Welcome to the first post on dipinonline.com. Fittingly, it's about the site itself.

Why Cloudflare Workers

I wanted three things: global edge delivery, zero servers to patch, and full control over the HTTP layer — response headers included. As a security engineer, that last one matters: this site ships a strict Content-Security-Policy, X-Frame-Options: DENY, and the rest of the usual hardening headers, set directly in the Worker.

const SECURITY_HEADERS = {
  "X-Content-Type-Options": "nosniff",
  "X-Frame-Options": "DENY",
  "Referrer-Policy": "strict-origin-when-cross-origin",
  // ...
};

No framework, on purpose

The site is plain HTML, CSS, and vanilla JavaScript. A small Node build script turns markdown files into blog pages at deploy time:

  1. content/posts/*.md are parsed for frontmatter (title, date, tags).
  2. Each post is rendered through a single HTML template.
  3. The build emits a posts.json index, an RSS feed, and a sitemap.

Publishing a post is: write markdown, run npm run deploy. No CMS, no database, nothing to compromise.

The animated bits

The background is a canvas of drifting nodes that link up when they get close — a small nod to network engineering. Page transitions are a light-bar sweep that covers the viewport before navigation and sweeps away on the next load.

Both respect prefers-reduced-motion, and the canvas pauses when the tab is hidden, so it costs nothing in a background tab.

What's next

Articles on firewall migrations, email authentication, and write-ups of personal projects. Subscribe via RSS if that sounds useful.