# local

Stuff posted in this site by me.

## I’ll stick to regular cow’s milk, thanks

What actions has Oatly taken that would make us trust them? They’ve built an incredible marketing engine and raised 100s of millions of dollars convincing you that you should put sugar and vegetable oil into your coffee each morning, while hand-waving away evidence that they’re harming you.

I personally prefer my coffee without oil but if other people want to do that to theirs, sure, go for it.

## dafuq does RSS even mean, seriously

We rely heavily on RSS to find things to read and keep up with The Noise on the Internet. We also tend to shun newsletters cos RSS is a much better tool for them and en’t nobody got time for yet more email.

We’re aware of other initiatives like JSON Feed but they require re-implementing RSS into something else. Maybe the solution is an evolution of what the protocol currently is?

Start with a proper name for the protocol though. Bonus points if someone figures it out how to make it recursive.

## Gimme da (expensive) power

Although Fully Homomorphic Encryption makes things possible which otherwise would not be, it comes at a steep cost. Above, we can see charts indicating the additional compute power and memory resources required to operate on FHE-encrypted machine-learning models—roughly 40-50 times the compute and 10-20 times the RAM that would be required to do the same work on unencrypted models.

Acquiring and maintaining this much computing power for FHE workloads is fucken expensive and that’s before you even start thinking about energy requirements for running this hardware and then cooling it.

Intel and AMD will be chomping at the bit to make us all buy new hardware though.

## Y ora pa’onde?

No policy, though, would be able to stop the forces — climate, increasingly, among them — that are pushing migrants from the south to breach Mexico’s borders, legally or illegally. So what happens when still more people — many millions more — float across the Suchiate River and land in Chiapas? Our model suggests that this is what is coming — that between now and 2050, nearly 9 million migrants will head for Mexico’s southern border, more than 300,000 of them because of climate change alone.

Source: Where Will Everyone Go?

Mientras esto es lo que un modelo computacional prevee el Peje no quiere que le pregunten de nada a menos que sea sobre el avion.

Como emigrante leo esto y siento acongoje por el futuro que nos espera a todos. Mientras tanto, La Bestia sigue su implacable marcha.

## The successor to “security theater” is here!

COVID-19 has reawakened America’s spirit of misdirected anxiety, inspiring businesses and families to obsess over risk-reduction rituals that make us feel safer but don’t actually do much to reduce risk—even as more dangerous activities are still allowed. This is hygiene theater.

## Go explore, Sergeant

Daily strip for Saturday 25 July 2020

I might just go re-read Schlock from the start. I know we’ll see everyone pop up from time to time. They do need a break after saving the known universe.

## I want a drink and it’s not even 0700 yet

On this here blog I use a few things to help secure everything down and avoid issues, namely, nginx location blocks disallowing access to resources, fail2ban tracking nginx logs to prevent people hammering server or trying to do improper things, and the “Limit Login Attempts” WP plugin.

A combination of all these broke access with the wordpress mobile app. Ended up having to disable the wordpress fail2ban jail and altering some of the nginx directives.

This is going to be a pain in the ass to debug cos the wordpress app doesn’t have any kind of proper error messaging, urgh.

## Huawei Hacked My Laptop? « Sunburnt Technology

At the end of the post the author does say:

I’m giving Huawei the benefit of doubt on this one. As a commenter suggested, it is probably a hack to run the GUI as root.

But we still have a problem with hardware manufactures thinking “oh we can just use root for everything and it’ll turn out alright!”, because they’re not familiar with the platform.

This is one instance where Microsoft was able to impose order and open source desktop environments need to start thinking about doing so, too.

## Another attempt at a note-taking workflow

In a previous post I mentioned one of the tools I use is Wiki.js. It was a great thing to learn how to set it up but… I was never entirely happy with it:

• Not that customizable yet.
• The update process is a total pain in the ass. They want you to use Docker and this ‘ere server can run it but performance wouldn’t be that nice.
• On mobile I have to depend on the vagaries of whatever browser I’m using (Firefox) so I don’t get that good of an editing interface.
• This is a private repository of knowledge so if it turns out wiki.js has a security issue my wiki is now at risk until I go through the pain of updating again.

So that’s that. I’d been playing with vimwiki since it’s text-based. After a bit of playing I was able to make it work nicely on the gVim instance I run on the Windows 10 desktop and the Ubuntu instance I run in WSL.

The mobile side of things was immensely helped along by Epsilon Notes, which blows iA Writer completely out of the water. Along the way I tried using Joplin which at first glance seems awesome but then you run into this issue:

Yes, I get the logic of completely unique filenames but it also means that I’m locked into the app. This is something people have complained about as it defeats all efforts at interoperability. I mean, these are fucken markdown files. And this is an open source app!

Oh right, it also uses its own WebDAV connection to the Nexcloud instance, so slow your roll.

So back to Epsilon. It’s got a few goodies:

• Line numbers
• CommonMark is the default markdown dialect.
• It’s native to Android.
• Let’s you use front matter for tags but doesn’t require it. I personally don’t care for it.
• It sets up its own folder in the device filesystem which you can then sync with Nextcloud.

## The workflow

All right, so this is what I have right now

### vim/gvim

Assuming there’s already a working Windows gVim instance, a working WSL installation, and a working Nextcloud desktop client:

1. Setup vim with vimwiki.
2. Configure vimwiki to store its files in a directory being synced by the Nextcloud desktop client. For the sake of simplicity and avoid changing my .vimrc file unnecesarily in WSL/ubuntu I symlinked ~/vimwiki to the appropriate directory in Windows; this way the _vimrc file in gVim could remain the same. Using either vim instance gets me to the same location.
3. Create your vimwiki index file: <Leader>ww, and save it. It should get picked up by Nextcloud.

### Nextcloud

Using the web interface or the Android client, mark the vimwiki folder as a favorite so Nextcloud keeps it synced at all times. I don’t think there’s a way to do this in the desktop client yet.

### Epsilon Notes

Assuming there’s already a working Nextcloud app

1. Install Epsilon from the Play Store.
2. Tap the folder icon on the top right and navigate to /storage/emulated/0/Android/media/com.nextcloud.client/nextcloud/USER@HOST/vimwiki/. If you have multiple Nextcloud accounts on the same app you’ll see all of those listed with a USER@HOST folder each and you can just jump between folders.

Another way of doing this is setting up custom folders but I think doing it this way makes for a simpler configuration. It’d probably be really useful you have multiple vimwikis or multiple Nextcloud accounts though.

### Bonus: Servers

I have a couple of boxes that run headless and I also wanted to have my notes available on there. There isn’t a terminal Nextcloud client but I found Rclone. I could have used cadaver but Rclone is designed specifically for cloud file storage:

These instructions worked under my Debian 10 install:

1. Install rclone and fuse3: sudo aptitude install rclone fuse3.
2. Configure Rclone with rclone config. Documentation.
3. Create an Rclone mount with something like
rclone --vfs-cache-mode writes mount NEXTCLOUD:/vimwiki ~/vimwiki --daemon


Which assumes NEXTCLOUD is what you named the remote configuration, your vimwiki directory lives at $HOME, and you want the connection to remain alive until you decide to stop it manually. The --vfs-cache-mode writes flag will enable some amount of caching. Documentation. 4. At this point you can access your vimwiki as if they were on the local filesystem. ## Fucken awesome amirite SO now we have wiki-like notes that can be edited on desktop, mobile, or server, using whichever editor you prefer. Another bonus: You’re not locked in to anything. I could edit notes on desktop with Notepad++, Sublime Text, or Atom. On mobile you can edit them with whatever text editor you end up with. On a server you can edit them natively with whatever you have at hand. And in the sad event you don’t have anything you can still access them through the Nextcloud web interface. They even got a markdown editor but I’m not sure what dialect it uses. The only thing I dont have anymore is a nice clean way to print these notes but this is where pandoc and a print.css file should be useful. If worst comes to worst I can always paste something into LibreOffice and just change the styling that way. Another thing I’ll have to change is how I search for things but since I do have access to the terminal I can always resort to grep if worst comes to worst. ## Extras I did have a few things that led me to try and avoid using web interfaces for this • The Website Obesity Crisis. Comments on reddit and Hacker News • The reckless, infinite scope of web browsers • I tried creating a web browser, and Google blocked me • Browser bloat has been a problem for a long, long time now. • The proliferation of browser-based text editors (StackEdit, Dillinger, Editor.md, WordPress) that try to do too much and they end up falling flat on their face cos nothing beats the responsiveness of editing locally. • The flipside of the above is I can use editors native to each platform. This post was typed on vim, then pasted into WP, for example. This makes for a much, much nicer editing experience specially when doing long-form text or to-do lists. • Avoiding lock-in. It was a drag to move from one platform to another and paste everything manually, cos all of these tools depend on locking you in. • Security. My Nextcloud instance is exposed to the Internet but I can always implement more things cos I control the network, the hardware, and the operating system. • Other people who were also on search of a good editing experience, like this, or this. • Easy migration of mark-up. I’m trying to use editors that support CommonMark since that way I can always be more or less sure of how something is going to look if I export it elsewhere, and I have the freedom of switching to something else like ReStructured Text or AsciiDoc, which I have considered. I’m super excited about this. My notes en’t locked in anywhere and they’re all in plain-text, which is the only thing guaranteed to not change in the next 20 years, ## “you can have backwards compatibility with the 1990s or you can have sound cryptography; you can’t have both.” Cryptography engineers have been tearing their hair out over PGP’s deficiencies for (literally) decades. When other kinds of engineers get wind of this, they’re shocked. PGP is bad? Why do people keep telling me to use PGP? The answer is that they shouldn’t be telling you that, because PGP is bad and needs to go away. Source: Latacora – The PGP Problem I knew PGP was bad and had avoided it cos I knew of its eldritch complexity of integration but I didn’t know about the rest. Figures that Thunderbird is planning on integrating it as a built-in function. They should probably use something else, methinks. ## Lapas con rifles Ahora con eso que el mugre peje no quiere confrontación de cualquier clase con los carteles, que pueden hacer las empresas? Si los empleados hacen algo mal, los matan. Si la empresa hace algo mal, la balean o secuestran. Mientras tanto los costos de energía siguen y siguen. Mal asunto de cualquier forma que se mire. ## It en’t better for Win or Mac or BSD either The Linux Community: A Corporate controlled committee of people who don’t use Linux and dislike ideas. Source: Linux Sucks 2020 – YouTube It’s funny because it’s true. ## Locked out? Good luck Let’s build and configure a minimal SSH bastion host (jump box) from scratch, using Ubuntu 20.04 LTS. Source: DIY SSH Bastion Host This is all well and good except for the bit where the author is clearly invested in using the cloud (i.e. other people’s computers) to run your own infrastructure. What happens when google locks you out? Or when amazon decides to do the same. Same concern goes for Azure, or any other cloud provider. Good luck fixing any of that without having to tear down a lot of your own work just to be able to be useful again. I get it, from a developer point of view setting it like this means it’s easy to plug into projects, but from a sysadmin point of view it means you’re going to shoot yourself in the foot sooner rather than later, specially if you missed a little onfiguration detail that lets your server wide open for takeover. ## Thinking Tools: July 2020 It’s been a long while since that last post I did and my setup has changed a lot: ## Web services • This site, which I’m trying to update more often with links and blog posts I find interesting. It’s going much better after I installed the WP Editor.md plugin to enhance the plain editor. The gutenberg editor sucks ass. • Nextcloud. I’m running my own instance to replace Dropbox, which I didn’t like the last time. Got the desktop client installed and it’s working quite nicely. • Twitter is still my social media network of choice. I’m using tweetdeck on the desktop • Feedly is still my RSS reader of choice but I’m looking around for a replacement that works across all my devices and it’s pretty to look at. Now that people are starting to move away from centralized social networks again there should be some movement in this space. • I’m running my own wiki using Wiki.js, which I’ve blogged about. This will probably merit another couple blog posts of their own specially now that I found vimwiki which could potentially run inside my Nextcloud instance. ## Actual applications installed on my desktops and laptops • For messaging I’m now using Ferdi, a fork of Franz, to run most of my instant messaging needs. The great exceptions are Slack, Discord, and Signal; I discovered I work better when they have their own app instances running but when Signal offers a web interface I’ll probably fold it into Franz. • Spotify. Thinking of replacing it with a self-hosted option. I miss my graded playlists. • KeePass is still my password manager of choice. • Firefox. Mozilla keeps trying its best to kill all low-level functionality. This is easily the program I fuck around with the most, going from extensions to custom userChrome files. • Windows Subsystem for Linux. Much less of a pain in the ass than running a VirtualBox VM depending on what you’re doing. Using wsltty as its terminal. There are some single-purpose utilities I’ve discovered in the interim that are extremely useful for working in Windows 10. ## Mobile applications (Android) • The usual instant messaging slash social networking suspects minus TikTok, which is spyware. • Firefox mobile. Firefox needs to do better at syncing preferences into it. • Fenix twitter client. Twitter Co keeps fucking around with their API and preventing third party clients from achieving the excellence they used to have years ago. • Nextcloud mobile client for my Nextcloud instance. Needs a lot of work to compare with Dropbox, but it does its job well. • Moon+ Reader for ebooks. This one took me a long while to find, most ebook readers have utterly crazy skeuomorphic defaults. • Photoshop Express. This one was annoying but you’d be surprised how many image editors are missing features you’d consider basic (like cropping and image resizing), opting instead to overload with photo filters you’ll never use. This one has all the filters but at least lets you crop and resize. It replaced Snapseed. I’ve still to wade through open source editors but my hopes are dim on that front. There are some things that underpin all of these applications but I think I’ll leave it as-is. It’s pretty fun to see how my workflow changes over time. ## Cognitive Dissonance 30 minutes out of downtown The suburbs run on federal subsidies. Without them, America’s suburbs would have to become more financially productive. They would need to get greater returns per foot on public infrastructure investment. That would mean repealing repressive zoning regulations, allowing the market to respond to supply and demand signals for housing. It would also mean allowing the “little downtowns” Kurtz fears to form where demand for them exists. Isn’t that what is supposed to happen with self-government and local control? To have a conservative person say this is quite strange. Few suburbs in all of the US actively try to compete with the cities they’re attached to, mostly because they only want to attract wealthier millennials who can afford the down payment on a house by way of the parents paying for it. ## And a special version of Flash for games only? Are we ready to revisit some of the ideas of the early web again? There are trends that suggest we might just have come full circle – and I like it. The only sites that won’t have an RSS feed are those of corporate entities that explicitly depend on keeping people on their sites, like fb. Hopefully some enterprising engineer at google has found the Google Reader source code and are bringing it back to life… ## Tie yourself together Over and over again, I’ve seen people fix some wireless-related problem and go “wow, I had no idea how much better this could be!” • Wireless protocols often silently operate in an extremely degraded state that makes them substantially worse than wired equivalents. I live in an apartment building that is located within the city core of my city. When I scan for WiFi networks I can see at least 25 from my main workstation. On my laptop, standing in the middle of the front courtyard, you can see at least 40 networks. Mind you, this is only WiFi networks; I’m not including everything else that might be using the 2.4 GHz spectrum, like Bluetooth or other kinds of wireless devices. I switched to wired devices a long, long time ago precisely of unreliable connections, network lag, and the fact that WiFi optimization is more of an art than any sort of science, and that’s before you bring in newer WiFi versions. I just recently rewired my apartment to have Ethernet all over and be able to throw around 4K media with abandon. Now if only the USB Implementers Forum would get its shit together, that’d be awesome ## The log doesn’t lie Wireguard goes into OpenBSD, gawdam ## TikTok Security: An Opinionated Explainer There is a post on reddit was written by someone who claims they reverse-engineered the app that is, they set about deconstructing the app to see how its internal components function and interact with each other, with the rest of the phone, and with the servers that conform the service itself. ## The app These are the main points made by analysis of the app itself. ### Phone hardware (cpu type, number of course, hardware ids, screen dimensions, dpi, memory usage, disk space, etc) The app will try to learn everything it can about the phone hardware itself, going from the big things like if it’s running on a phone or a tablet, who the manufacturer is, make and model; to the small, like how many megapixels the front camera is. What you can do about it: Nothing. This is a function done by the app on its own. ### Other apps you have installed (I’ve even seen some I’ve deleted show up in their analytics payload – maybe using as cached value?) The app will check what else is installed on the device regardless whether it’s a competing social media app or not. This also applies to the clipboard (the function to copy and paste), as TikTok was caught red-handed accessing its contents. As users we use this function to copy/paste everything, from emojis to phone numbers to credit card numbers to social security numbers. What you can do about it: Nothing. This is a function done by the app on its own. ### Everything network-related (ip, local ip, router mac, your mac, wifi access point name) The app will log: • The MAC addresses of all network interfaces on the device (cellular, wifi, bluetooth, nfc, etc). A MAC address is a unique hardware identifier for network hardware. • Whether those interfaces are connected to anything. If they are, the name and of the cellular network, wifi network, and MAC addresses of that hardware. • Then, if they are connected, the IP address used for that connection at both Local Area Network (LAN) and Wide Area Network (WAN). Taken all together, TikTok will find out what kind of network the device lives in, what other devices are on it, how it moves within the LAN. This also means the WAN IP address revealed, allowing them to use GeoIP databases to try and determine the geographical location of a device. What you can do about it: Nothing. This is a function done by the app on its own. You could limit the app’s network access but this requires deep expertise in networking and the operating system being used at the time. ### Whether or not you’re rooted/jailbroken Jailbreaking refers to “breaking out” of the limitations placed by Apple on iPhones and iPads to enable additional functions that were not available in either the hardware or the software. The same action in Android is referred to as [rooting](https://en.wikipedia.org/wiki/Rooting_(Android). Either one means you can do anything on the device and is a common goal of spyware/malware so they can operate with unfettered access and without the user knowing. A common example in the past it was used to enable tethering when it was disabled by cellular carriers trying to force you to pay an extra charge to enable the function. What you can do about it: You could limit what the app sees if you’re jailbroken/rooted, but requires deep expertise in the operating system. ### Some variants of the app had GPS pinging enabled at the time, roughly once every 30 seconds – this is enabled by default if you ever location-tag a post IIRC As most smartphones and tables now have GPS, TikTok will check for the current GPS data as often as it can, enabling them to follow a device as it moves through a geographical area. Coupling this with the network data, they can determine with lots of accuracy where a device is. Both Google and Apple have this information but keep in mind they are the entities making the operating systems themselves. TikTok is just an app. What you can do about it: Both Google and Apple let you limit if an app has access to GPS. Be aware TikTok will limit its own functionality if it cannot access GPS, though. ### They set up a local proxy server on your device for “transcoding media”, but that can be abused very easily as it has zero authentication TikTok sets up a special kind of server to help with converting videos from one format to another (transcoding) with a minimum of configuration on the part of the app developers or the users. The problem is that it doesn’t check whether anything connecting to that server is actually allowed to both connect and use the server (i.e. it doesn’t ask for a username or a password); this means other apps could potentially connect to that server and use or abuse its resources. What you can do about it: Nothing. This is very much one of the core functions of the app itself since most device manufacturers have their own ways of saving video on a device and the app needs to be able to deal with all of them. ### Potential for remote configurations The scariest part of all of this is that much of the logging they’re doing is remotely configurable Every time the app downloads an update they can change what information is logged, how often, where to send it, etc, and you as an user have no way to stop it. What you can do about it: Nothing. This is a function done by the app on its own. ### The people coding the app consciously obfuscate how the code works and what specific functions and tasks it performs. and unless you reverse every single one of their native libraries (have fun reading all of that assembly, assuming you can get past their customized fork of OLLVM!!!) and manually inspect every single obfuscated function. TikTok developers are purposely hiding how the app itself operates. You can determine this if you have the know-how and the experience to do it but you will not like the experience of it. What you can do about it: Nothing. ### The app will monitor its environment and change its behavior if it detects someone is trying to analyze it. They have several different protections in place to prevent you from reversing or debugging the app as well. App behavior changes slightly if they know you’re trying to figure out what they’re doing. TikTok will monitor the device and if it detects any attempt to analyze any of its internal functions and configuration it will try to change its own behavior to prevent that. Failing that it will try to present behavior that is deemed more acceptable to the person doing this work. This is how the Volkswagen emissions scandal came to be: 1. Cars were programmed at the factory to detect whether they were being tested for emissions at a laboratory or government facility. 2. If they were, they would enable emissions control in order to be able to pass those tests. 3. At any time they were not being tested, emissions control was reduced or disabled entirely, leading the vehicle to emit far more than the allowed legal limit of greenhouse gases. TikTok is doing essentially the same but it’s all in software. What you can do about it: Nothing. This is a function done by the app on its own. ### File downloads without user interaction. There’s also a few snippets of code on the Android version that allows for the downloading of a remote zip file, unzipping it, and executing said binary. There is zero reason a mobile app would need this functionality legitimately. TikTok can download a file, extract its contents, then run its contents without needing user interaction or without having to be updated from the App Store or the Play Store. Both Apple and Google forbid this kind of functionality in any app. What you can do about it: Nothing. This is a function done by the app on its own. ### Lax security standards On top of all of the above, they weren’t even using HTTPS for the longest time. They leaked users’ email addresses in their HTTP REST API, as well as their secondary emails used for password resets. Don’t forget about users’ real names and birthdays, too. It was allllll publicly viewable a few months ago if you MITM’d the application. This is something that has been reported about TikTok in the past: Basically, the TikTok devs won’t implement basic security standards to protect the user, the account, or any of the media the app stores and transmits. This allows intelligence agencies, corporations, anyone who cares to look, to surveil and hack users of the service. What you can do about it: Nothing. ## The Company All of the previous points point to the one overarching theme of the app: it sucks up as much information as possible, then sends it to the servers that actually run the service (aka “the backend”). There are a of of shady practices on that side of things and the only people who know what’s going on are the people working for TikTok itself. Here are but a few examples: The company is performing data collection on a level that far surpasses what Facebook, Twitter, Instagram, Snapchat, or most other social media companies have done so far. Only the Big Four (Microsoft, Apple, Google, Amazon) could obtain so much information but that’s because they control both the platforms their operating systems work with; if governments even thought they were doing what TikTok is doing they would face major fines, lawsuits, and antitrust enforcement. ## The Combination of Both When you add what the app does (again, suck up as much information about the user and their devices) with what the company is doing (actively avoiding answering questions of its practices) it all means one thing: TikTok is combination spyware/malware with the backing of a corporation valued in billions of US dollars. Most entities that write malware and spyware are: • A single person with technical knowledge, like the person who created the ILOVEYOU virus. • Nation-states and their various intelligence agencies using software vulnerabilities like BlueKeep or creating their own malware like Stuxnet • Organized crime, like the creators of the Conficker worm. Having a corporation create this kind of software and for users to willingly install that software is something new. I am also leaving out all the advertising practices of the company, as that is how TikTok entices companies to buy into the platform. ## What is there to do, then? It amounts to • If you have not installed the app, do not install the app on any device you own. • If you have installed the app, remove it immediately from any and all devices you own. • Don’t let friends and family use the app, and push for them to remove it if they have used it. ## You’re a Graph Point These terms distinguish operating systems by the problems they solve for the user. However, a disturbing trend is emerging in which the user is not the party whose problems are being solved, and perhaps this calls for a new term. I propose “vendor-purpose operating system”. In this instance, you’re not even the vendor’s _user_, that title goes to whomever the vendor is selling to, i.e. the client who is using the OS at scale. You’re now a byproduct. You’re just something for the vendor to brag about on quarterly meetings with Wall Street. ## Nice Pretty sure this is the longest I’ve been able to keep a server alive without having to reboot for whatever reason. ## FTP now has a new meaning. Black Lives Matter Organize, provide mutual aid, help out with street cleanup. Abolish the police. In their current form, they’re a tool of oppression. Defund the police. Don’t want to go the full mile? I’ll meet you at the 900 yard marker. Them pigs do not need hand-me-down military weaponry. Fuck The Police ## Tmux Alt/Meta + Arrow keys don’t work on Windows Terminal Putting this up ‘cos I will forget how to do this at some point in the future. Say you’re using the following keybindings on tmux: # switch panes using Alt-arrow without prefix bind -n M-Left select-pane -L bind -n M-Right select-pane -R bind -n M-Up select-pane -U bind -n M-Down select-pane -D And they work okay on Windows Bash but they don’t work on Windows Terminal. This is the cause, and this is the solution: // Add any keybinding overrides to this array. // To unbind a default keybinding, set the command to "unbound" "keybindings": [ { "command": "unbound", "keys": "alt+down" }, { "command": "unbound", "keys": "alt+left" }, { "command": "unbound", "keys": "alt+right" }, { "command": "unbound", "keys": "alt+up" } ] This will unbind all uses of the Alt key on the terminal itself and pass them on to tmux. ## Wiki.js 2 with Nginx Installation For the past few months I’ve been using Tiddlywiki as a memory dump but been having some issues. First started with the dreaded XMLHttpRequest error: Error retrieving skinny tiddler list: XMLHttpRequest error code: 404  Which the available documentation offers no help with and the developers just shrug at. Then it just ate a fucken shotgun shell deep down its throat: We en’t here for that shit so on we went looking for an alternative that treats markdown as a first-class white citizen in apartheid america. Found wiki.js, which seems to have that, and here we are. What follows is a guide written after a week of bashing our head against multiple desks because devlopers are morons who don’t know how to write documentation, if they even bother writing any. What is available for wiki.js is fucken laughable or only applies to the 1.x series. Real developers are extinct, by the way. This is what worked for us on Debian 9. You will have to adapt this for your own OS and hosting configuration. We’re not at fault if the results eat your pet, fuck your significant other, and make your mom call them daddy. # Ingredients This assumes DNS is already routing properly, outgoing mail works, and you’ve already dealt with your firewall. This setup gets you a wiki.js installation with nginx as a reverse proxy running security. All commands are executed as root. # Installation Install what you need # aptitude install nginx-extras postgresql postgresql-contrib pgcli nodejs certbot python-3-certbot-nginx  Download and extract wiki.js (assuming we’re at /var/www) like the documentation says: # wget https://github.com/Requarks/wiki/releases/download/2.3.81/wiki-js.tar.gz # mkdir wiki # tar xzf wiki-js.tar.gz -C ./wiki # cd ./wiki # mv config.sample.yml config.yml  # Configuration ## Nginx Edit your configuration file for nginx so it passes everything to the wiki cleanly through nginx. The original configuration was generated by nginxconfig.io and incorporates stuff from the official documentation As of right now (2020-05-16_14-28) they are valid and working server blocks server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name wiki.domain.invalid; # SSL ssl_certificate /etc/letsencrypt/live/wiki.domain.invalid/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/wiki.domain.invalid/privkey.pem; #managed by Certbot ssl_trusted_certificate /etc/letsencrypt/live/wiki.domain.invalid/chain.pem; # security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "no-referrer-when-downgrade" always; #add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always; add_header Strict-Transport-Security "max-age=0" always; # . files location ~ /\.(?!well-known) { deny all; } # logging access_log /var/log/nginx/wiki.domain.invalid.access.log; error_log /var/log/nginx/wiki.domain.invalid.error.log warn; # reverse proxy location / { proxy_pass http://127.0.0.1:3000; proxy_http_version 1.1; #proxy_cache_bypass http_upgrade; proxy_set_header Upgradehttp_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host http_host; proxy_set_header X-Real-IPremote_addr; #proxy_set_header X-Forwarded-For proxy_add_x_forwarded_for; #proxy_set_header X-Forwarded-Protoscheme; #proxy_set_header X-Forwarded-Host host; #proxy_set_header X-Forwarded-Portserver_port; proxy_next_upstream error timeout http_502 http_503 http_504; } # gzip gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml; } # HTTP redirect server { listen 80; listen [::]:80; server_name wiki.domain.invalid; # ACME-challenge location ^~ /.well-known/acme-challenge/ { root /var/www/_letsencrypt; } location / { return 301 https://wiki.domain.invalid$request_uri;
}

}


## SSL

Using Let’s Encrypt SSL certificates:

# certbot


Go through the wizard and it will automatically fix the SSL entries on your server blocks. You could also do this if you know what you’re doing and don’t want certbot to mess around with your files:

# certbot certonly --webroot -d wiki.domain.invalid --email mail@domain.invalid -w /var/www/_letsencrypt -n --agree-to-tos


## Nginx Testing

# nginx -t


Watch out for any errors, as usual. At this point Nginx will be serving files but as wiki.js isn’t setup yet you’ll get HTTP 502 errors if you try to visit the site on a browser. This configuration plays well with other sites being hosted on the same server.

## Postgres

# sudo su postgres
$passwd  Then setup your database. pgcli has smart completions turned on by default and looks pretty. $ pgcli

> create DATABASE wikijs;
> grant ALL PRIVILEGES on DATABASE wikijs to wikijs_user;
> \c wikijs
> CREATE EXTENSION pg_trgm;
> exit

\$ exit


## Wiki.js

Edit config.yml and make the appropriate changes:

• Port should match what was configured in the nginx https server block (3000)
• In db section, enter your database credentials
• Do not enable SSL unless you are not to run this behind a proxy. This might work on a developer workstation but on the public internet you’re asking to get it up the ass, no lube.

Once this is done, start the application and watch for any errors

# node server


At this point you can visit your site and go through the installation wizard.

# Configuration

There are a bunch of things the official wiki.js documentation only mentions offhandedly, or that you’ll only find out if you go rooting around in the issues tracker.

You can name it anything you want but if you make the path anything other than /home wiki.js will freak out on you and send you on a loop.

## File Storage

By default wiki.js will keep all its shit on the DB, which is a fucken stupid bad decision. We like making good decisions so we need to tell wiki.js to keep its shit in the filesystem:

1. Go to Administration > Storage
2. Enter the desired absolute path for your stuff, like /var/www/wiki.domain.invalid/wiki-content
3. Enable the target
4. Apply the changes

We’re unsure if this means wiki.js will actually use file storage to begin with, but at least you’ll be able to create quick backups of all your stuff. You have backups and you test them, right?

## Search Engine

The default search is slow AF, so we’re going to use something better

1. Go to Administration > Search Engine
2. Select Database – PostgreSQL
3. Apply the changes

# Finishing thoughts

This thing has potential but it’s got a long way to go before it can look up to MediaWiki. If you find issues with this holler at me on the twitters.

## It’s a deep, deep, rabbit hole

In this case the old West Indian world, of which Tennessee lay at the northern fringe. It’s the shatter-zone of the slave diaspora. Circulating currents. We gave Jamaica blues. Jamaica gave us ska. Jamaica gave us dub, we gave back hip-hop. It’s been happening for four hundred years.

Source: That Chop on the Upbeat

More than you thought you’d want to learn about the origins of ska.

## Dell Wireless 1703 on Windows Server 2019

Recently at work I had to install this OS (with the Desktop Experience feature set) on a Dell XPS 8700. Windows was able to recognize everything properly and all components but the network adapter would show up in Device Manager. Tried the usual things to fix this:

• Installing the driver from Dell; it would install but Windows would fail to make use of it.
• Updating the driver using “Search automatically for updated driver software”. This would fail with Windows complaining about an issue with the INF.
• Manually pick a driver from the filesystem. It would also fail with an error about the INF.

Looked at the INF file but there wasn’t anything in it that would make Windows Server just up and refuse to install the thing, and given there isn’t that much difference between Windows 10 and Windows Server the issue had to lie elsewhere.

There is one thing that Windows 10 does, however, and that’s automatically start WLAN services, since usually you’d see Windows Server be installed on enterprise hardware or have it connected to the network via Ethernet. Turns out Windows Server does not even install this feature on its own.

To install it:

1. Click Start button.
2. Type “Turn features on or off”.
3. Click Next 4 times (Before you Begin, Installation Type, Server Selection (which defaults to the local server), and Features.
4. On the Features selection list, scroll down to Wireless LAN Service and select it.
5. Click Install and wait for the OS to do its thing.
6. Reboot system. This is required for it all to work.

After the system comes back up the network adapter should be installed and enabled in Device Manager.

Ah, right… in addition to this it turns out the “Dell Update Application” totally does not work under this OS so you have to manually download and install all device drivers; this took me a couple of hours, so mind your clock.

## This is most annoying

Riot tells Ars kernel-level system could be removed if vulnerability is detected.

Given Riot’s labor and cultural practices I’m not holding much hope for them being able to fix issues quickly when (not if) someone breaks their driver and turns it into a rootkit like Sony’s.

Another issue the article does not go into is the fact every major game publisher will develop their own kernel-mode driver or use a 3rd party service (like BattlEye) to do so, leading to issues within the kernel that will be:

• A pain in the ass to diagnose
• Hidden from the player
• Likely will not provide any kind of error message since the developers will be afraid they could be used to break the driver.
• The risk of collisions between drivers will be increased, with likely both publishers being the cause.

Microsoft can help but there’s only so much they can do before breaking compatibility with previous versions of Windows; Gamers don’t care as much but Microsoft does have to worry about their main customer base (enterprise) who will definitely not like having weird code fuck around with workstation kernels(like this, and what Swift is complaining about is mere user-level applications.

People with time and money will probably want to look at PCI Passthrough to be able to run games in a Windows VM and not have to worry about any of this fuckery. Something goes wrong? Just restore to a previous snapshot of the VM and carry on as usual.

## *shrug*

Life hasn’t changed much since the current pandemic started.

I’m still working nights, so I don’t really get to see that many people. I still order pretty much everything for delivery.

The gf is staying with me during almost-quarantine since she was able to get a job in a restaurant (!!!).

Life goes on but I can see how it is changing for everyone around me.

## This is my “I’m being a shill” moment

I recently discovered Instacart is able to deliver Costco and…

OMFG

GAME CHANGER. STUFF is CHEAP and at VOLUME.

Granted, not Commercial Foodservice Company cheap, but for home use this is fucken ferpect.

• Got 20 lb Basmati rice for like, 20 bucks.
• 6 lb of pasta elbows for *checks notes* 6 bucks
• Eggs are stupid cheap, pick how many you want.
• Bleach? I got me a lot of bleach.
• EVOO! A gallon of it is 15 bucks!
• Canola oil! 6 qt are 10 bucks!

I got some more things to round out the pantry for pasta production but for getting all of this stuff delivered? I can probably order once a month and 80% of my grocery shopping is done right there and then.

Now, they don’t have everything at the store available. They don’t have kosher salt (well they do but it’s the Kirkland brand. I prefer Morton or Diamond). The meat and fish selection is somewhat limited but they got the basics on there. Produce is good but I’d rather mosey down to the neighborhood coop for that.

Again, for me the angle here is the delivery; I bike everywhere and carrying all the stuff on my last order on my bike rack would probably require at least 5 trips, so the 8.99 delivery charge is totally worth it. This isn’t a promoted post (ugh) but there are many use cases for exactly this kind of thing at this volume, which is right in between “let’s pick up groceries on the way home” and “I need to open a sysco/us foods/reinhart account”:

• People with more than two kids. Kids eat a fucken hell of a lot. You ate a lot when you were a kid, you just don’t remember it.
• Disabled/sick people.
• People who literally don’t have the time, like when you’re working 2 full-time jobs. Good luck finding time to cook, much less to buy the groceries.
• People without cars, like myself.

Anyway, click on this here referral link so I get a fucken discount on my next order and you get cheap groceries. Everyone wins.