[RE: nyman]#_

don't let perfect be the enemy of bad

Recent Posts

Reduce (doom)scrolling with NextDNS

published on

One thing which can make you happier and sleep better is doing less (doom)scrolling in the late evening.

Convincing myself to stop (doom)scrolling late in the evening is hard, I’m tired and the dopamine rushes from seeing something slightly entertaining or interesting has kept me up too late many times.

I’ve tried or investigated quite a few different tools and solutions1 to help me break this bad habit.

Now I finally found something which works for me (at the time of writing this). DNS based “parental control” using nextdns.io. This works for me because it’s kind of annoying to change the DNS, and I anyways use NextDNS so it’s not yet another software. Also it also works on the phone, which is the main location of doom scrolling.

If you are not familiar with nextdns.io, it is, in essence it’s a DNS service, with lots of extras. You could call it a cloud version of Pi-Hole. If you don’t know what DNS or Pi-Hole is, this solution is probably not for you. It’s quite technical and might cause some confusing and hard to debug issues.

How-To

First sign up on https://nextdns.io and follow their instructions to enable it. It’s free2.

Then go to Parental Control and set up the recreation time to for example 7:00-22:00 every day and add whatever websites or apps to the list of restricted apps. Then click the small click icon to enable the time limit for that app/site.

nextdns screenshot

And then enjoy twitter stopping working roughly at 22:00.

Beware though, DNS based blocking might cause things to misbehave in unexpected ways. And it might not work right away or it might not work at all because of how DNS is cached.

But it works fine for my purpose, generally twitter and reddit both stop working around 22.


  1. If you are a iPhone user I recommend checking out Screen Time, it might be enough for you. [return]
  2. and their privacy policy for the free version looks good but if you like it I recommend supporting it. It’s cheap and your DNS provider will collect such a lot of information about you it’s important that they have a better way to pay the bills than selling your data.) [return]

(Ab)using Slack to detect interesting 1Password events

published on

picture of 1password notification in slack

If you use 1Password Business in your organisation, you might be aware that you can get notifications and alerts for various events pushed to your Slack1.

This is quite useful, but I found the notification quickly get overwhelmingly noisy because a notification is generated for every time anyone unlocks 1Password.

This is too bad, because mixed in the notification spam about unlock’s are notifications for when someone logs in from a new device or adds a new trusted device.2 To fix this, I did a little hack.

It consists of two parts, first a go-bot slacker, second the reacji which is a slack app that automatically copies messages with certain emoji to another channel.

The idea is that the slack-bot watches #security-spam for messages that contains “was added as a new device”. When it sees a message that matches this, it will add a 🔏 emoji to the message, and reacji will then copy this to #security-notifications.

You can view a minimal go-bot sample here, figuring out how to install reacji and how to get and configure a bot-token is outside the scope of this post. There are lots of good guides on how to do that available. Just remember to keep the slack-bot permissions to a minimal.

Using these two parts, you can now mute the #security-spam in Slack and stay on top of when any team members or someone more malicious logs in to 1Password.


  1. support.1password.com/slack/ [return]
  2. I tried reaching out to 1Password to see if it was possible to separate these, but their response was that currently it is not possible. [return]

Using TouchID as Yubikey

published on

U2F and Webauthn are the two most exciting developments in web authentication in the last 20 years.

The most common way to use it is with a hardware dongle like Yubikey, which I never got around doing. Instead, I relied on TOTP for my 2-factor authentication.

That was until I found SoftU2F and combined it with Safari-FIDO-U2F to get it working with Safari, which worked, most of the time.

With the release of Safari 14, Apple finally brought proper WebAuthN support to Safari1.

So now, you can quite easily get this experience without any additional hardware.

All you have to do is get the latest SoftU2F.pkg and install it.

Now you have two options; you can let SoftU2F store the key materials in your keychain, which is the default and where you will authenticate by approving or rejecting with a notification.

Safari Yubico demo website 2020 11 12 155020

Or you can use the slightly hidden option, and store the key in the Secure Enclave Processor (SEP), aka the TouchID. But be warned, while the keychain can be backed up and transferred, the SEP can’t2. So make sure you have backup authentication methods for when your Mac decides to stop working.

Safari WebAuthn io 2020 11 12 155140

To use the SEP, you need to run the following command /Applications/SoftU2F.app/Contents/MacOS/SoftU2F --enable-sep You can find more documentation about the SEP implementation in the pull request

All done!

Now you can enjoy having your own built-in FIDO2 key.


  1. While deprecating most extensions but that’s another story… [return]
  2. As far as I know [return]

Introducing PISS, a PHP KISS static page generator

published on

There are lots of static page generators, I personally used Hugo and there like 100 others. But I had a project where I wanted something even simpler, and had a few requirements. I wanted to

  1. Write raw HTML/CSS
  2. Update things in one place only (e.g. don’t copy paste the menu to each html file).

For 1, you don’t need anything other than an editor. 2 is where you need something more than HTML.

I recently came across a project that promised to do more or less exactly what I wanted, xm

But it was written in node/javascript, so I went to look for something else.1

After not finding anything similar, I decided to to do it myself in the 4th most dislike programming language, PHP.

PHP is ubiquitous on Linux servers, and it’s great at generating HTML. The downside for using it as a static page generator is… that it’s not static.

Each time you request a .php page, php will compile and interpret the code and return the output.

The first and obvious solution is to just store the output as html, and you turned it in to a static page generator. Like so

php page.php > page.html

This might get tedious though, and although you can just do a build system which does it, I got curious if it would be possible to do it “on-demand”.

And as a challenge to myself, I wanted to see if it would be possible if I could make it small enough to fit in a tweet2 and without any other dependencies than PHP.

And without further ado, I present to you,

PHP keep It Stupid Simple, in short PISS.

<?php
ob_start(
    function($output) {
        $t = substr(__FILE__, 0, -4) . '.html';
        ($f = fopen($t, 'w')) || header("HTTP/1.1 500") && exit(1);
        fwrite($f, $output);
        header("Location: " . substr($_SERVER['REQUEST_URI'], 0, -4 ) . ".html");
    }
);
?>

Because this is a Real-Serious-Project™ it’s available on GitHub with an issue tracker and all other features that a Real-Serious-Project™ needs.


  1. Mostly because I am not familiar with node/js, but also because xm had 125 dependencies so it failed my requirement of keeping it simple. [return]
  2. The modern variant of 280 characters, not 140, I’m not that good at this. [return]

Initial thoughts on micro.blog and why you need a domain

published on

Domains and owning your content

This page is currently hosted on micro.blog under a custom domain. Hosting things on your own domain is the absolutely most important part of owning and controlling your content and web presence.

If you have one thing you take away from this post, that is it. (Assuming you want your content to stay around). You need a domain.

Luckily there is a wide range of top domains available nowadays, for a wide range of prices, so you should be able to find something you like. A little tip though when picking a top-level (the .com/.re part), be wary of promotions. It is often possible to get a domain on a sale for as little as $1, but that price usually applies only to the first year. So when picking a domain, even if you don’t pay upfront for ten years, at least check the price for ten years, so you have an idea of the recurring cost will be in the future.

There is a multitude of domain providers; the one I use is Gandi.net, while not the cheapest they have served me well. They are EU (France) based and seem to make an effort to be nice. If you decide to go with them, you can use this referral to get 20% off and give me a small kickback.

Hosted vs. self-hosting

Now back to the topic, micro.blog. While I am perfectly capable of hosting my blog on my own server, I don’t think I want to. And I believe paid-hosted services is the best option for most.

Self-hosting, anything, always has its pros and cons. On the pro side, you learn a lot, and you maintain full control over it. On the downside, it takes time and effort to learn it, and you need to continuously spend time maintaining and watching it to make sure it stays up. Spending time on keeping it up to date is especially important; otherwise, things can quickly end up like the security-hellscape that is self-hosted WordPress blogs and sites.

So I decided that for now, I will try to use the micro.blog hosting until I run into some roadblock. An additional reason is that I like what @manton and his crew are doing, and I want to support them. So my life becomes easier, and I support a good cause, win-win.

Federation

One of the reasons I picked Micro.blog, was for the built-in Twitter and Linked-in federation. But after posting a few things, I am not sure I want to use it. It’s one of these features, which sounds nice until you use it. It made me realise that maybe I don’t want to post the same thing on every platform.

I am going to think about this and maybe ping @manton to see if there are any plans to make it possible to configure federation for each individual post.

I’ll write more thoughts after I’ve used it for some time.

published on

The 13 minutes to the moon podcast from BBC is really good, strongly recommend everyone give it a try. S1E6 about Apollo 8 was really interesting if you want to jump right in www.bbc.co.uk/programme…

Why I am leaving twitter after 10 years for a (micro)blog

published on

I am a long time twitter user, but things have changed a lot on twitter since I joined in 2009. For a long time, I didn’t notice much of the changes, mainly because I’ve been using 3rd party clients since the start, and life in them has not changed much in the 11 years since I got on.

But after various levels of activity on twitter, I recently tried posting more actively, and writing more thought out tweets than where I will have lunch.

Tweet about my lunch from 2009

So I ended up using the official client, both the iOS one and the web app. And wow, the experience is nothing like my little heavily curated twitter feed. The Algorithm™ is now in charge of what you see, and every second tweet is a promoted one.

And, while the artificial restrictions on content length on twitter has its benefits sometimes, the fact is that it is tough to write meaningful content in 280 characters and most good content end up in tweetstorms or long threads anyways. And let’s not mention trying to have a meaningful discussion or debate in 280 characters.

So I have been thinking about moving everything to a blog. But for a long time, I have seen a blog as the complete opposite of a tweet. Where a tweet is(was) forced to be short and had no expectation of quality, I have viewed blogs as these long well thought out pieces, which preferably have gone through one or two edits by an editor. So although I have a long backlog of blog-drafts, I have not published anything since 2017, and my old blog has only three posts before this one.

There are other issues with twitter and other platforms which will I will try to cover in a later blog post. The result was that when I found out about micro.blog and the IndieWeb movement, I felt that they hit right in the heart of the issues. They had already solved, or were discussing a lot of the same things I had been thinking about.

In short

  1. Control (although hosting it at micro.blog means it can disappear as quickly as from any other platform, it’s a step in the right direction)
  2. Federated (push or pull content from the different platforms into something you control)
  3. Archiving (a topic for another post, but I feel the web and the content on the big platforms is more ephemeral than ever)

So here I am now, with a micro.blog account.

Categories

Adblocking (1)

Css (1)

Distractions (1)

Microblog (2)

Php (1)

Security (2)

Tech (4)

Web (2)