1. 3

    Writing documentation

    docs.nixnet.services

    1. 3

      I installed MediaWiki on a server three years ago for a project and I really liked it! It was nice using software that thousands of other people had already gone through the pain of trying out.

      I got rid of it because I didn’t want to keep maintaining a cloud server. If anybody’s got a CF stack for AWS that sets up a serverless MediaWiki, hit me up. I’d love to try it out.

      1. 3

        I am in the process of setting up MediaWiki Fort personal content (personal kB) and I’m using the official docker image. It’s very ergonomic.

        1. 2

          I actually use TiddlyWiki and find that it’s more than adequate.

          1. 3

            I gave that a small try and it didn’t feel like the right fit for me. Still a nice idea though.

        2. 1

          It’s not AWS but I did find a gist about setting it up on Heroku. Might be something to look into https://gist.github.com/caseywatts/d04bda6626ef2c6c8f97

          1. 1

            After I posted my comment I started thinking about various ways to accomplish this. The easiest would probably be a container deployment used only as-needed on a spot-bid basis with a budget. This heroku solution looks really cool also. There’s probably a much harder way to do it without instances at all, and it might make for a great blog post, but I don’t have the necessary motivation to chase it down. I really love the tool, though. It’s amazing that such tools are free.

        1. 2

          I recall setting up MediaWiki years ago and loving it! Really like the idea of a personal Wiki fro this kind of thing - currently using SimpleNote but it’s pretty limiting, maybe I’ll give MediaWiki a go.

          1. 2

            At the beginning, I wasn’t all that impressed or optimistic about MediaWiki simply because of how dated it looks. After exploring more and seeing what it’s actually capable of, I don’t know how I ever lived without it ;) All of what I’m documenting is for NixNet and MediaWiki is perfect but I’ve also started trying to maintain a Zettelkasten as more of a personal knowledge base. It’s only been a few weeks and I haven’t had much to write outside of documentation but it seems like it’ll work pretty well.

          1. 3

            The Zettelkasten thing sure has been hitting the zeitgeist hard these last few months - right around when I started poking at those ideas myself after kind of edging around them for a decade or two. It’s interesting to feel a burgeoning nerd methodology cult wash over and through the system of my own thinking. I was a lot less self-aware the last few times this really happened to me (the first big wiki wave back in the era of thousand-line Perl CGI wiki software comes to mind), and I never got drawn into GTD or Agile on any deeply felt personal level, so it’s almost like a new experience.

            Anyhow, nice writeup. I’ll probably steal something here, and it’s a good reminder I should condense my own recent fiddling on stuff like vimwiki into a useful post.

            1. 1

              The idea behind Zettelkasten is really interesting and powerful but I’ve found it difficult to get started; I have no idea what kinds of things I should be writing down and keeping track of. Starting Saturday, however, I’ll have a lot more time to dig into things. Finals have been hitting me hard this week but my last one is tomorrow evening.

              Until now, I’d never heard of GTD. Agile has crossed my radar a couple of times and I hosted Taiga on NixNet for a bit but very few people actually used it. I didn’t either so I stopped running it. Agile is an interesting approach for software development but it seems as if GTD is actually better for individuals. At first glance, it looks as if it’s something I could really benefit from; I always keep my tasks in my head and inevitably end up forgetting some of them.

              How do you like vimwiki? I’ve seen a lot of people rave about it and it does look really nice but I don’t know how I feel about spreading everything over a ton of files. It seems to me that org-mode would be more useful if that’s the workflow you (“you” in general, not you specifically) are going for. I haven’t used it very much at all though; I just installed Doom Emacs last week and haven’t had time to dig into it.

              1. 2

                The idea behind Zettelkasten is really interesting and powerful but I’ve found it difficult to get started; I have no idea what kinds of things I should be writing down and keeping track of.

                I think most of the trick is to start taking notes and stick at it, let them evolve over time.

                The box full of interlinked cards for ideas is an interesting way to think about this, and it’s informing my own habits, but if you get too concerned with emulating the hard-to-pin-down but allegedly crucial specifics of methods with supposedly near-mystical powers to reorganize your life/work/thought, it’s pretty easy to lock up and go nowhere at all with it.

                How do you like vimwiki? I’ve seen a lot of people rave about it and it does look really nice but I don’t know how I feel about spreading everything over a ton of files. It seems to me that org-mode would be more useful if that’s the workflow you (“you” in general, not you specifically) are going for. I haven’t used it very much at all though; I just installed Doom Emacs last week and haven’t had time to dig into it.

                Rambling thoughts: Org mode is a much more featureful and powerful piece of software overall than something like vimwiki, but I quit using Emacs about 20 years ago because it physically hurt, and none of my attempts to revisit it since have really worked out. All the same, org seems pretty amazing and is probably worth exploring in the general case.

                Prior to Vimwiki, I was keeping notes in a small set of plain text files, so that felt like a natural transition. It doesn’t, overall, do very much, but linking between pages and minimal syntax for things like lists and TODOs are handled pretty well. I rarely bother rendering to HTML and primarily use it within the editor. The diary feature is great.

                I’ve bolted some extra features onto my notes by way of small filter scripts, autocommands, and custom keybindings. Eventually I think I’m going to want that stuff to be a bit more coherent and ergonomic. In the meanwhile, I’ve taken on some of the support load for the plugin on Freenode #vimwiki and do some GitHub issue triage for it. I’m on the fence as to whether to devote more time to improving the plugin; I may instead eventually start fresh with my own codebase, but for now Vimwiki’s structure and syntax are simple enough that I don’t feel particularly locked in if it does feel necessary to port my notes to something else.

            1. 4

              maybe just a detail, but I have added a little snippet in my vimrc. I find those ——— more readable than # Title: mt stands for “markdown title”. Choose your own.

              nnoremap <leader>mt yy<Esc>jP0v$r-<esc> 
              
              make the current line a title

              like this !

              1. 4

                You can even optimize it to fewer keystrokes ! Down to a point I don’t even need a mapping anymore now it’s in my muscle memory ☺

                yypVr-
                
                1. 2

                  I use mt sufficiently enough to keep it in a 3-key stroke. But thanks for the yypVr- trick: it is always nice to see a better solultion.

                2. 2

                  I personally prefer using the # for headers but a friend of mine always uses -------. He also uses Vim so I’ll be sure to send this to him! It also gives me some other ideas for using key combos to format markdown rather than doing it “manually”

                  1. 3

                    Don’t hesitate to share those ideas !

                    Mines are simply:

                    nnoremap <leader>m- I- <Esc> 
                    nnoremap <leader>ml I- <Esc>   
                    nnoremap <leader>mt yy<Esc>jP0v$r-<esc>
                    nnoremap <leader>mpl I- <Esc>p
                    nnoremap <leader>mx :s/^- /x /<esc> 
                    nnoremap <leader>m# I# <esc> 
                    nnoremap <leader>m<cr> O<esc> 
                    nnoremap <leader>md :r!date +\%c<cr>
                    

                    mx is for todo like mardown list, the dot get x when it’s done. mpl, it’s because I paste link as in dot list in general. I will probably use the better version proposed by z3bra in the comment above. Sure you will have more clever ones than mines ;-)

                    1. 2

                      It’s really recent for me. I have been using # Title exclusively for more than 1 or 2 year. But then only I finally notice that —— are more readable for me.

                      This appears true only when using # and ##. Suddenly Main titles are just more apparent and really stands apart from the little indented ## and ###. Well at least for me ;-), that’s the way I look at text.

                      So I changed to ——— only a few days weeks ago. A now I much prefer it.

                  1. 2

                    I’ve also been using the nginx rtmp module to handle multi-location video streaming as well. My band as well as electronic duo are planning to live stream a full show very soon. Just need to run some stress tests on the RTMP server. We’re using OBS to transition between the video feeds, and for the audio, we’re going to all be on a private NINJAM server. Since we can adjust the audio delay in OBS to match up with everyone’s video, we believe it will provide the closest thing to a live performance that you can get in quarantine.

                    1. 1

                      NINJAM is really cool. I’ve thought about trying to do something similar but always decided it wasn’t really worth the trouble because of the latency involved. I’m going to have to look into it some more and might actually use it with a few friends; thanks for mentioning it!

                      1. 1

                        It’s not exactly easy to start up a NINJAM server, you have to compile from source and it’s not very well supported. But once it’s running, it’s pretty stable, and I haven’t noticed any latency when jamming with others on my public server, but considering the results of our latest RTMP server tests, I’m predicting that I’ll have to adjust the audio source latency in OBS to compensate for the video latency. Just listening to the audio alone, however, shows that everyone in the server is definitely playing along together and reacting to each other just as they would in a real-life jam.

                    1. 1

                      I blog a lot on Secluded.Site. It’s really just whatever technical stuff comes to mind, Dungeons & Dragons campaigns, and pipe smoking. I’m in the process of migrating some of my posts to there from NixNet but, in the meantime, that will give you an idea of the technical things I write.

                      You should read it if you like what I write ;)

                      1. 2

                        I’m not sure if I’m missing it or if it’s not there, but there doesn’t seem to be any way to serve the web interface over https. Don’t see any “ToDo” items either: https://todo.sr.ht/~sircmpwn/koushin?search=https

                        Am I looking right past it?

                        1. 2

                          Yes, koushin assumes a reverse proxy is set up right now.

                          1. 1

                            It’s likely meant to be served from behind a webserver like NGINX or Apache with a reverse proxy; they would then handle TLS. That’s how I intend to run it.

                            1. 1

                              [edit: found an Echo recipe and it looks like Koushin isn’t wired up to call StartAutoTLS]

                              Echo, the underlying web server says it supports “Automatic TLS via Let’s Encrypt”.

                              I’m screwing around with it inside my NAT’ed house network, so any Acme bits aren’t going to work….

                              This Echo recipe indicates that the server needs to be started via e.StartAutoTLS, but cmd/koushin/main.go starts it with e.Start, so it looks like it’s not supposed to be working at the moment.

                            1. 2

                              Could I use it to read my Gmail emails?

                              1. 2

                                On a self-hosted instance, sure. There’s a doc for that . From what I can tell, if it was a public instance, you wouldn’t be able to use CardDAV or CalDAV for contacts and calendars.

                              1. 5

                                But will it support HTML email?

                                1. 4

                                  I really hope not. Standard though it may be, HTML email is a cancer that needs to die out. I always recommend new users on my platform to read useplaintext.email.

                                  1. 12

                                    It does support HTML e-mails. However:

                                    • Sanitized HTML e-mails are displayed in sandboxed <iframe> elements where many features are disabled (e.g. JavaScript). The Content-Security-Policy set by koushin is an additional security.
                                    • This can be easily disabled: just disable the viewhtml plugin
                                    1. 2

                                      I’m curious about this sanitization. Is there a standard algorithm or set of checks that are performed?

                                      1. 1

                                        Sanitization is performed via bluemonday, a widely used Go library.

                                    2. 6

                                      HTML is abused, but I don’t want email where I can’t even use bold or italic, or hyperlinks like the one you put in your comment. Why should emails be less expressive than forum comments?

                                      (Yes, I would totally welcome Markdown email as a standard. I’m sure it won’t happen, though.)

                                      1. 6

                                        Reverting to plain text, Markdown or some other kind of ad-hoc markup because HTML can be abused makes me shudder. I want nice typography and proper design in my emails. I want reading an email to be as good an experience as reading a well-designed website. In particular, I like the current resurgence of high-quality newsletters delivered to my inbox. Instead of throwing up our hands and giving up on this, I would like to see us actually attack and try to solve this problem.

                                        1. 4

                                          It’s funny, because that’s where Markdown comes from.

                                          the single biggest source of inspiration for Markdown’s syntax is the format of plain text email

                                          https://daringfireball.net/projects/markdown/syntax

                                          1. 3

                                            A lot of good emails clients will display plaintext surrounded by underscores in italics and text surrounded by asterisks in bold. As to hyperlinks, that’s what [1]. Some clients that work particularly well with plaintext will make that [1] a clickable link so you don’t have to scroll down and search for it either.

                                            I completely agree about markdown emails. The client that implements that will be my gold standard.

                                            [1]: is for

                                            1. 5

                                              imagine if we had some well-specified plain text system for applying inline formatting to text that “good” email clients could render, and hyperlinks could go inline so you don’t have to use up more screen space and manually re-index them when you add or move them in the text.

                                              maybe we could use less than and greater than characters to enclose the inline formatting commands. it would be great!

                                      1. 12

                                        Screenshots would be helpful :P

                                        1. 17

                                          This project is being completed under a consulting contract with Migadu for their next-generation webmail. They’re also working on a theme:

                                          https://sr.ht/mcvO.png https://sr.ht/ml1l.png https://sr.ht/Yk6A.png

                                          If it’s not obvious yet from this, Amolith, and geocar’s comments: Koushin is themeable :)

                                          1. 3

                                            Thanks, that looks a lot more promising than the other 2 posts.

                                            I don’t have high standards and it doesn’t have to be beautiful, but unthemed without even half an hour of css work is a bit too little effort.

                                            1. 2

                                              It looks really good! I like it. It reminds me of gmail, back in 2005, before it turned into a bloated piece of shit.

                                              1. 7

                                                I think I’ve finally found my dream webmail client. It’s incredibly minimal and wonderfully extensible; I’m going to set it up for NixNet Mail, add a little bit of CSS, and recommend it over Roundcube.

                                                1. 2
                                                  • Studying for my Discrete Math test tomorrow
                                                  • Migrating some services to a new domain
                                                  • Writing privacy policies and documentation for everything I host

                                                  That last one is a massive task that I’m not looking forward to in the least.

                                                  1. 1

                                                    How was the exam?

                                                  1. 11

                                                    The password manager I use (pass) has a really simple and widely supported ‘backup’ mechanism built in (git).

                                                    1. 7

                                                      One downside of pass that I don’t see being talked about much is that the key names are not encrypted. This leaks a bit of metadata. Other than that’s it’s pretty much perfect for me.

                                                      https://github.com/gopasspw/gopass is also quite good, uses the same storage as pass and adds a few interesting features like git auto-syncing and browser integration.

                                                      1. 5

                                                        For the issue of having your names unencrypted, I came with the following idea for safe, which could also work with pass or similar secret keepers:

                                                        When syncing your secrets online, you can obfuscate the whole directory renaming all your entries after their sha256’d names, and store the conversion in a new secret, say “hashmap”. Your directory structure is then totally unreadable, unless you have the key to read the secrets themselves.
                                                        I like this approach, because your safe protects itself. Here is my implementation (again, using safe as a backend):

                                                        #!/bin/sh
                                                        ORIG=$HOME/.secrets
                                                        HASH=$HOME/.hashes
                                                        
                                                        # Create a new vault with the same master password
                                                        mkdir -p $HASH
                                                        cp $ORIG/master $HASH
                                                        
                                                        # Copy all secret in new vault, using their hashed names as key
                                                        for p in $(find $ORIG -type f | grep -v /master$); do
                                                        	n="${p##$ORIG/}"
                                                        	h=$(echo $n | openssl sha256 | cut -d' ' -f2)
                                                        	cp $p "$HASH/$h"
                                                        
                                                        	# print "HASH	NAME" for the hashmap
                                                        	printf '%s\t%s\n' "$h" "$n"
                                                        done | safe -s $HASH -a hashmap
                                                        

                                                        Note: the hash is the one of the entry name, not the password itself of course ;)

                                                        Then you end up with a password store like the following, which you can store in plain sight over git or whatever:

                                                        .hashes/master
                                                        .hashes/hashmap
                                                        .hashes/455f66d5e5f75ec1334127d73a3479b7a66c69ef4cc094e28def2075cc731035
                                                        .hashes/d3eb539a556352f3f47881d71fb0e5777b2f3e9a4251d283c18c67ce996774b7
                                                        .hashes/98623d38989a6957ec74319dc4552480fa3d96a59c5ffcac76c0e080d3940406
                                                        .hashes/df58574b01c57710a70ba201df6b5fb8dc0bf3906b8bf39f622936f92e6ffec7
                                                        

                                                        And when you want to de-obfuscate it, you can decrypt the secret “hashmap”, and used that to rename your entries:

                                                        $ safe -s ~/.hashes "hashmap"
                                                        455f66d5e5f75ec1334127d73a3479b7a66c69ef4cc094e28def2075cc731035        dedup.key
                                                        d3eb539a556352f3f47881d71fb0e5777b2f3e9a4251d283c18c67ce996774b7        dummy
                                                        98623d38989a6957ec74319dc4552480fa3d96a59c5ffcac76c0e080d3940406        token/gitlab
                                                        df58574b01c57710a70ba201df6b5fb8dc0bf3906b8bf39f622936f92e6ffec7        switch
                                                        
                                                        1. 4

                                                          Yeah this downside bothers me a lot and it felt I’m pretty much alone in that. It’s what prevented me from using pass for ages.

                                                          I’d made the switch eventually and I’m really happy with it, but I had to add an the name obfuscation myself. The “unix philosophy” of pass is great because you can actually build stuff on top of it.

                                                          1. 1

                                                            Yeah the weird thing was all the outrage that 1Password got literally the same issue, but nobody it saying a thing for pass. Not that I recommend outrage but I think it’s important to be aware of the attack vectors.

                                                            1. 6

                                                              Every time I see pass come up, it’s not long before someone mentions that the names of passwords aren’t kept secret. This seems like the most frequently mentioned and most severe downside of pass. So I’m not sure that it isn’t talked about much.

                                                              I do personally use pass and I do it in spite of the names being leaked. My threat model isn’t particularly sophisticated, so I’m generally okay with hiding the names simply by not sharing the repo.

                                                        2. 5

                                                          Note that git use is optional. My ‘pass’ passwords are backed up daily along with the rest of the important files in my home directory, no extra work required as they’re just GPG-encrypted text files.

                                                          1. 4

                                                            Came here to say the same thing. My backup of my pass repo is a) it’s on every device I use and b) gets synced monthly to my off-site backup drive. If I lose the encryption key I’m in trouble, but I back that up, too.

                                                            Using 2 password managers seems like a strange solution to me.

                                                            1. 2

                                                              I switched from pass to KeePassXC a while ago. I use Syncthing to get the DB to my phone for use with KeePassDX and encrypted backups are automatically taken overnight with borg.

                                                              Recommending two password managers is a little odd, I agree, but he does bring up a good point that everything is fallible and multiple backups are a good thing to have.

                                                              1. 3

                                                                Eh, it’s 2 applications reading the same file format. Calling them 2 password managers would be the same as using 1password on 2 platforms, I don’t even see that worth mentioning.

                                                                FWIW, I also use KeepassXC on Linux+Windows, and Keepass2Android on Android, and Syncthing. I only sync down to my phone like once a month, and it works beautifully.

                                                              2. 2

                                                                If I lose the encryption key I’m in trouble, but I back that up, too.

                                                                I use gopass, which allows for multiple encryption keys for the same password store. This is very useful in the case of losing access to one of them, or the intended purpose, having multiple users of the same store.

                                                              3. 4

                                                                The unfortunate issue with pass is that when it uses git to back itself up, you still need a way to backup your GPG key, which is of course incompatible with git. Even if your GPG key is encrypted, I doubt you’d want to publish it online. So in order to backup your password manager, you must come up with 2 different backup medium, which means twice as much possibilities to lock yourself out.

                                                                Also, managing a GPG keyring can have a lot of problems on its own on a daily usage basis (using a device without your keys, syncing keys, …). On this topic, using password managers based on a master password can help a lot.

                                                                1. 1

                                                                  Those are all good points. Since I use GPG for basically everything else (signing commits, communication, etc), the work to back that up I don’t really consider it to be part of the ‘backup my password manager’ activity.

                                                                  The beauty of pass is that the storage mechanism is just a bunch of flat text files. Back them up however you want, you don’t have to use git (but it is nice that git support is built in).

                                                                  I doubt you’d want to publish it online

                                                                  Who said anything about it being public? Private git repos exist, either self hosted or with some paid service.

                                                                  1. 1

                                                                    When you use GPG on a daily basis for other stuff, this would make more sense indeed. It is not my case though, so it bothered me a lot. So much that I ended up writing my own to mirror “pass” usage but with a master password. The cool stuff about it is that I can now store my GPG key inside my secret manager 😉

                                                                    You’re right about private repos indeed, I think making it private makes it more complex to use git to sync it across devices. It makes for a good backup anyway as you said ! The flat file structure is great, and the composability of the tool makes it a breeze to obfuscate, backup, convert or integrate to any workflow !

                                                                    1. 1

                                                                      I think making it private makes it more complex to use git to sync it across devices.

                                                                      Not that complex, but yes, you now have to use either password or key auth to access it. And keep track of that, etc. The main thing I like about this setup is that it’s made from several simple components. Any of which could be replaced without affecting the others (or affecting them enough to require significant changes). And the architecture is simple enough for me to understand it without having to trust some external entity to always do the right thing and not break.