awadwatt.com

Reader

Read the latest posts from awadwatt.com.

from Third Spruce Tree On The Left

From the And ANOTHER thing... department..

ok, #NewRule – if you write an app or service that uses a #directory to save important files, and you generate #errors in your logs about the files in said directory, but don't document what, if anything the user can do about it, that folder needs to have a README.txt or .dirinfo or something that explains what each of the files mean.. or what files should or shouldn't be there.

For a while now, everytime I apt upgrade I get a bunch of these:

Notice: Ignoring file 'scootersoftware.list.migrate' in directory '/etc/apt/sources.list.d/' as it has an invalid filename extension
Notice: Ignoring file 'google-chrome.list.migrate' in directory '/etc/apt/sources.list.d/' as it has an invalid filename extension
Notice: Ignoring file 'vscode.list.migrate' in directory '/etc/apt/sources.list.d/' as it has an invalid filename extension

There's nothing in the apt man page even about the /etc/apt/sources.list.d/ folder at all, let alone what a .migrate file is. Nothing in anything in /etc/apt/.

I found the code repo (https://github.com/Debian/apt) and there isn't anything there either.

Like, I have 3 brain cells, I'm guessing a .migrate file in /etc/apt/sources.list.d is a temporary file from – duh – migration, but if apt is throwing a msg like “hey, unexpected file, I'm going to ignore it” error then clearly the file shouldn't.. be.. there? And if so, what can/should I do about this?

So is it OK to delete .migrate files? But but but,

tezoatlipoca@pickles17:/etc/apt/sources.list.d$ grep scooter *
scootersoftware.list.migrate:deb [signed-by=/usr/share/keyrings/scootersoftware-keyring.gpg] https://www.scootersoftware.com/ bcompare4 non-free

I DO use Beyond Compare from Scootersoft. And the Scootersoft package repo information isn't anywhere else:

tezoatlipoca@pickles17:/etc/apt$ grep -R -i scooter *
sources.list.d/scootersoftware.list.migrate:deb [signed-by=/usr/share/keyrings/scootersoftware-keyring.gpg] https://www.scootersoftware.com/ bcompare4 non-free

Would it be so hard to modify the apt error message to add

Notice: Ignoring file "scootersoftware.list.migrate" in directory "/etc/apt/sources.list.d/" as it has an invalid filename extension - see "man apt datafiles" for more info.

Or,

Notice: Ignoring file "scootersoftware.list.migrate" in directory "/etc/apt/sources.list.d/" - this temp file can be safely deleted.

Because of search engine #enshittification I've been using Lycos , but IT wasn't giving me any useful results for [https://search1.lycos.com/web/?q=apt+.migrate+files]. In desperation, I turned to Google where Gemini reinforced my suspicion:

Google: apt ".migrate" files in /etc/apt/sources.list.d

AI Overview Files ending with .migrate in /etc/apt/sources.list.d/ are typically renamed or temporary files that were created during an upgrade or migration process, such as a system upgrade or a software migration. These files are usually ignored by apt because they do not have the expected .list extension. The apt package manager expects source list files in /etc/apt/sources.list.d/ to end with .list. When apt encounters a file with an extension like .list.migrate, it will generally ignore it and issue a warning message indicating an “invalid filename extension.” To resolve this, if the .migrate file contains valid source list entries that are intended to be active, it should be renamed to have a .list extension. For example, filename.list.migrate should be renamed to filename.list. If a corresponding .list file already exists, the .migrate file can often be safely deleted after verifying its content. Example: sudo mv /etc/apt/sources.list.d/webmin.list.migrate /etc/apt/sources.list.d/webmin.list

However, since I can't find a legit and authoritative second source to corroborate that .migrate files in /etc/apt/sources.list.d are in fact redundant, safe-to-delete files, I'll just have to take Gemini's word for it? (we all know how THAT goes usually).

At work, where I write the documentation that noone reads, our (Windows) software writes a bunch of magic files alongside the data files that the user provides. Since this data store is owned by the user, and users like shooting their own foot off, there's a chapter in the Admin guide that explains what each of the app's magic files do, how they're used by our app, and which ones the user is free to customize, how and why, and which ones the user should never ever modify. Along with when the file is created, and if its missing/corrupt (because our app tells them “Magic file is bork, please fix it”, how they can fix it... even if the fix is “call Innitech Support”.

The files within C:\Program Files\Innitech\App are OURs and we don't document THOSE. But if your code is going to bitch about a magic file, but then doesn't explain at all about a magic file, that's not cool.

Changelog

2025-07-30 – initial

 
Read more...

from Third Spruce Tree On The Left

From the This Is Why We Can't Have Nice Things department.

When you are registering or logging into an online or app service and they provide a button or link to “Log In Using #Google/#Microsoft/#Facebook”, the service is using what they call an OAuth provider. Technically only #OAuth2 is used these days, but its all the same thing – see [https://en.wikipedia.org/wiki/OAuth]

How OAuth or Open Authentication works is:

  • Service needs/wants you to register or login
  • If Service – or you – don't want yet another account to maintain, then you can choose to Log In Using Google/Microsoft/Meta/LinkedIn/any OAuth provider that Service cares to support
  • Service redirects your registration/login to Google/Microsoft etc. (lets call them OAuth Provider)
  • Service asks OAuth Provider to vouch you as a person and gives a list of info that Service needs
  • OAuth Provider handles all the hard stuff like 2Factor, password resets, and asks your permission for all the info that Service wants to see (or change)
  • If you satisfy OAuth Provider and give the right permission, OAuth Provider redirects you back to Service
  • OAuth Provider ALSO gives Service a token, which allows Service to access (or modify) your info at Provider that it had asked for.

As much as one might complain about consolidation (or ransacking) of your data by Big Corpo, there are compelling arguments for OAuth services. As a user its nice to reuse a common account (i.e. your Gmail or Hotmail address) across multiple services, instead of what would technically be a seperate account (but using the same email address) for each. For example, if you change your Gmail password, your password for all the services that use your Gmail account via OAuth are automatically updated.

As a Service developer OAuth is handy because a) its a convenience to your users and b) it means you don't have to implement annoying account/profile management features like facilities to reset your password, or change your email... or more likely the case these days, two factor authentication (what a pain!) – the OAuth provider handles all of this. All you have to do is integrate support for the OAuth provider.

And of course the #OAuth provider loves it (and $implements all of the account/profile management junk and 2FA) because they get to know even more about you; for example, you're now visiting Service – and how often – and they get to watch as Service accesses or changes your data. MMmmm. Yummy user profiling data lake synergies.

A problem arises however, when a user no longer wants to associate their account on Service with their OAuth provider. I have yet to see any Service that provides an Unlink my Google/Microsoft/OAuth account from THIS account feature.

Zoomed when I shoulda Zagged

My company (SmolCo) was recently aquired by a big conglomerate parent (Innitech). We had company #Zoom accounts. My Zoom account was tree@smolco.com and could log in with a password that I had direct control over. Our corporate email accounts were hosted Gmail accounts, so tree@smolco.com was also a Google account, but I had only used it as an email address for my Zoom account.

At some point however, I must have clicked – in accident, or I was in a hurry – on that Log In With Google button and logged in – inexorably linking my tree@smolco.com Google account via OAuth with that Zoom account.

So flash forward to our aquisition. My tree@smolco.com address has now changed to tree@innitech.com – this change happened automatically by our IT department, but it wasn't a migration within Google, we swapped hosting from Google to Microsoft – that innitech.com email is now an Office365 account (joy).

So log into Zoom now. IT switched our email accounts and IT controls our Zoom accounts, so surely the zoom account would also – no. Ok, log in using the old Google account. That works. Ok – the problem is the email address which we must change. Zoom –> Profile –> Change email address. Changed email address to tree@innitech.com.

Can't log in. It turns out that because the Zoom account is now linked to an OAuth account that has now been deactivated there's no way to log in – the OAuth redirect goes to a stale Google account and you can't log into the Zoom account to do anything about it – there isn't any thing there TO do anything about it.

So now my IT guy has to delete my Zoom account entirely and recreate it. Which, good thing I didn't have any meeting recordings or anything I wanted to save... :(

Well that was fast

Oh and another thing – Dear Software Service companies that have ticketed customer support: Stop grading your support techs on how fucking fast they close the tickets

On Thursday, I submitted this ticket:

2025-02-12 07:20:48 PST - Tree

hi - My company has been aquired and our hosted google accounts, while still available, are discontinued from use. Would like to unlink my google account tree@smolco.com from my zoom account and use only tree@innitech.com email for account login.

Clear, no?

2025-02-13 09:27:49 PST  - <Zoom Tech> comments
Hello,

Thank you for contacting Zoom Billing! We’d be more than happy to help you change the email associated with your account.

Please click the link below for instructions on how to changing the email on your account:

https://support.zoom.us/hc/en-us/articles/201362563-Changing-the-email-associated-with-your-account

While most mail servers receive Zoom’s email within a few minutes, some may take longer. If you didn’t receive a verification email, confirm that no-reply@zoom.us is allowed in your inbox and check your spam folder if you still can’t find the email.

Please let me know if you have any other questions. 

Thank you,

<Tech>

2025-02-12 16:53:25 PST - <Tech> comments
Case Closed. Transferred to: <case ID>s

Ok, so never mind the fact that it was closed Thursday afternoon before actually being “resolved” Friday morning, the article that Tech sent, wasn't very helpful, because under the section titled

How to change the sign-in email if you don't have access to the original email

it says:

If you no longer have access to your original email address to verify the change, learn what options are available to you based on your account type.

If you're on a Basic (free) account, you will need to create a new Zoom account.

If you're on a paid account, complete the following steps:

  1. Access the support request form.
  2. Next to Unable to access your account?, click Troubleshoot login issues. The chatbot will open and provide you with a list of options to assist you with changing your login email if you don't have access to the original email address.

Now, how tf does one think I wound up at the place where I submitted the request above?

Hi, I'm Zoe 🤖 Zoom's Virtual Agent. 

Zoom may retain your chat transcript to use for quality, training, and analysis purposes.

How can I help you today?

-----------

You  12:05 PM 
Change Login Email 

-----------

ZVA BOT 12:05 PM
Let’s change the email associated with your account.

Note: To change your email, you need a unique email address that is not associated with another Zoom user or account.

Do you still have access to your original email? 

-----------

You 12:06 PM
No

-----------
ZVA BOT 12:06 PM
If you can no longer access your original email address to verify the change, you can sign up for a new account or chat with a Billing agent.

.. and then gives you the option to chat with Billing Agent. So I just emailed support later.

Changelog

2025-07-28 – initial

 
Read more...

from Third Spruce Tree On The Left

From the This Is Why We Can't Have Nice Things department.

Sometimes, when I'm in a hurry and need to make a note or reminder, I toss it in a message to myself on Facebook Messenger. WhatsApp and most other chat platforms let you do this (they didn't always), and it's an underutilized feature.

But once I've done or actioned that thing (or moved it where it needs to be), I want to remove it from my talk-to-myself Msgr channel. It used to be that a remove/delete icon used to be in the little popup msg right there by each message (where the forward and react/emoji icons are) ALT:Facebook Messenger message menu showing "forward", "react" i.e. emoji/emote icon and a three dot overflow menu for the "other" things like "unsend"

but now it is hidden in the overflow (or ...) menu. Ok, so you unsend, and now you have this: ALT:Facebook Messenger - message delete confirmation showing "Do you want to delete this message for everyone or just yourself?"

I'm in a chat with myself. Who the hell am I talking to here? Of course I want to remove it for Everyone. Everyone is ME.

I mean, the more appropriate response would be to ditch this dialog entirely and simply have a Are you sure? prompt, but I get it; keeping this allows the same message handling behavior for all chats, regardless of the participant, and fewer test cases, etc., etc.

But come on, collapsing the confirmation dialog to a yes/no prompt if you're in a chat with yourself is a such a simple change, I'm a bit peeved they haven't done that.

function msg.delete {
 if (chat.participants.contains(currentUser) and !chat.participants.contains(!currentUser)) {
  msg.deleteShowSimpleConfirmation();
  }
 else{
  msg.deleteShowConfirmation();
  }
 }

And you know that the ticket is somewhere in the backlog at Meta. A junior dev has tried to submit that pull request a million times. It keeps getting shot down because the product manager wants to squeeze in more data mining (of your data) or AI slop because making software better for users isn't a revenue stream anymore.

I know, here I am complaining about a free-to-use software service (if you discount the value of your personal data being mined) for over 15 years... but still. Do you remember the days when the software just kept getting better and better?

Pepperidge Farms remembers.

What are you muttering about Grandpa?

And another thing! Back in my day, we wouldn't shove nine patches to production in the same week. That's just sloppy testing. We...

That's nice, Grandpa. Let's get you back to bed now.

Changelog

2025-01-02 – initial (oh yeah, here we go, forgetting it is 2025 and not 2024 every time you write a date)

 
Read more...

from Third Spruce Tree On The Left

From the Splainer-man not Man-splainin Dept.

If you want me to close the browser tab on something, all you have to do is mention cryptocurrency or blockchain unironically. I recently learned about DAOs and my eyes rolled so hard, right out of their sockets.

And you thought Nigerian prince scams were sad

I get asked about crypto and NFTs and the bitcoins all the time, but to explain in layman’s terms because none of my friends or family members are Computer Science/Engineering graduates. Every article that attempts to explain the topic will sortof talk about the blockchain, and maybe mention “proof of work” or “proof of stake”, “consensus mechanisms” but they don’t actually explain what those things are, what they actually mean. They just kindof wave their hands like “don’t worry about it” or “MAGIC” . And recently my son asked me to explain exactly what it is, so... here you go.

If you know of someone you love who has any significant part of their savings or retirement portfolio invested in anything to do with ANY cryptocurrency, perhaps you might want to slide this over to them to read.

TL;DR:

  • cryptocurrency / blockchain technologies have the potential of great promise – eventually
  • it’s not magic money that springs out of nowhere; not entirely
  • it IS completely unregulated and controlled (at the moment)
  • we’re still in the early days of this technology; any investment in crytocurrencies – or to a lesser extent, blockchain technology – is pure speculation; treat it like investing in a night out at the casino – you can make $$$, but can also (and likely) lose it all.

Cryptocurrency is dangerous crap for all the reasons it's proponents say it is the next thing since sliced bread. To explain to you why cryptocurrency is dangerous bullshit, I need to show you where it comes from – seemingly thin air. To show you that it magically coalesces out of thin air, I need to explain how it is produced, and that will take a little time. Then, we need to talk about financial economics and money theory for a bit. Then you'll throw your tapioca against the wall and fire up your fidelity.com account to make sure you're nowhere near anything crypto-related.

Blockchain Hocus Pocus would be a great band name

Suppose we have a series of transactions that we want to keep track of. Let’s call this the ledger. In the ledger of a bunch of financial transactions, – for example – if you want to make a transaction, it has to be done with the blessing of a central authority: the bank itself (or its computers). The problems with this type of ledger are:

  • there's one point of failure. Bank systems down? No transaction for you!
  • there's one authority. The bank disagrees with your transaction? No transaction for you!
  • there are only a few modes of access. Want to interact with the Bank? Have to use the Bank's apps, ATMs, branch locations or website.

Networked computers were supposed to help us get around problems like this. Back in the late 90s and early 2000s, the problem of not being able to download digital music, video, and files from central authorities was literally that those (websites/services) didn't exist yet. Or if they did, they were charging outrageous prices or crippling downloads with so much DRM it made the media unusable. So people created peer-to-peer file sharing systems like Napster and Limewire, and later on, BitTorrent software. P2P file distribution got around all 3 of our problems.

So what if we could have a whole network of participating computers manage, using peer-2-peer transfers, an open distributed ledger of data instead? A ledger of file transactions. A history of change edits, medical records, you name it.

Ok. So now we have a bunch of computers – nodes – all participating in our open ledger. If a node wants to make a transaction or add an event or a record to the ledger, it announces it to its peers, and the transaction/event/record slowly gets spread around the whole network. Depending on various internet-y things, it could take a while for announcements of transactions to get around. The order of transactions in YOUR local copy of the ledger might be different from the order in someone else’s. And how do we add new transactions to our ledger in a way that the record becomes indelible? How do we get everyone in the network to agree on the same version of history? How do we make it so noone can tamper with it?

Hashes are only good in data transfer and breakfast.

So we’ve collected together a bunch of pending, invalidated transactions from our peers. One way computers can make sure that transmitted or archived data doesn’t change over time is to calculate a checksum or a “hash” for a chunk of data. File transfers do this all the time. Before browsers and mobile clients started doing this automatically behind the scenes, and especially back when large files could be zipped or chunked into smaller bits, and you wanted to make sure each part was downloaded to transmitted properly, you could also download a checksum or hash file to go with each. You’d run a verification tool on your downloaded data, and if the hash it produced matched the checksum file, you knew your data was good. If not, you’d go download it again.

Note that a hash isn’t encryption. A hash is simply a characteristic fingerprint. The same hash algorithm run on the same data will always produce the same hash value. Always.

So, for any data, we can compute a hash; there are many types, but a common one is an MD5 hash, which represents a chunk of bytes as a 128-bit value. If I calculate an MD5 hash on the previous paragraph, I get the following:

e73435e3a4af75ce6466e5c8a0e5f119

If I remove the last period, the one after Always, the hash changes to:

21437c658fa3f6ff85a086a099b96d90

So what we can do is take a collection of transactions, or records (whatever our ledger is keeping track of) and make a bundle called a block. Then we calculate a hash using the data in our bundle, and by checking the hash value of the block, we can verify it hasn’t been monkeyed with.

If we include information about the previous block (its block ID, maybe ITS hash) along with the transactions in our block, we can effectively chain our blocks together – every block references the last, and so on.

So who gets to decide what the next block is?

We now have a block of transactions or records – these have been shouted out by nodes who are making or announcing transactions – and we have information about the previous block. Maybe we include some other data like the current time, or some randomly generated number too. Calculating the hash for our prospective block is relatively easy (for a computer that is).

What if we impose some arbitrary rules that the hash for our block has to adhere to? Maybe its hash value has to have 17 0’s in it. Maybe it has to start with six zeros. Maybe it has to have an even number of 1’s. Whatever. Now we’ve imposed a “difficulty” to hash generation. These rules are codified into the algorithm of the particular blockchain.

So, any node that is trying to define what the next block is now has to produce a hash that also meets some arbitrary criteria.

  1. calculate hash using block data
  2. Does hash meet the criteria? – yes: Yell “BINGO, i has next block!”
  3. no? Fiddle with block inputs, re-roll the random bits, and go to #1.

Depending on the difficulty, it could take many, many attempts to produce a hash that meets the criteria.

When a node DOES calculate a winning hash for ITS block, it literally shouts out and says, “Here’s my block! Here’s a hash that meets the criteria! I call BINGO!”. Then, a few other nodes (how many of which depend on the rules of the blockchain) double-check by ALSO calculating the hash for the block. This is called “validation”. If they agree, then the node who “did the work” gets the prize.

This is what you may have heard of as “proof of work.” The work here is coming up with block hashes that meet some arbitrary rules, which is computationally expensive. Note that to double check or validate the block’s hash is easy; you just have to do the hash calculation on the block’s content once, not thousands of times like the original miner did (because it had to find a hash that met all the criteria).

Without this proof of work, the decision of what the next block in the chain should be would come down to a consensus of all the participating nodes. If you can get all YOUR nodes, creating a majority (51%), to say, “No, no, the next block is THIS one” – which features a bogus transaction that benefits you – then you can game the system. Remember, there’s no central authority here; all entities participating in the blockchain participate equally.

Once a “mined” block is re-validated by enough peers, the network decrees: “THIS is the new block, and it contains THESE transactions that have now been validated”. The validated transactions are now considered immutable, fixed in stone, and accepted by all. Then, every node participating in mining throws its work on THIS block away, forgets about the validated transactions, and starts afresh with a new block of any remaining unvalidated transactions, and the cycle repeats.

How many miners are active on the blockchain and how many transactions are being made will determine how quickly your transaction is validated in a block on the blockchain. Depending on the blockchain algorithm, the mining pool and validation nodes participating at any given time, it could be a few minutes or it could be a few days.

Now we know what the blockchain is and what mining blocks is; in part 2 we discover where the moolah comes from.

Changelog

2024-10-10 – initial

 
Read more...

from Third Spruce Tree On The Left

A while ago I installed the minimalist RSS reader Yarr (Yet Another RSS Reader) here.

One of the things that appealed to me about Yarr is that you can tell Yarr to run at a specific port from the command line:

#!/bin/bash
/usr/local/bin/yarr/yarr -addr "<ip to bind to>:<port>" -auth <user name>:<user yarr pwd not their system pwd> > /var/log/yarr.log 2>&1

(as well as secure it with a password)

I wanted this because I hadn't set up any kind of reverse proxy yet. Well, now I have and it turned out to be a lot easier than I anticipated. I now host:

  • WriteFreely (blog – you're reading it)
  • Yarr – in fact I host 3 of them for family members
  • Navidrome – music streaming host (because haven't had success getting FunkWhale to work) got it working:
  • Funkwhale – tunez.awadwatt.com
  • Jellyfin
  • a pet project under development

all from the same host behind NGINX. Also, a side benefit to NGINX is that if I create a blanket subdomain LetsEncrypt certificate, NGINX can use/apply that certificate to everything it reverse proxies. So yay, Yarr gets HTTPs for free! (also handy: this solved the problem I had been having with WriteFreely not using my self-generated LetsEncrypt certificates, I could only get it to work with the ones IT generates if you enable auto-certs.)

Here's my NGINX config file (mildly redacted). Created with some help from the very excellent Nginx Configuration Generator:

server
{
	listen 443 ssl;
	listen [::]:443 ssl;
	http2 on;
	server_name awadwatt.com, www.awadwatt.com;

	# SSL
	ssl_certificate /etc/letsencrypt/live/awadwatt.com/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/awadwatt.com/privkey.pem; # managed by Certbot
	ssl_trusted_certificate /etc/letsencrypt/live/awadwatt.com/chain.pem;

	# security
	include nginxconfig.io/security.conf;

	# logging
	access_log /var/log/nginx/access.log combined buffer=512k flush=1m;
	error_log /var/log/nginx/error.log warn;

	# reverse proxy
	location /
	{
		proxy_pass http://127.0.0.1:7035;
		proxy_set_header Host $host;
		include nginxconfig.io/proxy.conf;
	}

	# additional config
	include nginxconfig.io/general.conf;


}

Basically each “service” that Im running on a different port will be mapped to a different subdomain server that NGINX will listen for and redirect. Carving out the access and error logs for each into their own dedicated files.

server
{
	listen 443 ssl;
	listen [::]:443 ssl;
	http2 on;
	server_name jelly.awadwatt.com;
	ssl_certificate /etc/letsencrypt/live/awadwatt.com/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/awadwatt.com/privkey.pem; # managed by Certbot
	ssl_trusted_certificate /etc/letsencrypt/live/awadwatt.com/chain.pem;

	include nginxconfig.io/security.conf;
	access_log /var/log/nginx/jellyfin.access.log combined buffer=512k flush=1m;
	error_log /var/log/nginx/jellyfin.error.log warn;
	location /
	{
		proxy_pass http://127.0.0.1:8096;
		proxy_set_header Host $host;
		include nginxconfig.io/proxy.conf;
	}
	include nginxconfig.io/general.conf;
}


server
{
	listen 443 ssl;
	listen [::]:443 ssl;
	http2 on;
	server_name navi.awadwatt.com;
	ssl_certificate /etc/letsencrypt/live/awadwatt.com/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/awadwatt.com/privkey.pem; # managed by Certbot
	ssl_trusted_certificate /etc/letsencrypt/live/awadwatt.com/chain.pem;

	include nginxconfig.io/security.conf;
	access_log /var/log/nginx/navi.access.log combined buffer=512k flush=1m;
	error_log /var/log/nginx/navi.error.log warn;
	location /
	{
		proxy_pass http://127.0.0.1:4533;
		proxy_set_header Host $host;
		include nginxconfig.io/proxy.conf;
	}
	include nginxconfig.io/general.conf;
}


server
{
	listen 443 ssl;
	listen [::]:443 ssl;
	http2 on;
	server_name yarr.awadwatt.com;
	ssl_certificate /etc/letsencrypt/live/awadwatt.com/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/awadwatt.com/privkey.pem; # managed by Certbot
	ssl_trusted_certificate /etc/letsencrypt/live/awadwatt.com/chain.pem;

	include nginxconfig.io/security.conf;
	access_log /var/log/nginx/yarr.access.log combined buffer=512k flush=1m;
	error_log /var/log/nginx/yarr.error.log warn;
	location /
	{
		proxy_pass http://famine:5000;
		proxy_set_header Host $host;
		include nginxconfig.io/proxy.conf;
	}
	include nginxconfig.io/general.conf;
}

And this bit just redirects insecure HTTP port 80 traffic permanently to secure HTTPS mappings above.

# HTTP redirect
server
{
	if ($host = www.awadwatt.com)
	{
		return 301 https://$host$request_uri;
		} # managed by Certbo
	}
	# managed by Certbot

	if ($host = jelly.awadwatt.com)
	{
		return 301 https://$host$request_uri;
	}

	if ($host = navi.awadwatt.com)
	{
		return 301 https://$host$request_uri;
	}

	if ($host = yarr.awadwatt.com)
	{
		return 301 https://$host$request_uri;
	}


	if ($host = awadwatt.com)
	{
		return 301 https://$host$request_uri;
		} # managed by Certbo
	}
	# managed by Certbot


	listen 80;
	listen [::]:80;
	server_name awadwatt.com, www.awadwatt.com, lists.awadwatt.com, jelly.awadwatt.com, navi.awadwatt.com,  yarr.awadwatt.com;
	#include     nginxconfig.io/letsencrypt.conf;

	location /
	{
		return 301 https://awadwatt.com$request_uri;
	}


}

Also shoutout to the NGINX config file Beautifier for making it look purty.

Changelog:

2024-04-18 – initial

 
Read more...

from wfootest

Heading 1 (must include space)

heading 2

heading 3

italics

bold text

  • bullet 1
  • bullet 2
    • sub bullet 2
  • bullet 3
  1. list1
    1. sublist 1
  2. list2
  3. restartnumber

image alt text

Sample Link to somewhere

quoted text l1 quoted text l2

this is code in backticks

this is gated multiline
code that should all be 
left alone even if it includes <div class="blah">formatting</div>
 
Read more...

from MetalSamurai

Writing Freely

A test, writing a basic blog entry on Write Freely, the Fediverse aware ActivityPub supporting blogging platform.

I have resisted learning Markdown. Primarily through apathy, but more recently as I’ve come to the realisation that Swartz and Gruber ignored longstanding existing conventions for marking up plain text with asterisks, underscores and slashes to come up with their own clunky, redundant format instead.

I will shake my fist at these kids and yell at them to get off my lawn.

 
Read more...