Ten years of marriage!

Ten years ago today, on a very cold and windy but at least sunny day at Dee Why headlands, Kristina and I got married!

TEN. YEARS.

I have no idea how it’s been ten years, it doesn’t remotely feel like it’s been that long. I’ve mentioned on this blog before, and on LiveJournal before it, that everything is so effortless, and it still remains true!

We originally knew each other from Everything2, which is still around but very much dead compared to the old days, and has been for many years now (my registration date there is May 2000). There was a bit of a mass-migration from E2 over to LiveJournal a couple of years afterwards, and I have a happy birthday wish from Kristina on one of my LJ posts from 2003! She said I was always “That guy in Australia who likes metal”, but we got to chatting more towards the end of 2007 and then on a whim decided to come visit in March of 2008, and the rest, as they say, is history!

With both of us being keen photographers we tend to be behind the camera instead of in front of it, but we’ve got a few photos together over the years!

Kristina and I
The first one of us together, in August 2008 in Boston the first time I visited (we don’t have any of the two of us from March when Kristina first visited Sydney). This was right before I trimmed my goatee entirely down because it’d started just triangulating outwards and getting all wispy.
Untitled
November 2008, we were up in the Blue Mountains when we got the call that the engagement ring was ready to be picked up!
Untitled
Then our wedding, of course. I love this photo so much!
December 2011, being all arty!
Selfie!
This was taken in May 2014 when we bought the Fujifilm X100S. Kristina looks so hilariously unimpressed.
Kristina and me
December 2015!
Untitled
Then an attempt in February 2017 at taking a photo with the two of us and Beanie. It didn’t go so well.
Untitled
And finally the most recent one of us together from December of 2017, taken with the flash and massive parabolic umbrella directly behind the camera.

In the time we’ve been married we’ve been to:

And that’s not counting the day trips or single night trips of which there have been plenty.

Here’s to many more years of adventures to come! ❤️

New bathroom!

The bathroom in our house was always a little bit crap, it’d clearly been done on the cheap and many years ago, and we wanted to get a new one put in. Conveniently, my parents were going away on holidays for three weeks last month so we decided that this was a pretty perfect time to do it. We schlepped our stuff over to their place and stayed over there while the old bathroom was ripped out and a brand new shiny one put in! (We also got the second toilet redone in the same style, so there were no toilets at all hence the inability to stay at home while this was being done; also Beanie would have lost his mind when with the tradies being over all the time).

I borrowed a really wide-angle lens from a friend in order to properly take before and after photos, this is the old bathroom (the shower screen is filthy because we’d given up on cleaning it by this point).

A wide-angle view of a bathroom, the floor tiles are sickly grey and the grout looks dark just from being dirty. A cheap-looking white vanity with a single sink is in the middle of the photo, the shower screen around the shower is at the left and is totally soap scum-encrusted. The tiles in the shower are black with discoloured grout between them. A toilet roll holder is attached by suction cup to the outside of the shower screen next to the toilet, that's just visible at the bottom-left.
A wide-angle view of a bathroom, the floor tiles are sickly grey and the grout looks dark just from being dirty. A cheap-looking white vanity with a single sink is in the right of the photo, the shower screen around the shower is in the middle and is totally soap scum-encrusted. The tiles in the shower are black with discoloured grout between them. A toilet roll holder is attached by suction cup to the outside of the shower screen next to the toilet, the toilet itself is small and very plastic-looking and sits next to the shower. In the ceiling above the shower is an EXTREMELY yellowed plastic fan vent.
A wide-angle view of a bathroom looking towards the bath, the floor tiles are sickly grey and the grout looks dark just from being dirty. The bath is in the middle of the photo, with black tiles around it, the shower screen is at the right of the photo and the vanity is just visible at the bottom-left.

The grout on the floor was all dirty and discoloured, the tiles were really thin, clearly cheap, and also quite ugly, and the vanity was really cheap-feeling, and we’d had to clean mould out of the inside of the cupboards more than once.

Kristina was interested in doing the bathroom in a much more modern and minimalist style than we’d done with the kitchen, to try to minimise the amount of nooks and crannies that would need to be cleaned, and to ensure it didn’t end up looking cluttered. We decided on white wall tiles, and slate grey floor tiles, plus a wall-hung vanity and wall-mounted taps.

The guy who was overseeing the whole lot sent us daily updates on how it was going, and it was fascinating to see everything ripped out and just the bare frame and insulation after they’d finished on the first day.

The bathroom with no tiles or gyprock on the bottom half of the walls, just bare timber frame and insulation.

After that, each day’s updates were just more and more things being put in, we were able to come back on the Saturday of the third week though the shower screen itself wasn’t in by that point. On the Friday of the following week the guy came to install it, and with that it was done, and it looks absolutely amazing!

The fantastic new bathroom, a white wall-hung double-basin vanity and wall-mounted chrome taps are in the middle of the photo, a shaving cabinet with mirror above, and two lovely in-ceiling LED lights above that. To the left is a waist-high thin wall tiled in white, and that side of the shower screen starts at the top of the wall. The wall tiles are white and the floor tiles are a dark slate grey.

There is a towel on the wall that's a dark pink, and on the right of the vanity is a small towel ring that has a hand towel of the same dark pink colour.
The fantastic new bathroom, a white wall-hung double-basin vanity and wall-mounted chrome taps are at the right of the photo. In the centre is a waist-high thin wall tiled in white, and that side of the shower screen starts at the top of the wall. Next to the wall sits a white ceramic toilet, and the toilet roll holder is a chrome metal one that's attached to the waist-height wall. The wall tiles are white and the floor tiles are a dark slate grey.
The fantastic new bathroom, a white wall-hung double-basin vanity and wall-mounted chrome taps are at the left of the photo. In the centre is the bath surrounded by white wall tiles, at the right is a waist-high thin wall tiled in white, and that side of the shower screen starts at the top of the wall. The wall tiles are white and the floor tiles are a dark slate grey.

A dark pink towel hangs on the wall over the left end of the bath.

There’s lovely LED lights above the vanity, and the mirror is actually a shaving cabinet so we can put stuff into it and not have to be rummaging around in a dark cupboard. As we discovered with the kitchen and the drawers in there, drawers are far superior to cupboards for anything but really shallow depths.

We didn’t even get anything moved in terms of layout, it’s all in the exact same position as it was before, but it just feels so much larger and more spacious, it’s wonderful!

Configuring a virtual machine with Linode StackScripts

Screenshot of a Bash script, installing Node.js and Nginx with apt-get

I’ve been using Linode to host myself a Linux virtual machine since 2011, originally so I could run Jira on it (now long since moved to a cloud-hosted instance), since my entire job was supporting it back then, and also just generally to dabble with Linux and the command line. I started out with CentOS 5 as that’s what we were using at work at the time, and slowly installed more and more random things on it.

When I decided it was time to upgrade to CentOS 7 in 2015, I put together a page in Confluence noting down each thing I was doing, as I was starting with a fresh new virtual machine and migrating only the bits and pieces I needed to it. That was better, but still ended up with a bit of a sprawling page and me forgetting to update it after I’d completed the initial migration. I eventually shut down my whole Dreamhost account and moved solely to having my website and blog and various miscellany (15 years worth of images from LiveJournal entries and posts on Ars Technica, as two examples) hosted on the Linode. Unfortunately I wrote down absolutely none of how I configured it all!

As part of playing around with my YubiKey and setting up GPG agent forwarding, I discovered that the version of GnuPG that CentOS 7 ships with is too old to support agent forwarding from newer versions, so I decided to spin up a new Linode but with Debian 9 instead (since thatdoes support agent forwarding), and migrate everything to it. This time, however, I would do it programatically!

Linode have a thing called StackScripts that let you start up a fresh VM and run a bunch of commands on boot to configure it how you need. Over the course of probably two months, I built up a Bash script to install and configure all my various software packages at boot to a fresh Debian 9 machine to configure it how I needed, and with everything stored in a Git repository. That included also adding Git repositories with my Nginx and systemd configurations as well as running a script on my existing CentOS 7 VM to grab database dumps of my website and our respective blogs, as well as the aforementioned 15 years’ worth of images and other files.

The end result is a ~500 line Bash script that’s version-controlled so I can see exactly what I did, with any new changes I’m making since I cut over to the Debian VM being saved in that as well, and the same with my systemd/Nginx/everything-else configuration! As long as I’m disciplined about remembering to update my StackScript when I make software changes, whenever the next big move to a new VM is should be a hell of a lot simpler.

Art update, February 2019

A painting of a woman from the chest up, she has antlers on her head and long red hair, and has headgear that goes over her forehead, with tassles obscuring her eyes.

As previously mentioned, I’ve been enjoying the hell out of my iPad Pro and Apple Pencil, and have been doing a whole lot more drawing/sketching/painting since then. I moved my Mastodon account over to a much smaller instance, mastodon.art, which as you’d expect is very focused on art and has a lot of extremely creative people on it, and I’ve been getting a daily dose of inspiration. (As a side-note, I can’t recommend enough moving to a smaller Mastodon instance as opposed to one of the huge ones like mastodon.social… it really does feel much more like a community, and the local timeline is something you actually can keep up with and interact with).

I found a really good series of tutorials on drawing people and facial expressions, and drew this!

Four cartoon-style heads: a white girl with long blonde hair looking unimpressed, a bald Asian man looking shocked, a black man with big hair and a goatee looking sleepy, and an Indian man smirking with one eyebrow raised.

After that were a bunch more extremely munted-looking people which I’m not going to post, but then I eventually got my proportions better.

A portrait sketch of a pale red-haired woman with green eyes, smirking and raising one eyebrow.

One of the artist-types I follow on Mastodon is Noah Bradley, he’s done paintings for all sorts of places including for Magic: The Gathering! He said he biggest piece of advice was “Use more reference!”, i.e. have an actual picture/photo/whatever next to the thing you’re drawing so you can get the proportions and such correct. I took that advice to heart, and painted this picture of what ended up as a queen!

A painting of a white woman from the chest up, lit from the left side while her right side is heavily shadowed. She has long braided blonde hair and is wearing a purple high-collared dress. Behind her and to her left and right are glowing red eldritch runes, giving a faint red tinge to her outline.

She looks nothing like the original photo, of course, but it really helped to get the angles of everything correct. I also really started getting the hang of lighting, I’m so pleased with the light from the runes that’s reflecting off her hair, especially on the right.

Lily’s Christmas present was the first-gen Apple Pencil for her own iPad and she’s been absolutely drawing her heart out as well. One of the things she likes drawing are My Little Pony characters… she’s never watched the show but enjoys making up her own characters. She set me a challenge of making a character myself, with the theme of “neon”, and I took that opportunity to do some more practice with lighting (see the linked image for the full effect). I found an outline online and traced over that for the shape, but the colour is all me!

A side-on painting of a My Little Pony character on a black background, coloured in dark blue with neon blue lightning at the top of her hooves and a dark purple tail with a purple neon light running down it.

We also took my old teddy bear Neddy out, who I’ve had since I was a year old, and used him for some lighting practice.

A three-quarter profile of a brown teddy bear on a black background, the edges of the left side of him are lit from a bright white light source to the left of the painting.

Then my latest work was Maria Franz from the band Heilung! They do epic pagan/folk music and it’s absolutely fantastic (see the video of their live show). I introduced Lily to them and she’s now completely obsessed. She sent me a picture of Maria Franz that she’d traced over and coloured in, and I realised that’d be a perfect bit of subject matter.

A painting of a woman from the chest up, she has antlers on her head and long red hair, and has headgear that goes over her forehead, with tassles obscuring her eyes.

I had a picture of her open in Safari in split-screen view so I could get the outline and proportions right, and Procreate tells me this was nearly 10 hours all up! I’m absolutely stoked with how it ended up, and just seeing the difference between my earliest stuff and now is great, even though it’s only been two months. The “Use reference” mantra is one that I’m definitely taking to heart.

Five years of Beanie!

As of today, we’ve had Beanie for five years!

We got him as a rescue dog when he was a year old, he’d already had three previous owners before us, and the house he was living in when we got him had two other much larger dogs that apparently were taking most of the food and generally bullied him. The idiot woman who owned him also had him on some “raw chicken” diet where he’d have basically just raw chicken pieces, and his hair was all short and his tail was permanently very tightly curled — which is how he gets when he’s nervous or anxious — and didn’t wag at all for the first three or so weeks that he was living at ours.

A very young-looking Beanie when he was one year old at the end of our hallway in the midst of running back to us.
One of the very first photos of Beanie shortly after we got him.

He had quite bad separation anxiety, we eventually went to the vet and got some anti-anxiety medicine because he would scratch at the door repeatedly when we’d leave the house, to the point that he was scratching the paint off it. The medicine combined with giving him a marrowbone treat whenever we leave for a period of more than an hour or two has definitely helped, he now gets excited we’re we’re getting ready to leave because he often gets a treat. 😛

He’s never liked other dogs, and generally still doesn’t, but we were able to take him to puppy training session where he at least got some exposure to dogs around his size, and that led to our now-regular visits with Leo!

Leo, a Jack Russell, and Beanie facing each other about to leap at each other.
Leo and Beanie playing in Leo’s backyard.

Because Kristina and I are out of the house for a good 10-11 hours a day, we have a dog walker to comes every day after lunch to let him out and give him a walk. We have her come around anyway if one of us is working from home or sick, and he gets so excited when she arrives.

Beanie is a good boy, he never gets into any trouble whatsoever: he doesn’t chew things, he goes to bed at night when we do and doesn’t get out of bed in the morning until we’re up (or even after we’re up on occasion), if one of us is sick he’ll happily snuggle up on the lounge with us. One of his favourite things to do is to “up” at us, which he frequently does after we’re lying in bed and getting ready to go to sleep!

Beanie sitting up on his hind legs, smiling.
He thinks he’s people!

The only irritation is his bark… there is ZERO wind-up or warning, and it’s an extremely loud and sharp bark that gives you a heart-attack! If he’s bored he’ll find things to bark at which can be super-annoying, but usually a quick walk around the block will tire him out and he calms down afterwards. Given how destructive other dogs can be though, I think we have it pretty good with Beanie. 🙂

Installing Linux Mint 19.1 on a Late-2010 MacBook Air

We have a still perfectly usable Late-2010 MacBook Air, but with macOS 10.14 Mojave dropping support for Macs older than 2012 (it’s possible to extremely-hackily install it on older machines but I’d rather not go down that route), I decided I’d try installing Linux on it. The MacBook Air still works fine, if a bit slow, on macOS 10.13 but I felt like a bit of nerding!

Installation

My distribution of choice was Linux Mint, which is Ubuntu-based but less with the constant changes that Canonical keep making. The first hurdle right out of the gate was which “edition” to choose: Cinnamon, MATE, or xfce. There was zero info on the website about which to choose, I started with Cinnamon but that kept crashing when booting from the installation ISO and giving me a message about being in fallback mode. It turns out Cinnamon is the one with all the graphical bells and whistles, and it appears that an eight-year ultralight laptop’s video card isn’t up to snuff, so I ended up on “MATE” edition, which looks pretty much identical but works fine.

My installation method was using Etcher to write the installation ISO to a spare SD card. Installing Linux requires you to partition the SSD, I added a 2GB partition for the /boot partition, and another 100GB to install Linux onto. It doesn’t matter which format you choose as it’ll be reformatted as part of the installation process.

The installer is quite straightforward, but I chose the custom option when it asked how to format the drive, formatted both the 2GB and 100GB partitions as ext4, with the 2GB one mounted at /boot and the 100GB at /. The other part is to install the bootloader onto that /boot partition, to make it easy to get rid of everything if you want to go back to single-partition macOS and no Linux.

Post-install

The next hurdle was video card drivers. Mint comes with an open-source video card driver called “Nouveau” which _works_ but isn’t very performant, and there was lots of screen tearing as I’d scroll or move windows around. This being Linux, it was naturally not as simple as just installing the official Nvidia one and being done with, because that resulted in a black screen at boot. 😛 I did a massive amount of searching and eventually stumbled across this answer on AskUbuntu which worked where nothing else did: I followed those instructions and was able to successfully install the official Nvidia drivers without getting a black screen on boot!

At this point I realised that the brightness keys on the keyboard didn’t work. Cue a whole bunch more searching, with fix being to add the following snippet to the bottom of /usr/share/X11/xorg.conf.d/nvidia-drm-outputclass-ubuntu.conf:

Section "Device"
  Identifier     "Device0"
  Driver         "nvidia"
  VendorName     "NVIDIA Corporation"
  BoardName      "GeForce 320M"
  Option         "RegistryDwords" "EnableBrightnessControl=1"
EndSection

BoardName being the name of the video card.

The last hurdle was getting the _other_ function keys to work (the audio and media keys), which was resolved with a simple sudo apt install pommed, and now I have a fully-functioning Linux installation, with working sleep+wake, audio, wifi, and brightness!

I’m certainly not going to be switching to it full-time, and it feels like a lot more fragile than macOS, but it’s fun to muck around with a new operating system. And with 1Password X, I’m able to use 1Password within Firefox under Linux too!

New shiny: 11″ iPad Pro and Apple Pencil 2

I bought an iPad mini 2 back in April of 2014, which was the first mini with a retina display. It got fairly slow with the upgrade to iOS 11, and even though iOS 12 gave it a bit of a shot in the arm, it still ultimately struggled to do much beyond very basic web browsing and social media things — not entirely surprising given it’s five years old at this point. Apple announced the latest version of the iPad Pro at the end of October last year, along with an updated Apple Pencil, and all the reviews said the iPad was absolutely gobsmackingly fast (to the point where it beats all but the highest-end Core i9 15″ MacBook Pro in a number of CPU benchmarks), so I decided to finally retire the iPad mini and upgrade.

Holy. Crap.

It’s honestly one of the most impressive pieces of technology I’ve used in recent years; almost the entire thing is screen, there’s only enough bezel to comfortably hold the edges and no more, and it’s about as thin as I recall the iPhone 4/4S being, with the same industrial design. I’m still on the iPhone 7 so haven’t used Face ID before, and it works like magic. The screen has a 120Hz refresh rate as opposed to the standard 60Hz of most displays, and it means that everything feels just subtly more fluid and responsive. Everything I do on it is just totally effortless, it responds immediately without any hint of lag or hesitation.

However, I think my favourite part so far is the Apple Pencil. It’s much the same as the original in terms of usage, but magnetically pairs and charges on the right side of the iPad, and has an option to double-tap the Pencil itself to switch between your current drawing tool and the eraser tool. It has pressure and angle sensitivity, so can behave exactly like an actual pencil. Turn it sideways and use the edge and you can do subtle shading, and the harder you press the darker the shade.

The built-in Notes app has basic Pencil support, but I’ve been using Procreate — which I actually originally bought on my iPad mini but didn’t use very much due to it being a pain trying to do any sort of detail with a finger — and it’s so awesome. It’s absolutely not going to win any sort of awards, but I’ve done two things so far and am really happy with both of them.

The first was done with the drawing assist turned on and an isometric grid, followed by a whole bunch of layers to get the lighting looking right.

And the second is just a pencil sketch. Like I said, objectively it’s not very good, but not having done anything like this before, I’m still very pleased.

I had a photo open in Safari in split-screen view beside Procreate, the woman in my sketch looks absolutely nothing like the photo but it was more just generally to get the angles right. 😛 My having done photography definitely helped with the shading because I could easily visualise in my head how the shadows would fall.

I need to make sure I keep up the practise so I can improve!


I also remembered that GarageBand on iOS is a thing, and goddamn, it’s also impressive. It’s the same idea as in GarageBand on the Mac with adding preset loops of instruments and combining them together — or recording your own — but they’ve done an amazing job of translating that to something that’s usable with a touch interface. I’d made a couple of songs in GarageBand for Mac previously (nearly twelve years ago now, jesus), but not really anything since.

I bought a USB-C to 3.5mm headphone adapter for the iPad so I could use my big Audio Technica headphones — doing audio work requires very low latency, and Bluetooth has way too much latency, to the point where if you try to use Bluetooth headphones with GarageBand on iOS it’ll give you a big warning to that effect — and did a bunch of dabbling the other day, and made another new song!


I’m very interested to see what Apple does with iOS 13 this year, because the iPad Pro’s hardware is astonishingly capable, but it feels like the software could be doing more. I’ve hooked up our spare Bluetooth keyboard and dabbled around in that and it’s neat, but there’s not enough support for keyboard shortcuts even in Apple’s own applications . In Messages, for instance, you can use Cmd-↑ and Cmd-↓ to switch between conversations, but there’s no way to get the focus back to the input field once you’ve done so… you have to reach for the screen. There’s an official Apple keyboard cover that turns your iPad into something resembling a laptop, but I don’t know how well it would work remaining steady on a lap on a train.

All that said, I’m absolutely stoked with the new iPad, and am seriously keen to see the software catch up to the capabilities of the hardware!

More fun with Yubikey: Signed Git commits and GPG agent forwarding

I’ve been on a “What other neat things can I do with my Yubikey” kick after my last post, and it turns out one of those neat things is to cryptographically sign Git commits. This allows you to prove that the owner of a particular GPG key is actually the person who committed the code. 

Setting up signed Git commits locally is very easy, run git config --global user.signingkey "<ID of your GPG signing subkey>" (mine is C65E91ED24C34F59 as shown in the screenshot below), then run your Git commit normally but with the added flag -S to sign it.

Bitbucket Cloud doesn’t currently support displaying signed Git commits in the UI, but you can do it on GitHub and you get a shiny little “Verified” badge next to each one and this message when you click on it:

You can also show it locally with git log --show-signature.

This is all well and good, but what if you want to sign something on a remote server that you’re connected to via SSH? Enter GPG agent forwarding!

Just like you can do SSH agent forwarding to have your private SSH key securely forwarded to a machine you’re connecting to, you can do the same with the GPG agent that stores your GPG keys and allow it to access your signing subkey. Setting up GPG agent forwarding is broadly straightforward, but make a note of which versions of GNUPG you’re running at each end. The “modern” version is 2.1 and higher, I’m running 2.2.x on my Macs but my Linode runs CentOS 7 which only comes with GPUPG 2.0.x and I wasn’t able to fully get agent forwarding working between it and 2.2.x on my Macs. I tested the latest Debian with 2.1 and that worked.

I followed this guide, but one extremely important note is that you can’t use a relative path for the local or remote sockets, they have to be the full absolute path. This becomes a pain when you’re connecting to and from different OSes or machines where your username differs. Thankfully, SSH has a Match exec option where you can run a command to match different hosts and use different host definitions (and thus put in different paths for the sockets) depending on your local and remote machines.

Mine looks like this :

# Source machine is a personal Mac, connecting to another personal Mac on my local network; the local network all uses the .core domain internally
Match exec "hostname | grep -F .core" Host *.core
RemoteForward /Users/virtualwolf/.gnupg/S.gpg-agent /Users/virtualwolf/.gnupg/S.gpg-agent.extra

# Source machine is a personal Mac, connecting to my Linux box
Match exec "hostname | grep -F .core" Host {name of the Host block for my Linode}
RemoteForward /home/virtualwolf/.gnupg/S.gpg-agent /Users/virtualwolf/.gnupg/S.gpg-agent.extra

# Source machine is my work Mac, connecting to my Linux box
Match exec "hostname | grep -F {work machine hostname}" Host {name of the Host block for my Linode}
RemoteForward /home/virtualwolf/.gnupg/S.gpg-agent /Users/{work username}/.gnupg/S.gpg-agent.extra

(Yes, technically this doesn’t work as I mentioned at the start due to my Linode being on CentOS 7 and having GNUPG 2.0, but the socket forwarding bit works, just not when I actually want to do anything with it. :P)

Nginx, PHP-FPM, and Cloudflare, oh my!

I use my Linode to host a number of things (this blog and Kristina’s, my website and Kristina’s, an IRC session via tmux and irssi for a friend and me, and probably another thing or two I’m forgetting). Kristina started up a travel blog a few months ago which I’m also hosting on it, and shortly after that point I found that maybe once every two weeks or so my website and our blogs weren’t running anymore. I looked into it and it was being caused by Linux’s Out-Of-Memory Killer, which kicks in when the system is critically low on memory and needs to free some up, killing the Docker container that my website runs in as well as MariaDB.

The main cause was Apache and MariaDB using up entirely too much memory for my little 2GB Linode, it was evidently just sitting on this side of stable with two WordPress blogs but adding a third seems like it tipped it over the edge. The reason MariaDB and my website’s Docker container were being killed is because although Apache was using up a heap of memory it was spread over a number of worker threads, so individually none of those were high, and MariaDB and my website were the largest on the list. There’s lots of tweaks you can do, several of which I tried, but all that happened was that it delayed the inevitable rather than entirely resolving it. Apache is powerful but low-resource-usage it ain’t. The primary low-resource-usage alternative to Apache is Nginx, so I figured this weekend I’d have a crack at moving over to that.

Overall it was pretty straightforward, this guide from Digital Ocean was a good starting point, the bits where it fell short was mostly just a case of looking up all of the equivalent directives for SSL, mapping to filesystem locations, etc. (I have ~15 years of history of hosted images I’ve posted on the Ars Technica  forums and my old LiveJournal—which is now this blog—and wanted to make sure those links all kept working). 

One difference is with getting WordPress going… WordPress is all PHP, and Apache by default runs PHP code inside the Apache process itself via mod_php, whereas when you’re using Nginx you have to be using PHP-FPM or similar which is an entirely separate process that runs on the server and that Nginx talks to to process the PHP code. I mostly followed this guide, also from Digital Ocean though there were a couple of extra gotchas I ran into when getting it fully going with Nginx for WordPress:

  • Edit /etc/nginx/fastcgi_params and add a new line with this content or you’ll end up with nothing but an empty blank page: fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name;
  • Remember to change the ownership of the WordPress installation directory to the nginx user instead of  apache
  • The default settings for PHP-FPM assume it’s running on a box with significantly more than 2GB of RAM; edit /etc/php-fpm.d/www.conf and change the line that says pm = dynamic to be pm = ondemand; with ondemand PHP-FPM will spin up worker processes as needed but will kill off idle ones after ten seconds rather than leaving them around indefinitely.

Additionally, Nginx doesn’t support .htaccess files so if you’ve got WordPress set up to use any of the “pretty”-type links, you’ll end up with 404s when you try to view an individual post instead. The fix is to put the following into the server block at the bottom:

location / {
  try_files $uri $uri/ /index.php?$args;
}

So it’ll pass the correct arguments to WordPress’ index.php file. You’ll also want to block access to any existing .htaccess files as well:

location ~ /\.ht {
  deny all;
}

The last thing I did with this setup was to put the entirety of my website, Kristina’s, and our respective blogs behind Cloudflare. I had great success with their DNS over HTTPS service, and their original product is essentially a reverse proxy that caches static content (CSS, Javascript, images) at each of their points of presence around the world so you’ll load those from whichever server is geographically closest to you. For basic use it’s free, and includes SSL, you just need to point your domain’s nameservers at the ones they provide. The only thing I needed to do was to set up another DNS record so I could actually SSH into my Linode, because now the host virtualwolf.org resolves to Cloudflare’s servers which obviously don’t have any SSH running!

Overall, the combination of Nginx + PHP-FPM + Cloudflare has resulted in remarkably faster page loads for our blogs, and thus far significantly reduced memory usage as well.

GPG and hardware-based two-factor authentication with YubiKey

As part of having an Ars Technica Pro++ subscription, they sent me a free YubiKey 4, which is a small hardware token that plugs into your USB port and allows for a bunch of extra security on your various accounts because you need the token physically plugged into your computer in order to authenticate. It does a number of neat things:

  • Generating one-time passwords (TOTP) as a second-factor when logging in to websites;
  • Storing GPG keys;
  • Use as a second-factor with Duo;

And a bunch of other stuff as well, none of which I’m using (yet).

My password manager of choice is 1Password, and although it allows saving one-time passwords for websites itself, I wanted to lock access to the 1Password account itself down even further. Their cloud-based subscription already has strong protection by using a secret key in addition to your strong master password, but you can also set it up to require a one-time password the first time you log into it from a new device or browser so I’m using the YubiKey for that.

I also generated myself GPG keys and saved them to the YubiKey. It was not the most user-friendly process in the world, though that’s a common complaint that’s levelled at GPG. I found this guide that runs you through it all and, while long, it’s pretty straightforward. It’s all set up now, though, my public key is here and I can send and receive encrypted messages and cryptographically sign documents, and the master key is saved only on an encrypted USB stick. You can also use the GPG agent that runs on your machine and reads the keys from the YubiKey to also be used for SSH, so I’ve got that set up with my Linode.

The last thing I’ve done is to set the YubiKey up as a hardware token with Duo and put my Linode’s SSH and this blog (and soon Kristina’s, though hers not with the YubiKey) behind that. With the Duo Unix module, even sudo access requires the YubiKey, and the way that’s set up is that you touch the button on the YubiKey itself and it generates a code and enters it for you.

It’s all pretty sweet and definitely adds a bunch of extra security around everything. I’m busily seeing what else I can lock down now!

Setting up DNS over HTTPS on macOS

Back in April, Cloudflare announced a privacy-focused DNS server running at 1.1.1.1 (and 1.0.0.1), and that it supported DNS over HTTPS. A lot of regular traffic goes over HTTPS these days, but DNS queries to look up the IP address of a domain are still unencrypted, so your ISP can still snoop on which servers you’re visiting even if they can’t see the actual content. We have a Mac mini that runs macOS Server and does DHCP and DNS for our home network, among other things, and with the impending removal of those functions and their suggested replacements with regular non-UI tools with a upcoming version of it, I figured now would be a good time to look into moving us over to use Cloudflare’s shiny new DNS server at the same time.

Turns out it wasn’t that difficult!

Overview

  1. Install Homebrew.
  2. Install cloudflared and dnsmasq: brew install cloudflare/cloudflare/cloudflared dnsmasq
  3. Configure dnsmasq to point to cloudflared as its own DNS resolver.
  4. Configure cloudflared to use DNS over HTTPS and run on port 54.
  5. Install both as services to run at system boot.

Configuring dnsmasq

Edit the configuration file located at /usr/local/etc/dnsmasq.conf and uncomment line 66 and change it from server=/localnet/192.168.0.1 to server=127.0.0.1#54 to tell it to pass DNS requests onto localhost on port 54, which is where cloudflared will be set up.

Configuring cloudflared

Create the directory /usr/local/etc/cloudflared and create a file inside that called config.yml with the following contents:

no-autoupdate: true
proxy-dns: true
proxy-dns-upstream:
  - https://1.1.1.1/dns-query
  - https://1.0.0.1/dns-query
proxy-dns-port: 54

Auto-update is disabled because that seems to break things when the update occurs, and the service doesn’t start back up correctly.

Configuring dnsmasq and cloudflared to start on system boot

dnsmasq: sudo brew services start dnsmasq will both start it immediately and also set it to start at system boot.

cloudflared: sudo cloudflared service install, which installs it for launchctl at /Library/LaunchDaemons/com.cloudflare.cloudflared.plist.

And done!

I was surprised at how straightforward this was. I also didn’t realise until I was doing all of this that dnsmasq also does DHCP, so with the assistance of this blog post I’ve also replaced the built-in DHCP server on the Mac mini and continue to have full local hostname resolution as well!

Knights Ridge “eco retreat”

We went for a weekend away up to a place in the Hunter Valley billing itself as an “eco retreat” and it was pretty great! We were able to bring Beanie along too, which he loved. Kristina had the great idea to get one of those extendo-leads so he was able to roam up to five metres away and smell all the smells while still remaining technically on his lead.

The whole place is entirely off-grid: electricity comes from solar plus battery storage (though they also included instructions for how to start up the backup generator in case anything happened), the toilet is a composting one, and water is all captured from the rain and stored. They did have a somewhat anaemic ADSL2 connection though, so I don’t know if you count that as still being entirely off-grid. 😛 There was zero mobile phone signal though, the whole time we were there our phones said “No service”.

The place was decorated in quite the rustic style, with all sorts of old bits and bobs around, but it was all totally clean and dust-free.

Sitting
Untitled
Untitled

There was no electric kettle, only an old stovetop one, and you don’t realise  how spoiled you are until you remember just how damn long it takes for a kettle to come to a boil on a gas stovetop!

Putting a cuppa on

The whole place was completely and totally silent in terms of any sort of human noise, the only sounds were from the trees and birds, and it was absolutely delightful. Sunset down the shallow valley that we were in was quite nice too.

Spotlight
Sunset

At dusk we saw a couple of wombats, though Beanie had to bark at them probably because they were low and had four legs and so looked somewhat dog-shaped, but we also saw some kangaroos! Beanie was absolutely fascinated by the kangaroos, we were watching from a goodly distance and he was sitting there absolutely laser-focused on them.

A distant kangaroo!
The kangaroo is the little tiny spec right in the middle where the field starts turning into the side of the valley.
Intently watching the distant kangaroo

My only complaint with the place is the number of bugs that manage to come in at night! Only about half the windows have flyscreens on them, so we had to run around and mostly close the place up once dusk arrived. All in all it was extremely relaxing, though. A++ would relax again.

The full album of photos is on Flickr.

Book recommendations, 2018 edition

Fair warning, I’m rubbish at writing reviews so I’m just going to copy and paste the summary from Booktopia. 😛 But I’ve read all of these books and they’re all fantastic and highly recommended!

Vigil by Angela Slatter (Book 1 of the Verity Fassbinder series)

Urban fantasy set in Brisbane.

Verity Fassbinder has her feet in two worlds.

The daughter of one human and one Weyrd parent, she has very little power herself, but does claim unusual strength — and the ability to walk between us and the other — as a couple of her talents. As such a rarity, she is charged with keeping the peace between both races, and ensuring the Weyrd remain hidden from us.

But now Sirens are dying, illegal wine made from the tears of human children is for sale — and in the hands of those Weyrd who hold with the old ways — and someone has released an unknown and terrifyingly destructive force on the streets of Brisbane.

And Verity must investigate, or risk ancient forces carving our world apart. 

The Stars are Legion by Kameron Hurley

Science fiction, a review on Amazon described it as “biopunk” which I think is perfect. It’s one of those books where very little is explicitly spelled out and you gather more and more little nuggets about the world as the book goes on.

Somewhere on the outer rim of the universe, a mass of decaying worldships known as the Legion is traveling in the seams between the stars. For generations, a war for control of the Legion has been waged, with no clear resolution. As worlds continue to die, a desperate plan is put into motion.

Zan wakes with no memory, prisoner of a people who say they are her family. She is told she is their salvation — the only person capable of boarding the Mokshi, a world-ship with the power to leave the Legion. But Zan’s new family is not the only one desperate to gain control of the prized ship. Zan must choose sides in a genocidal campaign that will take her from the edges of the Legion’s gravity well to the very belly of the world. Zan will soon learn that she carries the seeds of the Legion’s destruction — and its possible salvation. 

The Collapsing Empire by John Scalzi (Book 1 of the Interdependency series)

Science fiction.

In the far future, humanity has left Earth to create a glorious empire. Now this interstellar network of worlds faces disaster — but can three individuals save their people?

The empire’s outposts are utterly dependent on each other for resources, a safeguard against war, and a way its rulers can exert control. This relies on extra-dimensional pathways between the stars, connecting worlds. But “The Flow” is changing course, which could plunge every colony into fatal isolation.

A scientist will risk his life to inform the empire’s ruler. A scion of a Merchant House stumbles upon conspirators seeking power. And the new Empress of the Interdependency must battle lies, rebellion and treason. Yet as they work to save a civilization on the brink of collapse, others have very different plans…

The Fifth Season by N.K. Jemisin (Book 1 of the Broken Earth trilogy)

Science-fiction/fantasy, it’s kind of hard to nail it down to a single genre.

Three terrible things happen in a single day.

Essun, masquerading as an ordinary schoolteacher in a quiet small town, comes home to find that her husband has brutally murdered their son and kidnapped their daughter. Mighty Sanze, the empire whose innovations have been civilization’s bedrock for a thousand years, collapses as its greatest city is destroyed by a madman’s vengeance. And worst of all, across the heartland of the world’s sole continent, a great red rift has been torn which spews ash enough to darken the sky for years. Or centuries.

But this is the Stillness, a land long familiar with struggle, and where orogenes — those who wield the power of the earth as a weapon — are feared far more than the long cold night. Essun has remembered herself, and she will have her daughter back.

She does not care if the world falls apart around her. Essun will break it herself, if she must, to save her daughter.

Leviathan Wakes (Book 1 of The Expanse series)

Gritty science fiction. (It should be noted that there are currently seven books in this series so far, and they are all brilliant.)

Humanity has colonised the planets — interstellar travel is still beyond our reach, but the solar system has become a dense network of colonies. But there are tensions — the mineral-rich outer planets resent their dependence on Earth and Mars and the political and military clout they wield over the Belt and beyond.

Now, when Captain Jim Holden’s ice miner stumbles across a derelict, abandoned ship, he uncovers a secret that threatens to throw the entire system into war. Attacked by a stealth ship belonging to the Mars fleet, Holden must find a way to uncover the motives behind the attack, stop a war and find the truth behind a vast conspiracy that threatens the entire human race.

Bound by Alan Baxter (Book 1 of the Alex Caine trilogy)

Urban fantasy set (at least initially) in Sydney.

Alex Caine is a martial artist fighting in illegal cage matches. His powerful secret weapon is an unnatural vision that allows him to see his opponents’ moves before they know their intentions themselves.

After a fight one night, an enigmatic Englishman, Patrick Welby, claims to know Alex’s secret. Welby shows Alex how to unleash a breathtaking realm of magic and power, drawing him into a mind-bending adventure beyond his control. And control is something Alex values above all else. 

Changer by Matt Gemmell (Book 1 of the Kestrel series)

Urban fantasy-slash-science-fiction, set in the Edinburgh, Scotland.

Jutland, Denmark: a billionaire industrialist seizes control of a top-secret project that the European Defence Agency calls Destiny, manipulating it for his own ends.

Edinburgh, Scotland: physicist Neil Aldridge’s life is saved by an elite EU special forces team, codenamed KESTREL, drawing him into a race against time to prevent a disaster that will claim millions of lives.

As the chase leads to London, Amsterdam and beyond, Aldridge and his allies must battle a ruthless adversary: a trained killer with an unnatural ability, who seeks to hasten the cataclysm.

With time running out, Aldridge discovers that he and his enemy share an astonishing secret, which may be the key to salvation — or cause death on an unprecedented scale…

The spiritual successor to SimCity, Cities: Skylines

I first played the original SimCity Classic back in the early 1990s on our old Macintosh LC II, and absolutely loved it. Laying out a city and watching it grow was extremely satisfying, and the sequel, SimCity 2000 was even more detailed. I played a bit of SimCity 4, which came out in 2003, but the latest entry in the series, titled just “SimCity“, by all accounts sucked. The maps were significantly smaller in size, and it required an internet connection and was multiplayer to boot.

It’s actually possible to play SimCity 2000 on modern machines and I definitely got stuck into it a few years ago. This is a screenshot of my most recent city!

Screenshot of SimCity 2000, zoomed out and showing as much of my city as possible.

If you’re wanting a proper modern SimCity 2000-esque experience though, Cities: Skylines is what you’re after. It came out in March of 2015 on desktop, and was ported to Xbox One in April of 2017 and they did a damned good job of it, the controls are all perfectly suited to playing on a controller as opposed to with a mouse and keyboard.

The level of detail of the simulation is fantastic, you can zoom all the way in and follow individual people (called “cims”, as opposed to SimCity’s “sims”) or vehicles and see where they’re going. There’s a robust public transport system and you can put in train lines (and buses, and trams, and a subway, and in the most recent expansion called Mass Transit, even monorails, blimps, and ferries!) and see the cims going to and from work, and how many are waiting at each station and so on.

We recently upgraded to the Xbox One X and a shiny new OLED 4K TV (quite the upgrade from our nine year-old 37″ giant-bezeled LCD TV!), and it makes for some very nice screenshots. These are from my largest city called Springdale, currently home to ~140k people!

Nostalgia and the Classic Mac OS

I’ve been a Mac user my entire life, originally just because my dad used them at his work and so bought them for home as well. My earliest memories are of him bringing his SE/30 home and playing around in MacPaint. We also had an Apple IIe that we got second-hand from my uncle that lived in my bedroom for a few years, though that doesn’t count as a Mac.

The first Mac my dad bought for us at home was the LC II in 1992 (I was 9!), and I can remember spending hours trawling through Microsoft Encarta being blown away at just how much information I could look up immediately. I also remember playing Shufflepuck Café and Battle Chess, and I’m sure plenty of others too that didn’t leave as large an impression. There was also an application that came with the computer called Mouse Practice that showed you how to use a mouse, and we had At Ease installed for a while as well until I outgrew it.

After the LC II we upgraded to the Power Macintosh 6200 in 1995, which among other things came with a disc full of demos on it including the original Star Wars: Dark Forces (which I absolutely begged my parents to get the full version of for Christmas, including promising to entirely delete Doom II which they were a bit disapproving of due to the high levels of gore), and Bungie’s Marathon 2: Durandal (which I originally didn’t even bother looking at for the first few months because I thought it was something to do with running!). Marathon 2 was where I first became a fan of Bungie’s games, and I spent many many hours playing it and the subsequent Marathon Infinity as well as a number of fan-made total conversions too (most notably Marathon:EVIL and Tempus Irae).

The period we owned the 6200 also marked the first time we had an internet connection as well (a whopping 28.8Kbps modem, no less!). The World Wide Web was just starting to take off around this time, I remember dialing into a couple of the local Mac BBSes but at that point they were already dying out anyway and the WWW quickly took over. The community that sprang up around the Marathon trilogy was the first online community I was really a member of, and Hotline was used quite extensively for chatting. Marathon Infinity came with map-making tools which I eagerly jumped into and made a whole bunch of maps and put them online. I was even able to dig up the vast majority of them, there’s only a couple of them that I’ve not been able to find. I have a vivid memory of when Marathon:EVIL first came out, it was an absolutely massive 20MB and I can recall leaving the download going at a blazing-fast 2.7KB/s for a good two or three hours, and constantly coming back to it to make sure it hadn’t dropped out or otherwise stopped.

After the Marathon trilogy, Bungie developed the realtime strategy games Myth: The Fallen Lords and its sequel Myth II: Soulblighter, both of which I also played the hell out of and was a pretty active member of the community in.

After the 6200 we then had a second-gen iMac G3 then a “Sawtooth” Power Mac G4 just for me as my sister and I kept arguing about who should have time on the computer and the Internet. 😛 The G4 was quite a bit of money as you’d imagine, so I promised to pay it back to dad as soon as I got a job and started working.

macOS (formerly Mac OS X then OS X) is obviously a far more solid operating system, but I’ve always had a soft spot for the Classic Mac OS even with its cooperative multitasking and general fragility. We got rid of the old Power Mac G4 probably eight years ago now (which I regret doing), and I wanted to have some machine capable of running Mac OS 9 just for nostalgia’s sake. Mum and dad still had mum’s old PowerBook G3 and I was able to get a power adapter for it and boot it up to noodle around in, but it was a bit awkwardly-sized to fit on my desk and the battery was so dead that if the power cord wasn’t plugged in it wouldn’t boot at all.

There was a thread on Ars Technica a few months ago about old computers, and someone mentioned that if you were looking at something capable of running Mac OS 9 your best bet was to get the very last of the Power Mac G4s that could boot to it natively, the Mirrored Drive Doors model. I poked around on eBay and found a guy selling one in mint condition, and so bought it as a present to myself for my birthday.

Behold!

Power Mac G4 MDD

Dual 1.25GHz G4 processors, 1GB of RAM, 80GB of hard disk space, and a 64MB ATI Radeon 8500 graphics card. What a powerhouse. 😛

There’s a website, Macintosh Repository, where a bunch of enthusiasts are collecting old Mac software from yesteryear, so that’s been my main place to download all the old software and games that I remember from growing up. It’s been such a trip down memory lane, I love it!

A trip to Queenstown

Last week we finally got around to visiting New Zealand! We’d been meaning to go for a good couple of years now, but never actually did it. We started small and visited just Queenstown and surrounds, and were only there for three full days.

We flew in at night on Saturday night, and the descent in was rather long and bumpy which I guess is to be somewhat expected when it’s surrounded by mountains. We went into Queenstown for dinner first, and had one of the best burgers I’ve ever had at The World Bar.

The place we were staying was about 15 minutes drive from Queenstown, but because it was night time all we could see was brilliant yellow leaves on the trees at the side of the road where the headlights were lighting them up. We woke up the next morning, and holy crap, the view!

The Remarkables, morning light

Untitled

We went up the Skyline Gondola which has a hell of a view over Queenstown itself.

The view from Skyline Queenstown

Next we drive up to Glenorchy, which is about an hour away. Lunch was surprisingly delicious beef noodle soup from a Chinese restaurant there (there are a lot of Chinese tourists around).

On the road to Glenorchy

Kristina

Orange

Glenorchy Wharf

We spent the afternoon wandering around Queenstown Gardens and Queenstown itself. This was definitely a fantastic time to visit, the air was cool and crisp and all the leaves were changing and everything was bright yellow.

Sitting

Untitled

Secluded

Smokey

Dinner was whole baked flounder with shaved fennel and orange from Public Kitchen and it was absolutely magnificent, cooked to total perfection. The “whole fish” bit was slightly off-putting because it’s literally that, a entire fish, eyeballs and all, sitting on your plate staring up at you but I pretty quickly got over it. 😛

The morning view the next morning was even better than before.

The Remarkables, morning light 2

We paid a brief visit to Arrowtown, though there wasn’t a whole lot there and it was mostly tourist shops.

Untitled

Untitled

We then drove up to Wanaka and took the obligatory photo of the tree there.

That Wanaka Tree

The drive itself had some great scenery along the way too.

Untitled

Winding road

Untitled

Dinner was at the Pig & Whistle pub, I got the dry-rubbed steak with veggies and red wine jus and Kristina had chicken and mushroom pasta, and they were both absolutely incredible.

The final full day we were there, we drove two and a half hours up to Lake Pukaki. As before, the drive itself was quite scenic too.

Stopping at Tarras

Lindis Pass

The lake itself is amazing, it’s this crazy neon-blue colour. The first two photos don’t really do it justice, but the third one is exactly how it looked even in person.

Lake Pukaki

Lake Pukaki

Lake Pukaki

We drove a little further north along the western edge of the lake to get a bit closer to Looking towards Aoraki / Mount Cook, which was looking very dramatic with its peaks covered in clouds.

Looking towards Aoraki / Mount Cook

Overall it was a fantastic trip, we definitely want to go back again but we’re thinking we’ll fly into Christchurch next time and drive around further in the north of the South Island.

The full photosets are here:

More miniatures: Warhammer 40,000 edition

Warhammer 40,000 used to be quite the complicated affair, lots of rules and looking things up on different tables to check what dice roll you needed for different effects, and needing many hours to finish a game. The 8th Edition of the game came out last year, and was apparently extremely streamlined and simplified and seems to have been received very well. Since I’d been doing well with Shadespire, I decided to get the 8th Edition core box set as well, and had almost exactly enough in Amazon gift card balance for it! It comes with Space Marines, as always, but the opposing side is Chaos this time. 7 Plague Marines, a few characters, a big vehicle, and about 20 undead daemon things. I decided to alternate between painting a handful of each side at once, so as not to get bored, and have gone with Space Wolves (big surprise, I know) as the paint scheme for the Imperial side.

Space Wolves Intercessor

There’s another five of these Space Marines but they’re all identical apart from the poses so I didn’t take photos of all of them.

The Plague Marines are all unique though, so I’ve been taking photos of each of them, my first batch was four of them.

Plague Marine 1

Plague Marine 2

Plague Marine 3

Plague Marine 4

My mobile painting table has been a great success, but after the first batch of Space Marines I realised I was getting a sore neck and back from hunching over towards the miniatures as I was painting them because everything was too low. Another trip to Bunnings, and lo and behold…

Painting table from the side, showing the two vertical blanks to give it some hight

Problem solved!

I also realised the other day why I was enjoying painting my miniatures a lot more now than I used to… it’s thanks to being able to combine my hobbies of painting and also photography. 😛 I can paint the miniatures and be happy with my work, but then also take professional-looking photos of them and share them with the world!

More Raspberry Pi adventures: the Pi Zero W and PaPiRus ePaper display

I decided I wanted to have some sort of physical display in the house for the temperature sensors so we wouldn’t need to be taking out our phones to check the temperature on my website if we were already inside at home. After a bunch of searching around, I discovered the PaPiRus ePaper display. ePaper means it’s not going to have any bright glaring light at night, and it also uses very little power.

The Raspberry Pi is hidden away under a side table, and already has six wires attached to the header for the temperature sensors, so I decided to just get a separate Raspberry Pi Zero W — which is absurdly small — and the PaPiRus display.

Setting it up

I flashed the SD card with the Raspbian Stretch Lite image, then enabled SSH and automatic connection to our (2.4GHz; the Zero W doesn’t support 5GHz) wifi network by doing the following:

  1. Plug the flashed SD card back into the computer
  2. Go into the newly-mounted “boot” volume and create an empty file called “ssh” to turn on SSH at boot
  3. Also in the “boot” volume, create a file called “wpa_supplicant.conf” and paste the following into it:country=AU
    ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
    update_config=1
    network={
    ssid="WIFI_SSID"
    scan_ssid=1
    psk="WIFI_PASSWORD"
    key_mgmt=WPA-PSK
    }
  4. Unmount the card, pop it into the Pi, add power, and wait 60-90 seconds and it’ll connect to your network and be ready for SSH access! The default username on the Pi is “pi” and the password is “raspberry”.

(These instructions are all thanks to this blog post but I figured I’d put them here as well for posterity).

The PaPiRus display connection was dead easy, I just followed Pi Supply’s guide after soldering a header into the Pi Zero W. If you want to avoid soldering, they also offer the Zero W with a header pre-attached.

Getting the Python library for updating the display was mostly straightforward, I just followed the instructions in the GitHub repository to manually install the Python 3 version.

I wrote a simple Python script to grab the current temperature and humidity from my website’s REST endpoints, and everything works! This script uses the “arrow” and “requests” libraries, which can be installed with “sudo apt-get install python3-arrow python3-requests”.

Next step is to have the Pi 3 that has the sensors run a simple HTTP server that the Zero W can connect to it, so even if we have no internet connection for whatever reason, the temperatures will still be available at home. I’ve updated my Pi Sensor Reader to add HTTP endpoints.

Another year of Node.js (now also featuring React)

I posted last year about my progress with Node.js, and the last sentence included “I’m very interested to revisit this in another year and see what’s changed”.

So here we are!

There’s been a fair bit less work on it this year compared to last:

$ git diff --stat 6b7c737 47c364b
[...]
77 files changed, 2862 insertions(+), 3315 deletions(-)

The biggest change was migrating to Node 8’s shiny new async/await, which means that the code reads exactly as if it was synchronous (see the difference in my sendUpdate() code compared to the version above it). It’s really very nice. I also significantly simplified my code for receiving temperature updates thanks to finally moving over to the Raspberry Pi over the Christmas break. Otherwise it’s just been minor bits and pieces, and moving from Bamboo to Bitbucket Pipelines for the testing and deployment pipeline.

I also did a brief bit of dabbling with React, which is a frontend framework for building single-page applications. I’d tried to fiddle with it a couple of years ago but there was something fundamental I wasn’t grasping, and ended up giving up. This time it took, though, and the result is virtualwolf.cloud! All it’s doing is pulling in data from my regular website, but it was still a good start.

There was a good chunk of time from about the middle of the year through to Christmas where I didn’t do any personal coding at all, because I was doing it at work instead! For my new job, the primary point of contact for users seeking help is via a room on Stride, and we needed a way to be able to categorise those contacts to see what users were contacting us about and why. A co-worker wrote an application in Ruby a few years ago to scrape the history of a HipChat room and apply tags to it in order to accomplish this, but it didn’t scale very well (it was essentially single-tenented and required a separate deployment of the application to be able to have it installed in another room; understandable when you realise he wrote it entirely for himself and was the only one doing this for a good couple of years). I decided to rewrite it entirely from scratch to support Stride and multiple rooms, with the backend written in Node.js and the frontend in React. It really is a fully-fledged application, and it’s been installed into nearly 30 different rooms at work now, so different teams can keep track of their contact rate!

The backend periodically hits Stride’s API for each room it’s installed in, and saves the messages in that room into the database. There’s some logic around whether a message is marked as a contact or not (as in, it was someone asking for help), and there’s also a whitelist that the team who owns the room can add their team members to in order to never have their own messages marked as contacts. Once a message is marked as a contact, they can then add one or more user-defined tags to it, and there’s also a monthly report so you can see the number of contacts for each tag and the change from the previous month.

The backend is really just a bunch of REST endpoints that are called by the frontend, but that feels like I’m short-changing myself. 😛 I wrote up a diagram of the hierarchy of the frontend components a month or so ago, so you can see from this how complex it is:

And I’m in the middle of adding the ability to have a “group” of rooms, and have tags defined at the group level instead of the room level.

I find it funny how if I’m doing a bunch of coding at work, I have basically zero interest in doing it at home, but if I haven’t had a chance to do any there I’m happy to come home and code. I don’t think I have the brain capacity to do both at once though. 😛

Tea, five years later

I’d posted back in May of 2013, just before we moved into our house, that I was really enjoying my nighttime cuppa, and nearly five years later we’re now at the point where we have an entire shelf of our pantry that has nothing but tea on it!

Our selection of tea

We’ve got a handful of loose-leaf teas, but I tend to forget about them because they’re buried at the back and it’s a bit of a pain to clean up afterwards. A cup of herbal tea after dinner is glorious, especially when the weather has cooled down. The brand “Celestial Seasonings” has quite a few very tasty ones, and we’ll frequently pick up a new interesting-looking type when we’re out at the shops too (hence the whole shelf of tea that we now have).

I still don’t tend to drink a lot of black tea, mostly because it’s not caffeinated enough compared to coffee, but we discovered McVitie’s digestive biscuits thanks to a British documentary series (called “Inside the Factory”) about how they’re made, and ohmygod they’re so good dunked in a nice hot cup of black tea! ?

Mobile painting

I mentioned in my last post that I’d brought all the paints and miniatures and everything inside because it was too hot in the back room to do any actual painting. Moving everything back and forth turned out to be a massive pain, so I decided to build myself a painting board that I could have everything sitting on, then just pick up and move back and forth as necessary.

After about $20 at Bunnings and some Liquid Nails as well as actual nails, it’s ready to go! The board ended up being somewhat larger than I was expecting, and it was a very tight squeeze with all the other stuff on the desk. Fortunately we still had the two shelves we’d originally put up in the office three and a half years ago and had since removed when we rearranged everything two years ago, so I put them up and moved basically everything that was on the desk onto them instead, and now everything is neat and tidy and organised!

Miniatures painting board

Board

Finally, some actual miniature painting

So despite having gotten the back room set up for miniature painting over three and a half years ago, I hadn’t actually done any of it since then. 😛 I also realised I hadn’t actually taken a photo of the setup.

I bought Games Workshop’s latest game Shadespire early last month, it does have miniatures to paint but only eight in the core set, and it’s a board game where the games last about half an hour or so versus the multi-hour affairs that are traditional Warhammer/Warhammer 40,000 games. I figured that with the holidays around and time to kill, and not having the prospect of endless amounts of miniatures to paint, I’d give it a go. I’m pleased to say that I clearly still have the painting skills!

I’ve finished five of them so far, so only three to go, and took some proper photos of them with the full external flash/umbrella setup.

Blooded Saek

Angharad Brightshield

Targor

Karsus the Chained

Obryn the Bold

(I’ll admit that I cheated slightly and didn’t actually paint any of these in the back room, however… during the week and a bit that I was doing them, the weather was really hot and the dinky little air conditioning unit in the back room wasn’t remotely up to keeping things cool, so I ended up bringing all the paints and bits inside and did them at the dining table).

The game Shadespire itself is really neat as well. I’ve only played a handful of games, but rather than just “Kill the other team” you also have specific objectives to accomplish as well. Have a read of Ars Technica’s review of it, they’re a lot more thorough and eloquent than I could be. 😛

Temperature sensors: now powered by Raspberry Pi

The Weather section on my website is now powered by my Raspberry Pi, instead of my Ninja Block! \o/

Almost exactly three years ago, I started having my Ninja Block send its temperature data to my website (prior to that, I was manually pulling the data from the Ninja Blocks API and didn’t have any historical record of it). Ninja Blocks the company went bust in 2015, and there was some stuff in the Ninja Blocks software that relied on their cloud platform to work and I ended up with no weather data for a couple of days because the Ninja Block couldn’t talk to the cloud platform. I ended up hacking at it and the result was this very simple Node.js application as a replacement for their software. It always felt a bit crap, though, because if the hardware itself died I’d be stuck; yes, it was all built on “open hardware” but I didn’t know enough about it all to be able to recreate it. I’d ordered a Raspberry Pi 3 in June last year, intending on replacing the Ninja Block and it’s sometimes-unreliable wireless temperature sensors with something newer and simpler and hard-wired, but I found there was a frustrating lack of solid information regarding something that on the surface seemed quite simple.

I’ve finally gotten everything up and running, the Ninja Block has been shut down, and I’ve previously said I’d write up exactly what I did. So here we are!

Components needed

  • Raspberry Pi 3 Model B+
  • AM2302 wired temperature-humidity sensor (or two of them in my case)
  • Ethernet cable of the appropriate length to go from the Pi to the sensor
  • 6x “Dupont” female to either male or female wires (eBay was the best bet for these, just search for “dupont female”, and it only needs to be female on one end as the other end is going to be chopped off)
  • 1.5mm heatshrink tubing
  • Soldering iron and solder
  • Wire stripper (this one from Jaycar worked brilliantly, it automatically adjusts itself to diameter of the insulation)

Process

  1. Cut the connectors off one end of the dupont cables, leaving the female connector still there, and strip a couple of centimetres of insulation off.
  2. Strip the outermost insulation off both ends of the ethernet cable, leaving a couple of centimetres of the internal twisted pairs showing.
  3. Untwist three of the pairs and strip the insulation off them, then twist them back together again into their pairs.
  4. Chop off enough heatshrink tubing to cover the combined length of the exposed ethernet plus dupont wire, plus another couple of centimetres, and feed each individual dupont wire through the tubing (there should be three separate bits of tubing, one for each wire).
  5. Solder each dupont wire together with one of the twisted pairs of ethernet cable, then move the heatshrink tubing up over the soldered section and use a hairdryer or kitchen blowtorch to activate the tubing and have it shrink over the soldered portion to create a nice seal.
  6. Repeat this feed-heatshrink-tubing/solder-wire/activate-heatshrink process again but with the cables that come out of the temperature sensor (ideally you should be using the same red/yellow/black-coloured dupont cables to match the ones that come out of the sensor itself, to make it easier to remember which is which).
  7. Install Raspbian onto an SD card and boot and configure the Pi.
  8. Using this diagram as a reference, plug the red (power) cable from the sensor into Pin 2 (the 5V power), the yellow one into Pin 7 (GPIO 4, the data pin), and the black one into Pin 6 (the ground pin).

AdaFruit has a Python library for reading data from the sensor, I’m using the node-dht-sensor library for Node.js myself. You can see the full code I’m using here (it’s a bit convoluted because I haven’t updated the API endpoint on my website yet and it’s still expecting the same data format as the Ninja Block was sending).

I’d found a bunch of stuff about needing a “pull-up” resistor when connecting temperature sensors, but the AM2302 page on adafruit.com says “There is a 5.1K resistor inside the sensor connecting VCC and DATA so you do not need any additional pullup resistors”, and indeed, everything is working a treat!

Christmas 2017

Christmas and Boxing Day this year were pretty great. My sister and her husband and kids were able to make it up from Nowra again, so we had the family Christmas at my parents’ place with everyone. My niece Arya, now three and a half, is GODDAMN ADORABLE. She’s totally happy to just go off and play by herself, and there wasn’t a single tantrum the whole time we were there either. Lily and Scarlett were happy to hang out with each too and got along very well.

It was interesting to see that Scarlett’s reading is definitely not at the same level as Lily’s was at the same age… Lily was eight when I posted this but she was absolutely tearing through pretty much everything, whereas Scarlett was struggling a little to read the jokes inside the Christmas crackers.

Beanie was terrific, he mostly just wandered around keeping an eye on what everyone was doing and didn’t bark once. Arya was a afraid of him to begin with, because he was so excited to see someone vaguely at his height that he kept jumping up on her and trying to lick her face! My sister’s dog at home isn’t one for jumping, so Arya wasn’t used to that. She got over it eventually, though, and was able to sit down and give him scritches.

Showing Scarlett how to Minecraft

Pennie, Mark, and Arya

AHHH A DINOSAUR BOOK!

Beanie amongst the Christmas paper

Snuggles with Aunty Kristina

Sitting on dad

I’ve been a bit stuck for what to get for Christmas and birthdays of late, so I’ve asked for mostly just books. This year’s haul:

So that should certainly keep me occupied for a while!

We went back over on Boxing Day for mum’s birthday, and went down to Collaroy Beach in the afternoon. It was completely overcast but the weather was otherwise glorious… temperature in the mid-20s and a lovely breeze. There were more photos, of course, and I gave the 135mm lens a good workout for once!

Waving from the kiddy pool

Posing

Strutting

Playing in the sand

Getting splashed #1

Even cheesier grin

Getting splashed #5

Photographical style

I never really thought of myself as having a particular “style” to my photos, but I was looking back at my old photos — originally specifically from Christmas and then just more generally all of them — and I’ve realised in the last year or two I’ve very much moved towards a lighter “high-key” style where I bring the shadows up and even bump the exposure of the whole photo by ⅓ to ⅔ of a stop or even more, to get a nice light airy feel to them.

Have a look just at my Christmas albums to see what I mean.

It’s even more obvious when going back and looking at all my photos as a whole! My photos from our trip to Boston in 2012 are a good example, they’re all super-saturated and high-contrast, with really dark shadows. I still have all the original RAW files from that trip, but I don’t want to go back and start re-editing photos lest I go down the path of George Lucas and just totally ruin everything with my meddling. 😛

A holiday in Perth

We went to Perth for a week last week, and it was damned lovely! A friend of mine, Mat, who I’ve known for over fifteen years and originally met through the now-mostly-defunct Everything2, lives over there and was able to offer some advice on places to eat at and suburbs to stay in.

We arrived on Saturday and stayed in a house in Highgate, which is about a 10-15 minute walk from the city itself. Less than a block away is Hyde Park, which is lovely, and so green (Perth has had like a month or two straight of rain, versus the next-to-none that Sydney’s had).

Path

Gazeebo

Departing

There’s a bunch of street art all around the place as well, and lots of interesting buildings to take photos of (full album is here).

Untitled

Untitled

Untitled

Five

High Grounds Coffee

On Sunday we visited Fremantle, to check out the markets there and hopefully get a view of a sunset over the ocean (something we’ve never seen given both Kristina and I grew up on the east coasts of our respective countries). It was indeed getting very nice, but sadly the clouds moved in right as the sun was getting low to the horizon.

Down the street

Ferris wheel

Untitled

Playing

Lighthouse

Untitled

Untitled

Fremantle is the main cargo port for Perth, so there were the giant cargo cranes there and also a massive submarine in dry-dock (have a look to the right of the second photo)!

Untitled

Cranes

Monday was spent first at the Western Australian Botanic Garden and then wandering Northbridge and the CBD itself.

The Garden is massive although there’s a lot of just regular bushland as well as flower beds.

Untitled

Untitled

Untitled

The Swan Brewery Co. Ltd.

Northbridge was neat, there’s a lot of laneways and little alleys, and most of them have art on the walls, often on a very large scale.

Untitled

Small steps

Dragon

Sugar glider

Goat

Untitled

Untitled

Those last two would have been probably four stories high!

We wandered through the CBD itself as well, had dinner at Durty Nelly’s Irish pub (highly recommended, the food was incredible), then continued wandering after night had fallen.

Spring

Untitled

Gothic windows

Untitled

Stairs

Untitled

On Tuesday we visited Rottnest Island! We made the mistake of taking a bus tour, which was filled with loud, obnoxious, racist boomers, and we only stopped to actually get off the bus twice. Otherwise we were driving past all this wonderful terrain and the occasional quokka, and everyone was snapping shitty photos out of the bus windows.

Thankfully that only lasted an hour and a half, and we were able to go visit a colony of quokkas that were all of about ten minutes from the main buildings on the island, and OH MY GOD they are adorable! They have no natural predators on the island so they were pretty well unafraid of people and we were able get up super-close to them.

Smiling

Round

Mine!

Gnarled

The water around the island is crystal clear.

Untitled

Untitled

Tuesday night, we had dinner in Northbridge at a Mexican restaurant called La Cholita, and holy crap if you’re in Perth you need to visit it. The food is amazing.

Chopping

Kristina and Mat

Taco and sangria

Afterwards we went for another wander around the area and snapped some photos.

Mat's ridiculous icecream

Waiting

Meat Candy

Wednesday was spent briefly at the Araluen Botanic Park (briefly, because Kristina’s legs were massively hurting from crouching down and getting up constantly on Tuesday while we were visiting the quokkas and the Botanic Park was filled with lots of hills), and then a leisurely wander through East Perth.

The weather starting turning a bit crap on Thursday, so we visited Mat’s sister and her boyfriend on their rural property and just hung out there with their horse Archie and hilariously uncoordinated Maremma sheep dog Iorek, then went back and played some Diablo III.

Untitled

Iorek the Maremma sheep dog

I can’t believe how well-timed the trip was, we booked it back in July and the week before the trip was almost non-stop rain and it’s now back to raining again for the next week! There would have been so much we wouldn’t have been able to see if the weather had been awful.

A vehicular upgrade

We bought a brand-new car today! \o/ It’s an extremely handsome-looking Kia Cerato hatchback in dark metallic grey.

Our brand-new MY18 Kia Cerato

We’d been toying with the idea for a little bit, then Kristina came across some videos of crash tests comparing somewhat older (from ~2000-ish, which is exactly what our current Corolla is) cars impacting with newer ones. They’re nothing like the utter crumpling of the cars from the 1970s, but still somewhat alarming. She did a bunch of research and found that the current Kias are extremely well-regarded and reliable, and it turns out there’s basically nothing else in the same price range that offer as much power and features; the equivalent cars like the Corolla and Civic and such were all several thousand dollars more, with less power and fewer included features. The Cerato has a 7-year warranty as well, which seemed to be more than most other cars.

Speaking of power (112kW and 192Nm to be exact), we took one for a test drive on Sunday… I put my foot down and was accidentally doing 70km/h almost immediately! There’s a hell of a lot of room as well, it’s only marginally larger on the outside compared to our Corolla, but it’s so spacious inside. I’m excited about having a hatchback again too, there’s been a few situations where we were trying to put something into the boot and it just wouldn’t fit. Now we can go to town and put the back seats down and put EVERYTHING in it! *maniacal laughter*

We’re going to keep the old Corolla for a while just to go to and from the station in, because parking there means the car is permanently covered in dust thanks to all the construction going on, and when it rains everything turns to mud and the trucks going along the road just splash mud across everything.

A photographical upgrade

Last Wednesday, we upgraded from our trusty Canon EOS 7D to a brand-new Canon EOS 5D Mark IV! It’s a hell of an upgrade in terms of basically every single aspect… the 7D originally came out in 2009 and the 5D4 was only last year and is full-frame to boot, 18 megapixels versus 30, and the 5D4 also has the insanely awesome autofocus system from Canon’s flagship ~$8k-for-the-body-alone EOS 1DX.

I fairly obsessively tag my photos on Flickr so it’s easy to find things, and the final tally for photos taken with the 7D is 2641!

The very first photo taken was of this flower at my parents’ place, when I got our original 35mm f/2 lens for my birthday in 2010 (the camera and lens are not mine alone, both Kristina and I share it equally, but getting the lens for my birthday was a handy way to not have pay the entire cost of it ourselves :P).

Untitled

It’s difficult to pull only a handful of favourite photos out of twenty-six hundred, but these would definitely be amongst them, in many cases more for the memory than any particular quality of the photograph…

Kristina being nibbled by a horse on our first wedding anniversary—
Horsey Nibbles

Meerkats warming themselves at Taronga Zoo—
Warming glowing warming glow

Dan looking right at a well-placed “Look right” sign—
Dan is waiting for a bus

Kristina looking stunning with our ring-flash—
My beautiful wife

Lily writing her name—
Writing

The train tunnels at Wynyard—
Into the tunnels

Lily feeding the lorikeets—
Feeding the lorikeets

A toothy grin—
Toothy grin

Christmas excitement—
Excitement

The first photo taken in our new house—
Tedison's new home

Kristina being extremely nudged by a calf at Featherdale—
Untitled

My very first photo of Beanie when we got him—
Untitled

Nanny at Christmas hugging one of Lily’s presents—
Nanny hugging Lily's pillow pet

Beanie in the office—
In the office

One of the several actresses we got in at work one Halloween, who were done up as zombies and CREEPY AS FUCK—
Zombiegirl #3

Kristina cracking up at how ridiculous Beanie is—
Cracking up

Lily and Scarlett’s matching bears at Christmas—
New bears

Family photo—
Family photo!

The fantastically creepy decorations and lighting for the latest Halloween at work—
Untitled

Playing around with coloured gels on our flashes with Adam and Stacey—
Untitled

Beanie playing with his best friend Leo—
Untitled

The extraordinarily epic storm aftermath we had—
Untitled

A photo walk we did at work one lunch where we had some volunteers to do a pseudo-modelling shoot—
Marlene

Leo and Beanie zooming down the hall—
Untitled

Wandering around Barangaroo before going to the Maritime Museum—
Untitled

We sold the 7D to friends, so it’s definitely going to continue on in a good home. It was an absolute workhorse, I didn’t think to check the shutter count before we sold it but it never once gave any sort of trouble whatsoever. Meanwhile, we’ve already started taking new memories with the 5D Mark IV and I’d say we ought to get at least 10 years out of it if not more.

Bandcamp is brilliant

For those unaware, Bandcamp is essentially a more indie iTunes Music Store—they don’t have any of the huge music labels there—but with a twist… you can stream entire albums before buying them (as opposed to the 90-second previews you get in iTunes), and a significantly larger percentage of the money you pay to them goes directly to the artist (Bandcamp says around 75-80%).

I found out about it around the start of this year, and it has me discovering and buying way more new music than I had previously. From 2013 to 2016, I’d added 30 albums to iTunes from various sources… this year so far I’ve bought 34 on Bandcamp! They have an iOS app that lets you browse artists by tag (usually genre, like “black metal” for instance, but there’s things like “female-fronted metal” that spans different genres, and really whatever else users have tagged the artist with), so I’ll spend an hour here and there just going through listening to new artists and adding albums to my wishlist, then once or twice a month will go back and buy a few of them.

One of the best bits is that the artists themselves set the prices and you can pay more if you’d like, and some don’t even have a minimum price. The highest I’ve come across so far us US$9.99 (currently about AU$12.50), which is a good bit cheaper than the standard AU$16.99 price you see on iTunes, and a lot have been closer to US$5.

They’ve also done some fantastic things like donating all their proceeds for a day when Trump tried his so-called “Muslim ban” back in January, and more recently doing a similar thing with the proposed ban on transgender service members in the US military.

So basically, if you like music and supporting artists, stop buying music anywhere else and start buying it on Bandcamp!

Adventures with Docker

For a few years now, the new hotness in the software world has been Docker. It’s essentially a very-stripped-down virtual machine, where instead of each virtual machine needing to run an entire operating system as well as whatever application you’re running inside it, you have just your application and its direct dependencies and the underlying operating system handles everything else. This means you can package up your application along with whatever other crazy setup or specific versions of software is required, and as long as they have Docker installed, anyone in the world can run it on pretty much anything.

The process of converting something to run in Docker is called “Dockerising”, and I’d tried probably two or so years ago to Dockerise my website (which was at the time still in its Perl incarnation), but without success. Most of it was not properly understanding Docker but also Docker’s terminology not being hugely clear and information on Dockering Perl applications being a bit thin on the ground at the time.

My new job involves quite a lot of Docker so I figured I should probably have another crack at it, so I sat down in June and managed to get my website running in a Docker container! The two-or-so-years between when I tried it last and now definitely helped, as did having had a little bit of experience with it in the new job.

I think the terminology was one of the bits that I struggled with most, so maybe this explanation will help someone… you have a Docker image, that’s basically a blueprint for a piece of software and all its associated dependencies. From that image (blueprint), you start up one or more containers which are the actual running form of the image. If one container dies (the application inside crashes or whatever), you don’t care and just start up another one and it’s identical each time. To build your own image, you start with a Dockerfile that tells Docker exactly how to construct your application and all the different parts that are required to support it (see my Lessn Archive’s Dockerfile for an example). There really wasn’t any substitute for actually going in and doing it; by struggling and failing I eventually got there in the end.

Since my initial success with my website, I’ve gone on to put both my old site archive and my URL shortener in Docker containers as well! Next stop is Kristina’s website, but that’s still using Perl and Mojolicious and my initial attempts have not been successful. 😛