It’s day two of our ChatGPT (CGPT) and Advent of Code series, and we’re excited to see what CGPT can do with today’s challenges. Yesterday, CGPT impressed us with its ability to solve the first Advent of Code puzzle, and today we’re moving on to the second. Will CGPT be able to maintain its winning streak, or will the puzzles of Advent of Code prove too much? Let’s find out.

Ok, this looks like a more complex one. First, we need to simplify the original instructions.

This is the instructions I gave it

There is a rock paper and scissor tournament. You have been given a guide to follow. The guide works as follows.
The first column is what your opponent is going to play: A for Rock, B for Paper, and C for Scissors. The second column is what should play in response: X for Rock, Y for Paper, and Z for Scissors.

The winner of the whole tournament is the player with the highest score. Your total score is the sum of your scores for each round. The score for a single round is the score for the shape you selected (1 for Rock, 2 for Paper, and 3 for Scissors) plus the score for the outcome of the round (0 if you lost, 3 if the round was a draw, and 6 if you won).

Here is a sample guide.

A Y
B X
C Z
This strategy guide predicts and recommends the following:

In the first round, your opponent will choose Rock (A), and you should choose Paper (Y). This ends in a win for you with a score of 8 (2 because you chose Paper + 6 because you won).
In the second round, your opponent will choose Paper (B), and you should choose Rock (X). This ends in a loss for you with a score of 1 (1 + 0).
The third round is a draw with both players choosing Scissors, giving you a score of 3 + 3 = 6.
In this example, if you were to follow the strategy guide, you would get a total score of 15 (8 + 1 + 6).

Provide a solution using any programming language to calculate the total score of a strategy guide in the above format.

But after a few tries, it was clear that this prompt wasn’t good enough. Here are a few python samples it produced (it also tried to give me a javascript one, but I told it that only real programming languages ;-)

One thing which, I thought, was notable in all these samples is the bias it shows. Usually in rock, paper and scissor you get a draw when you pick the same. And it is hard to make CGPT stop doing this, it always wants to add.

elif opponent_shape == player_shape:
  outcome = 'draw'

Another thing, which seems easily fixed by future generations (by giving it the ability to run the code before it provides it back) is how sure it is that it’s correct.

It will produce some code and end it with this

print(total_score) # Expected output: 15

and you run it, you get back 18

Back on track

So let’s try to simplify things instead.

First, why is the choice coded differently for me and the opponent? That confuses CGPT, so let’s first ask it for code to recode my choices to use the same symbols.

So, I tell it

with the following input

A Y

B X

C Z

provide a python function which reads the input from a file and replaces

Y with B

X with A

and

Z with C

And CGPT delivers

def switch_choices_from_file(filename: str) -> str:
    # Open the file and read the strategy guide
    with open(filename) as f:
        guide = f.read()

    # Split the input into lines
    lines = guide.strip().split('\n')

    # Create a new list of lines with switched choices
    switched_lines = []
    for line in lines:
        # Split the line into opponent and player choices
        opponent, player = line.split()

        # Switch the opponent and player choices
        if player == 'Y':
            switched_lines.append(f'{opponent} B')
        elif player == 'X':
            switched_lines.append(f'{opponent} A')
        else:
            switched_lines.append(f'{opponent} C')

    # Join the list of lines into a single string
    return '\n'.join(switched_lines)

This works fine. Now we can simplify the ask from CGPT.

There is a rock paper and scissor tournament. You have been given a guide to follow. The guide works as follows.

The first column is what your opponent is going to play: A for Rock, B for Paper, and C for Scissors. The second column is what should play in response.

The winner of the whole tournament is the player with the highest score. Your total score is the sum of your scores for each round. The score for a single round is the score for the shape you selected (1 for Rock, 2 for Paper, and 3 for Scissors) plus the score for the outcome of the round (0 if you lost, 3 if the round was a draw, and 6 if you won).

Here is a sample guide.

A B

B A

C C

This strategy guide predicts and recommends the following:

In the first round, your opponent will choose Rock (A), and you should choose Paper (B). This ends in a win for you with a score of 8 (2 because you chose Paper + 6 because you won).

In the second round, your opponent will choose Paper (B), and you should choose Rock (A). This ends in a loss for you with a score of 1 (1 + 0).

The third round is a draw with both players choosing Scissors, giving you a score of 3 + 3 = 6.

In this example, if you were to follow the strategy guide, you would get a total score of 15 (8 + 1 + 6).

Provide a solution using python to calculate the total score of the sample input above.

And it provided me with working code

# Open the file and read the contents
with open('guide.txt', 'r') as f:
    guide_data = f.read()

# Parse the data in the file to create the guide list
guide = [round.split() for round in guide_data.split('\n') if round]

# Function to calculate total score
def calculate_total_score(guide):
    # Initialize total score to 0
    total_score = 0

    # Loop through the rounds in the guide
    for round in guide:
        # Get the shape chosen by the opponent and the player
        opponent_shape = round[0]
        player_shape = round[1]

        # Calculate the score for the chosen shape
        if player_shape == 'A':
            player_score = 1
        elif player_shape == 'B':
            player_score = 2
        elif player_shape == 'C':
            player_score = 3

        # Calculate the score for the outcome of the round
        if opponent_shape == player_shape:
            outcome_score = 3
        elif (opponent_shape == 'A' and player_shape == 'C') or (opponent_shape == 'B' and player_shape == 'A') or (opponent_shape == 'C' and player_shape == 'B'):
            outcome_score = 0
        else:
            outcome_score = 6

        # Add the score for the round to the total score
        total_score += player_score + outcome_score

    # Return the total score
    return total_score

# Calculate and print the total score
total_score = calculate_total_score(guide)
print('Total score:', total_score)

Now we need to combine the two. We get:

# Sample input
def switch_choices_from_file(filename: str) -> str:
    # Open the file and read the strategy guide
    with open(filename) as f:
        guide = f.read()

    # Split the input into lines
    lines = guide.strip().split('\n')

    # Create a new list of lines with switched choices
    switched_lines = []
    for line in lines:
        # Split the line into opponent and player choices
        opponent, player = line.split()

        # Switch the opponent and player choices
        if player == 'Y':
            switched_lines.append(f'{opponent} B')
        elif player == 'X':
            switched_lines.append(f'{opponent} A')
        else:
            switched_lines.append(f'{opponent} C')

    # Join the list of lines into a single string
    return '\n'.join(switched_lines)

guide = [round.split() for round in switch_choices_from_file('/tmp/guide.txt').split('\n') if round]

# Function to calculate total score
def calculate_total_score(guide):
    # Initialize total score to 0
    total_score = 0

    # Loop through the rounds in the guide
    for round in guide:
        # Get the shape chosen by the opponent and the player
        opponent_shape = round[0]
        player_shape = round[1]

        # Calculate the score for the chosen shape
        if player_shape == 'A':
            player_score = 1
        elif player_shape == 'B':
            player_score = 2
        elif player_shape == 'C':
            player_score = 3

        # Calculate the score for the outcome of the round
        if opponent_shape == player_shape:
            outcome_score = 3
        elif (opponent_shape == 'A' and player_shape == 'C') or (opponent_shape == 'B' and player_shape == 'A') or (opponent_shape == 'C' and player_shape == 'B'):
            outcome_score = 0
        else:
            outcome_score = 6

        # Add the score for the round to the total score
        total_score += player_score + outcome_score

    # Return the total score
    return total_score

# Calculate and print the total score
total_score = calculate_total_score(guide)
print('Total score:', total_score)

Let’s try…

SUCCESS!

That’s three gold stars for CGPT.

On to part 2

Since I last worked on part1 yesterday, I start a new chat and prime it

Hi, we’re doing advent of code together. I need you to produce code or use any common command line tools which will solve the problems I give you. The problems will always include reading input from a file and producing an answer.

I then give it the full un-edited input from advent of code.

It gives me some python code, which doesn’t work. I won’t repeat everything here because I don’t think it’s very interesting. Instead, I’ll just provide a brief summary and highlight the interesting parts.

For example, I tried a few times to just give back the error, but it failed to figure out the problem until I told it.

no, the problem is that our_choice is used as a key in SHAPE_SCORES, but ourchoice does not indicate our choice rather it indicates if we need to win, loose or draw, can you fix?

And it again provides me with something I immediately notice won’t work because.

# Get the first character of the opponent's choice as our shape
our_shape = opponent_choice[0]

But no worries, let’s just tell it

No, you can’t pick the opponent’s choice as our own, we need to pick the right choice to achieve what the guide indicates.

To which it responds

You are correct that we cannot simply choose the same shape as our opponent in order to achieve the outcome indicated by the strategy guide. Instead, we need to choose the shape that will allow us to achieve the desired outcome. [snip]

And provides new code. This time it works, it produces some output. But the output is wrong. However, before I noticed that, I asked it to refactor the code, which it does, but it doesn’t work.

And it takes me a while to notice why, and the reason is interesting. It’s the same thing we noticed in part 1, and it has been visible throughout all the examples, but I haven’t noticed. This.

SHAPE_SCORES = {'R': 1, 'P': 2, 'S': 3}

R, P, S. Rock, Paper, Scissor. That’s what it’s usually called. But in this case, the keys are A, B and C. But because of how these models work (I guess, I’m not an expert) it will always veer towards the common case.

Unless told explicitly not to.

you are using the wrong keys , the keys are A, B, C not R, P, S

Then, combined with telling it that the last number was too high, it produces a final working solution.

Another gold star for CGPT.

So, it’s that time of year again. Advent of Code is released, and I eagerly decided it’s a good time to learn a new programming language. This time the idea was to learn Clojure. But not being familiar with any other lisp style languages, I quickly got very stuck and was just about to give up.

But then I saw all these examples of ChatGPT going around, and I thought, “I wonder if ChatGPT could help me learn Clojure”. And it turns out, yes, it can!

Almost. Turns out, ChatGPT isn’t very good at Clojure. None of the solutions it provided worked without tweaking and debugging.

However, what I saw was so impressive, so instead of learning Clojure, I have decided to see how far ChatGPT can get with Advent of Code.

To begin with, as with most AI solutions out there, getting the prompt right is key. I did try to just copy the Advent of Code instructions into ChatGPT to see what happened, but that did not produce the right output. Instead, it took a few (sometimes a lot) of tweaks to the prompt to get a working result.

But eventually, we succeeded. ChatGPT (with a bit of help from me to combine outputs) produced a working solution for the first day of Advent of Code. So follow along with what will hopefully be 24 posts about how ChatGPT solves Advent of Code, using any means necessary. Get ready for some AI-powered fun!

ChatGPT tries to write some Clojure

I won’t repeat the original instructions here, instead you can find them here. Let’s try with a simpler version.

But that won’t do because Advent Of Code will provide me with a very long text file in the format, and this solution requires that I enter it in the above format. Also, we get the first indication that ChatGPT might not be that great at Clojure. When I tried running the code out of curiosity, I got an error.

; Execution error (ClassCastException) at java.lang.Class/cast (Class.java:3889).
; Cannot cast clojure.lang.PersistentVector to java.lang.Number

But no worries, I’ll just ask it to provide me a solution which reads and parses the input from a text file.

Sadly, it seems ChatGPT isn’t very good at Clojure. None of the examples it provided worked outright. There was always some issue. And even if I explained the error and asked ChatGPT to provide a solution, it rarely succeeded.

If not Clojure, then what?

After a while of trying to get it to produce correct Clojure, and helping me debug and explain it (which it is quite good at) I decided to just see what else it could do.

There is always a debate about which language is the “most efficient” or “concise” so let’s see what happens if we let ChatGPT choose.

awk of course. The second most popular choice for job-security (after perl). But this time it almost works. Awk throws a syntax error. For some reason, it does not like the ternary operating in the END{}. But if we just assume the last one isn’t the biggest one, we can change it to awk '{if($0!=""){s+=$0}else{m=s>m?s:m;s=0}}END{print m}' and. TADA! That works.

ChatGPT3 has (with a tiny bit of help) solved the first puzzle in the Advent of Code 2022.

Second part of the puzzle

Let’s see what the second step in the problem is. Ok, apparently we need to find the sum of the top three now. Sadly, I seem to have misplaced the prompt, but either I am getting better at writing prompts, ChatGPT is better at producing solutions, or we just got lucky but the solution it provided worked on the first try!

The code it created was

awk '
  BEGIN {
    sum=0
    num_groups=0
    top_groups[3]=0
  }
  {
    if ($0 != "") {
      sum += $0
    } else {
      if (sum > top_groups[1]) {
        top_groups[3] = top_groups[2]
        top_groups[2] = top_groups[1]
        top_groups[1] = sum
      } else if (sum > top_groups[2]) {
        top_groups[3] = top_groups[2]
        top_groups[2] = sum
      } else if (sum > top_groups[3]) {
        top_groups[3] = sum
      }
      sum = 0
      num_groups++
    }
  }
  END {
    if (num_groups < 3) {
      print "Not enough groups"
    } else {
      print top_groups[1] + top_groups[2] + top_groups[3]
    }
  }
' INPUT

The future?

Tomorrow we will try Day 2, or rather I have already tried and ChatGPT3 did succeed with the first part, I just haven’t had time to do the second yet. But already the first part took a lot of tweaking the prompt, and it highlighted one of the core issues with these Lange Language Models (LLM).

Tune in tomorrow to find out what the issue was and how it did.

To extract Wireguard configurations from the official MacOS client, for example from an old Keychain file

security find-generic-password -l 'WireGuard Tunnel: <tunnel-title>' -w|xxd -r -p

#oneliner #documentation #wireguard #osx

Recently I ran into an issue with a python project I was working on. A dependency of a dependency decided to do a breaking change, which broke my project even if I had everything in requirements.txt pinned (same issue as here).

As part of fixing it I learned a few new things which I’ll share here.

First, you can constraint pip to prevent a newer version of the package from installing. pip a flag -c which you can read more about documentation here.

You can add

markupsafe==2.0.1

to a file called constraints.txt and then do pip install -c constraints.txt project. And voilà, you pip install hopefully works now.

Making things future proof

Next we will take things a bit further, we’ll download every dependency we need and include it in our repo. That way we won’t be sad if the maintainers suddenly decide you can’t have an old version anymore.

First, on a working install, do a pip freeze to get a list of things you need. Put these into for example freeze.txt (you might be able to use your requirements.txt directly, but not if you use -e .).

Then run

pip download -d deps/ -r freeze.txt -c constraints.txt

And boom you will have a bunch of whl files in your deps/ folder.

Next we need to tell pip to use them and not rely on some index. Check that things work with

pip install -c constraints.txt --find-links ./deps/ --no-index .

You probably need to do this inside a clean docker or something to be really sure the project will install from a “clean” install.

Then commit the deps/ to the repo and never worry about missing or broken dependencies again.

Note that the .whl files are platform specific, so you might want to look at the --platform option to pip --download if you want to be really sure you have the right files when you need them. Another option is to download the source, but compiling python packages can be tricky (even the –help for pip download says so).

Here comes another tip for leveraging one of the most important inventions in the 20th century, the spreadsheet¹.

Say you have a list of the number of GDPR fines and the country where they were issued, and you would want to know what the fine/population ratio is.

The easiest and quickest way be to go to Google it, and copy/paste the first table you find into a new Sheet. Then using the =VLOOKUP function to grab the population for each.

But I got curious if there would not be some more automated way to do this. And turns out there was, in 10 years ago Google Spreadsheets had more or less this exact function, =GoogleLookup("entity" ; "attribute") but it was deprecated in 2011 (probably for being too useful… or more likely abused somehow).

Luckily, there are still a few ways to import data into Google Sheets programatically, using =IMPORTXML, =IMPORTDATA, =IMPORTHTML and some third-party solutions like =IMPORTWEB.

Now, when we have a way to import data, we need to find a good place to import the data from. Preferably a place which has all kinds of data, so we can reuse what we learn in this case to programatically fetch more complex data next time. Wikipedia seems like a good candidate, and it turns out there is a project called Wikidata, which aims to provide the knowledge stored on Wikipedia in a more structured format.

Getting data out of Wikidata is not that straightforward though, to represent the data, they use a graph format which you can query using a language called SPARQL. They do a much better job at teaching in on their site, and I’d recommend starting with this tutorial if you are interested.

After you have figured out your SPARQL query you can import it directly into Google Docs by copying the query URL and giving it to =IMPORTXML, and then pass it a XPATH to extract

The full =IMPORTXML command will look something like this

=IMPORTXML("https://query.wikidata.org/sparql?query=%23%20defaultView%3ABubbleChart%0ASELECT%20DISTINCT%20%3FcountryLabel%20%3Fpopulation%0A%7B%0A%20%20%3Fcountry%20wdt%3AP31%20wd%3AQ6256%20%3B%0A%20%20%20%20%20%20%20%20%20%20%20wdt%3AP1082%20%3Fpopulation%20.%0A%20%20SERVICE%20wikibase%3Alabel%20%7B%20bd%3AserviceParam%20wikibase%3Alanguage%20%22en%22%20%7D%0A%7D%0AGROUP%20BY%20%3Fpopulation%20%3FcountryLabel%0AORDER%20BY%20DESC(%3Fpopulation)","/*/*/*[name()='result']","utf8")`

Two important things to note about this. First, the SPARQL result is name-spaced. You can see it from the xmlns part in the beginning.

<?xml version='1.0' encoding='UTF-8'?>
<sparql xmlns='http://www.w3.org/2005/sparql-results#'>

This means you need to select that namespace before you can run queries like /*/*/result, but the =IMPORTXML command does not (as far as I know) allow you to do it. A workaround is to use Xpath functions which search all namespaces, like /*/*/*[name()='result']. ²

Another thing to consider is that the SPARQL response or specification gives no guarantees for which order the columns are. So, you might get back <binding name='countryLabel'> first or second within the result. This is annoying as for =VLOOKUP to work the key needs to be to the left of the value you are looking up.

A workaround I stumbled upon is to add a ORDER BY DESC population, that will cause the columns to be ordered as listed in the query.

Every so often when you want to archive a webpage, you notice it’s full of dynamic content and javascript which won’t easily be archived. I was recently looking to archive a matterport 3D image. This is a typical website that won’t easily save using normal web-archivers, as it relies on javascript to dynamically fetch images as you move through the 3D space.

One generic solution to capture something like this is to use a proxy in the web browser and save everything that passes through it. But most proxies only cache things for a limited time and respect headers like no-cache¹. But if the proxy would ignore that and store all requests that flow through it indefinitely, you can maybe create a “snapshot” of a website by browsing it trough this archiving proxy.

Turns out I am not the first one to come up with this idea, there are at least two tools out there which do this. The first one I tried was Proxy Offline Browser, which is a Java GUI application which does this. It worked quite well, but the free version does not do TLS/HTTPS. The Pro version is only 30 euro, but I was curious to see if there was any open-source solution that could do this.

Turns out there is, it’s called WWWOFFLEand it has a lovely compatible webpage. After some trying, I got it working, and I’ll describe rough outlines on how to get it working here. Note though, if you value your time or don’t feel like fiddling around in the terminal, I do recommend just paying 30 euro for the Proxy Offline Browser and be done with it.

Steps for getting it working on OS X

First you need to download wwwoffle source code and ensure you have GNUTLS headers and libraries, so you can use it for HTTPS.
Then compile it with

./configure --prefix=/usr/local/Cellar/wwwoffle/2.9j/ --with-gnutls=/usr/local --with-spooldir=/usr/local/var/run/wwwoffle --with-confdir=/usr/local/etc/
make
make install

Then run it

wwwoffled -c /usr/local/etc/wwwoffle.conf -d

Now there is a few more steps before you can start archiving.

First reconfigure your browser² to use wwwoffle as proxy. Then visit https://localhost:8080 in the browser to get to the wwwoffle page. Using this page, you can control wwwoffle and see what it has cached.

First, you will need to get the CA certificate, so you won’t get SSL warnings all the time. Go to http://localhost:8080/certificates/root, download and install it.

Then you need to put wwoffled into online mode, which you can do here http://localhost:8080/control/

Then configure wwwoffled itself, which you can do using the built-in web-based configuration tool.

The settings to change are

http://localhost:8080/configuration/SSLOptions/enable-caching to yes

and

http://localhost:8080/configuration/SSLOptions/allow-cacheto allow-cache = *:443

That should hopefully be enough. Now try browsing some website. Then go to the control page and put wwwoffled into offline mode. Hopefully, you should still be able to browse the same page, using the cache.

Additionally, I had to add

CensorHeader
{
 Access-Control-Allow-Origin = *
}

To http://localhost:8080/configuration/CensorHeader/no-nameto ensure AJAX³ requests worked in some cases.

If you run in to other issues, you can either start debugging or go back and cough up the money :-)

Yesterday in a datacenter somewhere in France there was suddenly an eery silence as the last remaining racks fell silent for the first time in a long time. As of yesterday, 1st of September 2021, Scaleway turned off their C1 ARM servers.

I know because I still had one trusty little C1 server until today, a server I have had since it was brought online 7 years ago. It was never the fastest, or the biggest server I’ve had, but it was my little dedicated server. It never complained, never crashed, never rebooted, just kept running, serving my homepage and some side-projects.

History of C1

If you are not familiar with the C1, and why it deserves its own little obituary, then let me give you a bit of backstory.

The C1 was introduced around 2015, first as a free 15-minute trial at labs.online.net ⁰ and then launched as a commercial product under the brand Scalewayarchive.is/scaleway. The C1’s were an interesting take on the virtualisation market, instead of cramming in as many virtualised hosts on a powerful machine, they crammed in as many tiny SOC’s they could into a rack. They built a tiny used custom SoC’s backed by a shared disk storage. A bit like a cloud-hosted Raspberry Pi, but with a network attached SSD disk. On a public and static IP with good connectivity.

What’s the big deal?

There is no big deal, for most people or project a virtual server will do just fine or even be a better choice than dedicated hardware. But there are a few reasons I like small dedicated servers. One is that with a dedicated machine, you can be sure that you are always getting the same performance(barring running multiple things on it). Virtual servers might be faster in bursts, but they are generally oversubscribed and if you are unlucky, you might have very varying performance depending on how busy your neighbours are. If it’s fast now, it will be as fast tomorrow. The C1 was never really fast, though, which I took as a fun challenge. I know if I could get X and Y working well on this limited machine, then if I ever need to scale it up it will be extremely fast on a top of the line server.

It’s more secure

Maybe, in theory at least. For a VM, when doing threat modelling, you should always consider the risk of someone else on the host escaping their VM and accessing your VM and files. Back in 2015 there had been a few VM escapes, but the future would bring many more and a whole new range of side channel attacks against shared processors or memory. My little dedicated ARM server never had to worry about Spectre, Meltdown, Rowhammer or any other of the processor bugs which has rattled the whole VPS ecosystem. 123. Being able to just go “oh, that’s interesting” when there is news of a new Spectre-like attack without having to even consider my little C1 loosing performance or needing to be rebooted was quite nice.

Another benefit was the 4 GiB of RAM, in 2015 that was unheard of for a €2.99 server (and it is still today I think). And that is “dedicated” ram. Which can’t as easily be accessed by the provider, which is important if you care about it. Although I bet, if Scaleway wanted, they could figure out some way to read it out using something like pcileech. [ Update-2021-09-06: I was informed by one of lead designers that it was designed with attacks like these in mind, so at least any physical attack would not have been straight forward ].

What next?

Life goes on, except for the C1. I do wonder what will happen to them. Maybe they will end up on a flea market somewhere. I am not ready to move my personal things to a VPS just yet, but there are not that many cheap dedicated alternatives out there. The only one (I’ve found) at that price point is Kimsufi, but they are mostly out of stock and lower specced.

In the end, I decided to stay with what I know and stay with another of Scaleway’s dedicated offers, an Atom C2350which has served me well for testing and I have now migrated everything to.

Sometimes, if you are logging in multiple times per day, the default 1 hour session time tied to a browser tab/window might be a bit annoying.

To increase the session time to for example 1 month 24 days¹, you need to do

uci set luci.sauth.sessiontime=2147483
uci commit

But it’s still set as a session cookie, to fix that, you need to modify /usr/lib/lua/luci/dispatcher.lua and change the line which begins with http.header("Set-Cookie",. You need to insert Max-Age= to make it a persistent cookie. Like so

http.header("Set-Cookie", 'sysauth=%s; Max-Age=2629746; path=%s; SameSite=Strict; HttpOnly%s' %{

Then you need to clear the luci-modulecache or reboot

rm -rf /tmp/luci-modulecache/

There, if you re-login on to luci you should now have a persistent cookie which will persist for one month. To remove it, press the logout.

Recently, for no specific reason at all I did a review of my backup plans of my tiny personal VM:s I have.

As my disaster recover plan was mostly “I hope they don’t lose it all at once” I decided to upgrade it to “I have some backups, so I don’t lose it all at once”.

To keep things simple and as I love micro optimising to see for how cheap I can get my personal VM’s, I decided to use my home NAS for backups instead of just paying for third-party storage like B2.

So, here are a rough¹ overview of how you can use a local Linux NAS as destination for backing up a cloud VM.

Turris Omnia

First we need² to get borg working on the turris. Luckily the Turris has lxc, so we can just spin up an alpine instance and do apk add borgbackup and apk add openssh-server. Then update the network to none to share the host network and mount any disk you want.

# first comment out any other network
lxc.net.0.type = none
# bind-mount /mnt/sdb2/dir
lxc.mount.entry = /mnt/sdb2/mydir /mnt/sdb2/lxc/borg/rootfs/mnt/mydir rw,bind 0,0

I decided to use a separate ssh inside the lxc for a bit of additional sandboxing.

Add the following to authorized_keys to allow the server you want to back up to run borg, but nothing else.

command="borg serve --restrict-to-path /mnt/server-bakups",no-port-forwarding,no-agent-forwarding,no-pty,no-X11-forwarding ssh-rsa AAA...

C1 Server

Time to start backing up, first because C1 is an armv7 instance, download arm binaries from https://borg.bauerj.eu.

Then check that you can connect to your Turris and get some borg output back from the limited ssh-key. Similar to below.

If that works you can initialise the repository and start backing up according to the borg instructions

Something like this

borg init -e=repokey ssh://root@100.127.112.32:40022/mnt/mydir/myserver

and if that works

borg create ssh://root@100.127.112.32:40022/mnt/server-bakups/personal::{hostname}-{user}-{now} /home /etc /var/log

And if that works, then either call it a day or address the obvious issues like running the receiving borg as root :-)

Have you ever wanted to deploy a website to test that it works, without everyone else being able to see it?

If you are using a dynamic language or CMS for your webpage (PHP, Wordpress or Ruby on Rails) there are straightforward ways to accomplish this.

But what happens if you have a static webpage? Here I will present one solution using only a nginx config file to accomplish this.

# first we need to allow access to the soon.html
# and also a logo which is linked from the soon.html
# if your soon.html links more resources in this server
# you need to update the regex to match that also
location ~ /(soon\.html|images/logo_white.png) {
    try_files $uri =404;
}

# this is the secret way to get past the block
# it will set a magic cookie with a lifetime of 1 month
# and redirect back to the host  
location /iwanttobelieve {
  add_header Set-Cookie "iwantto=believe;Domain=$host;Path=/;Max-Age=2629746";
  return 302 $scheme://$host;
}

# this is the normal serve, but with a condition that everything
# everyone that does NOT have the magic cookie set will be served
# the content of soon.html
location / {
if ($http_cookie !~* "iwantto=believe") {rewrite ^ /soon.html last; }
	try_files $uri $uri/ =404;
}

That it! Copy and paste the above into a server {} block. Make sure to take not of the order though to ensure you don’t have anything else before this which would take precedence. Then change all occurrences of soon.html if you use something else. And remember that the first match needs to match everything that this soon.html tries to reference, otherwise they will just get back the content of /soon.html for all other requests.

Note that if is a bit finicky in nginx, check their documentation for more details.