations go away, and makes horizontal scaling easy.</p>
+<p>Anyway, I thought it was neat that so much of it runs inside the
+database; you don’t see that terribly often. I also thought the little
+shims to make that possible were neat. I didn’t get deep enough in to it
+to end up running my own instance or clone, but I thought my notes on it
+were worth sharing.</p>
 
 </article>
 <footer>