That's the programming, config, testing stuff (for the OAuth service) more or less done. There are a couple more things I could do (mostly about pulling in client info onto the consent screen to make it much more "Example.com wants access to...", but that's not MVP, at least at this (tiny) scale.

What I need to do next is decide where it all goes administratively. Is it part of webmail (or something like my blog), or is it a stand alone service?

I'm leaning towards webmail. It's already got the login/user infrastructure (and accounts), and name recognition with the expected userbase (me and husband), I'm just reluctant to mess with it while it's working. I guess that's what branches are for.

Plan

Hang it all off the webmail domain. Webmail users shouldn't notice anything different. I'll need to tweak the paths a little too make sure that nothing overlaps, although the existence of a challenge query parameter is diagnostic of an OAuth request.

I'll need to do a migration on the webmail db, no worries, I need to get a backup/restore thing working anyway.

I'll end up with a "new client" script, the settings will all be more or less the same each time, only the name changes (and at that point I can integrate it with the new user/project script)

Scary, but doable.

The testing setup I had working for webmail (running dovecot in s container) has stopped working and I don't know why :-(.

I mean, it's clearly something to do with container networking but I haven't been name to chase it down properly. Roughly, dovecot auth should be hitting an http endpoint to validate the given username and password, but I don't think the http request is making it out of the container.

My next step is probably too break out tcpdump to see if I can trace the packets, but I want to understand how podman does it's networking first. (Specifically, I want to know how it's getting packets out of the container without an interface).

Good morning, dear reader.

I'm laying in bed with a kitten snuggled up against me, which is a good start to the day.

On the other hand, I've got a headache that I think it's caffeine withdrawal (on the grounds that I've got from 3-4 cans cola/day to 0-1).

The OAuth/OIDC stuff is coming along nicely. I've integrated the ui code into webmail without any major problems, and I'm working on replacing the local auth for the blog with oidc.

Poot, out of energy. See you later.

Depression is the suck. I'm taking my pills and I'm still laying here on the sofa unable to concentrate on programming (enough that I've taken a sick day). I'm am so done with this. I thought that I had it (depression) covered but it's still jumping on me every so often.

Anyway. I've grabbed someone's flocking code and converted it to JavaScript, but I don't like how they've done edges (which is to wrap position without wrapping neighbor detection), and I'm having trouble fixing that.

I've got the basic OAuth stuff apparently working, but i haven't been able to replace auth on this site.

$WORK is being crap again. TL has made a political choice that's going to cause trouble later (we're building a thing but we're not going to put it up for testing was we go, so it will be too late to make substantial changes when the inevitable problems surface).

No conclusions.

Looks like my latest depression flare up has calmed down a bit. Got some personal code written yesterday and some stuff for work today.

I very much enjoy writing code. I noticed recently that, for me, it maps quite well to the image of someone in their shed/basement building an enormous model railway; an endless project that could easily seem pointless to an observer, but one that helps the participant gain a sense of peace/balance.

I like the simplicity of programming. I like knowing that, so long as I follow the rules, the outcomes are known and predictable. I like building a big, complex mechanism and then watching it chug along happily under it's own power.

Ow, my teeth.

Had a bunch of fillings done on Monday, teeth are being very sensitive at the moment. Totally sucks.

Gah, that's been an irritating few days. It looks like is broken with ASP Core Oidc, in that I have to set a name for the 'nonse' (snigger) cookie. On the other hand, now I know that, I'm fairly confident that Oidc is, actually, working! Whoop!

Next job, getting the Dr Who upload thingy working.

Potential enhancements: Look at the various Hydra endpoints to make a "This is where you're logged in" page (with "Logout" options). Also, tidy up the consent page

  • Make cookies smaller.
  • Finish file share

That's not alot of a to-do list. I wonder what I'm missing?

Anyway. Sleep well, gentle reader.

File upload site got a good positive reaction, much better than I expected. Husband very much appreciated using the BBC Mode 7 font.

Need to update nginx config to allow huge uploads. Husband doesn't want an estimated time to complete. Should add a ring close while uploading warning, and make the boxes wider so there's no wrap.

Otherwise, off to the beach!

I'm feeling a bit odd - I don't have any (internal) pressure to get something finished. OIDC is working, I've done husbands file upload site, webmail is ticking over nicely.

I should probably look at one of my many todo posts, but I'm not that bored :)

Not really sure what I want to do with myself today. Husband is asleep, work starts again tomorrow. I did a bit of work on flocking yesterday, I think I'm going to go pick that up again.

I'm still annoyed about how hard it is to get hold of the real-time data from my smart meter. It's seriously looking like the easiest solution is going to be pointing a camera at my in home display.

Still not sure what I'm going to do about my old Facebook/Twitter posts. Parsing the JSON and creating blog posts is a chore, but not the problem. The problem is the conflict between "I want all my posts on one page", "gosh that's a lot of posts", and "wow, a whole bunch of these posts are hard to parse out of context".

I can default to showing one days posts (and then visitors can use the date links to go back)(and show the latest date with posts of there isn't anything for today).

I could categorise/tag posts, and only include current blog by default (I think I like this one? It makes including weirder stuff like git commits and house moves make more sense, as one could filter in/out categories of interest)

I could just cope, it's not like I've got any evidence of readers.

Teeth still hurting this morning, saw a dentist, taken some antibiotics, teeth are hurting much less. Dentist says tooth will need to come out but will argue against that.

Had a chat with my boss/manger/team leader (Hiya DK if you're reading this!), I've been taking a lot of sick leave recently (over the last year or so), enough that they're talking about maybe needing to remind me of the sick rules. Fine, whatever, but don't expect me to care.

It's just that work is so stupid! They want us back in the office, and can't give a better reason than "spontaneous collaboration", which sounds very much like gossip when pushed. They want us to be "at work" (either at home or in the office) for a fixed number of hours a week, but they don't seem to care what we're doing with the time. It's just so trivial! I guess it's one of those neurodiverse things - I hate to see the waste (of time, talent, energy, resources) that these policies generate, but worse than that is the way that everyone agrees that it's broken but nobody fixes it. I genuinely don't understand why there's so much disconnect between what people want and what people get.

Ah, well. Husband says that I need to learn to relax at work, and they're right. I'm still getting paid for this bullshit even if it is crazy.

In better news, I've been playing with Web Assembly (wasm), and it's going fairly well so far (although I'm still only at the smoke test/toy code level).

I'm using clang to compile C to wasm, and then loading it into a web page. I give the wasm VM memory from JavaScript, ABC that means I can pass data between the two. Anything more complex than numbers needs to be flattened and re-inflated across the boundary, which is a chore (but not a hard one).

Current plan is to move some of the flocking maths over to wasm to see if it's any faster, although I'm distracted by GPU.js which calls into the GPU from JavaScript. For something like "find the distance between all the pairs of points", I think it's worth looking into (although really, I should grab some 2d space partitioning algorithm and use that instead).

(Really, I should find/build a metrics framework so I can measure how much time is spent doing various bits and pieces, so I can actually compare the different ways of doing things)

So I want to make this blog an installable app on my phone. What does that mean in practice? Mostly, I think, that I want to be able to write (and save!) posts even when I'm not connected, and then push them to the backend next time I get connected. Rendering posts clientside implies a JavaScript markdown parser, which do exist but is too heavy for my taste.

I've got a rough idea of showing a marker in the offline client for "there is a post here", (although, I've just thought, I can show the raw text until it's been posted).

I'm already stashing unfinished posts in local storage, but I don't want to get confused and start thinking that's the same thing.

I've had a look at the code to check, and the on submit for this form deletes the draft and then let's the POST go through. Clearly, if POST fails then all is lost.

If I add an id to the post before submitting it, and include the id when I send back the HTML, then the frontend can tell that a POST has been successful. If I stash a completed post in local storage using the id as a key, then I can find and delete posts from storage at page load time (and re-submit any that should be there but aren't).

That's work that only needs to be done for logged in users, which is fine, I can do a server side check and only include the JS if the user is authenticated.

I can even add a <template> for entries that haven't been submitted, and render them at page load time.

Things to check:

  • How to catch a failed POST from a form submit
  • How to turn off a service worker on logout

Alrighty folks! Today is all about stats!

I want to know which (if any) of my pages are getting hits, and ideally if they're getting hits from not-robots.

I can easily add a middleware that grabs some stats and posts to a queue to be added to a db (so it doesn't slow down the main thread too badly). Question is, what should I keep?

I very much don't want to collect PII, so I can't grab raw IP. I'd like to know the difference between bots and not-bots, so I'll need User Agent (or at least, the result of userAgent.Contains('bot')). Obviously I need the URL. I'm not expecting very much traffic, so I can bucket into hours (which also helps with the PII issue).

That looks something like:

CREATE TABLE HitsByHour (
  Text Path,
  Number Count,
  Number Date, -- seconds since 1970 to the start of the containing hour
  Number IsBot, -- 1 yes, 0 no
);

I think I also want a view like:

CREATE View IF NOT EXISTS
  HitsTotal (Path, IsBot, Count) AS 
    SELECT Path, IsBot, Sum(Count)
      FROM HitsByHour
      GROUP BY Path, IsBot;

Did some research ("cat access.log") and doing a check for "bot" isn't going to cut the mustard.

Got distracted from the stats plan predictably quickly. On the other hand, I've tidied up my DNS records (mostly upped the TTLs from 5 minutes to one day, since I'm fairly confident they're correct), updated the nginx logs to include cache hit/miss and hostname (the first to see if the cache is working (spoiler: not as much as I'd like) and the second because all the hosts go into the same file and it's not clear which request is for shiv host), and verified a couple of sites on Google search console.

First news from the logs: My Windows browser uses IPv4 for one site and IPv6 for another, even though both share addresses. Weird. I'll wait a couple of days and see if it's still happening.

Life is ticking over nicely, work is boring (which is fine, better than many kinds of exciting).

I've added a calendar to the front page of the site, not sure what to do with it Could obviously link to blog day entries, could probably put in moon phases, but I don't think I'd use with of those.

Read a post today that used CSS like syntax for SVG, which got me thinking.

I'm a big fan of SVG. I love the declarative nature of the format ("Draw a circle" vs. "pixel, pixel, pixel"), as well as being able to write it in notepad.

On other other hand, like all XML dialects, it's a bit wordy. I can't find the link, but a while ago I read an article that showed how easy it is to map XML to Lisp.

Roughly, an XML node is a name with a list of attributes and children, where attributes are 2-element lists, and children are either nodes or strings.

<svg><circle x="40" y="40" r="17" /></svg>

(node "svg" () ((node "circle" (("x" "40") ("y" "40") ("r" "17")) ()))

I've had a bit of a poke at mal and it's actually feeling like it's a real thing.

I've got a few things I could do next, it needs a better UI for the repl, I could build it again in JS (to run here in the frontend), I could build it again in C and compile to wasm (to get exactly the same code running front and back), and I could handle mal code blocks with the C# engine.

The cli needs readline like stuff - at least basic cursor movement. Ideally, it would stash the environment (and history) at exit and load again at start, with some way of editing (i.e., save to mal code).

Rewriting in C would probably be a bugger, although there's always Crafting Interpreters to fall back on (it's got dynamic lists, rough polymorphism, even a garbage collector!).

Rewriting in JS would be easier, and I could use quickJS to run/test on the server (which is mildly horrific, but that's life in 2022 baby!), but I'm still on the fence about JS. It's nice that there's common language in browsers, but did it have to be that one?)

I'll have a stab at writing in C, trying to use as little libc as I can get away with (realloc, printf, probably some string comparison stuff, I'll check the book later) and see if that's a realistic option.

(I'm going to end up with Lisp interpreted by wasm calling out to JavaScript for IO. Groovy.)

Interesting, just got prompted by webmail to confirm consent. I guess some cookie/time limit expired. (I should update the consent screen if I'm going to be seeing it again)

Maxims

(Rules that may help lead a better life, not complete)

  • Mean people suck
  • Asking questions is good
  • Fixing mistakes early is much cheaper than fixing mistakes later

To remember your current position in the blog, this page must store some data in this browser.

Are you OK with that?