Post type: Text
I've recently been beefing up my homelab game, and I was having issues getting a Gotify secure websocket to connect. I love the Caddy webserver for both prod and local installs because of how easy it easy to configure.
For local installs, it defaults to running its own CA and issuing a certificate. Now, if you're only running one instance of Caddy on the same machine you're accessing, getting the certs to work in browsers is easy as running caddy trust.
But in a proper homelab scenario, you're running multiple machines (and, often, virtualized machines within those boxes), and the prospect of grabbing the root cert for each just seemed like a lot of work. At first, I tried to set up a CA with Smallstep, but was having enough trouble just getting all the various pieces figured out that figured there had to be an easier way.
There was.
I registered a domain name (penginlab.com) for $10. I set it up with an A record pointing at my regular dev server, and then in the Caddyfile gave it instructions to serve up the primary domain, and a separate instance for a wildcard domain.
When LetsEncrypt issues a wildcard domain, it uses a DNS challenge, meaning it only needs a TXT record inserted into your DNS zone to prove it should issue you the server. Assuming your registrar is among those included in the Caddy DNS plugins, you can set your server to handle that automatically.
(If your registrar is not on that list, you can always use
certbot certonly --manualand enter the TXT record yourself. You only need to do it once a quarter.)
Now we have a certificate to use to validly sign HTTPS connections for any subdomain for penginlab.com. You simply copy down the fullchain.pem and privkey.pem files to your various machines (I set up a bash script that scps the file down to one of my local machines and then scps it out to everywhere it needs to go on the local network.)
Once you have the cert, you can set up your caddy servers to use it using the tls directive:
tls /path/to/fullchain.pem /path/to/privkey.pemYou'll also need to update your local DNS (since your DNS provider won't let you point public URLs at private IP addresses), but I assume you were doing that anyway (I personally use NextDNS for a combination of cloud-based ad-blocking and lab DNS management).
Bam! Fully accepted HTTPS connections from any machine on your network. And all you have to do is run one bash script once a quarter (which you can even throw on a cron). Would that all projects have so satisfying and simple a solution.
Permalink
I'm definitely not brave enough to put it on a cron until I've run it manually at least three times, TBH. But it's a nice thought!
Re: Apple’s convoluted EU policies
It's surprising how often D&D is relevant in my everyday life. Most people who play D&D are in it to have fun. They follow the rule - not just the letter of the law, but the spirit.
But every once in a while you'll encounter a "rules lawyer," a player who's more concerned with making sure you observe and obey every tiny rule, punish every pecadillo, than actually having fun.
All the worse when it's your GM, the person in charge of running the game.
But there's one thing you learn quickly - if someone is trying to game the rules, the only way to win (or have any fun) is play the game right back.
For smaller/mid-tier devs, if you're only offering free apps you should probably just continue in the App Store.
But for larger devs who might run afoul of the new guidelines where apps distributed outside the App Store get charged a fee every time they go over a million users?
Oops, Apple just created collectible apps, where if you have Facebook (and not Facebook2), we know you got in early. Think about it: Same codebase, different appId. The external app stores can even set up mechanisms for this to work - every time you hit 999,000 installs, it creates a new listing that just waits for you to upload the new binary (and switches when you hit 995K). Now your users are incentivized to download your app early, in case becomes the big thing. Lower app # is the new low user ID.
If I'm Microsoft, I'm putting a stunted version of my app in the App Store (maybe an Office Documents Viewer?) for free, with links telling them if they want to edit they have go to the Microsoft App Store to download the app where Apple doesn't get a dime (especially if Microsoft uses the above trick to roll over the app every 995K users).
Even in the world where (as I think is the case in this one) Apple says all your apps have to be on the same licensing terms (so you can't have some App Store and some off-App Store), it costs barely anything to create a new LLC (and certainly less than the 500K it would cost if your app hits a million users). Apple's an Irish company, remember? So one of your LLCs is App Store, and the other is external.
To be clear, I don't like this setup. I think the iPhone should just allow sideloading, period. Is all of this more complicated for developers? Absolutely! Is the minimal amount of hassle worth saving at least 30% percent of your current revenue (or minimum $500K if you go off-App Store)? For dev shops of a certain size, I would certainly think so.
The only way to have fun with a rules lawyer is to get them to relax, or get them to leave the group. You have to band together to make them see the error of their ways, or convince them it's so much trouble it's not worth bothering to argue anymore.
Permalink
Yes, Apple is going to (rules-)lawyer this, but they made it so convoluted I would be surprised if they didn't leave some giant loopholes, and attempting to close them is going to bring the EU down on them hard. If the EU is even going to allow this in the first place.
I'll be hitting the lecture circuit again this year, with three conferences planned for the first of 2024.
In February, I'll be at Developer Week in Oakland (and online!), talking about Data Transfer Objects.
In March, I'll be in Michigan for the Michigan Technology Conference, speaking about clean code as well as measuring and managing productivity for dev teams.
And in April I'll be in Chicago at php[tek] to talk about laws/regulations for developers and DTOs (again).
Hope to see you there!
Permalink
Who holds a conference in the upper Midwest in March???
Hey everybody, in case you wanted to see my face in person, I will be speaking at LonghornPHP, which is in Austin from Nov. 2-4. I've got two three things to say there! That's twice thrice as many things as one thing! (I added a last-minute accessibility update).
In case you missed it, I said stuff earlier this year at SparkConf in Chicago!
I said stuff about regulations (HIPAA, FERPA, GDPR, all the good ones) at the beginning of this year. This one is available online, because it was only ever available online:
I am sorry for talking so fast in that one, I definitely tried to cover more than I should have. Oops!
Permalink
The SparkConf talks are unfortunately not online yet (for *reasons*), and I'm doubtful they ever will be.
Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
As a reminder, from Semver.org:
Given a version number MAJOR.MINOR.PATCH, increment the:
1. MAJOR version when you make incompatible API changes
2. MINOR version when you add functionality in a backward compatible manner
3. PATCH version when you make backward compatible bug fixes
As it turns out, just because you label it as a "security" patch doesn't make it OK to completely annihilate functionality that numerous themes depend on.
This bit us on a number of legacy sites that depend entirely on shortcode parsing for functionality. Because it's a basic feature. We sanitize ACTUAL user-generated content, but the CMS considers all database content to be "user content."
WordPress is not stable, should not be considered to be an enterprise-caliber CMS, and should only be run on WordPress.com using WordPress.com approved themes. Dictator for life Matt Mullenweg has pretty explicitly stated he considers WordPress' competitors to be SquareSpace and Wix. Listen to him.
Permalink
Friends don't let their friends use WordPress
Rarely is the question asked, "Is our children tweeting?" This question is likely nonexistent in journalism schools, which currently provide the means for 95+ percent of aspiring journalists to so reach said aspirations. Leaving aside the relative "duh" factor (one imagines someone who walks into J101 without a Twitter handle is the same kind of person who scrunches up his nose and furrows his brow at the thought of a "smart ... phone?"), simple (slightly old) statistics tell us that 15% of Americans on the Internet use Twitter.
(This is probably an important statistic for newsrooms in general to be aware of vis-a-vis how much time they devote to it, but that's another matter.)
For most journalism students, Twitter is very likely already a part of life. Every introduction they're given to Twitter during a class is probably time better spent doing anything else, like learning about reporting. Or actually reporting. Or learning HTML.
I know this idea is not a popular one. The allure and promise of every new CMS or web service that comes out almost always includes a line similar to, "Requires no coding!" or "No design experience necessary!" And they're right, for the most part. If all you're looking to do is make words appear on the internet, or be able to embed whatever the latest Storify/NewHive/GeoFeedia widget they came out with, you probably don't need to know HTML.
Until your embed breaks. Or you get a call from a reader who's looking at your latest Spundge on an iPad app and can't read a word. Or someone goes into edit your story and accidentally kills off a closing </p> tag, or adds an open <div>, and everything disappears.
Suddenly it's "find the three people in the newsroom who know HTML," or even worse, try to track down someone in IT who's willing to listen. Not exactly attractive prospects.
Heck, having knowledge of how the web works would probably even help them use these other technologies. Not just in troubleshooting, but in basic setup and implementation. In the same way we expect a basic competence in journalists to produce their stories in Word (complete with whatever styles or code your antiquated pagination system might prescribe), so too should we expect the same on digital.
Especially in a news climate where reporters are expected as a matter of routine to file their own stories to the web, it's ludicrous that they're not expected to know that an <img> tag self-closes, or even the basic theory behind open and closed tags. No one ever did their job worse because they knew how to use their tools properly.
I'm not saying everyone needs to be able to code his or her own blog, but everyone should have a basic command of their most prominent platform. It's time we shifted the expectations for reporters from "not focused entirely on print" to "actually focused on digital."
Permalink
Thanks to Elon, no asks if our children are tweeting anymore. There's a big advantage in learning how to use all your tools properly, even if it doesn't seem like it.
Poems for our "bureau" reporter in Santa Fe, whose stories I'm always left waiting for when I'm laying out:
Sitting at my desk
wondering if you're still alive
unmoved either way.
Four stories at noon
two out, two new by midday;
none ever find me.
He's slaving away
Interviewing, contacting;
AP filed at 5.
A blank page, staring
waiting to be filled with news ...
Angry Birds high score!
Permalink
The downside of biking to work is I have to interact with people. To wit:
Our HEROINE is biking to work, since she lives like six blocks away and gas is well north of $3 in New Mexico. After a minutes-long coast (it's mostly downhill), she arrives at work and begins to lock up his bike.
FRIGHTENING BLOND WOMAN, who was lurking behind the building, comes around the corner talking loudly on her cell phone.
FBW: I don't know, I don't have the money.
Our HEROINE is doing her best not to listen, as it doesn't sound like a fun conversation to be dropping eaves on. Due to the volume the conversation is conducted at, however, she has no choice.
FBW: I don't have the money to file papers! If I have to go see a lawyer, I'm gonna go bankrupt.
At this point, our HEROINE realizes she's overhearing a discussion about divorce. Though the woman is glib, it's difficult to tell if she's joking or not. Her face is strained, even when smiling, giving it an almost movie-like quality - as if, at any moment, you'd expect her to pitch forward with an arrow sticking out of the back of her head.
FBW: Well if you're just going to die, I won't have to worry about it. I'll just be a widow, no problem.
Our HEROINE finally manages to work the lock, clicks it into place, and fairly runs into the building.
See, you can give me the environmental, physical and financial benefits of the bike versus the car all you want, but at least when I'm in my car I don't have to deal with the insanity of others. It's not like I'm deficient in that category myself.
Permalink
Clearly, the problem was with me - I wasn't wearing headphones
Yesterday was Moving Day; as is tradition, that means today is "Not Moving Day," owing to the soreness from yesterday.
Moving is supposed to bring about an onslaught of different emotions: a twinge of nostalgia at leaving the place you've called home, sadness at altering/losing the different interpersonal relationships you've developed at said location, and excitement or trepidation at thought of what's to come.
I don't know that exhaustion can rightly be counted as an emotion, but the depth to which I feel it now seems to indicate it should at least be in the running.
After the third or fourth major geographical upheaval in 12 months (with a few minor phase shifts as well), moving just doesn't have the same impact anymore. Sleeping for the first time under a new roof felt just as comfortable as sleeping under the old one, which is to say "not very" because I never really "settled in" to the old apartment in the proper sense. Despite living there for eight months, the overly spacious two-bedroom apartment treated me more as a guest in a motel room than a permanent occupant.
Sure, I have some memories. The hideously overweight 40-some-year-old creepster who lived on the ground floor and sat outside his apartment 80 percent of the time, whiling away the days smoking, eating peaches or painting his fingernails a flamboyant hunter orange. That wouldn't have been so bad were it not for his completely obvious leering at women half his age or whenever he'd get in the mood to go shirtless.
Or consider the Albertson's grocery cart in the parking lot that mysteriously disappeared and reappeared on no set schedule, without rhyme or reason. Nothing says class like an Albertson's grocery cart.
Obviously, it wasn't all bad. Friends came over, drinks were drunk (and drunks kept drinking), movies were watched, great books were read and many a sleep was slept. But none of this served to dispel the ever-present air of transiency.
I'm now in Spokane, more specifically Browne's Addition, working at a job that seems pretty damn perfect for me (more on that later). The hope is to keep this apartment for quite some time, to break the moving cycle. At least long enough so that the next time I have to move, it actually means something again.
Permalink
Oh, Li'l Kait was so young and innocent.
I realize that former Gonzaga basketball player Josh Heytvelt was trying to give a heartfelt interview and express his remorse over being arrested for possession of 'shrooms, but there's a reason why athletes usually have people talk for them. This quote is why:
Heytvelt was ordered to do 240 hours of community service. He did more than 300, working primarily with terminally ill children at a Ronald McDonald House. "That really made me think that those kids aren't choosing to have cancer. They're given that," Heytvelt said. "I realized I had made some really bad choices and that really made me think about every choice I made from then on out."
Two questions: Did Heytvelt previously think those children had chosen to have cancer, and who did he think gave it to them?
Permalink
I still think the kids wouldn't have minded some pyschedelics.
