In case you're not familiar with it, Prometheus is a server app that gathers metrics in a database. Metrics that are then displayed in some specialized web app such as Grafana (the most popular for this usage).

I won't go into details of how to install prometheus, since this can be found in many places on the Web.

The JavaScript

Here's the JS code I've put on all my pages (in all.js at the top):

const worker = new Worker('/javascripts/worker.js');
worker.postMessage({ page: window.location.pathname });

and here's the content of my worker.js:

self.onmessage = async (e) => {
    const { page } = e.data;
    await fetch('/prom_collector.php', {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' },
        body: JSON.stringify({ url: page }),
        keepalive: true, // survives page unload
    });
};

BTW, why use JavaScript and not the backend (PHP) directly?

Because as you may know, we live in an era where bots who crawl web pages are legion. And those bots don't normally operate within the context of a (costly) headless browser. Some do -- like Googlebot -- but at the time of writing this, they don't execute workers, because that might be even costlier, for marginal gains.

In short, I want metrics about real humans visiting my site. Otherwise I would've used my Apache logs.

The PHP

Here's the PHP code (prom_collector.php) that's triggered by the worker.js:

<?php
/*
 * This page is requested by the javascript on tracked pages
 */

$db = new PDO('sqlite:' . __DIR__ . '/pageviews.sqlite3');

$json = file_get_contents('php://input');
$data = json_decode($json, false);

// Only execute this when deploying to a new site:
// $db->exec('CREATE TABLE IF NOT EXISTS views (page TEXT PRIMARY KEY, count INTEGER DEFAULT 0)');

$page = $data->url ?? 'unknown';
if ($page === 'unknown') {
  die("unknown page");
}
$stmt = $db->prepare('INSERT INTO views(page, count) VALUES(?, 1)
                      ON CONFLICT(page) DO UPDATE SET count = count + 1');
$stmt->execute([$page]);

echo json_encode(['ok' => true]);

And here's the code for the metrics.php page:

<?php
/*
 * Prometheus scrapes this page
 */

$db = new PDO('sqlite:' . __DIR__ . '/pageviews.sqlite3');
$rows = $db->query('SELECT page, count FROM views')->fetchAll(PDO::FETCH_ASSOC);

header('Content-Type: text/plain; version=0.0.4');

// Begin prometheus-formatted document:
echo "# HELP page_views_total Number of times a page was accessed\n";
echo "# TYPE page_views_total counter\n";
foreach ($rows as $row) {
    $safe = addslashes($row['page']);
    echo "page_views_total{page=\"{$safe}\"} {$row['count']}\n";
}

So, for each page that received at least one visit, we display the number of visits it got so far.

Prometheus

Finally, here's the config that I added to my prometheus.yml, under scrape_config:

  - job_name: 'juliendesrosiers_com'
    scrape_interval: 60s
    static_configs:
      - targets: ['juliendesrosiers.com']
    metrics_path: '/metrics.php'

Then, restart prometheus.

The rest is ClickOps:

1. login to your grafana
2. go to "Dashboards", then create a new dashboard -- if needed:
3. click "Add visualization":
4. choose "Prometheus" as the data source:
5. now, scroll down and click "Select metric":
6. you should find the page_views_total (see metrics.php):
7. select a label, if you want to group only for one site:
8. you can try the query by clicking "Run query", and if you're like me, you have many page in your site. So each of those get assigned its own color:
9. which of course should get crowdy pretty quickly. so let's add another operation, to aggregate those into only one metric (the total for all the pages):
10. "Run query" again, and you should now see something like this:
11. Make sure you save your work...
12. Take the time to give a proper name for this dashboard:
13. Now go back to your dashboard view and take a look. Nice!:

Downside of this approach

• As it is right now, it won't allow much more granularity, when you compare to tools meant for tracking visits, like Google Analytics. For example, adding viewport size and user agent wouldn't scale well here.
• I'm hosting Prometheus myself, so it's more expensive than using Google's solution. (Which uses Cookies, which would necessitate adding one of those pesky cookie acceptance popups)

In this post, we'll see how you can connect to that SSO using only one page of PHP.

The dependencies

Install these composer packages:

composer install stevenmaguire/oauth2-keycloak
composer install firebase/php-jwt

The code

Put this in your index.php at the root of your publicly-available web folder:

<?php

require 'vendor/autoload.php';

use Stevenmaguire\OAuth2\Client\Provider\Keycloak;
use Firebase\JWT\JWT;
use Firebase\JWT\JWK;

// error_reporting(E_ALL);
// ini_set('display_errors', 1);

ini_set('session.gc_maxlifetime', 1440);
ini_set('session.cookie_lifetime', 0);
ini_set('session.cookie_secure', 1);
ini_set('session.cookie_httponly', 1);

session_start();

$keycloak_base_url = 'https://sso.yourdomain.com';
$realm_slug = 'family';
$jwksUrl = "$keycloak_base_url/realms/$realm_slug/protocol/openid-connect/certs";
$provider = new Keycloak([
    'authServerUrl'         => $keycloak_base_url,
    'realm'                 => $realm_slug,
    'clientId'              => 'yourclient_id',
    'clientSecret'          => '[your secret here]',
    'redirectUri'           => 'https://yourdomain.com/index.php',
    'encryptionAlgorithm'   => 'RS256',                                       // optional
    'encryptionKeyPath'     => '/some/path/to/your_keycloak_privatekey.pem',  // optional
    'encryptionKey'         => 'contents_of_key_or_certificate',              // optional
]);

if (isset($_GET['action']) && $_GET['action'] === 'logout') {
  unset($_SESSION['access_token']);
  unset($_SESSION['decoded_jwt']);
  header('Location: /index.php');
}

if (!isset($_GET['code'])) {

    // If we don't have an authorization code then get one
    $authUrl = $provider->getAuthorizationUrl();
    $_SESSION['oauth2state'] = $provider->getState();
    header('Location: '.$authUrl);
    exit;

// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== ($_SESSION['oauth2state'] ?? ''))) {

    unset($_SESSION['oauth2state']);
    exit('Invalid state, make sure HTTP sessions are enabled.');

} else {

    // Try to get an access token (using the authorization coe grant)
    try {
        $token = $provider->getAccessToken('authorization_code', [
            'code' => $_GET['code']
        ]);
    } catch (Exception $e) {
        exit('Failed to get access token: '.$e->getMessage());
    }

    // Optional: Now you have a token you can look up a users profile data
    try {

        // We got an access token, let's now get the user's details
        $user = $provider->getResourceOwner($token);

        // Use these details to create a new profile
        printf('Hello %s!', $user->getName());

    } catch (Exception $e) {
        exit('Failed to get resource owner: '.$e->getMessage());
    }

    // Use this to interact with an API on the users behalf
    $_SESSION['access_token'] = $token->getToken();


    $token = $_SESSION['access_token'] ?? null;

    if (!$token) {
        die("No access token found. Please log in.");
    }

    // Fetch Keycloak's public key (JWKS)
    $jwks = json_decode(file_get_contents($jwksUrl), true);
    $keys = JWK::parseKeySet($jwks);

    // Decode & Verify the JWT
    try {
        $decoded = JWT::decode($token, $keys);
        $_SESSION['decoded_jwt'] = $decoded;
        echo "<pre>";
        print_r($decoded); // Token data
    } catch (Exception $e) {
        die("Invalid token: " . $e->getMessage());
    }
}

Make sure you set your own:

• $realm_slug
• $keycloak_base_url
• in $provider object:
  • the 'redirectUri' property
  • the 'clientId' property
  • the 'redirectUri' property
  • the 'redirectUri' property
  • (optional) the 'encryptionAlgorithm'
  • (optional) the 'encryptionKeyPath'
  • (optional) the 'encryptionKey'

Where to go from here

• As you can see, we don't persist the token we get from the OAuth2 service. So you might want to add some session + cookie persistence in there.
• You'll also want to do something else than simply print out the content of your JWT in your page.
• And add proper error logging instead of displaying everything to the users.

Server specs requirements

I'm installing this on Ubuntu 24.04.

Look at this page for more details. TL;DR: Have at least 2 vCPU and 2 GB of RAM for a start.

Installing Keycloak

First need to install the dependencies

Start here: https://www.keycloak.org/getting-started/getting-started-zip

Basically you'll:

# install software
sudo apt install openjdk-21-jdk wget unzip -y
# get keycloak
wget https://github.com/keycloak/keycloak/releases/download/26.1.4/keycloak-26.1.4.zip
unzip keycloak-26.1.4.zip
cd keycloak-26.1.4

# execute keycloak:
# WARNING: this is the development version of keycloak.
# DO NOT USE this in production.
bin/kc.sh start-dev

# When we're ready we'll use this instead:
# bin/kc.sh start

Now you cana take a look at your host, on port 8080: http://<your-hostname-or-ip>:8080

If you see something like this, that's a good sign:

But we won't do the bootstrap-admin command just yet. First, let's make our setup more production-ready instead.

TLS

You'll need a TLS cert, so get certbot for Let's Encrypt certificates:

sudo apt install certbot -y
# And since I use nginx:
sudo apt install nginx python3-certbot-nginx -y
sudo systemctl start nginx
# Now, confidure the certificate:
sudo certbot --nginx

When you're done setting up your certificate, you can terminate nginx since you won't need it anymore:

sudo systemctl stop nginx

PostgreSQL

It's also recommended that you use postgresql as a db for storing Keycloak's data. So let's install it.

sudo apt install postgresql -y

Then change the default password by doing this:

# open a postgresql client session:
sudo -u postgres psql
# then in your postgres client session:
ALTER USER postgres WITH PASSWORD '...';
# then to quit:
\q

Then connect with your postgres and create the database:

CREATE DATABASE keycloak;
GRANT ALL PRIVILEGES ON DATABASE keycloak TO postgres;
# then quit:
\q

Configure Keycloak

In the keycloak folder you unzipped earlier, you will edit the following file:

conf/keycloak.conf

And put the following (modified to suit your own info):

# Database
db=postgres
db-username=postgres
db-password=secret
db-url=jdbc:postgresql://localhost/keycloak_db

# HTTP
https-certificate-file=/etc/letsencrypt/live/yourdomain.com/fullchain.pem
https-certificate-key-file=/etc/letsencrypt/live/yourdomain.com/privkey.pem
https-port=443

hostname=yourdomain.com

Notes:

• Replace yourdomain.com with your actual keycloak domain name

• Also, Don't surround your db-password with quotes, or those will actually be part of the db-password. You can put anything after the = symbol, until the end of the line, and it'll be part of the password.

Start the server in production mode:

cd bin/
kc.sh start

To show the configurations:

kc.sh show-config

Now, you should be able to access to you domain, on port 8443 in your browser.

For example: https://yourdomain.com:8443 And it should display something like this:

which says among other things, to execute the bootstrap-admin command.

So, in another SSH session, we'll go into the keycloak folder that we downloaded earlier and do:

bin/kc.sh bootstrap-admin user
# and follow the steps...

Now, restart keycloak by going to the SSH session where you started the kc.sh start command, and do CTRL-c, to end the process. And now, do:

bin/kc.sh start --optimized

You should now create a permanent admin user.

Go to the Users section in the left menu.

Fill in the details. And create the user. Then go to the Role mapping tab at the top. Click Assign role. Click the "Filter by realm roles" button, and you should see admin and a few others appear. Select those, and click Assign.

Test your newly created user, and when you're satisfied, delete the temporary user you created previously.

Create your own realm

At the upper left, click "Keycloak - master". Then click "create realm".

Enter a name.

Click Create.

Add a client to this realm

Clients are applications and services that can request authentication of a user.

• Client type: OpenID Connect
• Client ID: (The client identifier registered with the identity provider.)
  Or if you use Keycloak as your IdP, enter anything you want here.
• Click "Next" (to Capability config)
  • Client authentication: if your client is a backend app, tick this to "ON"
  • Authentication flow: Make sure you check "Implicit flow", as well as "Standard flow" and "Direct access grants".
• Click "Next" (to Login settings)
  • Root URL: your hostname without the ending slash (https://someclient.com)
  • Home URL: your hostname with the ending slash (https://someclient.com/)
  • Valid redirect URIs: Something like: https://someclient.com/*
  • Valid post logout redirect URIs: +
  • Web origins: +
• click Save

Create yourself a new user

In the left sidebar, click Users, then "Create new user".

• Required user actions: it's really up to you, but if you create it for someone else, I suggest you choose "Update Password" or "Verify Email".
• Email verified: If it's for yourself, you can check this to "On" already.
• Username, etc.
• Then "Create".
• Now, go to "Credentials" tab and click "Set password"
• Enter your desired password, and if it's for you, again, you can check "Temporary" to Off if you want. Then "Save".

Conclusion

That's it!

In an upcoming post, I'll show you how you can log in to this Identity Provider (IdP) using PHP.

Fact: I need exo-brain (tech-)tools to help me make sense of complex things.

Here are some of them:

1. Kinopio

Kinopio is quite fun to use. Here are a few examples:

For philosophy

For political sciences

For linguistics

For collaborative brainstorming / moodboarding

A nice alternative to pinterest:

Credits to @tiff and @Liby: board's link

For mindmapping

2. Big-Ass Text File

One big, always open, big-a** text file.

The best metaphor I can find for conveying why this is such a great tool is this: your short term memory is like RAM.

But when the RAM gets full (depending on your IQ and how much sleep you had), a big-ass-text-file is where you can dump whatever is too much for you to efficiently remember for your work. It's your Swap file. And just like Swap, it's slow to write on and read from. But it can be convenient.

Because as humans, our brain is not always optimized to retain much data and it gets overwhelmed quickly if you give it too much.

I use Notepad++ for this. Mainly because I don't want to use the same text editor as I use for coding (VS Code + Vim, right now).

For me, it serves many purposes, among which:

1. a paste board for easy-to-recover snippets of code or data
2. a paste board for order confirmation numbers after purchasing stuff
3. a more comfortable (multi-line) place to edit throwaway-code like SQL queries or javascript to execute in the web console, or long bash commands when I'm too lazy to create script files.
4. a temporary place when someone gives me a bunch of project-related passwords, before properly storing them in my password manager.
5. a place where I paste long stack traces that need to be unwrapped for easier reading.
6. a place for writing long-form instant messaging responses outside of the non-standard web interfaces with inconsistent keyboard shortcuts.
7. a repository of fleeting notes that may become permanent notes in my zettelkasten

Some examples:

(a metasploit session for future reference)

(some dumped ruby object and an SQL query for a WordPress site)

Note: I try to put the current date every morning when using it, in order to find my notes by date later on, but this is not required, since you can have a sense of time due to the fact that the most recent content is at the bottom of the file (or the top, depending on your preference).

3. Big-Ass SpreadSheet

It's a variant of the BATF, but for tabular data.

The key factor to consider here is the cost.

You see, when you want to quickly dabble with tabular data, you normally...

1. open Excel
2. create a new spreadsheet
3. (want to save it?) navigate to the right place on your drive where you want it to be saved.

Now, with the B (Big-) A (Ass) S (Spread) S (Sheet) , those steps are just one click away: Click the + button in your (always-open spreadsheet software) to create a new sheet.

Boom: Tabular notes are now cheap!

🌼Create as many as you want.🌼

Some examples:

All those times you're doing cross-multiplication calculations:

Ad-hoc comparison lists:

(what book should I read next?)

Health log:

(As you can see, I have a somewhat non-existant sleep hygiene)

4. Joplin

Joplin is great for notes about specific topics and linking them together, and grouping them by tags and notebooks. Pretty much like Evernote.

But unlike Evernote, it has Markdown support and code highlighting. And it's free.

I use Joplin as my personal Zettelkasten tool.

(As you can see, I just started learning Vue.js 😅)

(My reading notes of Good to Great)

Conclusion

In order for a tool to be useful, it must be handy (at-hand). And I've found that the principles outlined in the book Atomic Habits are pretty helpful for this:

1. Make It Obvious (an always-open app is just that)
2. Make it Attractive (Kinopio is kinda attractive, don't you find? ;-))
3. Make it Easy (Stupid-simple to use, Obvious UX, Lightweight)
4. Make It Satisfying (It must do the job of storing things in a satisfying way. And it's pretty satisfying when you eventually find info that you need, by just CTRL-F'ing for it.)

Sometimes, I feel like I’m a self-help guru.

I mean, I know everything there is to know about self-help. Don’t believe me? Here is a pretty thorough list of things that are taught in 80% of self-help books. Note: This list has contradictions in it. This is because there are many opinions in the field of self-help and productivity.

• Have a "morning routine"
  • make your bed first thing in the morning
    • #QuickWin, #InstantGratification, #start-your-day-on-the-right-foot
  • avoid coffee and alcohol.
    • These substances generate dopamine in your brain, which breaks your craving for more natural ways (like exercise and meditation) of getting that dopamine hit.
  • don’t watch your phone first thing when you wake up. In fact, start your day in airplane mode.
  • do something with your body to get some blood in your brain and get some oxygen
  • take a cold shower (Iceman, we all know you by now)
• Meditate
  • Practice mindfulness meditation
  • Visualize your day. Visualize how you’re going to tackle your most significant task.
• Move your body
  • Take a walk
  • Practice a sport. Jogging, bike, whatevs.
• Start working
  • Ideally, you’re still in your “power hour” by now, which is the first hour of your day, while your brain is at its freshest state.
  • To determine the task to do, use the Heizenhower matrix
  • Break your tasks into smaller, more easily manageable sub-tasks
  • Find your one task that absolutely needs to get done today. Your most significant one. This is the “frog” that you’ll eat.
  • Use the Pomodoro technique to get going with your small sub-tasks.
• Eat a good, healthy meal
• Go to the cafe to focus
  • Your brain is antifragile to ambient noise as it helps your focus. But don’t drink coffee there!
  • Instead of coffee, take a cup of white tea. It’s good for your health. :-)
• Practice Deep work
  • Emails
    • Use the inbox zero philosophy
    • Open your mailbox only one or two times per day.
  • Avoid social networks as much as possible
• Manage your time
  • Use a calendar app, like Google Calendar
  • Use a todo list app, like Todoist
• Manage your physical space
  • Read Marie Kondo’s “The Life-Changing Magic of Tidying Up” and tidy up your space
    • Only have useful things or things that bring you joy, in your surrounding, at all times.
    • Throw away pretty much everything else.
• Sleep well and sleep enough
  • Have a bedtime routine
    • Go to bed at regular hours every night
    • Avoid screens 1-2 hours before bedtime
    • don’t drink too much
• Create your mission/vision statement
  • Start with your why
• Set goals
  • “If you don’t have a plan, you plan to fail”
  • Set S.M.A.R.T. goals
• Don’t set goals
  • “Everyone has a plan until they get punched in the mouth” -- Mike Tyson
  • Instead, have a system
  • A “system” is a context and a series of habits that you will follow that will lead you towards your vision
• Tell everyone about your goals, to create social pressure that will force you to reach your goals
• Tell yourself positive things every morning in the mirror. Your subconscious will conform to those words.
  • Avoid negative statements like “I don’t like fast food”, but instead, tell yourself “I eat healthy foods” (see Unlimited Power for more details)
• Think like the stoïc philosophers
  • Marcus Aurelius
  • Seneca
• Harness the power of compound interest
  • Learn every day
  • Pay yourself first by investing a bit every time you earn money
  • Automate the money from your paycheck to your investment account, so you don’t have to take the decision of saving/investing
  • Invest in yourself by reading at least 1h every day. Bill Gates, Elon Musk, Mark Zuckerberg, Oprah Winfrey, all credit their success to reading. What you'll learn will compound by making you more productive, and/or by making links to other things you'll learn in order to make your creativity more fruitful.
• Reduce useless thinking
  • By dressing the same way every day (like Steve Jobs and Mark Zuckerberg)
  • By hiring a Virtual Assistant (VA) to handle your emails and do some other mundane tasks
• Time is money, so set your personal hourly rate and respect it
  • If some task could be done as efficiently by someone else (like a VA) at a lower hourly cost than yours, then delegate it

Now, you could read books, but in the end, it’s only a matter of being convinced about the truth of these advice. This is why people like me read books anyway, and they become super enthusiast about them because it makes them understand why those advice work. And when you encounter the same advice over and over, you tend to believe them because there seems to be a consensus in the self-help community, if you will.

Conclusion

You then attain objective truth and get meaning out of life.

And you win at everything.

You're welcome.

Today, I received a FWD of one of those Google Search Console email reports.
That's great. Here's why:

0 page with first impression ?

There is still room for improvement.

Here, I can see what are the pages that receive the most traffic. As you can see, it's not much, but it's nevertheless from those points that we should work. It's nice to know that people look up portfolio client's info and land on our client's site.

That could be a good thing to measure in our analytics. Since that could even guide us towards how to select our future clients (are they popular?). But I digress...

That also means that if we're going to make a redesign for that page, it's going to be useful to make sure we setup some redirections from those URLs to the new ones, so we don't disturb incoming traffic coming from Google.

Here we can see the most popular keywords people use to get to that site. Again, if we're doing a revamp of that site, make sure those keywords still appear for the target pages we want people land on.

In our case, it's the name of the company, the market they're in (architecture), and the name of one of their clients.

This should be a good indicator for where to put some QA love ;-)

Even though our client is from Québec, we don't know how many of these clicks are coming from english-speaking parts of Canada. But it's good to consider serving your content in english as well. (And in our case, that's exactly what we're going to do ;-)

And here, that's interesting for us as we have a lot of content in the form of images. That means we have an opportunity here to put alt attributes on our images, to get more views in Google Image. :)

I picked up Colemak gradually by mostly using colemak.academy, for 62 5-7 practices, over 13 days.

I come from a QWERTY, ~42 WPM typing speed, that I got in 2005-ish, for my computer graphics design degree.

Now, I feel very slow with my current record time of almost 18 WPM, and it keeps getting faster. I only stopped using QWERTY, 4 days ago.

I still struggle mostly with the 'G', and to a lesser degree, with the 'U' (which is at almost the same location).

But my top accuracy % for now is of 98.24%. Which is still not enough in my opinion, since it still hinders too much my typing to remain into "the zone".

Update: two days after writing this post, I can now say that even though I'm still at 20 WPM, I no longer need my "system two" thinking as much as during the beginning of my learning.

Vim

I'm pretty minimalistic for now regarding my Vim setup, but it works for me so far.

Here is the part of my .vimrc that makes this move possible without much trouble:

" Navigation :
noremap n j
noremap e k
noremap i l
" End of word navigation :
noremap j e
" Next in search mode :
noremap k n
" l becomes the equivalent of i, for insert mode :
noremap l i

" Moving between splits :
noremap <C-w>n <C-w>j
noremap <C-w>e <C-w>k
noremap <C-w>i <C-w>l

The biggest thing to remember is that you'll no longer use the i key to enter into insert mode, but l instead.

NERDTree

In Vim, I need to be able to navigate through the folders of my projects, and since the 'e' key is now being used for navigation instead of 'k', and NERDTree is using 'e' to explore the selected directory, I need to override those:

let NERDTreeMapOpenExpl="E" " free up the 'e' key to be used for something else
let NERDTreeMenuUp="e"

Typing in french

With Colemak it is possible to type common french accents like:

• ç - with AltGr + c
• é - with AltGr + e
• à - with AltGr + r, then a
• ê - with AltGr + x, then e
• ï - with AltGr + d, then i

So for me, it replaces not only the English QWERTY, but also the French Canadian QWERTY layout, as I often need to switch between the two when working (which involves communicating in french and coding with my English US physical (mechanical -- more on that in another post) keyboard.

Conclusion

It's too early to say that I'm more productive with that layout, but so far I see a small but steady increase in speed. And I've noticed that it really helps getting good sleep because I tend to get my best performances in the morning.

After learning about Baserow on HN, I decided that I needed to write about that trend in the open-source/startups world, to create an alternative of X (SaaS) that is self-hosted, but also that you can pay to have hosted for you, if you're not technically inclined.

Here is a list of high-quality products that I've seen so far using that approach:

Honorable mention: Grav (CMS) is a great alternative to the already-open-source WordPress, which have been in a state of drama lately. I've been exploring Grav and quite liking it so far.

What's cool with many of those alternatives is that even though they offer a free self-hosted version that is open-source, they still offer their very own service to help monetize their project.

It helps getting market adoption, since there's no lock-in because you can (in most cases I think) always export the data to your self-hosted version when you want to manage your own instance.

1. There's a limit on how much you can scroll back in your console to see previous outputs generated by Docker compose.
2. If you deploy your services on many different servers, you need to chase logs on all those servers to debug your services.

Solution: Centralized logging

1. the remote logging service: papertrail.com
2. the logging driver: syslog

Here's how it works

I use Docker version 18.09.7, which means I can use the docker-compose version 3.7 syntax.

In my docker-compose.yml file, under the service I'm logging over to papertrail, I have a logging block, like this:

  logging:
    driver: "syslog"
    options:
      syslog-address: "udp://XXXX.papertrailapp.com:XXXX"
      tag: "{{.Name}}/{{.ID}}"

...Which looks like this, in the context of the service block:

  web:
    build: .
    command: bash -c "rm -f tmp/pids/server.pid && foreman start -f Procfile"
    volumes:
      - ./:/myapp
    ports:
      - "3001:3000"
    depends_on:
      - db
    env_file:
      - .env
    networks:
      - SM
    logging:
      driver: "syslog"
      options:
        syslog-address: "udp://XXXX.papertrailapp.com:XXXX"
        tag: "{{.Name}}/{{.ID}}"

BTW, you see that address (XXXX.papertrailapp.com:XXXX)?

When subscribing to Papertrail, it should give you a specific address just for you, like this (censored):

Just copy that address and put it after the udp:// part, in your docker-compose.yml config.

Run it!

Now, you should be good to go:

user@hostname:~/project-x⟫ docker-compose up
Starting project-x_db_1 ... done
Starting project-x_doc_1 ... done
Starting project-x_web_1 ... done
Starting project-x_ngrok_web_1 ... done
Attaching to project-x_db_1, project-x_doc_1, project-x_web_1, project-x_ngrok_web_1
db_1         |
db_1         | PostgreSQL Database directory appears to contain a database; Skipping initialization
db_1         |
db_1         | 2020-12-31 21:30:48.711 UTC [1] LOG:  starting PostgreSQL [REDACTED] (Debian [REDACTED]) on x86_64-pc-linux-gnu, compiled by gcc (Debian [REDACTED]) [REDACTED], 64-bit
db_1         | 2020-12-31 21:30:48.711 UTC [1] LOG:  listening on IPv4 address "0.0.0.0", port 5432
db_1         | 2020-12-31 21:30:48.711 UTC [1] LOG:  listening on IPv6 address "::", port 5432
db_1         | 2020-12-31 21:30:48.712 UTC [1] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
db_1         | 2020-12-31 21:30:48.727 UTC [25] LOG:  database system was shut down at 2020-12-31 21:22:08 UTC
db_1         | 2020-12-31 21:30:48.733 UTC [1] LOG:  database system is ready to accept connections
doc_1        | [Thu Dec 31 21:30:49.327421 2020] [mpm_prefork:notice] [pid 1] AH00163: Apache/[REDACTED] (Debian) PHP/[REDACTED] configured -- resuming normal operations
doc_1        | [Thu Dec 31 21:30:49.327605 2020] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
web_1        | WARNING: no logs are available with the 'syslog' log driver
ngrok_web_1  | + exec ngrok http '-subdomain=[REDACTED]' '-region=us' -log stdout web:3000
ngrok_web_1  | t=2020-12-31T21:30:49+0000 lvl=info msg="no configuration paths supplied"
[...]

See that WARNING after web_1?

This is "normal". Meaning, it should work anyway. (i.e. it's just a warning)

Now, take a look at your Events¹ page to make sure papertrail is receiving your logs.

You should see something like this:

Great success!

Here is a hands-on guide on how to make the most out of Monero for trading without giving up your privacy.

Concepts

Monero, like many other cryptocurrencies, has the following things:

• Miners: software for you to mine your own coins
• Pools: groups of miners that organize to distribute workload for hashing new blocks of the block chain. This gives you, the miner (as a person), the ability to get coins (parts of them) that are mined more frequently than if you were to mine on your own. Which is long.
• Wallets: You can have as many as you want. A wallet can be created from the GUI Monero app that you can get from getmonero.com.
  • It will create a private key (the thing that you keep private and NEVER share to anyone). This key is stored within a .key file, on your computer.
  • You will need to create a password. It must be strong.
  • It will give you a mnemonic so you can recover your wallet, should you lose it (this too, you NEVER share to anyone).
• Currency name: XMR. (like the BTC of Bitcoin)
• Blockchain: It is based on the Blockchain. So although it's not bitcoin, it's still based on some of the same basic principles of many (or all) other cryptocurrencies.

1. Getting a wallet

1. (On Windows) Temporarily disable your Virus Real-time protection, because Monero is recognized by antiviruses for being malware, since it's often installed on machines to mine coins for hackers who have taken control of machines. But in this case, everything is under your control, so it's safe to disable it. It will be reactivated in a few hours.
2. Download the GUI wallet for your platform: www.getmonero.org/downloads
3. Install the GUI Wallet app with all the default options:
   
   • 
   • 
   • 
   • 
   • 
   • 
4. Setup your Wallet:
   
   • 
   • 
   • 
   • 
   • 
   • 
   • 
5. (On Windows) you might want to exclude the following folders from being scanned by your antivirus:
   • Control Panel > System and Security > Security and Maintenance > Security > Virus Protection > View in Windows Security > Virus & threat protection settings > Manage settings > Exclusions > Add or remove exclusions
   • Add the following exclusions:
     • C:\Program Files\Monero GUI Wallet
     • C:\Users\[YOUR USERNAME]\OneDrive\Documents\Monero
       (OneDrive might not be there if you're not backuping your documents with OneDrive)

2. Purchasing XMR coins

The easiest way (to my knowledge) to purchase XMR coins is to use whatever online wallet you have like coinbase or others, to first purchase your bitcoins, with your normal credit card, then through an exchange such as Poloniex, trade your BTC (bitcoin) to XMR (monero), and then send your XMR to your local wallet (installed in the previous step).

Here is a short video on how to exchange BTC to XMR:

This gives you 2 advantages:

1. Ease of use: easy to buy crypto coins (no need for localbitcoins.com or things like those)
2. Privacy: still have a high level of privacy because your bitcoins will become XMR (monero) afterwards, which is pretty much untraceable (YAY!).

3. Buying things

Basically, you can but things in the same manner as you would with Bitcoins:

1. you need the destination XMR wallet address.
2. you write that address in your wallet, in the 'send' tool
3. you put a bit more money (see this page), just so the transaction doesn't take too much time to be processed.
4. (optional) choose a ring of at least 6 verifications
5. confirm, and wait for the verifications to be done, after which the transaction will be considered to be done. It usually takes about 15-20 minutes.

A note about Bitcoins

There are places that accept XMR payments, but there are a lot more places that accept Bitcoin, since it's more popular. In those cases, you can use xmr.to.

4. Mining

If you want to mine, you need at least the following:

• a mining software (a "miner")
• an internet connexion
• a CPU, or a GPU (in your graphics card)
• time
• power (kWh)

And most of the time, you will want to join a pool, so you don't wait super long for one XMR to be attributed to you. A pool will make it shorter for you to get paid some amount (calculated according to your contribution) for the mining that you provided.

When you use a pool, the mining software you'll use will depend on which one is supported by the pool you join.

But for example, if you join minexmr, which I tried, you will have to use XMrig. But see their info page for more info.

Antivirus Note

If you choose to mine XMR, you will have to exclude the location of the miner that you install, in your antivirus settings. Because otherwise, it will be flagged as a virus (yes, some people hack into other computers just so they can use their computer power for mining Monero. That's why).

Acknowledgements

Thanks to my friend Simon Proulx, who introduced me to this technology, and helped me grok some of the concepts and practices explained in this article.

I decided to try it for my Windows (10) machine. Here are my thoughts.

Things I don't like about fman:

1. Context menu is radically stripped down

This is huge for me. Like, I have no:

• 7-Zip option to extract zip the way I prefer ("Extract Here").
• Share options (Dropbox, OneDrive, etc)
• Git Bash Here (to open the current folder in the terminal)
• Open with Code (to open the current folder in VS Code)
• New [file], to create a file in the current folder (this is very handy to create new text files where I'm in). And directly open them in a text editor of my choice.

2. No way to preview image files

I often need to see which image I need in a folder full of images. At least in Windows File Explorer I can have a Large Icons view in which I can have a hint of what's inside. I'm used to be able to do this very easily on the mac (Finder) by just hitting spacebar, to Preview the file without actually opening an app to fully load it.

Previewing is not just for images, but PDFs too. It's very easy to be lost when all you see is a list of file names.

3. No way to see which volumes are mounted and available

This is too bad. I like to access my NAS or other mounted (encrypted) volumes, without remembering which Letter it was assigned by Windows.

4. No handling of High Contrast mode

For people with visual difficulties, it is nice to have an interface that use more contrast. It's not a big downer for me, but I find it lacks consistency on my setup since that's what I'm using. I quite like the minimalist & brutalist feel of Windows' High Contrast mode. Plus, it's easier for my old eyes. ;-)

Things I do like about fman:

1. You can easily tidy up and classify

This is the big win that fman gives: a quick and easy way to have a split File explorer with which you can move around files from one remote place to another.

2. Very useful fuzzy search to find files and folders

This makes it a breeze to go from one place to another without moving your hands off the keyboard (I love to use keyboard shortcuts for this reason).

3. More intuitive keys for navigating folders

Arrow keys are a much better way to navigate between folders than the File Explorer keyboard shortcuts that are a very awkward in comparison.

Conclusion

I don't regret buying it, but I will use the default File Explorer almost exclusively from now on... until a best alternative comes up for Windows.

So here's how to setup WireGuard on Ubuntu 20.04, and also, how to setup the corresponding WireGuard client on a Windows 10 machine.

Concepts

Keys

We'll use Keys (key pairs): Public and Private keys.

IP addresses

We'll see IP Addresses: Those of the VPN server, the computer where it's installed, and the DNS server used by the client. We'll use 35.174.118.17 in this tutorial, but please get the one that your server is using. To find it, simply do an ifconfig on your server, and look for inet, in the output.

Ports

We'll use a port, which is a kind of door to enter into a system. That door can either be open, or with a firewall, it can be "closed". We'll use the port 61951 throughout this tutorial, but it could be something else like 51820, or 54321. As long as it isn't used by another service on the server.

(network) Interfaces

A network interface is just a short name for a network entry, for a computer to communicate in a network. Interfaces have names that look like eth0, wlan, and such. You can see what I mean by doing an ifconfig on a Linux or macOS shell. It's the first part before the column :. For example:

ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 35.174.118.17  netmask 255.255.254.0  broadcast 35.174.118.255
        inet6 2001:19f0:4:2360:5402:3ff:fe0f:c619  prefixlen 64  scopeid 0x0<global>
        inet6 fe90::5402:3ff:fe0f:c619  prefixlen 64  scopeid 0x20<link>
        ether 56:00:03:0f:b6:19  txqueuelen 1000  (Ethernet)
        RX packets 1070983  bytes 786173353 (786.1 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1053635  bytes 803986773 (803.9 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

See that ens3? that's an interface name.

On windows, ipconfig is the equivalent command, but it's not showing that interface name. But it doesn't matter for us, as it is only the network interface of the server that we'll need.

On the (ubuntu) server

Pre-requisites for the server

• Ubuntu (20.04, which is an LTS) installed on that machine
• Root access to that machine

Before we do anything

Take note of your current IP address, by going at whatismyip.com in your browser.

Installation steps

sudo apt update
sudo apt install wireguard

Then, we configure the firewall (ufw) to allow traffic to go through the port 61951:

sudo ufw allow 61951/udp

The udp part is just another way of transmitting packets. Normally we use tcp, but in the case of VPNs, we usually want faster transfer, so in this case we use UDP.

Configuration

Note on the text Editor

You'll need to edit the /etc/sysctl.conf file, so you will need sudo and a text editor like nano or vim. If you don't know vim, I suggest nano. In this tutorial I will use nano.

sudo nano /etc/sysctl.conf

and then, remove the comment mark (#) before the net.ipv4.ip_forward=1 line.

Save the file, and exit the editor.

To apply the changes, do:

sudo sysctl -p

Now, we'll generate the keys for the server:

wg genkey | sudo tee /etc/wireguard/server_private.key | wg pubkey | sudo tee /etc/wireguard/server_public.key

Now, if you (sudo) ls inside /etc/wireguard, you should see those 2 files created. And since the private key is, well... private, let's secure it with this command:

sudo chmod 600 /etc/wireguard/server_private.key

To see the keys you just generated, do:

sudo cat /etc/wireguard/server_private.key
cat /etc/wireguard/server_public.key

Now, we'll create a file for wireguard configuration:

sudo nano /etc/wireguard/wg0.conf

And put that, for now (more to come later):

[Interface]
PrivateKey = oCH7Z0g+ieQ99KkkR1E5EO22Evs5q75F+ES4O4Oc93E= # The server_private.key value.
Address = 10.5.5.3/24 # Internal IP address of the VPN server.
ListenPort = 61951 # Previously, we opened this port to listen for incoming connections in the firewall (ufw)
# Change "ens3" to the name of your network interface in the following two settings. This commands configures iptables for WireGuard.
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE

You will need to change those values:

• PrivateKey value (oCH7Z0g[...]) to the one you'll find in server_private.key.
• The Address value, which you can find in the private network settings of your server dashboard. For example, on vultr, it would be in your instance's Settings tab, under the Private Network section. It's an address that look like this: 10.5.5.3. You'll also add /24 at the end of it.
• The ListenPort value (61951) is the same we talked about at the beginning. It's the port through which the VPN server will communicate with your client.
• In PostUp, and PostDown, you'll see ens3. Change that to the interface that you get when you do ip -o -4 route show to default | awk '{print $5}' on your server. For example, it could be ens3, so change that as needed.

You can now save and exit this file. And set the permissions on that file more tightly:

sudo chmod 600 /etc/wireguard/wg0.conf

And now, do this to start WireGuard VPN:

sudo systemctl start wg-quick@wg0

And run this almost identical command, to make the VPN server always start after a reboot of your server:

sudo systemctl enable wg-quick@wg0

the wg0 interface

Now, bring up the wg0 interface with this command:

sudo wg-quick up wg0

So now, if you issue ifconfig, you will see wg0 among the interfaces. Something like this:

wg0: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1420
        inet 10.1.96.0  netmask 255.255.240.0  destination 10.1.96.0
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
        RX packets 443061  bytes 88601148 (88.6 MB)
        RX errors 0  dropped 16144  overruns 0  frame 0
        TX packets 671392  bytes 739971080 (739.9 MB)
        TX errors 0  dropped 233 overruns 0  carrier 0  collisions 0

Note that it is no longer 10.5.5.3 but it has inet 10.1.96.0. It's normal. It also changed the wg0.conf to reflect that.

If you want to disable that interface, simply do down instead.

But if you want to change the configuration, you can do this after the change:

sudo systemctl restart wg-quick@wg0

On the client side (Windows)

1. Download the installer from https://www.wireguard.com/install/
2. Execute the .msi file that you'll get. And now you should see a WireGuard logo in your system tray.

Configuration

In the WireGuard Windows UI, go to the bottom Add Tunnel button, and select Add Empty Tunnel:

Next, you'll see this window, but with a different value for the Private Key:

This is your base configuration. You'll need to add a few lines here:

Address, and DNS. Like this:

[Interface]
PrivateKey = OCJx8Im1MyHvNRsrBR7bWWWmYUbDOQ5W/YQg2vA6KWA=
Address = 192.168.50.223/24 # IP address of the client's wg0 interface.
DNS = 1.1.1.1

The Address field is the IP that the VPN client's network interface will occupy. It must not be already in use. A good candidate for this IP can be the value of your main network interface (found in ipconfig in your windows terminal), and you add 1 to the last digit, just to make it different (i.e. not used). For example, I have this for my wifi interface I'm using on my windows machine:

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::ac40:f1f7:e086:9257%10
   IPv4 Address. . . . . . . . . . . : 192.168.50.222
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.50.1

So I took 192.168.50.223 (added 1 to 222), so the Address I will put on my configuration will be 192.168.50.223/24.

The DNS can be a public DNS IP that you can use for free. I suggest you take something like 1.1.1.1 (graciously offered by Cloudflare) or 9.9.9.9 (graciously offered by Quad9.

Now, after the [Interface] block, add another. The [Peer] configuration block:

[Peer]
PublicKey = uZik78EWgYCLQRMdG6k6QK0mzHFqfr4uhOEjPyXe5WE=
AllowedIPs = 0.0.0.0/0
Endpoint = 35.174.118.17:61951

PublicKey is what you can find on your server, in /etc/wireguard/server_public.key.

AllowedIPs can stay 0.0.0.0/0.

Endpoint is the public IP of your server, followed by the port number.

Recap of the client config file

Your client config on windows should now look like this:

[Interface]
PrivateKey = OCJx8Im1MyHvNRsrBR7bWWWmYUbDOQ5W/YQg2vA6KWA=
Address = 192.168.50.223/24 # IP address of the client's wg0 interface.
DNS = 1.1.1.1

[Peer]
PublicKey = uZik78EWgYCLQRMdG6k6QK0mzHFqfr4uhOEjPyXe5WE=
AllowedIPs = 0.0.0.0/0
Endpoint = 35.174.118.17:61951

Now make sure you give it an appropriate name so you remember what is this WireGuard instance (you can have many), and click Save. You should now see the new Tunnel's name in Tunnels tab.

Click Activate, and if you see a green shield icon with Active, next to the Status line, it means it worked. Now try to browse the web in your browser. If it doesn't work, try rebooting your machine, or reviewing the previous steps.

You can now go to whatismyip.com and you should see the VPN server's IP address instead of your own. Hurray!

Go back to the server

Once you're done with the client configuration, go back to the server configuration, and add a [Peer] block, after the [Interface] block, in /etc/wireguard/wg0.conf, so that it looks like this:

[Interface]
PrivateKey = oCH7Z0g+ieQ99KkkR1E5EO22Evs5q75F+ES4O4Oc93E= # The server_private.key value.
Address = 10.5.5.3/24 # Internal IP address of the VPN server.
ListenPort = 61951 # Previously, we opened this port to listen for incoming connections in the firewall (ufw)
# Change "ens3" to the name of your network interface in the following two settings. This commands configures iptables for WireGuard.
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE

[Peer]
PublicKey = AXZBCUqrlAGnt2jddHNu6ECQ0yp8mbQxPzefP6j8VCo=
AllowedIPs = 192.168.50.223/32

In this new [Peer] configuration block, we have this:

PublicKey, which is the Public key that was generated on your windows machine at the same time that you created your "Tunnel".

AllowedIPs is the IP of the interface that will be created by WireGuard on your local machine (the client). See above.

Endpoint is the real public IP address of your computer when it's connected to the web.

Now restart the server:

sudo systemctl restart wg-quick@wg0

And if you go to whatismyip.com in your browser, you should see your server's IP address. If so, it worked.

Otherwise, feel free to send me an email or a question on twitter.

Acknowledgements

I copy/pasted a lot of steps from that article from serverspace.us, for the server configuration steps, so here's some back-link for their SEO juice. ;-)

I also used that article for the Windows (client) configuration part.

Special thanks to Pascal Meunier, founder of Hivetek who told me about WireGuard, and who was kind enough to answer my questions on the subject.

I use a few tools in my day to day work as a Web developer. Here they are, in case you need some inspiration or ideas:

The OS

I use Windows. 10. Pro.

But I used to use macOS. I was using Macs since 2007, when I think the version was Mac OS X Tiger. It was the perfect thing. Actually, I think the perfect thing came with Snow Leopard. From then, it just kept moving in a direction I didn't like. With skeuomorphisms, among other things.

But since 2016 I am excited about deep learning (for CNN, more specifically) so I built a machine just for that, with Windows as the main OS. But I never actually used the CUDAs in my GeForce. Yet.

The software

Text editor

I'm a bit odd. I really have a thing for Vim, but my vim settings kindof stalled since about 2015. Now, I'm using Pathogen to manage my plugins, in a vimrc that comes with a dotfiles git repo I clone and initialize on all the machines I work on.

So Vim it is, for most of my code. Not GnuVim the UI app. Vim through an SSH session on the servers I work on. (Told you I'm odd!)

This is why I didn't customized much of my vim environment, except for syntax highlighting the programming languages I work on.

The programming languages

For Frontend stuff

• JavaScript/ES6. With no preprocessor. Except for when I worked on React projects, but it's less the case now since I've gone back to my comfortable habit of using jQuery and keeping it simple on the frontend.
• TypeScript, for a client project. I inherited that codebase. It's not bad. But it's certainly not a good idea for the use case I'm working on, which is a website (i.e. not a web app).

For backend stuff

• PHP
• Ruby (with a lot of Rails)
• Go
• Node.js

(in that order)

Databases

• When I can choose, it's PostgreSQL.
• When I cannot choose, it doesn't matter most of the time, because WordPress only works on MySQL-like DBs.

Devops

• Ubuntu or Debian distributions for the servers I develop on and deploy to. Developing through SSH on remote servers means 2 things:
  1. when I'm on the go, I can use a dumb netbook and connect through my blackberry-enabled wifi, fire a terminal and not worry about any kind of setup.
  2. It's always the same computer. With a real Linux installation (which in many respects is better than WSL).
• Docker + Docker Compose. I haven't checked on Kubernetes yet, but something is telling me I don't need that kind of heavy tooling just yet. So it's pretty simple.
• Heroku when possible, for the hosting. I know it's expensive, but so is my time.
• AWS can come handy for things like S3, lambda, and other things that one would need for (often prematurely) scaling.

GUI apps

• fman as a File Explorer alternative
• foobar2000 for playing my MP3s (no, I don't have a subscription to a music service. I prefer buying my mysic whenever possible)
• "git bash" for the Terminal
• Chrome, with Lastpass for managing passwords
• Affinity {Designer,Photo,Publisher}, by Serif, for graphic stuff. This is an awesome and cheap alternative to Adobe's dominance in that field.
• Office 365 subscription for Excel, Word and other things. I'm not so proud about that one, but it works well on Windows. And OneDrive comes with 1TB of storage, which is nice.
• Kdenlive for video editing.
• OBS Studio for video capturing.

Web apps

• Kinopio.club for linking ideas together.
• Pinboard.in for storing and managing my bookmarks.
• Airtable for playing with data and creating useful things with them.
• Todoist for keeping track of my todos.
• Brain.fm as my surefire way to get in the zone.

Misc

• Blackberry KeyOne. It's pretty good. I like the physical keyboard that only Blackberry seems to be doing these days. Again, I come from an Apple world, so I was used to having iPhones, but when I no longer needed to work on Macs, I gave it another thought. And the fact that it is on Android makes it just like any other phone in terms of capabilities.

A word about leaving Google

Like many people, I am concerned about the extent of Google's knowledge of my personal life, so I've taken steps to counter that:

• I use DuckDuckGo as my default search engine, even if quite a few times I need to prepend my searches with !g to get better results.
• I am using a mix of Proton Mail, Fastmail and Zoho Mail for more and more of my needs and subscriptions. But I've yet to completely get rid of my gmail. And it probably won't ever happen for many reasons.
• I am using Amazon Photo on my phone, instead of Google Photos for storing photos I take, to the cloud. Having a Prime subscription helps with that.
• I began using F-Droid as an alternative to Google Play store.

Things I still am looking for:

• A good alternative to Google Music for purchasing my music.

I am aware that I'm using solutions from big, and arguably equally monopolistic players as alternatives, but I think it's more practical this way, and there is still value in diversifying.

Postface

I wrote this blog post in Vim, through an SSH session on the Dreamhost server that is hosting this website. My "blogging engine" uses Markdown.

Here is the example

def main():
    foo = Base1()
    foo.base1()

if __name__ == "__main__":
    main()

Source: https://stackoverflow.com/a/20532554/242404

Explanation

There is a very nice article that delves into the details, but in short, __name__ is a special Python variable that contains the name of the currently running script. When the script in question is the current file, __name__ will evaluate to "__main__".

(Notice how Python loves __s. It's almost as if those names were snakes, creeping into your code.)

How I use it in Ruby (on Rails)

class Page < ApplicationRecord
  # some ruby code for my model
end

if __FILE__ == $0
  p = Page.find(1)
  p.testing_something
end

And in your terminal, all you have to do to run what's inside that last if statement, is to do:

rails runner app/models/page.rb

Boom. No need for a spec, no need for a rake task. Just one quick and dirty condition, right inside the context of your class. To me, this is quite nice, for those cases when I'm too lazy to take the time to write a full blown test case, but just see if something works, or not.

Here's how it went:

1. 2020-05-23: Chrome, while using Notion.so, crashed.
2. 2020-05-25: Firefox, while using Slack, crashed.

And when I say "crashed", I mean: no response. Even if I would wait for 1 hour. It froze. Hard.

The first freezing happened while I was using the version 440 of the NVIDIA driver for my video card. The second freezing happened while I was using the default one (can't remember but it was not far from the 440, but it was the default while installing the system).

The third problem that manifested itself a few days later has to do with the fact that I encrypted my home folder. There was the following error while booting:

cryptsetup: waiting for encrypted source device /swapfile
[...]
Initramfs unpacking failed.
Decoding failed.

That ended for me that latest experiment with Ubuntu.

Which us me to my...

Latest experiment (July 2020): Debian with KDE

I think I'm having more success now.

I installed Debian 10, the one that comes with KDE.

Some things I had to do that helped me:

1. Keyboard shortcut to display the Desktop

I use CTRL-ALT-D. This post showed me the way to do so.

2. Make Joplin work

The normal installation didn't work on my setup. According to This thread Debian 10 changed something recently that brought some compatibility issue with apps like Joplin.

To get around this, I had to modify the desktop shortcut I use for starting Joplin, and modified the command to add the --no-sandbox option at the end.

3. Redshift: to avoid blue light in the night (helps to sleep faster)

It's like f.lux, but Open source and works on linux. The funny thing is: I just realized while writing this post that f.lux was actually compatible with Linux.

So anyway, I grabbed Redshift and it does the job. And no need to pass longitude & latitude when starting it. It figures out by itself (according to my experience, at least).

4. (Only if dual booting with Windows) Avoid breaking the time on Windows

For some reasons, Windows and Linux don't manage time the same way. So unless you're lucky enought to live in the GMT time zone, you might want to take a look at that video that shows what changes you have to do in your system's registry (using Regedit.exe).

Conclusions

So far I'm happy.

I don't boot on Debian very often, but at least it's there. And it never crashed on my like Ubuntu did. Maybe it's due to the different desktop environment that uses my video card differently. I don't know.

But I figured I would try this more conservative approach, with a less bleeding edge distro, that is reliable and stable.

So far, I got Zoom working out of the box with my Logitech webcam (no driver installation needed), and my laser printer worked out of the box as well. That's pretty good already.

So far so good.

(Note: I am NOT responsible for the loss of your data. These instructions are only there to help you learn things.)

In Thunderbird, the profile stores two main sets of items. First, it stores your local mail, and possibly copies of messages that reside on the mail server (depending on your account configuration). Second, it stores any changes you make while using Thunderbird (for example, changes to account settings and changes to the toolbar).

— Source.

Finding your Profiles folder

If you need help with that, that article is useful.

Putting together a (bash) script

Then, you can create a script somewhere, that you will execute when you want to backup your Thunderbird profile.

I'm on Windows, so I'm going to use the $APPDATA environment variable that is available in the terminal. I'm using Git Bash's terminal.

This is the script I have done (named backup-thunderbird.sh):

date=$(date -d "today" +"%Y%m%d%H%M")
cp -R $HOME/AppData/Roaming/Thunderbird/Profiles //NAS/Backups/Thunderbird_Profile_Backups/Profile_$date

And I execute it like so (close thunderbird before doing so. otherwise it won't work):

$ sh backup-thunderbird.sh

I use a special folder in my NAS server to store the profile backups. But it could be anything you want, like a Dropbox folder, for example.

Restoring a backup

Let's say you reinstall Thunderbird on a new machine. The only things you need to do in order to restore your backup is:

1. Close Thunderbird, otherwise it'll break something.
2. (On windows) go to %APPDATA% (you can write it directly in the directory bar of File Explorer and it will go inside your %HOMEPATH% > AppData > Roaming). From there, go to Thunderbird > Profiles.
3. Then, you'll see 2 folders named like: [randomletters].default and [randomletters].default-release.
4. Remove the content your the destination's *.default-release/ folder.
5. You can then copy the content of your backup's *.default-release/, then paste all that into your destination's *.default-release/ folder.

I like to share my knowledge about tech. And one of the easiest tech to teach at a level where it can be used in the short term is HTML and CSS.

No high-level concepts. Just layout of documents with code.

Here is what I've done today, for 2 people who joined me on a Zoom meeting.

The result

What they got

• 1 hour of live coding action, where they could interrupt me to ask questions at any time.
• Access to the recorded video after the class
• Access to the resulting code
• Links and references to continue learning
• slides

If you are interested in having classes like this one, I offer 1-on-1 and group classes for subjects ranging from HTML to ruby programming, SQL and database modeling.

Ask me for a quote now.

(This post is a response to that post I found on HN.)

The currency we have right now on Twitter, Instagram and Facebook is reputation. There, it's manifested in the form of Followers. That's the very currency that Stack Overflow uses to grow and sustain.

It's "gamified". And the blogosphere needs that, too.

And in a way, blogs have that, but it's pretty much in the form of Reddit and HN and some other sites, where people get their karma fix by taking the time to read the blog post (upfront time investment), comment on it (risk losing karma) and then get their comment being liked (return on investment), which augment their karma (the reputation currency).

(Facebook does not have a Karma system like Reddit or HN has. But if it would, it would make the world a bit more like a certain black mirror episode of season 2.)

Why do you see coders put their reddit+HN profile links on their site? Because they want their reputation/karma/notoriety to follow them in real-life context, so it can be converted as real "notoriety currency". (people looking at their profile will say Gosh, this guy has 2000 points on SO and 4000 points on HN, he must be very smart or influent!).

So my guess is that the reason blogs still exist is because of sites like Reddit, HN, where people can get reputation (and not only knowledge) out of their reading. There's also something satisfying in the act of praising a good post with your friends. It's like watching a good movie and talking about how good it is with your friends.

And blogs also survived because it's still being viewed as THE most professional way of expressing one's opinions. It gives you "gravitas" by default, when you have your own blog, compared to having a Twitter / Facebook account like the "plebs" ;-) .

And you get the best of both worlds when you promote your blog posts on social networks.

So why not have a blog, then?

The features we needed

• Industry-standard encryption algo/level
• Cloud-based (We don't want the risky task of managing an on-premise installation for such a secure component of our internal cybersecurity)
• Ease of use
• Not too expensive (we're a non-profit)
• Mobile app with auto-fill feature integrated at the OS level
• Browser extension
• Audit log for every shared secret
• Groups of users auto-assigned to default permissions specific to collections of "secrets".
• Some flexibility with what we can store (at least blobs of text), but ideally stuff like identities and payment cards would be useful also.
• Sharing passwords to people without them being able to see their content, but still able to login with auto-fill.
• Organization-wide control over minimal password strength criteria.

Nice to haves

• Open Source (not so we can host it ourselves, but rather for the fact that the security is constantly being peer-reviewed by the community of developers)
• Linux GUI app
• API available
• CLI interface

Products we considered

• LastPass
• 1Password
• Dashlane
• Bitwarden
• Keepass
• Passwork

Show me what you got

Conclusion

We're currently pretty much settled on Bitwarden despite the fact that 1Password also was a really strong contender. But price gave the final word for Bitwarden this time.

Internet Relay Chat

WARNING ABOUT FREENODE:

This post refers to Freenode server. I now suggest that you use Libera chat that is the de-facto alternative, now that Freenode went nuts.

Concepts

• Protocol
• Servers
• Clients
• Commands

Protocol

IRC is an Internet Protocol, as specified in https://tools.ietf.org/html/rfc1459

Servers

IRC clients connect to IRC servers in order to chat in IRC channels.

IRC Servers form networks of servers:

Source: https://tools.ietf.org/html/rfc1459#section-1.1

For example, The Freenode IRC network is available through the following domain: irc://chat.freenode.net/

And you can see a list of all the servers associated to freenode's main IRC server, here: https://netsplit.de/servers/?net=freenode

Clients

There's a variety of IRC clients one can use to connect to IRC channels. The most popular is mIRC. In my case, I'm using HexChat on Windows.

Commands

IRC commands can be executed from within any conversation, and they do something that might or might not be outputted for everyone to see.

IRC commands are used to do things like:

• identifying to a nickserv (/msg NickServ identify <PASSWORD>)
• joining a channel (/join #channelname)
• quitting a channel (/quit)

And more¹

In practice

Now, since I'm mainly going to use IRC for talking about nerdy things (I'm working on Web-related stuff), then I'm going to connect to Freenode IRC network (that has many IRC servers) that hosts mainly FOSS-related IRC channels (chat rooms).

After having registering myself to the nickserv, I had to validate my email. So I received the following email:

Now that you have a user on that IRC network, you can /join a channel.

Here's the command to do so for the #wordpress channel:

/join #wordpress

Simple!

Looking for another channel?

/list

This command will open a window that looks like this (depending on your IRC client):

You can then enter a keyword to search through the list. In my case, I'm looking for a GnuPG-related channel.

So #gnupg looks like the place to go to!

Security

Now, you need to know that some people are logging conversations of channels they are logged into. And some of those people (often the case for open source-related channels) publish conversations (along with users' IP addresses) on the Web.

Now, you probably don't want your real IP to be listed on the Web, right?

That's when "cloaking" become useful.

You can get a cloak by asking your IRC network's #vHost channel, or on #freenode for example, you just go to the #freenode channel and ask a staff to give you a cloak that matches your current status. In my case, since I did not participate in any open source project, I can ask an unaffiliated cloak.

If you're not identified to the nickserv yet, they'll ask you to do so first hand.

SASL

Also, to make sure you're always signed in with your own nickname on the network you're connecting to, you need to configure your client so that it auto-connects instead of you always typing /msg nickserv identify ... each time.

Credits

Thanks to indomitable on Freenode, who helped me figure out and clarify some of those aspects.

Vidéo d'introduction

Table de matières

1. Le problème (insécurité des emails)
2. La solution (signatures GPG)
   1. Key pairs (privée et publique)
   2. Identités
   3. Key Servers
   4. Signature de emails
   5. Encryption de emails

Le problème

Imagine une seconde que quelqu'un veut se faire passer pour ton boss (ou autre autorité), afin de te faire faire quelque chose qui compromet la sécurité de l'organisation. Par exemple:

1. Il va sur https://lachapelle.me/contact/
2. Il trouve le email de David Pothier (le pasteur en chef pour qui tu fais du bénévolat): dpothier@lachapelle.me
3. Il code un script PHP ou autre, afin d'envoyer un email à un des programmeurs (toi) pour avoir des infos cruciales ("social engineering", baby).
4. Il a préalablement enregistré un domaine similaire à lachapelle.me, où il a créé une adresse email similaire à celle de David, où il recevra ta réponse.
5. Il exécute le script, et attend patiemment que ta psychologie faillible fasse son oeuvre.

Voici le script en question :

<?php
$to      = 'hello@juliendesrosiers.com';
$subject = "Besoin urgent";
$headers = 'From: dpothier@lachapelle.me' . "\r\n" .
'Reply-To: dpothier@lachapele.me' . "\r\n" .
'X-Mailer: PHP/' . phpversion();

$message = "J'ai une modification urgente à faire par un nouveau développeur
bénévole, donc si tu peux me donner le user et mot de passe pour l'admin du
WordPress de la Chapelle.

Merci d'avance de ta rapidité !

David";

mail($to, $subject, $message, $headers);

On exécute ce script, et voici ce qui apparaît dans notre boîte de réception :

Pourquoi c'est possible ? Parce que le protocole des emails n'est pas sécurisé à la base.

Avez-vous spotté l'erreur ?

Oui, le domaine (qui est fournis par le Reply-To) lachapele.me (un seul l) est disponible au moment d'écrire ces lignes, donc le hacker aura préalablement enregistré ce domaine, et ajouté un email dpothier@ à celle-ci. Donc si le destinataire répond, ça va envoyer à cette adresse-là, qui est assez similaire, qui est un hacker. Et ça risque de passer complètement inapperçu.

Parce que même David ne recevra pas ta réponse, parce que le Reply-To est différente, quoi que semblable.

Et pendant que tu es stressé à répondre promptement à un email urgent d'une autorité, la dernière chose que tu va checker c'est si le email de réponse est bien valide.

La solution

PGP : Pretty Good Privacy. À ne pas confondre avec GPG (GNU Privacy Guard), qui fait à peu près la même chose, mais est open source.

Key pairs

Des clés RSA, DSA, et autres algorithmes de ce genre.

Dans tous les cas, cette paire de clés est formée d'une clé privée et d'une clé publique qui y est associée.

La clé privée, biensûr, doit rester secrète, comme un mot de passe. Et la clé publique peut être partagée autant que nécessaire.

Identités

Une clé (constituée d'une version privée et d'une contrepartie publique) peut être associée à plusieurs emails (et facultativement, couplé du nom de son propriétaire), qui sont associées à une même personne.

Voici un exemple:

On peut voir par exemple que Francis a plusieurs clés qui sont assignées à plusieurs adresses emails.

Et Julien, pour sa part, a lié plusieurs adresses email à la même clé, parce qu'il considèrent qu'elles représentent la même identité/personne.

Key Servers

Pourquoi on a besoin des Key Servers ?

De la même manière qu'un ROOT Certificate Authority est nécessaire pour l'infrastructure de certificats TLS pour les sites Web, il est nécessaire d'avoir des serveurs qui servent à stocker des clés publiques, et à permettre à des gens de :

1. trouver la clé publique de quelqu'un afin de décrypter un email qu'il nous a envoyé, ou de valider que la signature est bien la sienne.
2. certifier qu'une clé est bien valide.

Pourquoi les Key Servers ne sont pas suffisants ?

Par exemple, si on regarde la clé PGP de Richard Stallman, on peut voir qu'il en a plusieurs, parce que des trolls ont trouvé drôle de créer des fakes.

C'est pourquoi il dit sur son site:

If you want to send me GPG-encrypted mail, do not trust key servers! Some of them have phony keys under my name and email address, made by someone else as a trick. See gpg.html for my real key.

C'est pas fou. Parce qu'en effet, n'importe qui peut créer des fausses clés et les uploader sur des key servers:

Et si ces personnes utilisent cette fausse identité (enregistrée et soumise au keyserver par quelqu'un qui n'est PAS Richard Stallman), elle va avoir son email apparaître comme étant signé par Richard Stallman. Seulement, ce n'est pas la bonne clé qui a été utilisée.

Exemple d'un email qui est valide, selon l'extension Enigmail dans Thunderbird:

C'est un peu comme si quelqu'un créait un site de fishing avec le vrai nom de domaine de ta banque, et bypassait ton routeur pour rediriger les requêtes de desjardins.com vers l'IP de son serveur de fishing, mais qu'EN PLUS DE ÇA, il avait un certificat SSL que ton browser voit comme étant légitime (petit cadenas vert dans la barre d'adresse).

Ça c'est la petite faiblesse de PGP. C'est pourquoi on a besoin non seulement des key servers, mais aussi d'une manière d'être sûr qu'un clé publique est bien celle de la personne qui nous contacte, et pas de quelqu'un d'autre.

C'est entre autre pour ça que Keybase.io (tsé, la compagnie que Zoom a acheté ?) a été créé; ça permet de partager sa clé publique, tout en prouvant, au même endroit, que c'est la bonne, via des preuves vérifiées par keybase, tel qu'un fichier que tu héberges sur github, un tweet qu'il a publié à partir de ton compte twitter, etc.

Ici on peut vérifier chacune de ses preuves, pour valider soi-même que la key fingerprint (9521 927B 5582 0DA2) -- qui est un hash de la clé publique -- appartient bien à LUI. Donc on peut lui faire confiance, et même télécharger sa clé publique pour l'ajouter à notre keychain (logiciel qui gère les clés de nos contacts de confiance).

Encryption des emails

TODO

Conclusion

J'espère qu'avec ces infos, vous aurez une meilleure idée de pourquoi PGP est encore pertinent aujourd'hui.

Et encore, je n'ai pas effleuré le sujet de l'encryption des messages, car c'est une autre des fonctionalités de PGP.

Remerciements

Merci à Pascal Meunier de HiveTek pour sa relecture et son feedback.