docs(v1.21.1): spelling fixes

Signed-off-by: Xe Iaso <me@xeiaso.net>

.devcontainer/devcontainer.json

@@ -21,7 +21,8 @@
         "golang.go",
         "unifiedjs.vscode-mdx",
         "a-h.templ",
-        "redhat.vscode-yaml"
+        "redhat.vscode-yaml",
+        "streetsidesoftware.code-spell-checker"
       ]
     }
   }

.vscode/extensions.json

@@ -5,6 +5,7 @@
     "golang.go",
     "unifiedjs.vscode-mdx",
     "a-h.templ",
-    "redhat.vscode-yaml"
+    "redhat.vscode-yaml",
+    "streetsidesoftware.code-spell-checker"
   ]
 }

docs/blog/2025-07-22-release-1.21.1/index.mdx

@@ -82,7 +82,7 @@ Anubis now supports localized responses. Locales can be added in [lib/localizati
 - [Japanese](https://github.com/TecharoHQ/anubis/pull/772)
 - [Icelandic](https://github.com/TecharoHQ/anubis/pull/780)
 - [Italian](https://github.com/TecharoHQ/anubis/pull/778)
-- [Norweigan](https://github.com/TecharoHQ/anubis/pull/855)
+- [Norwegian](https://github.com/TecharoHQ/anubis/pull/855)
 - [Russian](https://github.com/TecharoHQ/anubis/pull/882)
 - [Spanish](https://github.com/TecharoHQ/anubis/pull/716)
 - [Turkish](https://github.com/TecharoHQ/anubis/pull/751)
@@ -102,12 +102,6 @@ These issues affect every user of Anubis. Administrators should upgrade Anubis a
 Anubis has a progress bar so that users can have something moving while it works. This gives users more confidence that something is happening and that the website is not being malicious with CPU usage. However, the way it was implemented way back in [#87](https://github.com/TecharoHQ/anubis/pull/87) had a subtle bug:
 
 ```js
-// send a progress update every 1024 iterations. since each thread checks
-// separate values, one simple way to do this is by bit masking the
-// nonce for multiples of 1024. unfortunately, if the number of threads
-// is not prime, only some of the threads will be sending the status
-// update and they will get behind the others. this is slightly more
-// complicated but ensures an even distribution between threads.
 if (
   (nonce > oldNonce) | 1023 && // we've wrapped past 1024
   (nonce >> 10) % threads === threadId // and it's our turn
@@ -116,7 +110,7 @@ if (
 }
 ```
 
-The logic here looks fine but is subtly wrong as was reported in [#877](https://github.com/TecharoHQ/anubis/pull/87) by the main Pale Moon developer.
+The logic here looks fine but is subtly wrong as was reported in [#877](https://github.com/TecharoHQ/anubis/issues/877) by the main Pale Moon developer.
 
 For context, `nonce` is a counter that increments by the worker count every loop. This is intended to spread the load between CPU cores as such:
 
@@ -125,7 +119,7 @@ For context, `nonce` is a counter that increments by the worker count every loop
 | 1         | 0         | 0     |
 | 1         | 1         | 1     |
 | 2         | 0         | 2     |
-| 3         | 1         | 3     |
+| 2         | 1         | 3     |
 
 And so on. This makes the proof of work challenge as fast as it can possibly be so that Anubis quickly goes away and you can enjoy the service it is protecting.
 
@@ -256,27 +250,27 @@ Anubis also didn't store any information about challenges so that it can remain
 title: Anubis challenge string idempotency
 ---
 sequenceDiagram
-    User->>+Anubis: GET /wiki/somepage
+    User->>+Anubis: GET /wiki/some-page
     Anubis->>+Make Challenge: Generate a challenge string
-    Make Challenge->>-Anubis: Challenge string: asrtneio
+    Make Challenge->>-Anubis: Challenge string: taco salad
     Anubis->>-User: HTTP 401 solve a challenge
     User->>+Anubis: GET internal-api/pass-challenge
     Anubis->>+Make Challenge: Generate a challenge string
-    Make Challenge->>-Anubis: Challenge string: qwertyui
+    Make Challenge->>-Anubis: Challenge string: burrito bar
     Anubis->>+User: Error: invalid response
 ```
 
-Various attempts were made to fix this, including but not limited to:
+Various attempts were made to fix this. All of these ended up failing. Many difficulties were discovered including but not limited to:
 
 - Removing `Accept-Language` from consideration because [Chrome randomizes the contents of `Accept-Language` to reduce fingerprinting](https://github.com/explainers-by-googlers/reduce-accept-language), a behaviour which [causes a lot of confusion](https://www.reddit.com/r/chrome/comments/nhpnez/google_chrome_is_randomly_switching_languages_on/) for users with multiple system languages selected.
-- The discovery that [IPv6 privacy extensions](https://www.internetsociety.org/resources/deploy360/2014/privacy-extensions-for-ipv6-slaac/) mean that each request could be coming from a different IP address (at least one legitimate user in the wild has been observed to have a different IP address per TCP session across an entire `/48`).
+- [IPv6 privacy extensions](https://www.internetsociety.org/resources/deploy360/2014/privacy-extensions-for-ipv6-slaac/) mean that each request could be coming from a different IP address (at least one legitimate user in the wild has been observed to have a different IP address per TCP session across an entire `/48`).
 - Some [US mobile phone carriers make it too easy for your IP address to drastically change](https://news.ycombinator.com/item?id=32038215) without user input.
 - [Happy eyeballs](https://en.wikipedia.org/wiki/Happy_Eyeballs) means that some requests can come in over IPv4 and some requests can come in over IPv6.
-- To make things worse, you can't even assert that users are from the same [BGP autononmous system](<https://en.wikipedia.org/wiki/Autonomous_system_(Internet)>) because some users could have ISPs that are IPv4 only, forcing them to use a different IP address space to get IPv6 internet access.
+- To make things worse, you can't even assert that users are from the same [BGP autonomous system](<https://en.wikipedia.org/wiki/Autonomous_system_(Internet)>) because some users could have ISPs that are IPv4 only, forcing them to use a different IP address space to get IPv6 internet access. This sounds like it's rare enough, but I personally have to do this even though I pay for 8 gigabit fiber from my ISP.
 
 Amusingly enough, the only part of this that has survived is the assertion that a user hasn't changed their `User-Agent` string. Maybe [that one guy that sets his Chrome version to `150`](https://github.com/TecharoHQ/anubis/issues/239) would have issues, but so far I've not seen any evidence that a client randomly changing their user agent between challenge issuance and solving can possibly be legitimate.
 
-As a result, the entire subsystem that generated challenges before had to be ripped out.
+As a result, the entire subsystem that generated challenges before had to be ripped out and rewritten from scratch.
 
 It was replaced with a new flow that stores data on the server side, compares that data against what the client responds with, and then checks pass/fail that way:
 
@@ -285,10 +279,10 @@ It was replaced with a new flow that stores data on the server side, compares th
 title: New challenge flow
 ---
 sequenceDiagram
-    User->>+Anubis: GET /wiki/somepage
+    User->>+Anubis: GET /wiki/some-page
     Anubis->>+Make Challenge: Generate a challenge string
     Make Challenge->>+Store: Store info for challenge 1234
-    Make Challenge->>-Anubis: Challenge string: asrtneio, ID 1234
+    Make Challenge->>-Anubis: Challenge string: taco salad, ID 1234
     Anubis->>-User: HTTP 401 solve a challenge
     User->>+Anubis: GET internal-api/pass-challenge, challenge 1234
     Anubis->>+Validate Challenge: verify challenge 1234