Over the years I’ve written a lot of troubleshooting posts on my blog, describing problems I’ve run into and how I solved them in hopes that other people with the same problems might find it helpful.

I’m starting to collect them on a mini-site that’s not a blog: Hyperborea Tech Tips.

Several things came together to inspire me to reorganize those posts:

  • Tinkering with IndieWeb.
  • Building a Gemini capsule.
  • Opening the developer tools on one of my WordPress-powered blog pages. There’s no reason a 500-word article should need 400KB and a dozen connections!
  • Keeping multiple WordPress blogs up to date with security fixes.
  • Reading about the garden and stream metaphor. (via)

The essence of the garden and stream is that we’ve gotten used to a constant, time-based stream of information, but some things are better handled as an idea-based, organically-growing and cultivated collection. Sometimes you want to post a status update to social media (into the stream), but sometimes you want to update a Wiki page (taking care of the garden).

A lot of stuff isn’t here because it belongs in a stream. It’s here because it became more convenient than copying a template, writing the page, adding links and uploading everything over FTP.

I’d already mirrored some of these troubleshooting posts on my Gemini capsule, so I figured they’d be a good place to start.

My goals with the sub-site:

  • Deeper dive into Eleventy, the static site generator I’d used to archive my Les Misérables commentary.
  • Dig into IndieWeb.
  • Light as possible. One CSS file, images only for content, system fonts, no JavaScript unless I have a specific thing that needs it. (And if I do have to add JavaScript, only include the parts I need, not half a megabyte of some framework or another.)
  • Look somewhat decent (and legible!) on screens from cell phone up to widescreen desktops.
  • Create a reusable template, both for my own projects and for other people.
  • Be at least as useful as the original blog posts, if not more!

Over at Key Smash!, I’ve been helping beta-test the Pterotype plugin to hook up a self-hosted WordPress to the Fediverse. It gives WordPress an ActivityPub presence, so new posts and comments can be seen in Mastodon, Pleroma, and other ActivityPub-powered networks, and replies from those networks can come back as comments.

But Key Smash! is a simple test case. It’s at the top of the site, there’s no caching, it’s only got a handful of posts, and it hasn’t been bombarded by spammers for years.

So I’ve installed it on here. Older posts won’t federate, but new ones (starting here) should, and replies should show up as comments. With luck they’ll land in the moderation queue instead of the spam queue.

You may be able to follow the site by searching for this post’s URL in Mastodon/etc. Maybe. I need to report a bug in the handling of sites that aren’t at the top level: To find the site I need to search for @blog@www.hyperborea.org/journal – the first time. Then that search stops working, but I can find it at @blog@www.hyperborea.orgjournal instead. But that only works after I’ve searched for the first one.

Well, that’s part of why I set it up here: to help beta test.

Update: Submitted the username/discovery issue to Github.

Update: You can now follow the blog directly at @blog@www.hyperborea.org

Update (Dec): I turned it off temporarily due to spam problems. Spam comments were visible through ActivityPub, and couldn’t be deleted due to a FK constraint on the Pterotype tables.

Update (2019): Pterotype appears to have been abandoned. 🙁

This blog has been around 15 years. Social media has mostly moved on, to silos like Facebook and Twitter. People don’t follow random personal blogs. Topic-focused sites are what people actually read, and even that mainly following links from silos.

Meanwhile there are so many major things going on that make the things I post about here — comics, fandom, photos of things I found interesting, random tech thoughts — seem trivial.

So why keep a blog going? And why write about trivialities, and not big things like the battles over civil rights, healthcare, environmental protections, war?

As for the first: Some of it is stubbornness. And some of it is wanting to keep part of my writing/photo presence somewhere “permanent” (to the extent that anything online is).

As for the second: I’ve never really liked talking news and politics online. I rarely feel like I can add anything that hasn’t already been said (probably better) by someone else. Also, online conversation has gotten way too toxic. On the other hand, while the little things may be trivial, they add up. They add up to your life. It feels like I might actually have something to say that’s not already been said a thousand times by people more familiar with the issue than I am.

Plus it’s a way to assert some normality in a world that feels decidedly abnormal.

I’m not likely to come up with anything super-profound on the most important topics, but I can make short statements, and I can amplify other voices. And I’m trying to come to grips with the fact that that’s important. I’ve been reading a lot more and posting a lot less over the past year or so, but even if I can’t say anything profound, I shouldn’t stay silent.

So I’ve been microblogging, and linking, and reposting — all things that are better suited for a service that’s built around those use cases. When I have something longer to say, I do try to pull it in here, because a blog post is better than a Twitter thread… But I think more people probably see my retweets than my blog posts, anyway.

That took a lot longer than I intended.

But I’ve finally made all of Hyperborea.org run over HTTPS.

It’s been possible to view the whole site over HTTPS ever since I turned it on for the admin area of this blog years ago, but I left HTTP as the canonical URL and didn’t redirect anything until I updated the Les Mis section, and later this blog. Now, any page you visit on this entire site should load over an encrypted connection.

(Well, any page except for the old Dillo RPMs page, since that minimalist web browser still only has experimental HTTPS support.)

The problem is when you have decades of hand-crafted web pages to go through, it can take a while to make sure everything embeds only secure or same-origin content. Every image, every script, every video. I had to update lots of absolute links, remove some widgets and ads, update other widgets, embedded videos and metadata…and just a bit at a time in my spare time.

Finally I switched on the redirects this morning. Even that took longer than expected, because I’d forgotten that mod_rewrite rules in a directory override any parent directory’s rules, so I had to copy the HTTP-to-HTTPS rewrite rule to each folder that had its own rewrite rules. Then I had to fix the interaction between mod_rewrite and ErrorDocument that was causing custom errors to redirect to the error template instead of loading it behind the scenes.

I finally moved the public side of this blog over to HTTPS last weekend. Traditionally I’ve preferred to put public info on HTTP and save HTTPS for things that need it – passwords, payment info, login tokens, anything that should be kept private — but between the movement to protect more and more of the web from eavesdropping and the fact that tools are making it harder to split content between open and encrypted sides (the WordPress app sometimes gets confused when you run the admin over HTTPS but keep the public blog on HTTP), I decided it was time.

The last sticking point was putting HTTPS on my CDN, and I’d decided to try getting Let’s Encrypt and CloudFront working together over the weekend. Then Amazon announced their Certificate Manager for AWS, which took care of the hard part. All I had to do was request and approve the (domain-validated) certificate, then attach it. Done!

Downside: Because I opted for the SNI option on the CDN, rather than pay the premium to get unique IP addresses on every CloudFront endpoint, the images won’t work with older browsers like IE6. (Server Name Indication is a way to put more than one HTTPS site on the same IP address.)

On the other hand, the cert I have on the site itself is SHA2-signed (as it should be, now that SHA-1 is no longer sufficient), so it wouldn’t work with older browsers even if I turned off the CDN and kept the images on the server.

It’s the first time I’ve actually broken the ability of older browsers to see any of my personal sites. I’ve broken layouts, sure, but not completely cut them off. In general I’d rather not, but I think I’m OK with it this time because

  1. SHA1 really does have to go, SHA2 is well-established, and it’s not like I’m providing downloads of modern browsers or a critical communications forum for people who are stuck with ancient hardware/software because that’s all that’s available to them.
  2. SNI has been around for TEN YEARS.

And as it turns out, DreamHost’s ModSecurity rules block IE6 to begin with, so the whole site’s already broken in that browser.

So I guess next time I redesign I can finally drop any IE6 workarounds. :shrug: