squirrelitude | Recent Entries

I'm late getting seeds into the ground, but I've got some things started. The kid's potatoes and flowers are coming up, and I have seeds in the ground: Tomato, pepper, ground cherry, oregano, thyme, savory, prickly pear, lovage, cleome, sunflower, basil, lemon balm.

More soon. Not exactly the selection I was hoping for; I forgot to stratify things in time, yet again. Now I have a yearly calendar event set for January 15th to remind me about that. I wonder if that's too early or late, assuming a 6–8 week stratification and a week or two in seed flats.

Planting the tiny seeds of plants in the Lamiaciae (oregano, thyme, savory, basil...) I am again amazed at how my thick meat-fingers can sense and manipulate such tiny objects.

Some of these things are easier to grow from cuttings or root division. But I feel compelled to grow them from seed. Something in me values the genetic diversity (and possibility of new varieties) more than the ease and reliability of clonal propagation.

I'm also starting to harden off the perennials so they can live in the front yard again. It'll be nice to get the citrus out again under the bright sunlight they deserve.

Two and a half months after tearing a hole in my Ortlieb bike bag, I've finally repaired it.

( cut for length (has photos) )

Today I cooked with fresh shiitake mushrooms for the first time (and I've only used dried ones once before, I think.) I roasted them with sweet potatoes, olive oil, red wine, salt, black pepper, and thyme, then blended it all fairly smooth. Pretty nice! The mushroom is mostly a background flavor, where it belongs. :-P

----

This weekend I also took the fatty bits from some goat loin chop that

elusiveat cooked, chopped them up fine, and boiled them with water. Once it was cool, I took off the fat layer, reheated it, and strained out the chunks. Then I prepped a wick (taken from a candle dismantled for other purposes) and the metal wick tether from a used up tealight, poured in the tallow, and let it set. I made a candle!

(The stored energy of the tallow is offset by the energy that went into rendering the fat, but this was an experiment, and if we had been making stock with the leftovers, that energy would have been "free". We have some beef tallow from a while back that we acquired that way.)

The candle sputters a bit, so I guess I didn't separate out the water as well as I could have. I might set it on the stove next time I bake something to remelt it. Maybe I can get some of the water to separate out at the bottom.

...among other violations, in the latest reveal on Facebook's Potemkin privacy settings, from the New York Times: <https://www.nytimes.com/2018/12/18/technology/facebook-privacy.html> Bing, Yahoo, Amazon and other companies were also given access to private or sensitive information after Facebook claimed it had stopped doing so.

One odd thing in the NYT report, which I admit I have only skimmed:

Facebook has never sold its user data[.] Instead, internal documents show, it did the next best thing: granting other companies access to parts of the social network in ways that advanced its own interests.

They engaged in contracts with other companies that gave them access to the data. Did those contracts not involve some kind of payment back to Facebook? Or perhaps non-monetary compensation? It seems like they were trying to keep it to "giving away user data in exchange for favors", which... I'm not sure that's actually any better than outright selling the data.

(And of course, since Facebook harvests people's email and phone address books, this affects people who haven't even signed up or connected with each other, such as when they recommended that several patients of the same psychiatrist friend each other. "Shadow profiles" presumably are sold or given away as well.)

----

In unrelated news, various companies (including Google) had user data breaches and didn't report them.

What's fascinating and horrible is that this still is largely not illegal, in the US! We really need something like the GDPR here, and I suspect we're going to get *some* kind of privacy laws; I hope it turns out as well as the GDPR has. There's a lot of room for worse, and frankly not much room for better.

Here's an excellent and heartening followup on Arisia's turnaround: https://drwex.dreamwidth.org/1008603.html

drwex explains why it took so long to get to a public apology, and it makes quite a bit of sense: There were a lot of things that had to happen before that public apology could be made in a *meaningful* way.

I am not, in general, an Arisia attendee, but a large part of my social circles does attend. I think it's in good hands, even though yes it will take time for some people to be sufficiently assured that things have changed at a deep enough level that they'll feel safe attending. I wouldn't think poorly of anyone for making the choice to go *or* not to go this Spring.

(Also, I still can't believe they managed to pull off the venue change! That's a friggin' miracle.)

Dreamwidth is a little unusual in giving everyone their own subdomain. Off the top of my head, I can only think of three other sites that do this: Its predecessor (Livejournal), Tumblr, and DeviantArt. There are almost certainly others, but it's uncommon.

Even though all communications to the site are done over a secure connection, so the *contents* of the pages are hidden from your ISP, any government interlopers, nosy parents who have installed spyware on the home router, and people snooping on your use of insecure café WiFi... the domain name you're visiting (here, squirrelitude.dreamwidth.org) is still being broadcast in two ways:

When your computer asks the Domain Name System for the IP address of the site, it sends the domain name out in the clear[1], and the DNS server of course knows what domain you're asking for
When your computer then connects to that IP address, it mentions the domain name in the initial message to the server[2]

That means that within a few minutes of poking around on Dreamwidth, anyone who can watch your internet traffic likely knows 1) who your friends are, and 2) by that token, who *you* are. (If you stick to just your Reading Page, you are not leaking your circle's usernames to any watchers, but you are leaking your own.)

I feel like this is maybe something that could and should be changed, since DW is already a centralized service and doesn't *need* separate domain names. (My social media prototype will *need* it, to some extent, which is a sobering thought.) I don't know if I believe this strongly enough to advocate for it,

Another option is to access DW via Tor! I just fired up TAILS and confirmed that I can log in to Dreamwidth just fine. [3] (No captchas or other nonsense.) Unlinking your home IP from the domain you're visiting (and those domains from each other) in the eyes of someone snooping on network traffic is *precisely* what Tor is for. So regardless of whether DW takes action on this, if this is a privacy issue for you, there is a way you can protect yourself. (Also applies to Tumblr, DeviantArt, etc.)

[1] This first part does not apply for people using experimental DNS-over-HTTPS—only the DNS server can read the request

[2] The Server Name Indication TLS header, which is unencrypted in current versions of TLS. TLS 1.3 allows encrypting it, but that's still being rolled out.

[3] Tor is quite safe to use as long as you're visiting HTTPS websites, which is most sites these days. But advice to heed browser warnings about invalid certificates applies doubly so over Tor. If you ignore those, Tor becomes *less* safe than using the internet directly. So don't. :-)

A few months ago (in October) Facebook put out new policies on sexual solicitation [archive 2018-12-06]. These policies are incredibly overbroad, to the point that they cover any of these:

A post that includes explicit discussion of sex
Using sexual slang (while mentioning a sex act)
Discussing fetishes (while mentioning a sex act)
"Hey, anyone else want to go to the Boston Baby Dolls show tonight?" (local burlesque show)
Mentioning sexual orientation (while mentioning a sex act)

This only hit the press recently, and Facebook of course has denied that their moderators (their oh so consistent and wise, overworked, underpaid, and undertrained moderators) would remove posts based on e.g. sexual orientation. But this is Facebook, so I'm taking their statement with a whole pile of salt, spread out into a shape that spells "YEAH RIGHT".

And of course, no reassurances from them on whether they would remove frank discussion of sex, such as might occur in (off the top of my head) rape victim support groups, or private posts where people are asking advice.

This is likely all further fallout from SESTA/FOSTA, which passed earlier this year. The stated aim was to make sex trafficking more difficult, but actual anti-sex-trafficking groups derided it (even the Justice Department hated it) because it actually makes life worse for people who are victims of sex trafficking, and for sex workers who aren't being exploited. And now it's hitting people who aren't even in the sex business in any way, shape, or form and just want to talk about sex, as adults sometimes do.

A fairly upsetting post by a former member of the Arisia board on repeated mishandling and ignoring of reported conduct issues:

"Why I’m Not At Arisia Anymore: My Rapist is President. Again."

I don't go to Arisia anyway, but I know a bunch of you do, so I wanted to give it a bit of a signal boost.

(h/t rushthatspeaks)

Scammers have gained access to a list of Livejournal usernames and passwords. I'm not sure how long ago the breach was, but your best bet is to change your password now. Also, if you used that password anywhere else, change your password there as well and if possible check those accounts for signs of compromise. (Change them all to *different* passwords. Use a password manager such as 1Password or Firefox's built-in password manager, or just memorize them and write the less important ones down in a physical notebook.)

Source: People (including myself) are receiving scam emails with some bullshit claim about having installed malware, giving an email address and password as proof. They're using emails and passwords from compromised sites, such as Last.fm, LinkedIn, and now Livejournal. LJ was not known to be compromised, but it's not at all a surprise to me. Other sources:

- https://bifurious.co.uk/livejournal-compromised-in-more-ways-than-one/
- https://siderea.dreamwidth.org/1453052.html
- https://dw-news.dreamwidth.org/38612.html (doesn't name LJ, but you know it)
- https://www.livejournal.com/support/request/?id=2085067 (has since been locked down, although I archived it first and have since been in touch with that user)

You can sign up for https://haveibeenpwned.com/ to keep abreast of further password database breaches (and other leaks of your personal information) although Troy hasn't yet posted about this one, probably since the leaked DB hasn't yet made its way into his hands.

(There is not yet evidence that anyone has used the passwords to log into LJ and scrape your post and comment history and the posts and comments of your friends, but it could happen. If you have abandoned LJ but have *not* wiped out all your posts and unfriended everyone, please go ahead and change your password anyway to protect your friends.)

Update 2018-10-09: I can confirm that the breach happened on or before 2017-04-27. In that first link, a commenter narrows it down to the 2011–2014 window.

I planted way too many Spilanthes plants (Acmella oleracea, a.k.a. Sichuan buttons, toothache plant, paracress) this year and I have far more flowers than I'll need for seedsaving. Would anyone like some fresh flowers and/or seeds?

If you're not familiar with it, chewing the leaves and especially the flowers produces a tingling sensation in the mouth, followed by numbing (and also salivation). It's a fun novelty plant, although you can also use the leaves in stew, albeit without the weird effects. I know at least one person who has made an extract and used it in a sorbet ("Electric Watermelon", I think?) If anyone local wants flowers or leaves, let me know and I can hook you up.

It also has pretty flowers and foliage. It's an annual and won't reseed in this climate, but it's easy to save seeds. I'll have seeds available later in the year if anyone is interested.

Does anyone know of a source in Camberville for organic corn tortillas (the soft kind) that don't have a bunch of extraneous weird-ass ingredients?

We've been in the habit of buying "Food For Life" brand sprouted corn tortillas, but I've only found them at Harvest Co-op, and Harvest will either be going out of business or changing into a different grocery store soon, so I'll likely need a new source. (Also, they aren't always in stock.)

I know there's also some local vendor that makes corn tortillas, which I've only seen at farmers markets and one time at Cambridge Naturals. I'm guessing Whole Foods is my best bet, but I'm trying to avoid shopping there now that it's a pseudopod of Amazon, and I couldn't find any there the last time I went, anyhow.

Acceptable ingredients: Corn, water, salt, mineral lime. Products that I find in the store introduce thickeners and preservatives like guar gum and propionic acid and go downhill from there to things I've never heard of and don't feel like researching, sometimes to the tune of 20 ingredients. For tortillas!

(We used to have a tortilla press, and would make our own from masa harina (flour from corn that was soaked in limestone water), salt, and hot water. It's pretty time-consuming, though!)

[public post]

Some months back I discovered 100% buckwheat pasta, and found that it was an entirely acceptable substitute for wheat pasta (if you rinse it with cold water after cooking)—it did not have the strong flavor I remember from using buckwheat flour in sourdough. So I bought a bag of kasha (toasted, hulled buckwheat) and started trying to figure out how to use it.

It turns out if you're not making flour of it, there's basically one dish that is made of it: Kasha. The groats are cooked in liquid, and some things are added to it.[1] How to Cook Everything Vegetarian has me coat the groats in egg and toast them in a skillet (this apparently helps keep them from sticking together and becoming mushy), simmer them in water or stock until all water is absorbed, and mix with sautéed onions and other vegetables... and of course a generous amount of butter. Apparently butter is Important when it comes to kasha.

I confess I found my first batch of it rather unappealing. While the toasted groats themselves smell delicious, the groats being simmered in stock smelled unpleasantly earthy. Combining them with sautéed parsnips did not help! But I tried again, this time with leeks as the vegetable (and more butter), and they were fantastic. It turns out onions and butter both dramatically improve and modify the flavor.

I think a goodly amount of my aversion to the first batch came simply from how foreign the flavor was. So much of what I eat has strong flavors: Salty, sweet, hot, sour, umami, acetic, or rich in various spices. But the kasha had none of that, and I just didn't know what to make of it. (OK, so, it's a traditional peasant food, maybe I should have expected that.)

I've kept at it, though, and I think it's growing on me, or perhaps I'm learning how to work with the flavor in cooking. Tonight, for instance, I'm having kasha with collards and leeks, and I've found that a dash of toasted sesame oil completes the flavor very nicely.

Any of y'all have suggestions for different vegetables or other add-ins that work well?

[1] Wikipedia calls it a porridge, which... I guess? But what about when all the liquid is cooked off? Does that mean that rice is a porridge? There should be a more generic term for grains and grain-likes cooked in just-enough liquid.

We went to Crane Beach in Ipswich with some friends, which was an overly complicated endeavor due to the crowds: Drive to Ipswich, get redirected by cops to an overflow parking lot elsewhere in town, barely find a spot there, wait 20 minutes for a bus, get deposited in a dusty parking lot. (Return trip was similar, without being able to wait for the bus in the shade.)

I had a pretty good time! The kid played in the sand; elusiveat dug up a tiny clam; I frolicked in the water and contemplated catching gulls. I killed 12 horseflies, and only one managed to actually bite me. Lots of sitting in the surf, speculating on how shells get distributed by the currents. Some discussion of quicksand, as well—I stepped in a pit that was being filled in by the tide, and I went about a foot deep into the apparently solid bottom, which then did not want to let go. That's the closest I've ever encountered to quicksand. Dribble castles, playing with fluidized sand, playing with defluidizing sand. Hot feet on the way from the parking lot and back. Watermelon ices.

All three of us ended up with sunburns, but our friends did not. I should find out what kind of sunscreen they were using (we were using ZnO), or maybe we just didn't apply enough. Amusingly, the hairier parts of my chest and belly were mostly unburnt, and I suspect it's because the sunscreen caught in the hair, which then acted as a reservoir. I think I got a little burned in the thinning spot on my scalp. Maybe spray-on sunscreen would be appropriate there.

[public post]

Today I received a message from Mihalis, the fellow who runs the free language course I've been using to learn Spanish (Language Transfer), saying that he has received a cease & desist letter from UK publisher Hodder & Staughton. They're attempting to get him to stop making his courses available in the US (he's in Spain) and stop writing his guide to making language education courses, because it apparently violates their US patent.

What do they claim to have patented? Audio courses in which a question is asked, the student pauses it to answer, a different student on the tape answers, and then the teacher gives feedback. That's... that's apparently their patent. Clearly, something that took great R&D investment that they need a 20 year monopoly to recover. /s

Facebook post (also copied below, under cut)
Brief description, and video, on Patreon (have not watched video)

I would like to request that if you're planning on buying a book any time soon, you avoid buying it from Hodder & Staughton, or any of their imprints:

Coronet Books
Hodder Faith
Hodder Moa Beckett (New Zealand)[4]
Hodder & Stoughton
John Murray
Mulholland
Quercus
Sceptre
Saltyard
Two Roads
Yellow Kite

I'll also be contacting them to express my displeasure, declaring my boycott and requesting that they rein in their lawyers. The most promising email I've found so far is publicityenquiries@hodder.co.uk on their contact page and various personal emails from their press page, but I may be able to get a better one later. Their email format seems to be firstname.lastname@hodder.co.uk; their CEO Jamie Hodder-Williams seems to be at <jamie.hodder-williams@hodder.co.uk>. (Oh, also: Hodder & Staughton is in turn owned by Hachette Book Group, which is one of the five major English-language publishers. I don't know if it's worth extending the boycott to them.)

Mihalis is a generous and giving person who pours his heart into his work, and runs Language Transfer as a shoestring operation; his mission is to get people more connected across languages and cultures. His courses are wonderful, and he doesn't need some international bully with an asinine patent distracting him from his work.

(Please feel free to share this post, as with any of my public posts.)

Facbeook post follows, under cut:

( Text of Facebook post )

[public post]

I grew some milk thistles this year for no good reason other than that they're edible, pretty, easy to grow, and might attract butterflies. (Those seem like good reasons, except you have to balance that against "ow ow ow ow" and having to track the seedhead development to catch it before the seeds drop. I think it's still a net positive, though.)

I thinned out the crop several times, and most recently the plants I pulled had finally developed sizable spines, at least 1/4 inch. I wasn't sure I wanted those in my omelette, so I skillet-fried a test batch in olive oil, with salt. Unsurprisingly, they tasted like kale chips: Oil, salt, green, and the Maillard reaction (or perhaps caramelization, I really have no idea.)

There was a minor problem in that the spines were reduced in effectiveness, but not totally, such that I continued cooking and eating the whole plant in spite of periodic jabs in the mouth, because oil and salt are delicious.

I don't think I'd cook this for guests, except as part of $POSSIBLE_PLANNED_EVENT, and I'm not quite sure I'd even do it again for myself, but it was a nice proof of concept.

ETA: It's also possible to cook just the stems and the lower parts of the leaf ribs, which taste something like asparagus. You don't *have* to have a high pain tolerance to enjoy eating thistle. It just helps.

Yesterday I realized that my skill in Stupid Chiral Face Tricks is asymmetric:

I can raise my left eyebrow independently, but not my right [1]
I can sneer on the left side, but not the right
It turns out I can, upon attempting it, ever so slightly flare just my left nostril, but not my right (I can flare both at once quite easily)
I can wiggle my ears, and although I can't wiggle just one, I feel like I know how I would try to wiggle just my left one but would have no idea on the right
I can flip my tongue one direction but not the other

So the left side of my face is apparently way more expressive! That's cool, and weird, especially since I'm right-handed. It only seems to apply to chiral motions (motions that have left/right handedness to them) so it's not like I just have more limited range of motion on one side of face. Clearly what this calls for is... a poll!

Poll #18450 stupid face tricks (public)

Open to: Registered Users, detailed results viewable to: Just the Poll Creator, participants: 9

Handedness? (if it's complicated, just answer according to your actual hands)

Left-handed
2 (22.2%)

Right-handed
7 (77.8%)

Ambidextrous
0 (0.0%)

Briefly list any chiral facial muscular skills

Your chiral facial muscular skills are:

I don't have any :-(
4 (44.4%)

Totally symmetric (perform equally on both sides)
0 (0.0%)

Consistently asymmetric (can only use left side for all, or right for all)
1 (11.1%)

A mix
4 (44.4%)

Do your chiral facial skills correlate with your handedness?

Yes, more skilled on same side as dominant hand
1 (12.5%)

Yes, more skilled on opposite side as dominant hand
2 (25.0%)

No clear correlation
2 (25.0%)

N/A due to ambidextrous / not spending enough time in front of the mirror doing silly things
3 (37.5%)

(For reasons, I am making this a public post, but the poll answers will only be visible to me; I will then strip off usernames and post the responses in a followup. There doesn't seem to be a way to automatically publish poll results minus usernames.)

[1] I can sort of raise my right one, but only by raising both while lowering my left one.

I have a server I use to host Jabber instant messenger for brainonfire.net. I currently use an SSL cert from StartSSL, but they're known to be sketchy and I don't know how long various IM clients will continue to trust them. I'd like to set up the server to use certs from Let's Encrypt, but it's not clear to me what the least worst way of doing this is, given that the website for that domain is hosted elsewhere.

I host www.brainonfire.net on nearlyfreespeech.net, which has a nice little utility to automatically get and install certs from Let's Encrypt. The cert files end up in a place I can SSH to. The home server I host Jabber on (named kibble) just has Jabber-related ports open, and in particular ports 80 and 443 on that IP go to a different server, named toster. Here are the options I can picture:

Manually copy the certs over every 30 days. (I could start with this.)
Have kibble automatically SSH into my web host and grab the certs periodically, then install them into Prosody. (I would be *really* leery of doing this -- that SSH environment in my web host has a ton of access, and this would require passwordless SSH keys.)
Point the A record for brainonfire.net to toster, which would use haproxy or nginx to forward brainonfire.net requests to kibble, which would just intercept ACME challenges and otherwise send redirects to www.brainonfire.net just like nearlyfreespeech.net would normally do. (This is awful in several ways.)
ETA: Have a cron job on the web host copy the keys directly to kibble, into a limited user directory, and then have a cron job on kibble pick up the keys and install them. (This... might work?)

I don't think I can manipulate brainonfire.net's DNS from any of my servers (this is a good thing) and I don't think my web site can see the cert files in order to serve them up to kibble via an authenticated request (this is probably *also* a good thing). I don't want to host my website on kibble, and I can't host Jabber at nearlyfreespeech.net. Are there any other options I've missed?

Edit 2: A coworker suggested what sounds like the right way: Generate the key on kibble, sign a CSR with it, transfer the CSR to the web host. Then periodically use the CSR for cert generation, copying the results back to kibble, as in the last idea above. Much safer!

Edit 3: Success! Here's what I did:

Generate a private key and a CSR on the Jabber server:

mkdir -p /opt/keys/prosody/brainonfire.net/
(umask 077; openssl genrsa -out /opt/keys/prosody/brainonfire.net/privkey.pem 4096)
openssl req -out /opt/keys/prosody/brainonfire.net/csr.pem -key /opt/keys/prosody/brainonfire.net/privkey.pem -new -sha256 -subj "/CN=brainonfire.net"
cp /opt/keys/prosody/brainonfire.net/privkey.pem /etc/prosody/certs/brainonfire_net.NFSN-LE.key

Copy the CSR to the web host.
Set up the dehydrated ACME client config with an appropriate BASEDIR -- certs will go in here, as will registration.
Register with Let's Encrypt: /usr/local/bin/dehydrated --register --accept-terms --config path/to/dehydrated.config

Create a script (create cron job to run once a month) that will ship the certs off to the Jabber server:

CO=/home/private/sync/cert-oracle

. "$CO/dehydrated.config"
mkdir -p -- "$BASEDIR"

/usr/local/bin/dehydrated --signcsr "$CO/brainonfire.net-csr.pem" \
                          --config "$CO/dehydrated.config" \
                          --domain brainonfire.net \
                          --full-chain \
                          > "$BASEDIR/latest-chain.pem"

/usr/bin/scp -i /home/private/sync/cert-oracle/ID_certs-to-kibble \
  -P 8443  \
  "$BASEDIR/latest-chain.pem" \
  cert-recv-bof@k.timmc.org:/home/cert-recv-bof/recv/brainonfire.net/

On Jabber server, create a script (set to run daily) that will install the cert and restart Prosody if it has changed:

#!/bin/bash

src_dir=/home/cert-recv-bof/recv/brainonfire.net
dest_dir=/etc/prosody/certs

function install {
  hash_src=`sha256sum < "$1"`
  hash_dest=`sha256sum < "$2"`
  if [[ "$hash_src" = "$hash_dest" ]]; then
    echo "Not installing file, hasn't changed: $1 -> $2"
    return 2
  fi
  echo "Installing file: $1 -> $2"

  touch -- "$2"
  chown prosody:prosody -- "$2"
  chmod o= -- "$2"
  cat < "$1" > "$2"

  return 0
}

if install "$src_dir/latest-chain.pem" "$dest_dir/brainonfire_net.NFSN-LE.chain.pem"; then
  echo "Restarting prosody"
  service prosody stop
  service prosody start
else
  echo "Nothing to do"
fi

If you're looking to delete your old Livejournal posts now that you've moved to Dreamwidth and LJ continues to pile on the suck, I've written an honestly kinda crappy tool that does the job:

https://github.com/timmc/lj-expunge

It's repurposed from ljdump and it walks all your journal entries and sets the subject, body, and various metadata fields to "wiped". If someone would like to improve it (there's a TODOs list at the bottom), patches are welcome.

If you find or write another tool to do this, please feel free to link to it in comments.

Has anyone had success recently in authenticating to LiveJournal's API? In particular I'm trying to use the getevents call with cookie auth, but all I get is this:

LJ_USER="..."
LJ_COOKIE="v1:..."
curl http://www.livejournal.com/interface/flat -H "X-LJ-Auth: cookie" -H "Cookie: ljsession=$LJ_COOKIE" -d "ver=1&mode=getevents&user=$LJ_USER&auth_method=cookie"

errmsg
Invalid password
success
FAIL

(I'm trying to write a script to go back through my LJ posts, and for each one replace the contents with the string "deleted" and then delete the post. I stopped crossposting a month or two back and now it's time to clear my history there as best I can...)

ETA: "clear" auth (plaintext username and password) works. Hashtag YOLO. (It's not like any of this was over HTTPS anyhow so whatever. I'll just change the password later.)

For a few months now I've been running a Sandstorm server, which effectively produces a website with an app store. Invited users can install apps and create instances of them ("grains") in a couple clicks, including dropboxes, chatrooms, concurrently-editable documents (Etherpad), and photo galleries. There are some pretty cool sharing features, with granular permissions.

I'd like to offer this as a service to my community -- friends, housemates, neighbors, maybe a couple degrees out. I still have some work to do in making the service "safe to use" (automated backups, own TLS cert, etc. -- there's a checklist.) Beyond backups, I don't think I'll be able to promise any particular level of Availability, running it on a residential internet connection, but I do want to put some work into the other two main infosec categories: Confidentiality and Integrity.

But there's also one big step remaining: Picking a domain name! Right now I'm using the free sandcats.io service because it offers wildcard DNS and TLS certs (Let's Encrypt won't work, here). I don't want to change the domain *after* offering the service around, because Sandstorm doesn't have a way to automatically redirect if called with the wrong domain name, and I don't want to set up the necessary nginx or haproxy redirect, with the concomitant cert wrangling. Gotta do it now.

I'm thinking something like https://apps.timmc.org. Sandstorm is an unusual product, so I want to communicate "this is a lot like phone apps". (Actually, a lot more secure than phone apps, since all the apps are sandboxed away from each other.) Or maybe https://community.timmc.org since it's a community offering. AT suggested https://sandstorm.timmc.org -- make it really specific. Anything else I should be thinking of?

Profile

squirrelitude

March 2019

S	M	T	W	T	F	S
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31

Syndicate

Page Summary

Active Entries

1: Starting seeds

Style Credit

Style: Neutral Good for Practicality by timeasmymeasure

Expand Cut Tags

No cut tags

Page generated Apr. 22nd, 2019 06:26 pm

Scamperings

Recent Entries

Starting seeds

Repairing my bike bag

Accomplishments: Shiitake, candle

« Facebook [...] gave Netflix and Spotify the ability to read Facebook users’ private messages »

Arisia making progress

A disquieting thought on DW and DNS privacy

PSA: Facebook has banned discussion of sex (more or less)

Maybe don't go to Arisia this year

Change your Livejournal password; their user database has been breached [public]

Anyone want Spilanthes flowers?

Local tortilla question

Liking Kasha [public]

July 4

Request for boycott: Hodder & Stoughton books

Dubious culinary experiments: Thistle chips

Asymmetric stupid face tricks: A survey

Setting up a Jabber/XMPP IM server with Let's Encrypt SSL? [public]

To delete your LJ

Auth'ing to LJ API?

What should I name my sandstorm server?