Weekly Head Voices #115: So much Dutch.

Monday January 16 to Sunday January 29 of the year 2017 yielded the following possibly mention-worthy tidbits:

On Saturday, January 21, we had the privilege of seeing Herman van Veen perform live at the Oude Libertas Theatre. The previous time was a magical night many years ago in the Royal Theatre Carré in Amsterdam.

Herman van Veen is a living, extremely active and up to date legend. To most Dutch people you’ll ever meet he is a formidable part of their rich cultural landscape.

That evening, we heard so much Dutch spoken in the audience around us, it was easy to imagine that we had been teleported to a strange midsummer night’s performance, all the way back in The Netherlands.

Whatever the case may be, at 72 this artist and superb human being seems to have energy and magic flowing from every limb.

Things which running nerds might find interesting

The Dutch Watch

I had to start facing facts.

The Samsung Gear Fit 2 and I were not going to make a success of our relationship. The GF2 (haha) is great if you’re looking for a hybrid smart-fitness-watch. However, I was using it primarily for running, and then one tends to run (I’m on a roll here) into its limitations.

My inner engineer, the same guy who has a thing for hiking shoes, as they are the couture epitome of function over form, made the call and selected the TomTom Runner 3 Cardio+Music watch (the Runner 3 and the Spark 3 are identical except for styling) to replace my GF2.

Hidden in the name, there’s a subtle hint as to the focus of this wearable.

It has a less pretty monochrome display that manages to be highly visible even in direct sunlight. It does not have a touch screen, instead opting for a less pretty directional control beneath the screen that always manages to select the correct menu option. The menu options remind me of the first TomTom car navigation we bought years ago: Not pretty, but with exactly the right functions, in this case for runs and hikes.

Most importantly, the watch has an explicit function for syncing so-called QuickGPSFix data, so that when you want to start running, it is able to acquire a GPS lock almost immediately. Importantly, the device keeps you informed of its progress via the ugly user interface.

Also, I am now able to pre-load GPX routes. Below you can see me navigating my local mountain like a pro with a sense of direction, when in reality I am an amateur with pathological absence of sense of direction:

That’s me in the corner, losing my Re-Samsung.

Anyways, after being initially quite happy with the GF2, I am now more careful with my first judgement of the Runner 3. What I can say is that the first 40km with it on my arm has been a delight of function-over-form.

P.S. Well done Dutchies. The optical heart rate sensor in the previous Spark was based on technology by South African company LifeQ. I have not been able to find a good reference for the situation in the Spark 3 / Runner 3.

Experiment Alcohol Zero early results: Not what  I was hoping

The completely subjective Experiment Alcohol Zero (EAZ) I announced in my 2016 to 2017 transition post has almost run (err… too soon?) to completion.

November of 2016 was my best running month of that year: I clocked in at 80km.

EAZ started on January 4 and will conclude probably on Friday February 3.

Although I was a much more boring person in January of 2017, I did manage to run 110 km. The runs were all longer and substantially faster than my best runs of 2016.

Subjectively, there was just always energy (and the will) available to go running, and subjectively there was more energy available during the runs. This is probably for a large part due to the vicious upward spiral of better glucose processing, better sleep, hence better exercise, rinse, repeat.

I am planning to use some of this extra energy to sweep these results right under the proverbial carpet in order to try and limit the suffering that it might lead to.

(Seriously speaking, I will have to apply these findings to my pre-EAZ habits in a reasonable fashion. :)

Things which Linux nerds might find interesting

My whole web-empire, including this blog, my serious nerd business blog, and a number of websites I host for friends and family, has been migrated by the wonderful webfaction support to a new much faster shared server in London.

The new server sports 32 Intel Xeon cores, is SSD based and has a newer Linux distribution, so I was able to move over all of my wordpress instances to PHP 7.

Upshot: This blog might feel microscopically quicker! (I am a bit worried with my empire now being stuck in the heart of Article 50. I worry slightly more about a great deal of my data that lives on servers in the USA however. Probably more about that in a future post.)

On the topic of going around the bend, I now have emacs running on my phone, and I’m able to access all of my orgmode notes from there. It looks like this:

One might now ask a pertinent question like: “So Charl, how often do you make use of this wonderful functionality?”

To which I would currently have to answer: “Including showing the screenshot on my blog? Once.”

I’m convinced that it’s going to come in handy at some point.

Things which backyard philosophy nerds might find interesting

With what’s happening in the US at the moment, which is actually just one nasty infestation of the political climate around the globe, I really appreciate coming across more positive messages with advice on how we can move forward as a human race in spite of the efforts of the (libertarian) right.

The World Economic Forum’s Inclusive Growth and Development Report 2017 is one such message. As summarised in this WEF blog post, it tries to answer the question:

How can we increase not just GDP but the extent to which this top-line performance of a country cascades down to benefit society as a whole?

In other words, they present approaches for making our economies more inclusive, thus helping to mitigate the huge gap between rich and poor.

According to the report, the answer entails that national and international economic policies should focus primarily on people and living standards. In order to do this, each country will have to work on a different mix of education, infrastructure, ethics, investment, entrepreneurship and social protection.

The countries that are currently doing the best in terms of having inclusive economies, and are generally shining examples of socialism working extremely well thank you very much, are Norway, Luxembourg, Switzerland, Iceland, Denmark, Sweden, Netherlands, Australia, New Zealand and Austria. See the blog post for the specific different factors helping each of these countries to perform so well on the Inclusive Development Index (IDI).

Although the countries in the top 10 list all still have room for improvement, it’s great to see that it is actually quite a great idea to combine socialism (which is actually just another word for being further along the human development dimension) with economic survival and even success in today’s world.

(I am still hopeful that one day Gene Roddenberry’s dream of the United Federation of Planets will be realised.

LLAP!)

 

Installing free Let’s Encrypt SSL certificates on webfaction in 3 easy steps

WARNING: High levels of NERD ahead.

I started using CloudFlare’s free tier on this blog, before Let’s Encrypt burst onto the scene, mostly for their universal SSL. However, as joepie91 recently pointed out, this means that by design, CloudFlare has to decrypt all SSL traffic, and then re-encrypt it to send it to your original site with its self-signed or generic certificate (in my case). Apart from this, CloudFlare is a bit of overkill for this low-traffic site.

le-logo-standard.png

Because I don’t need much of an excuse to try out something new, I used this as my excuse to try out Let’s Encrypt, a fantastic new(ish) service which issues free 90 day certificates to anyone who can verify their domains.

I was shocked with how easy this was on the webfaction shared (non root) hosting I’ve been using for years, and so I had to share.

WITNESS THE GREAT EASINESS:

Step 1: Install acme.sh

These two steps are to be performed whilst SSH’d in to your web host.

First we install the wonderful acme.sh by following the one-liner on its website:

curl https://get.acme.sh | sh

At this junction, as they say, it’s best to log out and in again, so that the acme.sh alias and environment variable can be setup.

Step 2: Issue shiny new SSL certificate

We then get acme.sh to verify the website using the webroot method, and to request a certificate for the two domains cpbotha.net and www.cbbotha.net:

acme.sh --issue -d cpbotha.net -d www.cpbotha.net -w ~/webapps/wp

The argument following -w is the directory exposed by the website http://cpbotha.net/. Note that this is still http; Let’s Encrypt queries a special file left there by acme.sh to confirm that you actually manage the specified domain.

After a few seconds of progress output, I was left with a shiny certificate (as well as the CSR, key, and so forth) in ~/.acme.sh/cpbotha.net/

Step 3: Install shiny new SSL certificate

On Webfaction, one has to file a support ticket for this. My request was formulated thusly, and was correctly acted upon in about 5 minutes:

Could you please install the following SSL certificate for the website cpbotha_SSL – reachable at https://cpbotha.net/:

  • cert is in /home/cpbotha/.acme.sh/cpbotha.net/cpbotha.net.cer
  • key is in /home/cpbotha/.acme.sh/cpbotha.net/cpbotha.net.key
  • intermediate CA cert is in /home/cpbotha/.acme.sh/cpbotha.net/ca.cer
  • full chain certs is there: /home/cpbotha/.acme.sh/cpbotha.net/fullchain.cer

Thanks!

Update on 2016-10-25

It is now possible to install the new certs all by yourself using the webfaction panel or the API! Read the announcement blog post for more information.

Bonus level: In 90 – k days, simply re-run acme.sh

At any point, you can request certificates for any other domains that you may be hosting on your webfaction.

At regular intervals, or in slightly fewer than 90 days, simply run:

acme.sh --renewAll

To have acme.sh renew any of your certificates that are up for renewal. Just remember to create a new support ticket to have the renewed certificates installed for the relevant domains.

acme.sh cronjob

Unbeknownst to be (I should have read the docs) acme.sh had cleverly installed a user cronjob to check for renewals. When I attempted to renew two of my certs, I saw that it had already done so automatically, so I only had to install the updated versions.

Boss level: htaccess-based redirect from HTTP to HTTPS

Now that I have my SSL setup, I would prefer for users who go to the HTTP site to be 301 forwarded to the HTTPS version. On Webfaction, I can do that with the following addition to the site .htaccess file:

<IfModule mod_rewrite.c>
RewriteEngine On
# we're behind nginx ssl proxy, hence the non-standard check for no-SSL:
RewriteCond %{HTTP:X-Forwarded-SSL} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

Important: webfaction is using nginx as their SSL frontend, so we check for the X-Forwarded-SSL header.