April 26, 2020 @ 13:03

As I discussed in my previous post, everyone should be running SSL now... but the hacks I talked about were a bit annoying. So I'm trying out something new: Caddy.

Over the years I've changed my web sites from entirely dynamically-generated template-based stuff in Perl and Python, into this one, which is completely static, generated by Hugo. So I don't really run anything overly-complicated in my Nginx config anymore.

I spent some time over this weekend converting this and my other sites to use Caddy, which handles 100% of the SSL certificate generation, and otherwise works just like a web server.

I also converted both of the web servers fronting my Home Assistant servers, one of which runs on a Raspberry Pi.

Now I'm going to have a beer, instead of manually renewing three certificates. Cheers.

let's encrypt

February 6, 2020 @ 20:40

These days, everyone should be using SSL to secure, well, everything. It used to be that SSL certificates were really expensive, but with free providers like Let's Encrypt, there's not much excuse anymore.

Well... sorta.

In theory this is really easy to do, and easy to automate. In practice, well, a lot of the tools just plain suck, or they're designed for the most basic use-case and the most commonly used DNS providers. Or, they expect you use the certificate for a public website.

In my case, I have a number of private websites in addition to this one, and Postfix and Dovecot for my email. So I have to generate a few certificates, and then copy them to several machines and restart a bunch of daemons.

Also, for various reasons, I'm still using djbdns for my DNS, and so I've got to do things a little manually.

Here's my renew script, simply just call it with a list of domain names:


function join {
    for arg in $*; do
        echo -n "-d $arg "
domains=$(join $*)

certbot certonly --manual --preferred-challenges=dns \
                 --manual-auth-hook ~/bin/ \
                 --manual-public-ip-logging-ok --agree-tos \

That join function is a bit of a hack, but hey, it works.

Here's the auth-hook script - it generates a record suitable for import into djbdns and copies that to my server into the right place.


echo "'${rec}:${CERTBOT_VALIDATION}:300" > /tmp/${rec}
scp -i ~/.ssh/id_rsa /tmp/${rec} dns@myserver:/var/dns/extdns/root/dynamic/

sleep 30

That sleep there gives me 30 seconds to go manually run the "regenrate" process there, but this is better than nothing.

vim and powerline

January 24, 2020 @ 11:51

Do you use Vim and Powerline? If so, you may have got this error message at some point, when using a Virtualenv:

Traceback (most recent call last):
  File "<string>", line 4, in <module>
ModuleNotFoundError: No module named 'powerline'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "<string>", line 9, in <module>
ModuleNotFoundError: No module named 'powerline'
An error occurred while importing powerline module.
This could be caused by invalid sys.path setting,
or by an incompatible Python version (powerline requires
Python 2.6, 2.7 or 3.2 and later to work). Please consult
the troubleshooting section in the documentation for
possible solutions.
Unable to import powerline, is it installed?

I know how to solve this! Put this in your .vimrc:

" workaround issue with powerline + virtualenv
python3 << EOF
import sys
path = "/usr/lib/python{}.{}/site-packages/".format(
    sys.version_info.major, sys.version_info.minor)

recent movies

October 27, 2019 @ 01:00

The Cloverfield Paradox: A sort of thriller/horror in a space station. Reminds me a bit of Event Horizon, which isn't a bad thing in general, but there just isn't much original here.

And then they went and tied this into the Cloverfield series, which makes absolutely no sense at all.

Rotor DR1: This movie is actually a film-length cut of a web series, with a budget of $300k. Overall, it feels amateurish and unpolished, often disjointed, and doesn't flow very well. Feels really 1980s in a lot of ways - the drone race is especially hilarious. It even has a music video scene!

I'm going to just say "meh".

Bright: The usual "buddy cop" movie with an alien, basically Alien Nation but with magical elves. Really predictable ending, though I didn't mind watching it. Honestly, there's something cool about bad-ass elves.

Hotel Artemis: JWZ described this one really well: "If you wanted a spinoff story about the John Wick hotel manager, this is that. I did want that. It delivered." I also wanted that.

Scorched Earth: A sort of post-apocalyptic western. I seem to be watching a lot of low-budget crap lately, but this one was just one predictable cliché after another. All of the characters were exceptionally unlikable. Should I also point out that while one of the main quirks of the world is poisoned air, they treat the insides of buildings as if the air in them is perfectly fine, but there are no airlocks? Maybe I shouldn't.

Don't miss the dodge Dodge Charger Daytona made up to look like some weird 4WD thing.

I got as far as the Big Baddie's Sgt. Pepper dinner outfit and bailed.

There is, however, one scene where the character "Doc" is wearing a hat which looks like a bird pooped on it - I cracked up imagining the prop people getting all excited when they were putting that one together.

AXL: A boy and his (robot) dog. Predictable, seems like low-budget but they sure did a lot of CG. Don't waste your time.

IO: Another post-apocalyptic wasteland movie. The idea here was somewhat interesting, but the movie ended up being kinda boring. And then the "big reveal" near the end wasn't much of a surprise by the time it finally happened. I hoped for better.

Annihilation: I went into this one having never seen the trailer or heard anything at all about it. If you can do that, you should - this movie was really freaky and overall pretty amazing. I was on the edge of my seat! The ending wasn't much of a climax, and leaves more questions than answers, but it works.

on haystacks

October 9, 2019 @ 13:10

Go doesn't have a built-in function for finding an object in a list. I found this in some code at work:

// Checks whether an element exists in a slice of integers
func contains(haystack []int, needle int) bool {
 for _, n := range haystack {
  if needle == n {
   return true
 return false

I'm quite amused.

Testing Hugo

August 23, 2019 @ 22:56

Right so, does this work?

I'm using Hugo now. It's been... a bit of work. But the whole thing renders in 1.4 seconds, as opposed to the old Jekyll site which took 22.

While I was at this, I did some more moderninzing.

Little changes:

  • Post timestamps changed
  • Posts are now using the HTML <article> element, complete with the <header>, <main>, and <footer> sections.
  • Navigation bar uses the HTML <nav> element
  • Tag list now uses <ul> and <li>
  • I've changed to using the CSS ::after pseudo-element to put the bracketry around the menu items and the items in tag lists. Why? It sure makes the HTML look cleaner.
  • Many pages which used files ending in .html no longer do, I guess this is what Hugo calls "pretty" URLs. Sure, why not.

Bug fixes:

  • The first month in the archive sections is not duplicated like the Jekyll site did
  • The main image in the gallery isn't pushed up into the menu

To do still:

  • Make the gallery's filmstrip scroll to keep the current selection visible - good idea Rachyl!

New Year's Mead

May 5, 2019 @ 17:45

In September, Rachyl and I made some mead:

10lb Wegman's clover honey
3lb Northern brewer basswood honey
1lb bee folks Butterbean honey
3 gal water
1 packet Lavin D47 yeast

Original gravity was 29.8 brix. The weird honey bill is mostly because it's what we had around, and could get really quickly. Same for the yeast - never used it before, we just went to the local shop and asked for whatever they had. My preference is usually Wyeast 4632.

Today we tested (and tasted!) it, 17 brix. So about 11.45% ABV. Not bad! I think it's a little on the sweet side for me, I tend to like them a little drier, but it's very drinkable, and so we'll be bottling it soon, with plenty of time before Rosh Hashana.

Note that I have not figured you my refractometer's wort correction factor, so my measurements can only be assumed to be "pretty close"