HC550: 02023 年时，我只需 800 块，那时你对我爱答不理，今天我让你高攀不起。

如今的存储市场，连二手 HC550 都得两千 CNY 起步，机械硬盘再也不是我等穷鬼能用得起的存储设备了。让我们把目光转向 LTO 磁带吧！

我于 02025-08-30 以 2299 CNY 的价格购入了台 HP MSL4048 的带库（含一个 LTO6 的 SAS driver）。

磁带库和磁带机相比服务器要金贵，最重要的就是做好无尘，磁带库手册上明确说需要基本的 ISO 8 级无尘（大部分无尘机房的环境）。有幸见识过在普通室内环境 7×24 工作多年的库、机、平均全量读写400次的带子，袋子里面都进了肉眼可见的一层灰，它们最终都提前退休报废了。

正经的无尘机房当然是封闭室内空间+FFU。但是我们没钱，又想给我们的设备（即使是二手的设备）无尘的环境，可是咱们没钱，咋办呢？

淘宝花 200 CNY 买个二手小米空气净化器2，倒着放，让它把干净空气从上至下灌进机柜里，机柜中成正压。空气净化器的长宽正好是 24×24，刚好匹配我机柜的 27×27 的上通风口。多出来的几厘米边边角角用静电棉给堵上就成。以后只需要每 5 个月换 20~30 CNY 的滤芯。

这个磁带机运行起来比服务器还吵，主要是驱动器的外置暴力风扇，上电就疯狂吹。翻了下库的带外管理，发现可以单独开关机驱动器电源，单独关机后就不算吵了。

然后，这个库的带外管理模块需要库本身开机才能工作。😅我没找到来电开机的设置，所以不能简单用智能插座解决远程开机问题。于是我淘宝了个支持米家的蓝牙断路器，烙在库的开机键上。

原本打算在开关旁边打孔，从开关电位引出线来，接我的蓝牙断路器。结果打出下面两个孔，被屏幕挡着，用不了。再打出上面两个孔，被开关的传动机构挡着，还是用不了。只好把开关拆了。

怎么知道这样的逆天 DIY 方案到底能不能行呢？

ISO 规定的洁净等级是按照每立方各直径的颗粒数量来区分的。而我们从一般的空气质量传感器和气象站看到的 PM2.5 和 PM10 用的单位是 ug/m3。

PM10，颗粒直径按平均 5um 算。
单位体积 V = 4/3 * π * (5/2)^3 = 65.45 um3

颗粒数量 PCS = X / (V * D)

X = 气象站出的数据 (ug/m3)
V = 65.45 μm3
D = 1.7 g/cm3 = 1.7*10^9 μg/m3 （用 https://pubs.acs.org/doi/abs/10.1021/es204073t 推算）

V = 65.45 * 1e-18 # m3
D = 1.7e9 # ug/m3
def pcs(x): # x in ug/m3
return x / (V * D)

ISO 8 级洁净要求

>= 0.5um 3520,000
>= 1um 832,000
>= 5um 29,300

就按 5um 来算，29300 pcs/ m3

pcs_limit = 29300 # pcs/m3
def quota(x): # x in ug/m3
return pcs(x) / pcs_limit

>>> quota(1)
306.7423972746551
>>> quota(22)
6748.332740042413

这样粗略算下来，我家附近的环境空气洁净度超标 6.7k 倍。就算 PM10 是 1ug/m3，也超标了 300 倍。而多数成品空气质量检测器（包块空气净化器自带的）的输出分辨率也才 1ug/m3，所以它们都不能用来测机柜内到底是不是 ISO 8 洁净。

网上卖的正经尘埃颗粒计数器成品卖几百几千，但是家用空气净化器同款的检测模块只要52包邮，TTL 读数据就行。

模块能输出 0.3~10um 等各个直径的颗粒物的单位空间的质量和数量。

这种模块被多款空气净化器使用，厂商故意在低端机上面只读取PM2.5的质量数据，而在“高端机”上则再多读取PM10质量数据，美其名曰：“具有PM10粉尘传感器”。

另外，磁带库运行的允许湿度范围是 20-80，建议范围是 20-50。这个要求简单，放个小米蓝牙温湿度计，然后要用磁带库的时候如果超范围提前开空调除湿或者制冷就行。

半年过去了，本文发布时（02026-04-07）机柜内仍一尘不染。大成功！

接下来原本想谈谈怎么在 Linux 上用命令管理磁带库、驱动器、磁带的，但是网上这样的教程已经很多了，就不多赘述了：

• https://blog.benjojo.co.uk/post/lto-tape-backups-for-linux-nerds
• https://blogs.intellique.com/cgi-bin/tech/2022/01/27
• https://recursiveg.me/2021/09/lto-tape-drive-intro/
• https://web.archive.org/web/20241010112726/https://blog.jimmyho.net/archives/1242/

一些提示：

• LTO 磁带条码生成器我发现 https://kelvin.nu/barcode/ 最好用
• sg_logs /dev/nst0 -a 看所有元数据信息
• sg_logs /dev/nst0 -p 0x17 看磁带 RFID Tag 上的参数。一些参数可以用 sg_write_attr 写，参见 https://www.frederickding.com/posts/2024/06/much-easier-way-to-encode-lto-barcode-into-the-tape-cartridge-memory-1613780/
• mt 有两个版本，mt-gnu 与 mt-st，发行版一般默认 gnu 版，但 gnu 版缺很多常用命令，不想受罪就装 mt-st

以及我们并不使用 tar 来在磁带上存档数据，我们用 LTFS。LTFS 开发者的两篇博文值得一看：https://web.archive.org/web/20230211161809/https://www.smallersystems.com/blog/2011/06/how-does-ltfs-work/ 、https://web.archive.org/web/20230213170705/https://www.smallersystems.com/blog/2011/07/ltfs-consistency-and-index-snapshots/ 。

致谢

感谢 @yangyunfei
感谢 @madaoya

Summer is quietly coming to an end. As Google Summer of Code (GSoC) 2025 wraps up, it’s time to hand in my summer homework — this GSoC final report.

My GSoC project: Zeno v2 Enhancement Proposal: Headless Mode, CSS Parser, and More – Google Summer of Code

A quick intro to Zeno: Zeno is the Internet Archive’s self-described state-of-the-art WARC web archiver, and as far as I know, the only Golang WARC archiver to date.

Starting with the least meaningful metric: from June 2 (GSoC Coding officially begins) to August 31 (near the end), roughly 90 days, I opened 25 PRs to Zeno: 23 merged, 2 open. I also sent PRs to gowarc (Zeno’s WARC read/write/recording library) and gocrawlhq (Zeno’s tracker client), plus a few PRs to external dependencies.

Here are some of the more interesting bits along the way.

CSS, the myth

Regex master

As we all know, CSS can reference external URLs. For example, adding a background image via CSS:

body {
  background: url(http://example.com/background.jpg);
}

Zeno parses inline CSS inside HTML and tries to extract values from URL tokens and string tokens using regex. The two simple regexes looked like this:

urlRegex = regexp.MustCompile(`(?m)url\((.*?)\)`)
backgroundImageRegex = regexp.MustCompile(`(?:\(['"]?)(.*?)(?:['"]?\))`)

The biggest issue was that the second one, backgroundImageRegex, was far too permissive — it matched anything inside parentheses.

This meant Zeno often parsed a lot of nonexistent relative paths from inline CSS. For example, in color: rgb(12, 34, 56), the 12, 34, 56 inside the parentheses got matched, causing Zeno to crawl a bunch of annoying 404 asset URLs.

How do we fix this? Write an even cleverer regex? I’d rather not become a regex grandmaster. Let’s use a real CSS parser.

A proper CSS parser should correctly handle token escaping and other housekeeping.

What in CSS actually makes network requests?

Before picking a CSS parser, I first asked: “For an archival crawler, which CSS constructs can contain useful external resources?”

Looking at CSS Values and Units Module Level 4, the Security Considerations section states:

This specification defines the url() and src() functions (<url>), which allow CSS to make network requests.

However, for security reasons, src() is not implemented by any browser yet, so we can ignore it for now.

Note a special case for @import: the string token after @import should be treated as if it were url(""). For example, these two rules are equivalent:

@import "mystyle.css";
@import url("mystyle.css");

So the only CSS tokens that can initiate network requests (without JS) are url() and the string token following @import.

There are two flavors of url():

• The older unquoted form: url(http://example.com) – a URL token
• The quoted form (single or double quotes): url("http://example.com") – a function token plus a string token

Their parsing/escaping differs. In this report, “URL token” refers to both.

CSS parser

With the spec in mind, I surveyed Go CSS parser libraries. The only one that seemed somewhat viable was https://github.com/tdewolff/parse — widely used, looks decent. But hands-on testing was a wake-up call.

It doesn’t decode token values; it’s more of a lexer/tokenizer. Not quite enough.

For instance, it can only give you the whole token like url( "http://a\"b.c" ) — you get out what you put in — but it can’t decode the value to http://a"b.c.

Other Golang CSS parsers were even less helpful.

So I wrote a small parser dedicated to extracting URL-token values, focusing on escapes, newlines, and whitespace. Then I wired it up with tdewolff/parse.

PR: #324 Replacing the regex-based CSS extractor with a standard CSS parser

I also added a simple state machine to extract URLs from @import.

Note: `@import` is only valid in the stylesheet header; occurrences elsewhere should be ignored. Not critical, but easy enough, so I implemented it.

PR: #339 Extracting URLs from CSS @import rule

Living on a tree

In Zeno, each URL crawl task is called an item. Every item has its own type and state.

type Item struct {
    id         string       // ID is the unique identifier of the item
    url        *url.URL {
            mimetype  *mimetype.MIME
        Hops      int           // This determines the number of hops this item is the result of, a hop is a "jump" from 1 page to another page
        Redirects int
        }
    status     ItemState    // Status is the state of the item in the pipeline
    children   []*Item      // Children is a slice of Item created from this item
    parent     *Item        // Parent is the parent of the item (will be nil if the item is a seed)
}

Briefly, Hops is the page depth, and Redirects is the number of redirects followed.

Items form a tree. A root item with no parent is a seed item (a page/outlink), while all descendants are asset items (resources).

For example, if we archive archive.org, that item is the seed. On the page we discover archive.org/a.jpg as an asset; we add it to item.children. We also find archive.org/about as an outlink, so we create a separate seed item; that new seed’s hops += 1.

We know HTML has inline CSS, but it also references standalone CSS via <link rel="stylesheet" href="a.css">.

Previously, Zeno struggled on pages with separate CSS files (i.e., most pages), not only due to the lack of a proper CSS parser, but also because resources referenced inside CSS are assets of an asset — the seed item (HTML) → asset item (CSS file) → asset (e.g., images). Zeno generally doesn’t extract assets-of-assets.

My change was to integrate the parser above and then open a “backdoor” for CSS that is an asset of HTML: when item.mimetype == CSS && item.parent.mimetype == HTML, allow that asset item to extract its own assets. (We also need a backdoor for HTML → CSS → CSS via @import; see below.)

Was that enough? Not quite.

CSS Nesting

While developing, I found tdewolff/parse doesn’t support CSS Nesting, a “new” feature introduced in 2013.

To handle CSS that uses the nesting sugar as best as possible, I donned the regex robe again and added a smarter regex fallback parser to kick in when tdewolff/parse fails.

cGroup            = `(.*?)`
cssURLRegex       = regexp.MustCompile(`(?i:url\(\s*['"]?)` + cGroup + `(?:['"]?\s*\))`)
cssAtImportRegex  = regexp.MustCompile(`(?i:@import\s+)` + // start with @import
	`(?i:` +
	`url\(\s*['"]?` + cGroup + `["']?\s*\)` + // url token
	`|` + // OR
	`\s*['"]` + cGroup + `["']` + `)`, // string token
)

Done now? Still not.

Endless @import

From https://www.w3.org/TR/css-cascade-5/#at-ruledef-import:

The @import rule allows users to import style rules from other style sheets. If an @import rule refers to a valid stylesheet, user agents must treat the contents of the stylesheet as if they were written in place of the @import rule

“In place” is interesting. It made me wonder: if a page recursively @imports forever, what do browsers do? The spec doesn’t mention a depth limit. Do real browsers cap @import depth like they cap redirect chains?

I tested it: browsers don’t enforce a recursion limit for @import.

So you can even make a page that never finishes loading, lol.

To prevent a CSS @import DoS on Zeno (unlikely, but let’s be safe), I added a --max-css-jump option to limit recursion depth.

PR: #345 Cascadingly capture css @import urls and extracting urls from separate css item

Also, the CSS spec says: when resolving ref URLs inside a separate CSS file, the base URL should be the CSS file’s URL, not the HTML document’s base. Thanks to Zeno’s item tree design, this came for free — no special handling needed in the PR.

Firefox is wrong

This section isn’t about Zeno — it’s just a quirky inconsistency I noticed while reading the CSS spec. Fun trivia.

First, look at the escape handling for string tokens.

U+005C REVERSE SOLIDUS (\)
    1. If the next input code point is EOF, do nothing.
    2. Otherwise, if the next input code point is a newline, consume it.
    3. Otherwise, (the stream starts with a valid escape) consume an escaped code point and append the returned code point to the <string-token>’s value.

If a backslash in a string token is followed by EOF, do nothing (i.e., ignore the escape and return the token as-is).

But if a backslash is followed by a valid escape, proceed with escape handling.

Checking whether an escape is valid looks at the backslash and the next code point: https://www.w3.org/TR/css-syntax-3/#check-if-two-code-points-are-a-valid-escape

If the first code point is not U+005C REVERSE SOLIDUS (\), return false.
Otherwise, if the second code point is a newline, return false.
Otherwise, return true.

So for string tokens, as long as the next code point is not EOF and not a newline, it’s considered a valid escape.

Escape consumption: https://www.w3.org/TR/css-syntax-3/#consume-an-escaped-code-point

This section describes how to consume an escaped code point. It assumes that the U+005C REVERSE SOLIDUS (\) has already been consumed and that the next input code point has already been verified to be part of a valid escape. It will return a code point.

Consume the next input code point.

1. hex digit
    Consume as many hex digits as possible, but no more than 5. Note that this means 1-6 hex digits have been consumed in total. If the next input code point is whitespace, consume it as well. Interpret the hex digits as a hexadecimal number. If this number is zero, or is for a surrogate, or is greater than the maximum allowed code point, return U+FFFD REPLACEMENT CHARACTER (�). Otherwise, return the code point with that value. 
2. EOF
    This is a parse error. Return U+FFFD REPLACEMENT CHARACTER (�). 
3. anything else
    Return the current input code point.

It consumes up to 6 hex digits. If 1–6 hex digits were consumed and the next code point is whitespace, it swallows that whitespace as part of the escape (see https://www.w3.org/International/questions/qa-escapes#cssescapes).

If no hex digits are consumed, it returns the current code point unchanged. If it encounters EOF, it returns U+FFFD.

Here’s the issue: in the branch with zero hex digits, this algorithm can’t encounter EOF — because the prior “valid escape” check needs a next code point, which excludes EOF.

So which rule wins in the overall tokenization? Do we follow the higher-level “Consume a token” rule (backslash + EOF in a string does nothing), or the escape rule (backslash + EOF returns U+FFFD)?

Turns out people noticed this in 2013: https://github.com/w3c/csswg-drafts/issues/3182

Browsers disagree too.

• Chrome and Safari return �.
• Firefox returns \�.

W3C’s resolution: “\[EOF] turns into U+FFFD except when inside a string, in which case it just gets dropped.”

Even today, browsers aren’t fully aligned here. See WPT: https://wpt.live/css/css-syntax/escaped-eof.html

VS Code

See @overflowcat’s post: A CSS variable, a hidden change in spec, and a VS Code fix

A CSS lexer from Blink

On August 5, @renbaoshuo said he had ported Blink’s CSS lexer to Go, named go-css-lexer.

See @renbaoshuo’s post: https://blog.baoshuo.ren/post/css-lexer/

As you’ve gathered above, usable CSS lexers/parsers for Go are scarce. This was promising — and it is. I made a small performance optimization, replaced tdewolff/parse and the regex fallback with it, and it’s been working great. CSS Nesting and custom CSS variables are fine.

PR: renbaoshuo/go-css-lexer#1 Performance optimization

PR: #415 New CSS parser with go-css-lexer

Headless

Two years ago, in Zeno#55, we tried to implement headless browsing using Rod.

Rod is a high-level driver for the DevTools Protocol. It’s widely used for web automation and scraping. Rod can automate most things in the browser that can be done manually.

But there was concern that the Chrome DevTools Protocol (CDP) might manipulate network data (e.g., tweak HTTP headers, transparently decompress payloads), so #55 was put on hold.

After skimming Rod’s request hijacking code, I saw it operates outside CDP. I confirmed with the Rod maintainer that an external http.Client (our gowarc client) can have full control over Chromium’s network requests.

Hijacking Requests | Respond with ctx.LoadResponse():
   * As documented here: <https://go-rod.github.io/#/network/README?id=hijack-requests>
   * The http.Client passed to ctx.LoadResponse() operates outside of the CDP.
   * This means the http.Client has complete control over the network req/resp, allowing access to the original, unprocessed data.
   * The flow is like this: browser --request-> rod ---> server ---> rod --response-> browser

Using CDP as a MITM beats general HTTP/socket-based mitmproxy approaches in one dimension: you can control requests per tab with finer granularity.

So, let’s build it.

I thought it would take a week. It took over two months, mostly ironing out details.

PR: https://github.com/internetarchive/Zeno/pull/356

Scrolling

Lazy loading has been common since the pre-modern web, and modern sites increasingly load content dynamically.

So once a page “finishes” loading, the first thing is to scroll to trigger additional resource loads. Scrolling well is an art:

• Each scroll step shouldn’t exceed the tab’s viewport height, or you’ll skip elements.
• Scroll too fast and some fixed-rate animations won’t fully display, losing chances to load resources.
• Scroll too slow and you waste time; headless is heavy — keeping tabs alive is costly.
• It should be silky smooth.

Rather than reinventing this, I recalled webrecorder’s archiver auto-scrolls. Indeed, webrecorder/browsertrix-behaviors provides a simple heuristic scroller and many other useful behaviors (auto-play media, auto-click, etc.), all bundled as a single JS payload. Perfect — drop it in.

DOM

Traditional crawlers work with raw HTML per request.

In a browser, everything is the DOM. A tab’s DOM tree results from the server’s HTML response, the browser’s HTML normalization, JS DOM manipulation, and even your extensions.

Open a direct .mp4 URL and the browser actually creates an HTML container to play it, e.g.:

<html>
<head><meta name="viewport" content="width=device-width"></head>
<body><video controls="" autoplay="" name="media"><source src="{URL}" type="video/mp4"></video></body>
</html>

To keep Zeno’s existing outlink post-processing compatible (so we can extract outlinks from headless runs), I export the tab’s DOM as HTML and stash it in item.body, letting our current outlink extractors run with minimal changes.

nf_conntrack bites back

After finishing headless outlink crawling, I noticed that under high concurrency, new connections started failing with mysterious Connection EOFs, spiraling into death-retries. It looked like a race, and I chased it on and off for a couple of weeks. dmesg was clean; fs.file-max was fine.

By chance I discovered my upstream device’s occasional outages aligned with my headless tests…

Thanks to @olver for setting up monitoring.

• gowarc doesn’t implement HTTP/1.1 keep-alive (and no HTTP/2 yet).
• Zeno opens a new connection for each request.
• Conntrack keeps entries around for a while after connections close.
• The egress router only has 512MB RAM; Linux auto-set nf_conntrack_max to 4096.
• Headless Zeno generates a lot of requests.
• When the conntrack table fills up, new connections are dropped; existing ones keep working. My chat apps stayed online, so I didn’t notice.

Raising nf_conntrack_max on the router fixed it.

Future work:

I worry Zeno might also exhaust target servers’ TCP connection pools under high concurrency. The real fix is connection reuse:

• Support HTTP/1.1 keep-alive.
• Support HTTP/2.

HTTP caching

• Chromium’s HTTP caching (RFC 9111) lives in the net stack.
• We bypass Chromium’s net stack via CDP to use our own gowarc HTTP client.

As a result, every tab re-downloads cacheable resources (JS, CSS, images…). Implementing a full HTTP cache in Zeno would be a lot of work just to save bandwidth.

Fortunately, CDP exposes the resource type in request metadata. If we’ve seen an URL before and it’s an image, CSS, font, etc., we can block it. For cacheable static HTML/JS, we have to let them through for the page to load correctly.

isSeen := seencheck(item, seed, hijack.Request.URL().String())
if isSeen {
    resType := hijack.Request.Type()
    switch resType {
    case proto.NetworkResourceTypeImage, proto.NetworkResourceTypeMedia, proto.NetworkResourceTypeFont, proto.NetworkResourceTypeStylesheet:
        logger.Debug("request has been seen before and is a discardable resource. Skipping it", "type", resType)
        hijack.Response.Fail(proto.NetworkErrorReasonBlockedByClient)
        return
    default:
        logger.Debug("request has been seen before, but is not a discardable resource. Continuing with the request", "type", resType)
    }
}

This isn’t “standard” like a real HTTP cache, and headful previews will look incomplete, but it’s simple, effective, and doesn’t hurt replay quality. Based on HTTP Archive’s Page Weight stats, a back-of-the-envelope estimate suggests it saves about 44% of traffic.

Future work:

Compared to other asset types, JavaScript payloads have been trending upward.

We could implement an HTTP cache for headless in Zeno to save JS bandwidth.

Chromium revision

Rod’s default Chromium revision is too old. I switched to fetching the latest snapshot revision from chromiumdash.appspot.com and downloading the matching binary.

Sometimes Google publishes a version number on chromiumdash but doesn’t build a binary for it. So, like Rod, we pinned a default revision in Zeno.

I also found some WAFs block snapshot Chromium builds but ignore distro-packaged release builds. For production, it’s best to use the distro’s Chromium.

Q: Why not use Google Chrome binaries?
A: Zeno is open source, and Google Chrome is not. It’s a mismatch.

Q: Doesn’t Google ship release builds of Chromium?
A: Only automated snapshot builds.

Content-Length and HTTP connections

When Zeno starts a crawl and free disk space drops too low, the diskWatcher signals workers to pause new items, but in-flight downloads continue until they finish.

If, at the moment of the pause, the total size of in-flight downloads exceeds --min-space-required, we’ll still run out of space — kaboom.

So I added --max-content-length. Before downloading, we check the Content-Length header; if it exceeds the cap, we skip. For streaming responses with unknown length, if the downloaded size crosses the cap, we abort.

PR: https://github.com/internetarchive/Zeno/pull/369

While working on this, I found three connection-related bugs in gowarc:

• A critical one: when the HTTP TCP connection closes abnormally (early EOF, I/O timeout, conn closed/reset), gowarc called .Close() instead of .CloseWithError(). The downstream mirrored MITM TCP connection mistook it for a normal EOF. For streaming responses without Content-Length, these early-EOF responses were treated as valid and written into WARC, compromising data integrity for all streaming responses. (For non-streaming responses with Content-Length, Go’s http.ReadResponse() uses io.LimitReader and checks that EOF aligns with Content-Length; if mismatched, it returns an early EOF. In other words, the stdlib masked this in most cases.)
• --http-read-deadline had no effect.
• On errors, temp files were sometimes not deleted.

Since Zeno defaults to Accept-Encoding: gzip, many servers return gzipped HTML/CSS/JS, often as streaming payloads. The impact was broad.

Bugfixes PR: https://github.com/internetarchive/gowarc/pull/115

Future work:

I also planned a --min-space-urgent option to abort all in-flight downloads when disk space is critically low. I got too excited fixing the bugs and forgot. Next time.

E2E tests

Web crawlers face the real internet. Zeno used to have only unit tests, with no integration or E2E tests exercising end-to-end behavior.

I’d heard Kubernetes’ E2E tests are the gold standard in Go land, but staring at https://github.com/kubernetes-sigs/e2e-framework didn’t help — I still didn’t know how to wire E2E for Zeno. How to instrument it? How to assert components behave as expected?

I came up with a log-based E2E approach. I couldn’t think of a more non-intrusive way.

During go test, spin up Zeno’s main in-process, redirect logs to a socket, and let Zeno run the test workload we feed it. The test suite connects to the socket, streams logs, and asserts lines we expect (or don’t expect).

This requires no instrumentation or mocking — logs are the probe.

To get coverage and race detector benefits over the code under test, we don’t exec a separate binary; we invoke the main entry point from a Test* function. Since go test builds all tests in the same package into one binary and runs them in one process, each E2E test must live in a different package.

PR: https://github.com/internetarchive/Zeno/pull/403

Later I realized we were in one process, so we didn’t need sockets for “cross-process” comms; I switched to a simpler io.Pipe.

Future work:

Increase coverage. Since adding E2E tests, Zeno’s coverage slowly climbed from 51% to 56%. While 100% isn’t realistic for a crawler, getting to ~70% would significantly boost confidence when making changes.

Pulling your head out of the UTF‑8 sand

It does not make sense to have a string without knowing what encoding it uses. You can no longer stick your head in the sand and pretend that “plain” text is ASCII.

There Ain’t No Such Thing As Plain Text.

— The Absolute Minimum Every Software Developer Absolutely, Positively Must Know About Unicode and Character Sets (No Excuses!) – Joel on Software

As of 2025‑08‑30, 98.8% of websites use UTF‑8. Zeno previously didn’t treat non‑UTF‑8 HTML specially.

If Zeno were a general-purpose crawler, we could ignore the remaining 1.2%. But as a web archiver, those legacy-encoded sites that survived into the present are valuable and charmingly retro.

Implementation was straightforward: follow WHATWG specs step by step and add tests.

The specs smell like legacy, too:

https://html.spec.whatwg.org/multipage/urls-and-fetching.html#resolving-urls

Let encoding be UTF-8.
If environment is a Document object, then set [encoding] (document charset) to environment's character encoding.

https://url.spec.whatwg.org/#query-state

1. ....
2. Percent-encode after encoding, with [encoding], buffer, and queryPercentEncodeSet, and append the result to url’s query.

https://url.spec.whatwg.org/#path-state

1. If ...special cases...
2. Otherwise, run these steps:
   .... special cases ...
   3. UTF-8 percent-encode c using the path percent-encode set and append the result to buffer.

If the document charset is non‑UTF‑8, then when encoding a URL: the path is UTF‑8 percent-encoded, but the query is percent-encoded using the document’s charset. Quirky? Yep.

PR: https://github.com/internetarchive/Zeno/pull/370

Goada

ada is a C++ URL parser compatible with WHATWG standards. It has Go bindings: goada. Zeno uses it to normalize URLs (Go’s stdlib net/url isn’t WHATWG-compatible). But since goada is C++, building Zeno requires CGO, which complicates cross-compilation.

@otkd tried replacing goada with pure Go nlnwa/whatwg-url (Zeno#374), but I found that on non‑UTF‑8 input it bluntly replaces bytes with U+FFFD before percent-encoding, instead of percent-encoding the raw bytes.

Before normalization we can’t assume input URLs are valid UTF‑8, and for non‑UTF‑8 HTML/URLs we need the parser to percent-encode bytes as-is (as WHATWG requires), so #374 was closed.

fun fact: goada package c bindings were updated to the latest ada package as part of our exploration into using a different URL parser.

Future work:

goada is excellent quality. If only it didn’t require CGO. We could try packaging ada as WASM (e.g., like ncruces/go-sqlite3) using wazero to avoid CGO.

Misc

Lots of small PRs not worth detailing: terminal colors 🌈, sending SIGNALs to Zeno from HQ (tracker) over WebSocket, improving archiving of GitHub Issues and PR pages, etc.

What I didn’t ship (per the original proposal)

• Dummy test site. When I wrote the proposal, I hadn’t figured out a good E2E approach, so I planned a small httpbin-like site to help future E2E tests. After inventing the log-based method, this became unnecessary — the test code can spin up whatever web server it needs.
• Route items between a headless project HQ and a general project HQ conditionally.

Acknowledgments

• Google: for GSoC — it’s a great program.
• Internet Archive: thanks in many senses — Universal Access to All Knowledge!
• Dr. Sawood Alam, Will Howes, Jake LaFountain: my GSoC mentors — for reviewing my PRs and sharing many useful ideas. I learned lots of nifty web tricks.
• Corentin: the author of Zeno — no Zeno without him.
• Members of STWP:
  • @OverflowCat: pointed me to other potential Go CSS parsers and fixed VS Code’s CSS variable highlighting; their blog “A New World’s Door” is full of high-tech CSS and became my testbed for Zeno’s CSS features.
  • @renbaoshuo: the CSS lexer port is great.
  • @NyaMisty: encouraged me a year ago to learn Go — opened a new world.
  • @Ovler: revised my GSoC proposal PDF; helped uncover the conntrack issue.
• rod, goada, browsertrix-behaviors, and other libraries we depend on.
• Ladybird: not yet a usable browser, but the repo is small and easy to clone. Its code serves as a reference implementation for web standards. When the spec text is confusing, reading Ladybird helps — even though I barely know C++.

过去一个月是期末，没时间。现在好久没发周报了，快速过一下最近5周做了啥。主要做的事是 Zeno，没有开其它存档项目。

week 20-21

• https://github.com/internetarchive/Zeno/pull/281 稍微重构 Zeno 处理对象存储的代码，添加解析 Azure Blob 的能力。
• https://github.com/internetarchive/Zeno/pull/295 让 Zeno 终端输出的日志变彩色。

week 23

• https://github.com/internetarchive/Zeno/pull/324 小小地引入标准 css 解析器，替换掉原本简陋的容易产生误报的正则提取方式。 (CSS 1/3)

week 24

无

week 25

• https://github.com/Crossbell-Box/xLog/pull/2230 前几周惊人地发现 xLog 上的一半的新文章是 spam，于是打标然后跑了个简单的 TF-IDF 分类器来识别 spam 账号。这周把识别结果人工检查了一下，把 spam 账号列表发给 xLog。
• https://github.com/internetarchive/Zeno/pull/339 支持提取 CSS 的 @import 链接。(CSS 2/3)
• https://github.com/internetarchive/Zeno/pull/345 完整支持解析 html 嵌入和引用的 css 资源。同时，发现上游的 css parser 不支持 CSS Nesting 和未适配“现代” css 语法。由于没有精力给上游修bug，因此写了个更鲁棒的正则来作为 parser 失败时的 fallback parser 当作 workaround。 (CSS 3/3)
• https://github.com/microsoft/vscode-css/pull/43 在 debug CSS 的过程中发现 VSC 自带的 CSS 高亮也没适配11年前的“新”语法标准。@overflowcat 得知后刷了一个 PR 。
• https://github.com/internetarchive/Zeno/pull/353 改善了对 GitHub Issue 页面的存档效果。
• 向 Zeno 添加 Headless/Headfull 存档功能（进行中）

这几周看 w3c 和 whatwg 都要看吐了，之后会发点关于 CSS、浏览器、URL、HTML、编码 之类的小故事。

STWP 2025 第 11 周周报

无事。

STWP 2025 第 12 周周报

整两个小活：

• 和其它开源组织的 gitea 实例一样，我们的 https://git.saveweb.org 也被傻乎乎的 AI BOT 跟着 history 爬每个 commit 的 diff 和 raw ，虽然对我们没什么影响。受 anubis 启发，现已加上了手搓(素材从 anubis 复制的)的靠 CSS 就能工作的反 AI WAF （无需 JS）。之后会撤销 WAF。
• “丑搜”限时改名“挖抓搜”。

STWP 2025 第 13 周周报

• 竹白存档结束。但竹白服务器暂时还没关。
• 又响应了几个画吧备份请求。
• 忙

预告：第 19 周周报时会提及 11~13 周发生的趣事。

STWP 2025 第 14 周周报

• 尝试了在 linux 上操作磁带机、使用 ltfs @yangyunfei @yzqzss
• 同步了部分 chinaxiv pdf

STWP 2025 第 15 周周报

• 鼓捣 MeiliSync @Ovler

STWP 2025 第 16 周周报

• c2025-4 @Ovler

STWP 2025 第 17-18 周

• 摸鱼

STWP 2025 第 19 周周报

• 用 Go 重写了两年前写的 https://github.com/saveweb/fdroidswh 小玩意，用于跟踪 F-Droid Repo 的应用更新，将源代码仓库推送到 SWH 存档。 https://service-fdroidswh.saveweb.org/
• 响应了 6 个画吧备份导出请求。
• dokuwiki dumper 小重构 WIP: https://github.com/saveweb/dokuwiki-dumper/pull/14
• 把我们的 Gentoo 服务器滚到了最新。
• 由于长期没有任务，停掉了所有的 tracker 。

STWP 2025 第 4 周周报

• NicoNico Shunga 存档进行中……已完成存档缩略图和原图，只剩网页本身了。预计 29 号 shutdown 前存下的作品数量会无限接近 114514 。完成后上传 WARC。ArchiveTeam 同时也在做这个。
• c2025-1: 进度 90%
• 不知道是不是因为离画吧关站即将一周年了 (2024-02-08)，最近 14 天收到了 3 封备份找回请求。
• 响应了博客/文章收录删除请求。

STWP 2025 第 5 周周报

• NicoNico Shunga WARC 已上传，最终数量为 114517 ，可惜，没有撞上吉利数字。WARC 包含缩略图、PC详情页、原图。140GiB+
• c2025-1: 100%
• 一封画吧备份找回请求。

STWP 2025 第 6 周周报

• 摸鱼

STWP 2025 第 7 周周报

• 无事。摸鱼。天稍稍凉矣。

STWP 2025 第 8 周周报

• 摸鱼。

STWP 2025 第 9 周周报

• 存 zhubai @yzqzss
• biliarchiver 加了个 clean 子命令 @Ovler

STWP 2025 第 10 周周报

• day1: 写了个能将就工作的 CrawlHQ 实现
  https://github.com/saveweb/altcrawlhq_server
• day2: 部分梳理了 Zeno v2 的框架设计
• day3: 开始给 Zeno V2 写 local queue
• day4: 写完了，微调，测试，发 PR: https://github.com/internetarchive/Zeno/pull/243
• day5: 之前注意到 Zeno 存「新世界的大门」会解析出一堆不存在的 url assets。
  发现是因为 inline css url() 解析是简单正则提取，只是简单地把所有 html style 属性里的 () 括号里的东西当成 url 提取出来，于是把 css 中的函数 tokens （如 rgb() ）也提取出来了。
  看了 https://www.w3.org/TR/css-values-4/ 和 https://www.w3.org/TR/css-syntax-3/ ，css 里 url()、src() 和 @import 都能用来发网络请求。
  src() 现在还没有被任何浏览器实现，可以直接忽略。( https://cssdb.org/#src-function )
  url() 分 unquoted/quoted 两种，解析方法不同，都有自己的转义规则。
  然后在 github 上搜了下 /url =.*getPropertyValue(/ AND (language:JavaScript OR language:TypeScript OR language:HTML)，发现一堆往 css 里存自定义的 url，然后在 js 里取值的代码。这种迷惑行为广泛存在，所以我觉得那些以 https?://|// 开头的 也有解析价值。
  综上，用简单的正则提取 css 里的外链可能不太合适。
  但目前 golang 这边的 css parser 库们都没做 url/string value 实际内容值的细提取，都是 lexer/tokenizer 粗切片的库，不太能用。
  那么之后的计划就是写个小 parser，把粗的 和 token 解析出实际值。然后和现有的粗 parser 拼一起就行了。
• day6: 一点微调，PR 合进去了。
• day7: 无。

去年我在寻 Golang 写的 WARC archiver，然后发现了 Zeno。把玩一番，发现些问题，然后发 PR 修，慢慢就参与进去了。

两个月前，突然时不时蹦出些非 web archiving 领域相关的 GitHub 账号跑来 Zeno 这个冷门项目发奇怪的 issue 和 PR。我一开始还以为是啥新型社工攻击，问了开发者才知道是因为 Google Summer of Code，所以人们跑过来套磁。

定睛一看，果然 Zeno 在 Internet Archive 今年 Google Summer of Code 的预定范围内。
以前只说过但没了解过 GSoC ，它 FAQ 说，只要是18+在校生或者开源新手，就可以写份关于你想要做的项目的提案（proposal）申请参加。

然后再一瞅，什么，参加 GSoC 竟然有钱拿！如果人在中国，成功结项能拿到 3600$ 津贴（GSoC 根据各国的「人均平价购买力」来决定津贴数额，并设有上下限）。这下必须狠狠参加了。😂

于是我也交了份提案，内容主要是说做 Headless archiving、修 CSS parser、修现有 issue、写个类似 httpbin 的 dummy site 方便做 E2E 测试。

https://summerofcode.withgoogle.com/programs/2025/projects/afDanpOP

提交提案之后就是一个多月漫长的等待了，这期间也没完全闲着，糊了些PR。

GSoC 竞争还是挺激烈的，今年总共 13k 申请人，最终被接受的只有 1.2k。今年和我一同被入选 IA 的 GSoC contributor 只有 5 位。

这周联系上了我的 GSoC 项目导师，进了 IA 的 Slack 旁观了他们开周会，很酷，竟然看到了 Brewster Kahle 出现。🤩

又能做存档，又能线上观摩 IA，又能搓代码，还有米。接下来，就是要在这个暑假把提案给实现，通过中期和最终评估。

感谢 Google。虽然 Google 过去一年杀死了 goo.gl 短链、关闭了搜索快照。😅
感谢 Zeno 的开发者 CorentinB 。
感谢 @Ovler 检查我的 proposal 。
感谢 IA 。

姐妹们！我又来啦！上次给大家安利的宝藏搜索引擎「丑搜」竟然又双叒叕更新啦！速度也太快了吧！简直是光速迭代！

https://search.saveweb.org

之前就超爱用「丑搜」翻看各种小众又宝藏的博客文章，这次更新更是让我直呼OMG！ 它收录了十几万篇中文独立博客文章，1.7k+ 独立博客（还有少量播客哦！），简直是内容爱好者的天堂！

这次v3版本简直是史诗级更新！ 让我来给姐妹们划重点：

• 博客数量up up！ 之前就有一千多个博客了，这次直接飙升到1.7k+博客、17w+博文！又有更多宝藏内容可以挖掘啦！ 姐妹们再也不用担心找不到新鲜好文章看啦！
• 时间排序OK啦！ 以前是按匹配度排序，虽然能找到最相关的文章，但有时候也想看看最近更新的嘛！现在可以按时间排序啦！同时，之前是手动月更，现在会每日更新！想看最新的博文？安排！✅
• 高级搜索也安排上啦！ 以前只能简单搜关键词，现在可以写 query 用筛选功能精准搜索！ 比如你想找某个作者的文章，或者特定时间段的，统统不在话下！
• 新界面也太酷了8！ 前端之猫用 Next.js 以新粗野主义设计风格的前端，名字叫 neo-uglysearch，还有 Telegram 的可爱小黄鸭，简直萌化了我的少女心！用起来也敲丝滑！流畅度up up！

姐妹们最关心的高级搜索，我来详细说说！ 它可以根据各种属性来筛选，比如标题、内容、作者、标签、发布时间等等！简直不要太强大！

举几个例子给姐妹们康康：

• 想找标题里包含“年终总结”，并且链接是.github.io 或 .org 结尾的文章？

(title CONTAINS 年终总结 AND (link CONTAINS ".github.io" OR link CONTAINS ".org/"))

• 想看diygod大佬写的，内容里包含“rss”的文章？

(author IN [diygod] AND (content CONTAINS rss))

• 想看某个时间段的周报？

(tags IN [周报, 日报] AND date sec(2024-01-01) TO sec(2025-01-01))

• 想看 CTF Writeup？

((tags IN [ctf, writeup, pwn, misc, reverse]) OR (link CONTAINS "ctf" OR link CONTAINS "writeup") OR (title CONTAINS "ctf" OR title CONTAINS "writeup"))

是不是感觉打开了新世界的大门？！ 姐妹们再也不用担心找不到自己想看的博客文章啦！ 快去试试这个宝藏搜索引擎吧！

以上内容使用 2.0 Flash Experimental 辅助创作。有时可能无法按预期运作。

STWP 2024 第 43 周

• 某项目：完成阶段目标。
• 某项目： @Ovler 在写克隆 API，然后大家发现 @oveRidea_China 6月份搓的代码貌似改改还能用，于是捡起来……？ ^{才怪！全新手搓了！逻辑和依赖全部重做！}

STWP 2024 第 45 周周报

• Hertown 社区停运，定于 2025-1-5 完全关闭服务。
• mangaz.com 月初被信用卡公司取消支付服务合同，预计于 2024-11-26 12:00 (UTC+9) 关闭，站方称仍在寻求重启网站的办法。https://closing.mangaz.com/

STWP 本周趣闻：

• 4号上午我们手动删库并回滚了一个 mongodb 数据库，意外发现 mongodb replicat 貌似会重用 oplog 中的已被删除的文档数据来减少大量流量消耗。
• AcFun 前 1,416,060 个 avid 中，只有 0.26% (3795个) 的视频目前还活着。

STWP 2024 第 46 周周报

• 我们向 CloudFlare 申请 wikiteam3 成为 verified bots，希望申请能过。祝我们好运！
• 982263/6186010 (即15.87%)，这是 AcFun ~2019-3-14 前的视频的存活率。

STWP 2024 Week 47 Weekly Report

Say HELLO to our international friends (especially ArchiveTeam)!

A month ago, @OrIdow6 told us that he was working on a translation bridge for STWP:

[…] I’d like to bring knowledge of it to, and potentially foster collaboration with, English speakers; […] set up a unidirectional chat bridge from the STWP Telegram channels to IRC? It would be run through a machine translator […]

Now that the IRC channel is set up: #stwp-chat:hackint.org

Messages in @saveweb_chat are continuously being machine translated and forwarded to IRC.

(Messages are currently delayed by 30 minutes before being forwarded due to Telegram-side messages can be edited multiple times, and the t2bot.io public Telegram-Matrix Bridge sometimes delays and reorders messages)

Thanks to OrIdow6 for his efforts on this bridge, he spent so long tweaking it.

As a first result of the bridge connection, our box.saveweb.org RSS aggregation was discovered by ArchiveTeam guys.🙈 So, New posts in the aggregation are now ingested hourly into the #// project for archiving intime. (We don’t need to call SPN API to archive these anymore! :D)

STWP 2024 第 48 周周报

• Bilibili 字幕投毒
  我们发现 Bilibili 开始在视频字幕 API 里投毒。目前如果不预先访问视频详情（网页/API）或者不做 wbi 签名，字幕 API 会返回随机的驴头不对马嘴的别的视频的字幕。
  投毒具体开始时间尚不清楚，至少一个月前就存在这情况了。
  也就是说，我们过去一个月存的 10k 多个视频的字幕都需要消毒。
• goo.gl 新进展
  前段时间，“一位不可思议、了不起、才华横溢的志愿者”（看懂这个梗的掌声）ーー @prnake 联系了我们，带来了从 GitHub 镜像里提取出的 goo.gl 和 page.link 链接，去重后，新增了 485966 个有效链接。
• 复活 SkinMe Mod

SkinMe 是曾非常流行的盗版 Minecraft 皮肤站，不过早已停止服务。
@catme0w 发现 SkinMe Mod 内置了一些 fallback 服务，可惜当年的 fallback 服务们现在也都挂了，不过其中有两个已过期域名可注册。于是买下了它两并将请求重定向到 mojang 和现存的皮肤站。repo: CatMe0w/SkinMeAgain

• 其它项目都是小修小补，不在此列出。

STWP 2024 第 49 周周报

• AcFun
  AcFun 视频下载器 saveweb/aixifan已经写好了。等搓好 IA S3 上传库，就可以开始存档远古的 AcFun 视频了。

STWP 2024 第 50 周周报

• 小鸡词典
  小鸡词典撑了几年还是撑不住了，官宣解散。
• 某新兴板聊APP
  本来只是觉得好玩然后想存它，结果发现它数据库的 row security polices (Row Level Security) 有逻辑问题，所以在此不公布APP的名字。三天前就把问题电邮给开发者了，中途又通过其他渠道尝试反馈了，但都没有收到回复，问题也一直没修……

接下来三周 （51、52、53）STWP 放假，没有周报。简要来说：搓了个 IA S3 上传库、存了 1k 个ID 靠前的 AcFun 视频、11月存了 4k 个 BiliBili 视频、12月存了 40k 个 BiliBili 视频、字幕投毒还没清、在跟踪存「对多」、猫写了个丑搜v3前端、保留节目 saveweb/review-2024 年终总结开始收录。

虽然这不是“赞助”，但我们确实收到了来自 GitHub 的 $615 ，过程挺欢乐的。

故事的开头要从酷玩实验室于 2024-06-06 发的「终于，我们都受够了互联网“失忆症”」说起。

一位名为 @justcannotforgot （这 username 不错） 的 GitHub 用户看完这篇微信公众号文章后，甚是感动，想起实验室里还有十几块硬盘在吃灰，于是跑过来发了个 issue，想送我们9️⃣硬盘。

可惜，我们那三天在磨洋功，他的 issue 一直被放置。于是在无响应的三天后，他更新了 issue，@ 了我们的成员。

他一下子 @ 了 4 个账号，但问题是，有一个账号是我们的内部 bot 账号，按理说不应该被外界知晓，他是怎么找到这个账号的？

他这一 @ ，弄得我们大惊失色。

然后我们发现用无关账号直接在我们的公开仓库 @ ，Mention suggester 竟然会将我们的 Private Owner 直接列出来。

我们临时给所有成员都加上了 Private Owner 权限，Mention suggester API 真就把全部 Private Owner 列出来了，再把临时权限去掉，果然，对应账号又从 API 中消失了。（GitHub Web UI 上限制了显示行数，但 F12 能看到 API 有返回更多账号）

正常情况下，Mention suggester 应该只会列出组织的 Public Owner 和调用处仓库的活跃维护者/贡献者。但是不知道为啥，它把本该隐藏的 Private Owner 全列出来了。

我们立即拿家里蹲大学和 Epic Game 开刀，不得不说不愧是家里蹲大学，API 返回了 642 个家里蹲仔。但可惜，图中聊天记录一开始的推断错了，Mention suggester 返回 642 个账号是由于每个家里蹲入学家里蹲大学的时候都开了个家里蹲申请 issue 而产生的家里蹲噪声。（一个加入家里蹲大学就可以得知的家里蹲大学秘密：家里蹲大学里面藏着大概 10 个 Private 家里蹲皇帝）

然后我们拿群友的组织（非生物组织，全过程没有任何成员受到伤害）做实验，又当场新建了个组织，均没有泄漏 Private Owner……

难道我们 saveweb 是体质比其他 org 特殊患感冒了？

很快啊，我们找到了问题的关键：是由于咱 saveweb 遥遥领先，别的组织入 org 即送全 org 范围的 read 权限（默认），而咱们则是设置成了入 org 啥权限都不派送（No permission），相反，我们用 GitHub 的 Team 功能“细粒度”分配不同 repos 的权限给不同的成员。

Member privileges->Base permissions 设置为 No permission 之后。所有 private 的 owner 就也会被 suggestion API 列出。
大 bug 啊。

我们随后创了 GItHub 新号，用它创了个新 org，org 设置成 No permission 后，一样成功复现。

所以是不是该…?
是该 report
哈哈哈 GitHub 也是个草台班子看来
这世界本来就是个大型的草台班子…

然后我们就去 HackerOne 给 GitHub 发 report 了。

• June 10, 2024, 7:39pm UTC 发 report
• June 17, 2024, 6:51pm UTC GitHub 确认 Bug
• June 19, 2024, 10:1pm UTC GitHub 回复说由于是低风险，所以会修得比较慢，然后给了 $617 赏金。
• 一段时间后，这个 bug 被修了。

最后，$617 电汇损失 $2 手续费，我们实际收到了 $615 赏金。

谢谢送硬盘的老兄。😚😚
送硬盘的老兄草
这老兄送的可比硬盘多多了
尝试送硬盘的
而这一切的一切还得感谢那位送硬盘的大哥at了一些不该at的东西

还拿到了个 Octoplush 吉祥物。（Shipped from USA, Made In China, 绷不住）

什么？你想问这个 bug 有啥用？你想不想知道某些的🍅组织的 private owner 🙂

什么？你问开头那位 @justcannotforgot 老哥的硬盘？他前几个月给我们说他师兄可能要卖二手处理掉那些9️⃣硬盘，然后到现在也没有音讯……

项目仓库：https://github.com/saveweb/qiushibaike-archive

「糗事百科」创于 2005 年，于 2022-12-29 关站。

2023年，STWP 送大家新鲜出炉 1.3 TiB 的「糗事百科」存档作为新年礼。

想领取此礼品的小伙伴，请自备 2TB 以上的硬盘，然后联系STWP，将硬盘快递发给 STWP 成员，我们将把这 1.3 TiB 当量的红包塞进您的硬盘并回寄给您，作为您的新年礼物。

这不是玩笑，重复，这不是玩笑。

「糗事百科」存档由 @NyaMisty 制作。

数据已全部下载，项目仍在做必要的后期处理，我们期望能把最终的存档做成 WARC 并塞进 IA 的 Wayback Machine 中。

更新：因 IA 扫描 WARC 需要白名单权限（我们肯定是没有的）所以 WARC 就不弄了。