20 years of iMacs

Wow the time sure flies!

 

(Video in MPEG-1/Audio MPEG-2 care of JSMpeg).

I know it's terrible quality but finding video from these old Apple events seems to have been recorded on VHS, and then re-recorded using the 'best' video capture technology for under $100 of the era leading to some really poor quality.  Such is the internet I guess.

I didn't buy a first generation but I did have a 2nd generation 333Mhz green iMac to run OS X Server 1.0 ... Who wasn't excited for the prospects of the next millenium?

So Google is starting to ‘shame’ sites for not using HTTPS

Really?

So I guess we are at that point where I’m going to have to turn on https for all the other ‘shared’ services I have.  Old links should still work, just expect to be redirected.

Old machines, however… yeah I guess you guys just got cut out.

I just modified the crazy regex hell I have to patch up AltaVista / UTZOO so at least that ought to be working.  The source archive seems operational as well.  When everything is working, HAPROXY is freaking awesome.

 

Delivering WordPress in 7KB

I saw this over on Hacker News, and thought that trying out the susty theme from sustywp.com might be worth trying.

So, besides looking very different let me know how you think about the feel?

I’m just a little bummed out that this removes the Ultima banners.  On the other hand it sure does render PDQ.  But I don’t like how the colours clash, and I don’t see any user place to set the font colour or even what the highlights & link colours will be.

So in all likelyhood I’ll be reverting this, but in the meantime, here we are.

BBC releases its computer history archive

I thought it was somewhat worth mentioning that the BBC was releasing their old Computer Literacy Project Archive.  Although they for some reason never released any of their materials to the colonies and or territories, so although I’ve never seen any of this stuff, I’m sure others know far more about it.

I’m kind of surprised they didn’t keep this kind of thing up, although I guess after David Braben made it a priority again, and the Raspberry Pi was born, completing the cycle of the birth of Elite!

Unsurprisingly my adventure in containers failed. again.

I can’t catch a break.

2018-05-28 07:31:48 > [Sun May 27 23:31:46.625718 2018] [core:crit] [pid 17] (13)Permission denied: [client A.B.C.D:34944] AH00529: /var/www/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/' is executable
2018-05-28 07:31:48 > A.B.C.D - - [27/May/2018:23:31:46 +0000] "GET /wordpress/category/japanese-software/ HTTP/1.1" 403 570 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.50"
2018-05-28 07:31:48 > [Sun May 27 23:31:46.742137 2018] [core:crit] [pid 18] (13)Permission denied: [client A.B.C.D:34950] AH00529: /var/www/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/' is executable
2018-05-28 07:31:48 > A.B.C.D - - [27/May/2018:23:31:46 +0000] "GET /feed/ HTTP/1.1" 403 538 "-" "Tiny Tiny RSS/17.12 (4fa64e8) (http://tt-rss.org/)"
2018-05-28 07:31:48 > [Sun May 27 23:31:48.249140 2018] [core:crit] [pid 19] (13)Permission denied: [client A.B.C.D:35034] AH00529: /var/www/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/' is executable
2018-05-28 07:31:48 > A.B.C.D - - [27/May/2018:23:31:48 +0000] "GET /2014/05/ HTTP/1.1" 403 541 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.50"

Or even later on, trying to restart the container
2018-05-28 20:20:34 > Starting task neozeed-blog_webserver_web1.828b8c42-6271-11e8-bbc7-c22eda63b1bd
2018-05-28 20:20:37 > docker: Error response from daemon: VolumeDriver.Mount: {"Error":"open /dev/scinia: invalid argument"}.
2018-05-28 20:20:37 > See 'docker run --help'.
2018-05-28 20:20:46 > Starting task neozeed-blog_webserver_web1.8ae12f33-6271-11e8-bbc7-c22eda63b1bd

I swear this is such a crappy year for hosting…. I guess we’ll see how long this one lasts, lol

so here we go again.

Docker is going nuts after I had to reboot for some ‘critical’ update for something else.

Looks like it’s going crazy regarding ARP:

07:27:18.632243 ARP, Request who-has 172.17.0.4 tell 172.17.0.2, length 28
07:27:18.632275 ARP, Reply 172.17.0.4 is-at 02:42:ac:11:00:02, length 28

Of course the weird thing is that 172.17.0.2 doesn’t need to talk to 172.17.0.4 at all.

I keep getting this on the db server:

2018-04-11 9:11:30 139923730724608 [Warning] Aborted connection 4226 to db: ‘virtuall_wp152’ user: ‘root’ host: ‘172.17.0.3’ (Got timeout reading communication packets)

which of course is up the entire time.  restarting either the web server or the db server puts me up for seconds at a time.

So while I move stuff around, and get ready for a re-install of my base OS, as I can’t seem to figure out why the bridge has freaked out, if you can read this, then the sloppy.io container thing is actually working.  And at least on the surface, moving container persistent storage, along with a DNS update looks pretty quick.

1.1.1.1

So cloudflare decided to launch their own DNS, on 1.1.1.1 and 1.0.0.1 .  Apparently in a bid to fix global censorship.  I’m on the road, out of China right now, so I can’t test at the moment, but later in the week I’ll be back, and check out how the Great Firewall handles it.

I’m guessing this is another bid to increase their case for being a content neutral safe harbour, although their CEO personally screwed that up last year showing that they can and will police content when it suits them….  Talk about oops.

As always that is the consequence of speech, some people are really secret assholes.  Although by teyitr to go all cultural revolution on them, you end up not only making them maryters, but also prove that they cannot be countered with words, but only through censorship.

This to me is the scary consequence of everything being commercial, and the right of free association.  Even some moron who thinks the moon is made of cheese can still get mail delivery, but will they be able to work, open a bank account, get internet, or even get food?

I other news, dumping Facebook drops cortisol levels after 5 days.  Turns out that hippy paradise of everyone being able to instantly communicate and share is actually a living hell.

Dump Facebook, hit the gym, get a life.

Life moves pretty fast. If you don’t stop and look around once in a while, you could miss it.” — Ferris

Happy April fool’s day.

Update, turns out the DNS works from China.  Naturally none of the sites load.

 

$ nslookup
> www.google.com
Server: 1.1.1.1
Address: 1.1.1.1#53

Non-authoritative answer:
Name: www.google.com
Address: 69.63.180.173
> youtube.com
Server: 1.1.1.1
Address: 1.1.1.1#53

Non-authoritative answer:
Name: youtube.com
Address: 203.98.7.65
>

Fun with Docker

Well it’s not really all that fun.

SO… in the start of the year I had decided I didn’t want to play site admin all day, and went to a hosted platform.  Things went well for a few months, then things didnt go well with constant database issues.

Then we went down hard for over 24 hours.  I was going to move back, but then everything started to work again.  But things had been spiraling down to unusability again.

So instead of just making a big VM like I had done before , I thought I’d try using Docker to host my website, with a few containers, namely each tier separate.

And oh boy does everyone love edge case docker stuff, but when it comes to actually moving something *INTO* docker, its basically you are on your own.

So yes, the http-https redirect is brokenMy categories are all missing. lots of stuff is busted.  And the supergloblamegacorp.com redirect stuff is missing. I’ll have to re-create that one after I get more stuff sorted out.

I haven’t given up yet…

Half of the fun was setting up the haproxy container, which in itself wasn’t so bad, although some times it wouldn’t pick up any config file changes, so I had to destroy it a few times, but naturally once I ask someone to look, and it’s working fine now.

So for the hell of it, here is my haproxy.cfg


global
maxconn 256
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms

frontend http-in
bind *:80
bind *:443 ssl crt /etc/haproxy/haproxy.pem
http-request set-header Host virtuallyfun.com if { hdr(host) -i virtuallyfun.superglobalmegacorp.com }
http-request set-header Host virtuallyfun.com if { hdr(host) -i superglobalmegacorp.com }
redirect scheme https code 301 if !{ ssl_fc }
mode http
acl host_virtuallyfun hdr(host) -i virtuallyfun.com
acl host_virtuallyfun hdr(host) -i virtuallyfun.superglobalmegacorp.com
acl host_virtuallyfun hdr(host) -i superglobalmegacorp.com
use_backend virtuallyfun if host_virtuallyfun

backend virtuallyfun
balance leastconn
option httpclose
option forwardfor
reqadd X-Forwarded-Proto:\ https
server node1 172.17.0.3:80

I wanted to use Let’s Encrypt to ‘secure’ access to the domains I have, and running the certbot manually…. in a ‘dry run’ I always got this fun and informative error:

NewIdentifier : ACMESharp.AcmeClient+AcmeWebException: Unexpected error
+Response from server:
+ Code: BadRequest
+ Content: {
“type”: “urn:acme:error:malformed”,
“detail”: “Error creating new authz :: DNS name does not have enough labels”,
“status”: 400
}

Which of course got me absolutely nowhere searching.  I thought it may be docker screwing things up, so I shut it down, and fire up an old fashioned standalone copy of Apache, and run the following:

certbot certonly –dry-run –non-interactive –register-unsafely-without-email –agree-tos –expand –webroot –webroot-path /docker/wordpress/html –domain virtuallyfun.com –domain virtuallyfun.superglobalmegacorp.com –domain superglobalmegacorp.com

And get the same result.

I get to the point of absolute frustration, and just decide to forget the dry run all together, as I know I can run it at least 5 times a day before I get banned, for a while, but maybe I’ll get something more useful.

# certbot certonly –non-interactive –register-unsafely-without-email –agree-tos –expand –webroot –webroot-path /var/www/html –domain virtuallyfun.com –domain virtuallyfun.superglobalmegacorp.com –domain superglobalmegacorp.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for virtuallyfun.com
http-01 challenge for virtuallyfun.superglobalmegacorp.com
http-01 challenge for superglobalmegacorp.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/virtuallyfun.com/fullchain.pem. Your cert
will expire on 2018-06-26. To obtain a new or tweaked version of
this certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run “certbot
renew”
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Except it actually worked.

Creating the needed haproxy.pem is simple as:

cd /etc/letsencrypt/live/virtuallyfun.com/
cat fullchain.pem privkey.pem > /docker/haproxy.pem

To put the needed key along with the certs.  Naturally when this expires I’ll have to scramble to figure out how I did this.

Managing docker is fun as well. I went ahead and tried out portainer.io, which  naturally deploys as a container.  And it can manage remote servers, which I though was a plus as that means I could deploy it in my office, then simply connect to my server.  But that is where I found out that the config files for Debian are hard coded to always listen on a local socket, which breaks setting the proper JSON file to tell it to listen on a socket, and TCP/IP.  So just edit /etc/systemd/system/docker.service.d/docker.conf and either hard code it all there, or remove it from there and place it in /etc/docker/daemon.json

As always documentation is conflicting and all over the place.

My current feelings about docker…