Upgrading a number of small websites with HTTPS,
Liking this tip from the Piwik team about using analytics in a way that complies with safe CSP settings.
Claes Wallin (韋嘉誠) likes this.
hyyps looked too risky
that stuff looks far worse than even that
its time to BREAK UP the cartels that try to bully us into a censorship regime
I will always resist that
there is no way in hell O would want to allow untrusted third parties to9 block any website I make!
untill they come up with something without the censorship risks plain old http will always be allowed
I won't budge on that and all the sloganising over https in recent years only makes me dig my heels in more.
I repeat - the issue is not the price of certificates, its the CENSORSHIP risk!.
now that browser BLOCK that is even worse!.
the brower cartel MUST be broken yp - had a gutful of their crapware in recent years.
sure encryption would be nice, but not if the price is to allow censorship.
An office with a sign
I've been running a software engineering consulting business for over 10 years now, but have recently moved out of the home-office. I've really enjoyed the home office arrangement, but I didn't get a sign!
George Standish likes this.
I'm really excited about the future of GuixSD, but a string of breakages over the last few months is wearing me down. ;(Yeah. Better integration testing to make sure everything, or a decent subset, remains buildable before merging would be nice. Rust verifies their entire package repo on every language update. Travis offers free testing for free-software projects.
Also, a better upgrade path when incompatible changes are done to the package tree and the guix framework would be nice.
Looking forward to tonight’s Free Software Melb meet-up; my first in many months! http://freesoftware.org.au/blog/fsm-may-18th-fsm-committee-functions-and-behind-the-gnews/
lsblk- how have I never met this handy program before?
Replicant 6.0 released!
Being a Replicant user for 7 years or more, I'm really excited to see Replicant 6.0 released! Congrats to Wolfgang Wiedmeyer and the other contributors.
Over the last one and a half years, a lot of work has been done to move Replicant to a new version and to add new features.
Replicant 6.0 is based on LineageOS 13.0 which is based on Android 6.0. Replicant 6.0 includes all the improvements that were made since CyanogenMod 10.1.
Christopher Allan Webber likes this.
Yay stickers! Thanks EFF!
Ansible vs Fabric
I'm trying to love Ansible, but
ansible-playbook -i inventory.ini --sudo -v certbot-renew.ymlis just messy compared to say
uıɐɾ ʞ ʇɐɯɐs likes this.Show all 6 replies
@Adam Bolte it certainly could, and for renewing certificates it probably should, so perhaps not the best example. I really like using Fabric as a way to put a really simple interface over a sequence of hard to remember commands, that I might only run now and again.
>> Ben Sturmfels:
“>that I might only run now and again.”
Fair enough. In salt, you would put your host-specific states in top.sls. Then you can just run salt '*' state.highstate when you need to redeploy/update/whatever and forget about running any certbot-related commands, states or playbooks directly ever again. :)If there's an "ansible.cfg" file in the current directory, you can put "inventory=inventory.ini" in the "[defaults]" section and not have to mention it on the command-line.Instead of saying "--sudo", you can put "become: true" into your playbook file.That makes the Ansible command-line a bit simpler, but still not quite as simple as Fabric.In my experience, Ansible really shines when you have modular configuration, where these hosts need this subset of configuration applied to them, but those hosts need that overlapping-but-not-identical subset of configuration applied. Using Ansible for configuring a single thing on a single host is overkill for production, although it's a good way to learn about it.
Dialing phone numbers from Emacs
Wrote a little Emacs function to dial a phone number from my BBDB address book using my desktop Jitsi client. So now I run
C-c b [search term]then
M-dto dial. Really handy.
(defun jitsi-dial (phone) "Call a phone number PHONE using Jitsi." (interactive (list (bbdb-current-field) current-prefix-arg)) (let ((phone-uri (format "sip://%firstname.lastname@example.org" (replace-regexp-in-string " " "" phone)))) (call-process "jitsi" nil nil nil phone-uri))) (setq bbdb-dial-function 'jitsi-dial)
I've hard-coded my SIP gateway provider and preferred SIP client instead of configuring my OS to appropriately handle
sip://URLs. But that's how all good Emacs hacks should be. ;)
Wekan Kanban on Sandstorm Oasis
Wekan is a free software Kanban tool. I've been finding it really handy in my software engineering business. I use one board for high-level juggling of projects in progress, which sit somewhere between "lead" and "paid". I also use a board per project for the various elements of that project. It's very polished and easy to use.
Sandstorm Oasis is a marvellous service, because it saves me having to host all my own services and the secure sharing/collaboration features are brilliantly simple. To be honest, I may have never tried Wekan if it wasn't a few clicks away in Sandstorm.
some kind of appstore? ..
for me that concept is a bit of a turn-off
the page listing the apps won't even load which doesn't give me a good impression.
I won't sign up to anything that won't show me what it offers.
Sounds like it needs a hefty box to run on anyway
for hosting I prefer a shell prompt and keeping things lightweight and simple so not convinced theres much to interest me there.
Wow, just learnt about
certbot renew, which renews all your certificates at once. Too easy! Just joined EFF as a paid member.
I doubt it would handle multiple domains on the same server and more complicated config files where not everything is a "platform"
still somewhat iffy about ssl ..
sure dns might have known issues but it still looks a hell of a lot more stable than anything to do with ssl ever looked and after seeing an exploit happen in front of my eyes a few months ago where a browser showed me a spoofed site DESPITE dns results being correct (changing to http in the url went to the real site) I'm now rather suspicious of the tls push.
browsers are nowsdays so full of holes I don't think I can trust anything but the bare basics if even that
@Michael There are obviously some flaws with the model of "trust these centralised certificate authorities to do the right thing", but TLS/SSL is an essential security measure to make surveillance and fraud expensive to attackers. Sure, browsers do have bugs sometimes, but that doesn't devalue the system as a whole.
For what it's worth,
certbot renewdoes happily handle multiple domains on the same server - that's how I'm using it.
anyway I think the first time I would want to do it manually, to make sure I get to know what goes where ..
also need to consider multiple servers ..
(nginx is in front) - might need some care to get configs right,
and also rewrite rules to consider
(other stuff using /.well-known paths - webfinger/etc )
Ben Sturmfels likes this.
Spot the queen bee
I'm getting back into beekeeping. It's been at least 15 years since I last helped out with Dad's bees, so I'm a bit rusty, but now have a hive in the backyard and the gear to feel confident working on them. Can you spot the queen bee in the photo? She's longer than the small worker bees and slimmer than the fatter drone bees. The other bees also leave a bit of an air gap around her.
Awesome! Fresh fruit for morning tea at #lca2017, very refreshing!
The rise of the Matrix (dot org)
Matrix.org users are now more than 50% of the total bridged Matrix/IRC/Slack network at LCA2017 in Hobart, Australia. That's 170 IRC, 96 Matrix and 12 Slack. The magic here is that Matrix users get access to loads of modern features, but we don't lose the large established IRC group.Riot is just the best IRC client for web and in particular for mobile. I've opened a new phase in my life by discovering it.
That said, I am looking into XMPP frontends to see if there are any that could make Riot unnecessary. Nobody has a generic XMPP MUC <-> Freenode channel integration going though, much less one where XMPP users are real IRC users, and that's a huge feature regardless of the technical details of the protocols.