1. 3

    I looks like the LE certificate in use has expired:

    Expires On: Sunday, December 2, 2018 at 12:30:37 AM

    1. 4
      • Mail (postfix: dovecot, rainloop for the less technical also)
      • Chat (Prosody)
      • Calendar/Contacts (Radicale: caldavzap also for the less technical)
      • duplicity for backups over tor to server in house
      • Website/social network presence (IndieWeb, into silos via brid.gy)
      • Personal projects (cheogram.com, usetint.com, and others)
      • IPFS pinning for my video series
      • Bittorrent seeding for my video series
      • Syncthing on home server
      • Mumble for podcasting
      • DNS with adblocking
      1. 2

        Personal projects (cheogram.com

        checks most of his XMPP contacts

        I’m going to hope this is just the website.

        1. 2

          You’re a JMP customer? I’m the primary sysadmin for the main server – dedicated box with OVH in Quebec

          1. 2

            Yes. The phrasing above just makes it seems like you’re running this on an old shoebox you have. ;)

      1. 4

        I have two physical servers, one at home, one colocated, both running SmartOS. Split between them, I’m running:

        • Plex Media Server, for media hosting and streaming
        • Prosody, for Jabber/XMPP
        • ZNC, as an IRC bouncer
        • Software to remote control my house lights (via a RS-232 to Ethernet bridge, as I don’t have the correct ports anymore)
        • A WordPress site, at least until I export it to be a static site
        • Gerrit, for code hosting and review for personal projects
        • An SFTP/SCP Dropbox
        • Envoy for L4 and L7 load balancing

        Along with a miscellaneous legacy stuff on a Digital ocean droplet I plan on turning down soon.

        I’ll I’m looking to start self-hosting in the future:

        • Simplified music streaming with a read-only view of the underlying music, preferably with optional mpd and upnp support (currently using Plex, but it doesn’t respect metatdata tags, which I’m so careful to set)
        • VPN. Wireguard seems interesting, but I’m on the wrong host OS, I think
        • A secure and easy to use CA for my personal CA, to make provisioning TLS on other things easier.
        • Gopher and a BBS, for fun.
        • Grafana / Prometheus, because I should probably be a little serious
        • URL shortener
        • Buildbot for building and testing the projects on Gerrit

        Unlike many others in this thread, I’m not interested in self-hosted PIMs: Google and Fastmail do a much better job than I ever would.

        1. 3

          I’ve managed to check it out last night, and it appears to be working as advertised.

          Key generation is super awesome, built in QRcode reader to transfer configuration/public-keys between a desktop would be a great feature for semi-automated setups.

          The error reporting is still a little bit weird, for example I can’t configure 10.0.0.1/24 as Allowed IPs for a Peer with the error message: “Bad address”. 10.0.0.0/24 works though, so maybe just a user error.


          With the Wireguard(WG) Android connectivity I can/could now:

          • Stream music to my phone from my mpd-server with httpd/lame as output configured (MPDroid), or just configuring my mpd-server at home (works already)
          • Accessing my phone via. Termux/sshd (works already), sshfs via LTE works unexpectedly well OR adb via. VPN.
          • Do backups with Syncopoli and rsync:// instead of ssh (Keyfile management in Syncopoli is confusing)
          • Sync with radicale calendar server (probably contacts/notes too?)
          • Access read-only monitoring web-interface, getting alerts via. self hosted Matrix instance?
          • Report back the location of my phone (couldn’t find a tool for that yet, Termux API examples can report the location, though - might be done with a python script then)

          None of this requires root, I’m using CopperheadOS, which has root-access disabled.

          I need to figure out how to properly protect random apps to access those services. rsync:// supports secret-based-authentication, so that might be good enough.

          Basically I’d like to avoid having each service to do it’s own authentication/key management, but to have one ‘global instance’ (WG) to do deal with encryption instead.

          I’ve seen Orbot supports setting tunneling per app basis, so might be possible to implement for WG too.

          I’m still not sure if this all makes sense, but it feels rewarding to setup, so I’m trying to push forward what is possible. Especially backups are a huge painpoint in Android, I hope I’ll solve that for myself soon.

          Everything could be replaced by $VPN-technology, but WG, besides tor, is the first tool that kept me exited for long enough.

          1. 3

            Report back the location of my phone

            I’ve found OwnTracks works well for this use case. Reports back location and battery info. Downside is that MQTT brokers are a bit fiddly to configure and use.

            1. 1

              Thank you for the pointer, unfortunately they won’t provide a Google services free version (ticket.

              1. 1

                That’s certainly a bummer. Skimming the thread, seems to be a result of there being no free replacements for the geofencing APIs.

            2. 1

              Key generation is super awesome, built in QRcode reader to transfer configuration/public-keys between a desktop would be a great feature for semi-automated setups.

              The TODO list actually has this on it. Hopefully we’ll get that implemented soon. You’re welcome to contribute too, if you’re into Android development.

              The error reporting is still a little bit weird, for example I can’t configure 10.0.0.1/24 as Allowed IPs for a Peer with the error message: “Bad address”. 10.0.0.0/24 works though, so maybe just a user error.

              The error reporting is very sub-par right now indeed. We probably should have more informative error messages, rather than just bubbling up the exception message text.

              That “bad address” is coming from Android’s VPN API – 10.0.0.1/24 is not “reduced” as a route; you might have meant to type 10.0.0.1/32. Probably the app could reduce this for you, I suppose. But observe that normal Linux command line tools also don’t like unreduced routes:

              thinkpad ~ # ip r a 10.0.0.1/24 dev wlan0
              Error: Invalid prefix for given prefix length.
              thinkpad ~ # ip r a 10.0.0.0/24 dev wlan0
              thinkpad ~ # ip r a 10.0.0.1/32 dev wlan0
              
            1. 1

              My configuration is the same between work and personal. In fact, the work machine’s ~/.gitconfig even has my personal email configured.

              In the directory I use as the root for all the work projects, I have a direnv .envrc that sets GIT_AUTHOR_EMAIL and GIT_COMMITTER_EMAIL.

              1. 1

                I really like his workspace idea. I’ve sent one patch to three or four projects; there’s no need for me to have a whole clone of them up on github gathering dust.

                1. 1

                  Would a PR from diff patch would be an interesting concept here ?

                  1. 1

                    Can you elaborate? I’m not sure what you mean.

                    1. 1

                      To this day, I’m surprised this isn’t a feature. I often only make one or two changes to a project, and would be happy to just push the refs (or create a patch) rather than forking and remember to garbage collect later.

                  1. 5

                    Huh, nameless workflows. I should try that.

                    1. 1

                      The nameless workflows and workspaces reminds me a bit of using Gerrit: you push an unnamed thing (a ref) to another ref to open a change list (aka, a PR). No need to name a local branch.

                      Unfortunately, a little bit of metadata is still needed (namely the “Change-Id” line in the commit message), so Gerrit can track revisions of a change across refs. But in theory that could be stored in a way that it’s invisible to end users, and be tracked across rebases and amends.

                      1. 1

                        Me, too! My previous team used hg named branches as feature branches (they had, a few years before I joined, migrated from CVS to hg so this was a huge step up) and their workflow bloated the shared repo to such an extent that occasionally clients would fail to push/pull because there were too many tips to compare.

                      1. 2

                        Last time

                        • Continuing to work on mead a Go tool I started last week to aid in maintaining Go packages in Homebrew. I’ll probably give some TLC to bakelite my Go tool for doing GOOS/GOARCH builds in parrallel in the process.
                        • On Thursday I’m giving a meetup talk on the standard Go tools. I need to write this talk and design the slides before then. This pairs well with the above, as I’m wanting bakelite to feel like an extension of go build.
                        1. 12

                          At one point in my life, I finally got my act together and consolidated the number of email addresses I used regularly from around 10 to 3. One of these was a Gmail account, and I happened to be living in Japan at the time.

                          Google has never forgotten this, but isn’t sure that it matters either, as if it can’t make up its mind about what to do with that information. I still occasionally see a お待ちください when authenticating or switching Google services. I have not noticed a pattern as to when this occurs.

                          On international travel to non-English speaking countries, my first touch with Google used to send me to google.co.jp. It used do this and display google.co.jp in Japanese. Then for a while it would send me to google.co.jp but have it in English. Now I get the local country TLD, but in English or Japanese, and with an offer to switch to the native language.

                          I am not bothered by this, just intensely curious what the actual inputs are to the function that determines what version and language Google sends me to!

                          1. 1

                            At some point in the early aughts, I told Google I lived in Australia. Like you, for years, it would bounce me through google.com.au when in a new country or doing SSO. At some point in the last handful of years, it has decided I do live in the US, and stopped doing that.

                          1. 3

                            Last week

                            • I put together my Jarvis desk over the weekend. I need to order a new surge protector that fits in the cable tray so I can clean up the wires. I’ll probably upgrade to a 4K monitor and monitor arm when the deals start coming out at the end of the week.
                            • I need to finish migrating my Chrome extension away from deprecated APIs and add Firefox Quantum support.
                            • Ubiquiti Security Gateway seemed dead on arrival. Will have to RMA it this week and hope the replacement is good.
                            • I’m hoping my Game Boy capacitors arrive this week, so I can replace them. My new desk is in less disarray, so it should be easier to find project space.
                            • At $WORK, I’m dealing with some growing pains with Kubernetes Ingress resources and Istio, as well as Istio TCP support. It’s a short week due to Thanksgiving, but hoping to at least have a plan by the end of Wednesday.
                            1. 3

                              Nearly forgot the less technical work for this week:

                              • Pumpkin pie
                              • Cheesy potato casserole
                              • Green beans

                              ;)

                            1. 12

                              I have 2 MacBook Pros from the 2012 to 2014 era. Love them both. Awesome hardware. I wish I could say the same for the software. Each version of OSX has gotten progressively worse for me as a developer since the high point that was Snow Leopard.

                              Several folks I know using Sierra and High Sierra are dealing with regular kernel panics.

                              I’ve started to contemplate what my next laptop and OS are going to be for work. Sometimes I harbor fantasies of buying another used MacBook Pro and installing something like Dragonfly or FreeBSD on it.

                              In the end, I’m probably going to settle for something like a Thinkpad that I’m “ok” with and some Linux distro.

                              Leaving aside “consumer” apps I need, there’s enough software like Zoom et al that support windows, Mac, and windows that I need for work that are going to end up being limiting factors.

                              1. 2

                                I am currently writing this on a mid-2014 MBP with High Sierra and the most recent updates have been grim. I have a lot of hanging applications, even Apple applications like GarageBand, and have to restart a couple times a day to keep things usable.

                                It was a great computer for a long time, but the software recently has been terrible.

                                1. 1

                                  I feel like that is a theme in my life.

                                  I accidentally upgraded by iPhone 7 to iOS 11 and now its mostly unusable. The level of lag opening a new application is nuts. Lyft as an example takes 60 to 90 seconds from when I open to it being usable.

                                  Earlier today I opened the Messages app and wanted to take a picture and text it. It took almost 2 minutes for the message app to open, for me to be able to select the person I wanted to message, for that to open and then for the camera to come up. By the time it was ready, the thing I wanted to take a photo of was gone.

                                  It feels like when I stopped using Apple products in the 90s again except now they have a lot more market share and they arent dealing with a signature laptop bursting into flames.

                                2. 1

                                  I had a 2011 macbook pro with the 15” screen that I thought could never be topped. Couldn’t justify the increased price for the 2016/2017 model so I went for a thinkpad t460p and loaded kbuntu on it, I’m very happy with the machine in general but there are a few irritances such as photos being synced between my laptop & iPhone no longer happens, its just not as integrated which I do miss.

                                  1. 1

                                    Had a 2012 non-Retina (but the higher resolution variant) MBP until earlier this year. Had replaced the HDD with an SSD years ago, and upgraded even that to 1TB. Replaced the WiFi/Bluetooth card once it died. Took out the combo drive. Heavy, thick, but still worked great.

                                    I ended up finally swapping out for the T470s. Slim, higher resolution, NVMe, Linux-compatible hardware.

                                  1. 3

                                    I’m working on a little Cocoa/Swift app in my spare time, coming from mostly web and server dev. It’s a simple speedrunning timer app, where a run can be split up into named ‘splits’, and some history is kept.

                                    It feels a lot like unlearning a decade of techniques learned as a web dev: declarative ui, state management, etc. My first attempts were to try and fit that in Cocoa, and looking around for tools that may help. But macOS is a barren wasteland, with everyone focusing on iOS apparently.

                                    So I’m trying to learn it more or less properly and the hard way. I’m not using Interface Builder, because I find it helps to learn how things actually work. (And xibs seem more a convenience any way.)

                                    I’m still figuring out structure, splitting op classes that were implementing too many protocols, etc. Mostly have a document-based app up with working models and views, but need to start hooking up behaviour.

                                    1. 2

                                      There’s some of the declarative, reactiveness alive within the Swift community in the RectiveCocoa and RxSwift communities. Each time I’ve tried to get into ReactiveCocoa (I’ve tried for each major version number) the lack of beginner documentation does me in. React has nailed this with a quick example app that introduces all the major concepts, I’m not sure why this doesn’t exist in ReactiveCocoa.

                                      You can get pretty far with code driven UIs, but there’s definitely a large segment of developers that swear by Interface Builder and Storyboards. I’ve never been able to get into them myself.

                                      1. 1

                                        ReactiveSwift seems equal parts awesome and daunting. I think it’d be very interesting to take a deep dive, but not sure if I’ll ever take the time. :)

                                    1. 3

                                      Last week

                                      I ended up working on my hardware projects. I put together the Monarch, and started working on a Game Boy art project (shameless plug).

                                      I’ve got a couple of tasks this week:

                                      • Replacing my Mikrotik router with a Ubiquiti Security Gateway. I’ve been unable to convince the Mikrotik developers that they have a bug in their IPv6 Prefix Delegation support that prevents me from getting a v6 pool from my ISP.
                                      • I ordered a Jarvis adjustable frame to replace my IKEA hacked “desk”. I’ll continue to use the butcher block desk top that I have from the IKEA desk, since I’ve already got it, and it’s pretty awesome. This should arrive Thursday.
                                      • I need to replace all the capacitors on my Game Boy, as mentioned in the aforementioned blog post.
                                      • I need to update my Chrome extension to use newer APIs, since some I’m using are deprecated. I’ll probably use this opportunity to finally fully support Firefox Quantum and setup CI.

                                      Probably won’t happen this week, but I’d like to get Joyent’s Triton running in KVM so I can see if I can’t shim the pieces needed to run Kubernetes natively, since I think the environment has much of what’s needed (with Crossbow for networking and Manta for storage). The official guides for Kubernetes on Triton are just running it in KVM.

                                      1. 2

                                        Last week

                                        Keeping things simple this week: primarily working on my soldering skills with a backlog of Boldport projects.

                                        I’m continuing to work on my Insteon Go library: I’m struggling with the best API to expose responses from the serial connection. The hardware I have also seems to have issues receiving a new command while still processing the last one, so I’ll need to ensure I don’t send commands too quickly.

                                        1. 7

                                          Who is this aimed at?

                                          Is the author suggesting Node.JS shouldn’t provide an LTS? Linux?

                                          I don’t understand.

                                          1. 6

                                            I interpreted this as being directed at smaller projects within the Node.js community, like Gulp, which requires 0.10 compatibility for changes. Gulp is a task runner primarily used for build pipelines in the frontend communities.

                                            Despite being a very small core team, Gulp versions 3 and 4 continue to support Node.js 0.10 lineage. This means the project deeply cares about how its dependencies are written and what features they use, and those maintainers feel the burn when dependencies change to use the latest and greatest. This, naturally, makes it more difficult for contributors to develop new features and provide new contributions.

                                            Why Node.js 0.10? This is a lineage that long pre-dates the Node Foundation and io.js. What makes it still relevant? It’s the version that’s still supported by the Debian LTS team in Wheezy, and soon by the LTS team in Jessie. It will presumably be the lineage shipped until April 2020 when the LTS expires.

                                            It was important to the developers of Gulp that they supported the versions a user trying to replace ad-hoc shell scripts would have available to them.

                                            1. 4

                                              Debian will use an old version of Gulp because this is a contract they have with their users. If Debian randomly and regularly upgraded programs to new versions of things that behave differently (different/incompatible command-line arguments, etc), then many people would probably not use Debian.

                                              If the Gulp developers don’t backport security and bug fixes, then either the Debian package maintainers will do it, the security/bug fix will be in Debian making Gulp developers look stupid, or Debian won’t ship with Gulp.

                                              So I get why Gulp developers will backport as long as it’s easy enough, but I don’t get why the author cares what Gulp does.

                                              1. 3

                                                In general I agree, but consider that the release notes for the most recent couple Debian versions have had great big “NO SECURITY FIXES FOR NODE/V8” on them; I don’t know that it helps that much to have Gulp doing the right thing when Node itself is such a mess that the Debian team gave up and labeled it a lost cause due to the high-volume torrent of CVEs they produce.

                                                1. 1

                                                  Interesting. I’ve not noticed that small paragraph in Chapter 5^1 of the releases notes before. I downloaded the referenced debian-security-support, but I didn’t see anything inside mentioning the lack of security or LTS releases for nodejs, libv8, or node-* packages.

                                                  It’s possible I’ve just not found the relevant bits.

                                                  1. 2

                                                    I re-read them and they are definitely not as emphatic as I remember. They are, however, extremely sarcastic:

                                                    Unfortunately, this means that libv8-3.14, nodejs, and the associated node-* package ecosystem should not currently be used with untrusted content, such as unsanitized data from the Internet.

                                              2. 2

                                                I never thought Gulp would be the shining beacon of how to do things right, but here we are. What a great example to follow!

                                                1. 1

                                                  Yea I agree to some extent. Long term support is important, and it’s actually not that difficult so long as you have a good set of automated unit and/or integration tests that you run from your CI system.

                                                  The last company I worked at had over 100 unit tests per microservice and that made it really easy to quickly update dependencies or move to entirely new platforms. If we do a big update and something breaks, we can just add a new test to prevent it from happening in the future. Is something not relevant anymore? Make sure it’s covered in the integration tests and discard the old unit tests.

                                                  There’s nothing wrong with long term support, so long as you’re not supporting legacy stuff that isn’t maintained anymore or you have dependencies you haven’t updated in forever that are rotting. (That being said, you shouldn’t update jars unless you need to for features and security, but it’s good to keep things as up to date as possible because if package A depends on X 0.12 and B depends on X 1.13, something like sbt will pull in the later one which could break everything. We had this problem with json4s … also never use json4s for anything ever).

                                              3. 4

                                                I think the author explicitly says that it is aimed at relatively small projects. The recommendation is to discontinue previous releases as long as no contributor is actually using them (or paid by someone else to maintain them).

                                                The author mentions that Node.JS long-term releases are maintained separately from the main development by people on enterprise-Node-users payroll.

                                                1. 2

                                                  … okay. What small projects are they thinking about?

                                                  1. 2

                                                    No idea.

                                                    Maybe I am wrong and the sibling comment is right that this is about stopping the support for older releases of dependencies more than about older releases of the project per se.

                                              1. 2

                                                Last week

                                                I’ve got a couple of tasks to work on this week:

                                                • Continue working on conference talks.
                                                • Find a decent chassis for driver for the home server. Really looking for a 1U JBOD without a RAID controller, but haven’t found anything good so far.
                                                • Returning to iOS development for the first time in half a decade. Last week I was working on an old MacBook Pro, but over the weekend I installed High Sierra in KVM, which is working out quite well (and my ThinkPad is much thinner and lighter).
                                                1. 4

                                                  Last week

                                                  I didn’t end up having time last week to work on my Insteon controller library, I’m planning on continuing work on that this week. Last time I promise something in this thread. :)

                                                  This week I’m also working on putting together talk proposals for upcoming conferences: one Go talk and one JavaScript talk. My conference acceptance rate is currently 0%; fill free to poke me if you’re good at these things and have useful advice.

                                                  1. 1

                                                    One thing brought up in the comments, but not addressed in the article is what you should do for the ambiguous cases where the URL parameter could be a name or id.

                                                    /shelf/{id}/book/{id}
                                                    /shelf/{name}/book/{name}
                                                    

                                                    While you could restrict the space of name to avoid ambiguities, your route handler will still have the two responsibilities of looking up by id and searching by name.

                                                    If you are following the advice in this article, how are you dealing with this?

                                                    1. 5

                                                      Earlier this year, I replaced some light switches in my apartment with Insteon’s dimmer switches, and also picked up their hardware controller. I’ve been using the switches in dumb dimmer mode for the last couple months. Last Wednesday, mostly to get it off my desk, I hooked up the hardware controller and started writing a Go library for the serial protocol. On Thursday, I figured out enough to turn on and off my lights. This week I plan on cleaning up what I’ve done and get it released onto GitHub. Look for it in next week’s thread. :)