Welcome to the first post on dipinonline.com. Fittingly, it's about the site itself.
Why Cloudflare Workers
I wanted three things: global edge delivery, zero servers to patch, and full
control over the HTTP layer — response headers included. As a security
engineer, that last one matters: this site ships a strict Content-Security-Policy,
X-Frame-Options: DENY, and the rest of the usual hardening headers, set
directly in the Worker.
const SECURITY_HEADERS = {
"X-Content-Type-Options": "nosniff",
"X-Frame-Options": "DENY",
"Referrer-Policy": "strict-origin-when-cross-origin",
// ...
};
No framework, on purpose
The site is plain HTML, CSS, and vanilla JavaScript. A small Node build script turns markdown files into blog pages at deploy time:
content/posts/*.mdare parsed for frontmatter (title, date, tags).- Each post is rendered through a single HTML template.
- The build emits a
posts.jsonindex, an RSS feed, and a sitemap.
Publishing a post is: write markdown, run npm run deploy. No CMS, no
database, nothing to compromise.
The animated bits
The background is a canvas of drifting nodes that link up when they get close — a small nod to network engineering. Page transitions are a light-bar sweep that covers the viewport before navigation and sweeps away on the next load.
Both respect prefers-reduced-motion, and the canvas pauses when the tab is
hidden, so it costs nothing in a background tab.
What's next
Articles on firewall migrations, email authentication, and write-ups of personal projects. Subscribe via RSS if that sounds useful.