2020's rolling blog!

Doppio CGI examples

Blog indexRollingšŸ„ŽblogPermalink

One cannot easily understand how to use CGI with Doppio, a Gemini Server. Here I will provide some examples which may require input from a user. My language of choice is Perl but these examples should be trivial to translate into other languages. The `-T` flag indicates taint-mode and that Perl should do not allow unsafe interactions with user submitted data. You should do what ever the equivalent is for other languages.

The example yaml file suggests that `cgiDir` is absolute. This is wrong; it uses a relative path, so for me it is `cgi/`.

guestbook.cgi
#!/usr/bin/perl -T
use strict;
use warnings;

# Doppio expects header in this format
print "Content-Type: text/gemini\n\n"; 

open(my $fh, "<", "/path/to/guestbook.txt") or die "$0 cannot read guestbook.txt: $!";
while (my $line = <$fh>) {
	print $line;
}
close($fh);
print "=> ./sign.cgi Sign the guest book!";
sign.cgi
#!/usr/bin/perl -T
use strict;
use warnings;
use POSIX qw(strftime);

# checking to see if key has a value/exists (returns true or false)
if ($ENV{QUERY_STRING}) { 
	my $date = strftime "%b %e %Y", localtime;
	open(my $fh, '>>', "/path/to/guestbook.txt") or die "$0 cannot append guestbook.txt: $!";
		# write to file
		print $fh "$date: $EVN{QUERY_STRING}\n"; 
	close($fh);
	# Redirection for browsers
	print "Status 30\nContent-Type: ./guestbook.cgi\n\n"; 
} else {
	# Prompt user to give query
	print "Status 10\nContent-Type: What will you sign in the guest book?\n\n"; 
}
login.cgi
#!/usr/bin/perl -T
use strict;
use warnings;

# checking to see if key has a value/exists (returns true or false)
if ($ENV{REMOTE_USER}) {
	# in case matching does not work
	my $remote_user = "47";  
	# matching the common name
	if ($ENV{REMOTE_USER} =~ m/,?CN=(.+),?) { 
		# matching works
		$remote_user = $1;
	}
	print "Content-Type: text/gemini\n\n";
	print "# Welcome back, agent $remote_user!\n";
	# Maybe put a heredoc right here? Just an idea :)
} else {
	# Prompts the user to submit a cert.
	print "Status: 60\nContent-Type: Certificate (any) required.";
}

Scripts that prompt the user to do something will run twice, so sign.cgi and login.cgi will run two times depending on what header (the first print) Doppio receives from them and will omit anything after.

Some advice... Most (all?) languages have environment varibles, so, maybe one could have a script print out each key and the value of each key so you know what you can work with. (a hint to search `x-programming-language environment variables`)

Additional advice... If you follow the OpenSSL instructions from Doppio's github page, I recommend setting `-days` (on the second command [it has `req` and `-x509`]) to a high number because it defaults at a low number which can be problematic for a protocol that TOFUs.

10 Sep 2021 23:02:35 -0400

Jake has a Gemini Capsule

Blog indexRollingšŸ„ŽblogPermalink

Yeah, that's right, I got gemi-pilled. Only after creating a mock-up Gemini capsule (as opposed to an http 'website') do I see the value in it. Gemtext (as opposed to html) is very easy to understand and to write. It is stupid easy to create a capsule . To host this capsule I am using Doppio as it is is licensed with AGPL and also supports CGI. Gemini is a really wonderful from my perspective. Some criticisms that I have seen, for example, boasting that 'it at least has Emoji support!' (a reference to the significant lack of features that Gemtext supports including italics, bold, underline) is valid, honestly. It strikes me as odd that one cannot indicate š’¾š“‰š’¶š“š’¾š’øš“ˆ (italics) or šŸ…±šŸ…¾šŸ…»šŸ…³ (bold) but TLS is a requirement. Another complaint that I have is that you are unable to forcibly change the cursor on gemtext documents, and in this area, Gemini has totally failed... :^)

Anyway, one (you?) can access my capsule at gemini://jakesthoughts.xyz. Gemini browsers probably doesn't need to specify `gemini://` protocol. At the moment, my capsule is missing some links like to the tests page since those rely on HTML forms. Additionally, I've decided not to have a comment section because if one wanted to really respond to me they could do it with `RE: <title>` or send me an email or go to http version of my website and leave a comment.

You might be wondering 'Jake, did you really recreate your entire website in gemtext?' Sort of? I wrote a script that spits out both html and gemtext from a single file so this way I don't have to maintain two slightly different but nearly identical mediums of content which I know from previous experience would drive me insane (editing two files just to say one thing? No thanks!). A regular might notice that the website looks... the same-ish! Actually I've using the modified layout for some time. What you are seeing is what resulted from my script. Maybe you would not notice anything if I did not say anything? With my script there is considerably much less SSI usage than previously. As for the gemtext version, what you see is what you get unless your browser prettifies it. (It only occurs to me after writing the script that I could've used a markdown converter or something else rather than creating 'gemtext+'. Oh well - at least I am better at Perl's regexp now.)

Honestly, one of my favorite aspects of Gemini is plainly just text. I have read hours of text and more often than not I learn something new. I've read the most compelling argument for reducing the intake of coffee; humans have adenosine receptors (sleepy time) and coffee/caffeine jams it up, that there is a new (2010) type of connection akin to TCP and UDP called Named Data Networking (NDN); rather than telephone-pole type connections it is more like a mesh net (I've heard rumors that 7G will prioritize mesh nets). These two concepts stand out to me in particular. One is personal as I am a current coffee addict and the other strongly interests the geek within despite wishing that computers were never invented. You can also read from the... phlogs? Flight Logs? of the creators of Gemini. My favorite topic that they discuss would be about TLS.

Actually, my favorite favorite part about Gemini is how HUMAN most the text feels. Not some bland corporate website that has five ginormous images and a single line of trite text on top of the image, NO! Not `Terms and Conditions` (that I actually read) or `Accept Cookies, Click Here` or a pop up that appears when you scroll the page! You are reading what is probably a long document that was intended to be read by humans. They are almost always interesting to me because I am always intrigued by someone's compiled thoughts on something they enjoy. If what they say overall contains an essence of their Weltanschauung, then I like their blog post even more. Seldom do I regret visiting a capsule. If I do regret visiting a capsule it is because the content on the capsule is something that I disagree with, rather than because the JavaScript on a page is trying to mine bitcoin or that the website straight up doesn't load because JavaScript was disabled! With Gemini, everyone is on the same playing field. (Despite these complaints, I have noticed a lot of 'empty' or dead capsules.)

As for privacy... The Gemini Specs demands TLS so no worries about insecure data transfer. The next step for anonymizing connections would be making the capsule available via darknet links. I've read some guides to setting up Gemini to use Tor but it doesn't feel clean to me because I would have to have Doppio running twice since Doppio does not support vhost or having multiple host names. Maybe I could write a patch for Doppio but that would involve learning Java... Well, until then I will launch two Doppio servers. The issue now becomes which server listens on port 1965? They BOTH can't listen to one port! One guide's recipe was to launch a server on port 1966 and have Tor redirect connections from 1965 to 1966 which seems like the easiest way to handle it.

I can access capsules with Torsocks or with Proxychain (sometimes; the exit polices of some nodes are clearly `ports 80 and 443 only`) but how many people actually browse Gemini using Tor? Dozens? This seems like a niche within a niche (easy tracking?) but maybe there is a greater overlap than I imagine; people can be interested in more than one thing.

idiomdrottning: caffeine basics
xj9: universal basic internet
mayvaneday: gemini-tor
https://named-data.net/
09 Sep 2021 23:14:44 -0400

CompTIA sell study guides (eBooks) that expire

Blog indexRollingšŸ„ŽblogPermalink

I remember when one bought a book, it stayed in their possession and did not automatically expire. RMS's Right to Read was the first thing I thought of when the email told me that the eBook will expire in a year AFTER buying the Basic Bundle.

No where on the product page (of the bundle, where I bought it) does it say that the eBook expires even in the 'eBook details' tab. Of course, when properly riled up I looked at the eBook's standalone product page it says 'Once redeemed, eBook access will be valid for 12 months.' CompTIA sells paper copies of these books but do not mention that they expire or that they are being rented. They also do not sell the paper copy of the book in the bundles which I would have went for instead. If they are the same BOOK then why does the electronic version expire? Why don't they also sell paper copies of the book with a bundle? ... Obviously I know the answer, I am not naĆÆve. Money.

This is a PSA for those who are unaware and are looking to buy books from cert companies... and I guess other companies that sell eBooks as well. I will assume that this is a standard practice and a rule of thumb is 'companies will expire eAnything (even if they neglect to mention it on the product page) if they think someone will buy it twice.' It's not even like they priced the eBook or the physical book that differently, just ten dollars apart.

24 Jul 2021 16:24:57 -0400

Jake's Thoughts plus one year!

Blog indexRollingšŸ„ŽblogPermalink

Hooray! This website has existed for a year now! God, time flies. I remember when I was scared to SSH but now I do it everyday. I went from using a traditional web-host service to self-hosting to hosting on a VPS.

In light of this 'hard to achieve' achievement I have changed the way my website looks! It is same exact content just laid out differently, My website is now mobile friendly... -ish! Not that I had planned for mobile friendly-ness but it seemed to have worked out that way regardless.

In any case, may the next year be uneventful as this year! May the next year be full of learning and more useful :^) blog posts!

18 Jun 2021 06:19:17 -0400

IRC thoughts

Blog indexRollingšŸ„ŽblogPermalink

I've recently joined an IRC server, Freenode. I use the program known as Irssi (which I pronounce as 'Rrr-see') and it has my full recommendation. The program itself is excellent 'normie-repellent' but I cannot say the same for other clients. I use it with tmux which allows me to re/detach the session, which is particularly useful with a server that is on 24/7 so I do not jam up the chat logs with my constant leaving and joining. Plus I get to read what people have said which usually interesting.

There are a lot of channels on Freenode! It was surprising to me! I am hardly in any but the ones I do participate in, they have members that actually know what they are talking about, to a degree which terrifies me. I prefer to find things out by myself as I have been doing that for a really long time, but with a community stupid mistakes are noticed and they make really helpful suggestions. Occasionally someone can introduce you to a concept that you have never even knew existed. It is amazing! I truly and honestly wish I have been using IRC before this point. There are channels and users that have been using Freenode for over 20 years. To me, that is just mind boggling.

However, this brings me to my next point... People! People have opinions... people do things... It is just my luck that there seems to be some kind of Freenode-ending drama, shortly after I join. From what I gather... the bossman of PIA, Andrew Lee, convinced someone who owns Freenode ltd to sell it to them and now PIA bossman believes that he owns/controls Freenode's server and wants the data Freenode has and is using lawyers to get it.

Because of this development, Freenode (volunteer) staff resigned en masse and they now participate in something known as libera.chat, which is Freenode without the Andrew Lee.

It's just funny to me that shortly after I join Freenode, I experience my first and last Freenode drama which results in me leaving Freenode, possibly forever. Fair warning to newbies: Libera.Chat/Freenode does not exactly cloak your IP/Hostname on first arrival, if you care about that sort of thing. Some channels save logs which probably include your IP/Hostname, for all to see.

19 May 2021 20:40:38 -0400

Circumventing brainlet Tor block with OpenVPN

Blog indexRollingšŸ„ŽblogPermalink

This is an update to my previous post Tor Relays are NOT Tor Exit Points

I moped around for about four days wondering how I am going to word this discussion to people who don't really care about privacy at all. I wondered if I should attempt to #metoo the company somehow. You know something stupid like, "$COMPANY hates women and minorities because they do not allow them to express their plight on the internet anonymously with Tor!" I've realized that the issue isn't going to go away unless either I have a conversation with the person who put the block in place (and there is a chance he will just take a high moral ground 'you transport abuse which put US and our CUSTOMERS at risk. How DARE you. Stop putting MY servers and MY customers at risk with YOUR actions') or get a new IP address that wouldn't appear in some random Tor blacklist.

The first idea was to turn my RPi into a wifi router and when it detects an attempt to access the company's webpage it would ask a remote server to access the webpage and return what it sees. There would be communication between the RPi and the remove server at all the steps. However, this would require a wifi adapter that is capable of endless 'Netflims', 'Alyxia', and every other stupid smart-device in the house. This seemed unlikely to work or likely to be unsustainable. It is a needle which would work if the things connecting to it were just a small applications but since everything (+50 devices) need to connect to it... eh... Also, I would need know what software I will need to do that which I do not and to even search for HOW to do something like that, I would need to know the specific terminology to search for, which again I do not. So the hardware option was out. What about the software option?

I am assuming that you know how to read or that you are using a screen reader which hopefully makes it obvious where I am going with this. In order to avoid having awkward discussions with people who are unlikely to see the point of Tor (and who are going to 'ask' me to 'fix it' if I do explain it (I'd also rather them not google 'Tor' and freak out because some CNN article says only evil criminals use it)) I created a VPN which has access to the internet. This allows me to actually access the corporations website... Bastards. They caused me a lot of emotional distress.

I am somewhat proud of myself for mitigating this problem, but I wish that I did not have too. I've always wanted to have my own VPN server that can interface with the internet (I do not trust NordVPN/PIA or any VPN services that can afford advertisement) but I never expected me to REQUIRE one. Yet another discussion topic for the mythological creature known as 'job interview.'

Anyway! I'm proud to introduce https://jakes-vpn.top/, a top tier electronic virtual private network that is owned by me, Jake! I secure and protect your data from the NSA! Give me your money for 10 dollars a month and if the NSA asks me for logs, I'll tell them to shove it! Your money is more important to me than a lifetime in Gitmo! This paragraph is sarcasm NSA already has your data anyway

Also, unrelated, why does OpenVPN Connect (official OpenVPN 'app' for windows) neglect to ask for PEM password? That is really, really, dumb. There is nowhere to specify password for the key file! OpenVPN GUI however, does allow you to put a password... Albeit in the .opvn file as a parameter: askpass, which loads a file that contains the password in plain text. Really dumb.

Hopefully, this entry will not need part 3.

15 May 2021 15:40:20 -0400

Tor Relays are NOT Tor Exit Points

Blog indexRollingšŸ„ŽblogPermalink

Recently, a corporation that I am afflicted with has decided to block all access from Tor. This is fine except the fact they apparently downloaded the entire Tor database and plugged all IP addresses into their block list... including relays.

In case you don't know how Tor works I will explain it briefly, to be succinct: Guard -> Relay -> Exit Point.

Guard: When connecting to the tor network you first connect to a guard. Relay: The guard connects to the Relay. Exit Point: The Relay Connects to the Exit Point.

When accessing the Clearnet through Tor, you are given the IP address of the EXIT POINT. NOT the guard's IP address and not the relay's IP address. Server logs show the Exit Point's IP address rather than your own, hence the name exit point.

What is the difference between guard's, relay's and exit point's then? It is clear in the name: Guards are like relays except they are the first point of the connections. Relay RELAYS internet information to the exit point. Exit point is what does all the connections for you.

Yes, exit points can be used for abuse, but RELAYS have no way of telling what is abuse or not. "You are transporting the abuse to other people." It is just more than 'transporting abuse', the privacy benefits of using Tor outweigh the 'transporting abuse'; and anyone who thinks RELAYS themselves allow abuse are total brainlets. You are just punishing people who want to help increase privacy against the increasing global corporate and government surveillance states. Relay's RELAY ALL TRAFFIC which might include abuse, or it might include Muhammed complaining about his government but he has to complain over Tor because otherwise his government might cut his head off. Go fuck yourselves. I am really fuming right now.

10 May 2021 15:20:33 -0400

Alien Threat Awareness, Addendum

Blog indexRollingšŸ„ŽblogPermalink

If there is one thing that I pride myself in is the ability to be honest to myself. If I read something that makes me say "huh, that is a valid point and changes the way I view something" then my view point is changed. It is easy to do nothing after having an opinion changed... However, I believe that honesty is hard to come by and since I already schizo-rant about aliens, I might as well do it again. If someone actually did read my opinion piece regarding the alien menace and their view point has also changed, well, I might as well reflect it here otherwise what good am I? You might as well call me "Jake Piece of Crap Who Keeps 'Enlightened' Thoughts To Himself." Not that these view points are entirely enlightened mind you, just something I read and thought "yep, that is a valid point that I did not consider." And so, this is a reflection of change that I feel compelled to compile.

To start off with, aliens are not entirely bad! If they act human, enjoy the same things as humans and don't trigger some kind of 'these guys are FRICKED' feeling, then they might be good. The hard part will be determining how they are good. If the current cabal of the planet oppose them entirely then to me, they must be good. Or, I suppose, an alternative evil that even the cabal didn't think of or plan for. In which case... Hmm... Obviously, many factors are at stake here... The hardest part of this whole thing is determining if they are beneficial to humanity or not or whether we are some kind of grand plan.

Alien arrival would certainly shake a pillar of civilization but people would still go to work, possibly at WacRonald's or KurgerBing. People will still open Rikerosoft Word and Powerpoint and still do their job. Unless aliens actually overturn the 'natural order,' whatever that may be, I do not see much change in how the world works.

I've made the claim that 'good' aliens would not at all interfere with humanity and let humanity develop by themselves. When I have said this, I was still thinking in the same lines that Summers presented: 'enlightened' of some kind and the total opposite of 'bad'. I've realized that seeing the world/inhabitants-of-the-universe as 'white vs black' or 'good vs evil' or something like that is extremely subjective. While I do believe the universe has a rigid standard for what is good (what humanity considers to be good is probably bad and vice versa. Virginity v.s. Promiscuity, as an example. Which of two is good? Which one is bad? Who knows!), life is not required to follow it. Wild life kill to eat: does this make them evil, or just varying degrees of bad? This claim is like saying 'because 2+2=4, good aliens will not interfere with humanity'. This, of course, has nothing to do with the way aliens are good or bad - and frankly speaking, what exactly do I know about 'good' besides it isn't evil? Ignoring my ignorance regarding good and bad, who is to say the aliens themselves are not ignorant? You will not hear it from me! If they know objectively what is good or bad by the standards of the universe then that might be worth listening too, otherwise, it is all subjective. So, unless they objectively know what is good and decide to be as objectively good as possible, they are neither completely good nor completely bad... Probably something like humanity at best.

Previously, I've said that it would be good for humanity to reject offerings of technology from aliens. In my humble opinion, it would still be to the benefit of humanity to develop these things ourselves, but I suppose if humanity can act upon alien technology and 'turn it our own', plainly by tinkering with it and actually understanding what it does and HOW it works, then that is an acceptable alternative to me. I am mainly worry about becoming dependent on advanced technology that we did not develop; I do not want it to be used against us, if a scenario even comes to light (not that I have any control over how people handle alien tech).

I have also said that we should treat them like demons... I am not sure if human principles can apply to them and vice versa; whatever principle aliens have for us maybe totally alien to us. If we cannot be allies culturally and in other various manners like genuine friendship, then perhaps treating them like demons is a good policy, but unless they are actually hostile then I am reluctant to even call them demons but maybe at best, 'aliens'. (Aliens are indeed aliens. I am an enlightened thinker, on par with Plato.) But if they ACTUALLY understand human emotions, and in fact they too feel 'human' emotions (love, hate, etc) then that is very promising. At a minimal it would suggest that we are compatible as allies in some form, but hopefully a lot more than just 'allies'.

I've claimed that the only reason that aliens would show up is because "they think the world is so SO close to agree to join them." I still think this, but I also think that it does not have to be entirely bad. Specifically, in the manner of 'Hello there! This planet belongs to us now. Welcome to the intergalactic community! Here is your space-relay station that allows humanity and other sentient life to travel to different locations in the galaxy, including to and from Earth!" If their intentions are honest, then that, to me, is very good. Not many human beings are honest about their intentions or obfuscate it with 'tricky' language, especially from the very top. From certain perspectives, it may seem like an invasion, and I can understand that point of view... But if they did not conquest the planet from us through war then was it really an invasion? If our nukes and other atomic-like weapons do literally nothing to them and they themselves act in self-defense then... eh... Might of Right says we/the planet belong to them now.

Some people might say "they should leave us alone and let us enlighten!" or "This planet belongs to humans! They should only arrive when we ask them to!" or something that amounts to "leave humanity to its own devices." This, I sort of agree with, at least, at the moment. Maybe after a while their extended presence here will be a great boon to humanity and I will say "I wish they came sooner!" At the moment technology developed by humans serve to enslave humanity and further enact the elite's goals. I will not say alien technology will not do the same, enslaving humanity, but if the aliens are aware of the evil plans and destroy it then well, obviously, that is good. Ideally humanity would do that ourselves but I simply do not see that happening and I only see endless hell by technology developed by humanity. If you are apart of the 'the science is settled' crowd this 'primary source' is a reflection of the type of thing I am talking about: A plan to dim the sun by spraying dust into the atmosphere. A link to Forbes! So, what I am saying is, the actions and plans of aliens might be a better alternative compared to the actions and plans of the 'elite' who clearly love pain and want to put Hell on Earth. Provided, of course, the aliens themselves are not literally evil or apart of the same plot.

A thought occurs to me. If NPCs/masses/'blue-checkmarks'/reddit/etc are all rejecting aliens, then as a principle, aliens must be good or at least worth looking into from a positive light. If everyone starts saying something like "they may look like us but they actually want to ENSLAVE US!" then something has happened to their programming and they are saying this. (Ironically, by being programmed they are already enslaved. Their programming dictates that they are to be against being reprogrammed by something else. Humorous, in a blackpill kind of way.)

"Why did Jake change his opinion? Did he get enslaved by the aliens with their mind-altering techno-magic?" Maybe! The main point of all of this opinion piece is to simply reflect a change of a view point I once had. Aliens can be super cool or totally messed up. I really mean that: they can be what I described in the previous entry or they can be very cool. That is all.

Actually, that is not all. Just because they are aliens and have advanced technology does not mean that they are enlightened or anything of that sort. It just means that they have advanced technology and we do not. If they choose to 'just give us technology', then I am willing to make the argument that we are as 'advanced' as they are technologically. Spiritually is entirely a different matter. If they have psychic abilities as a result of their enlightenment (and not due to biological features) and the usage of their technology requires enlightenment, then I would say they are more enlightened than humanity. But only up to the point humanity cannot operate their technology by the same standards.

My view points in this post should be considered as subject to change.

09 May 2021 04:08:52 -0400

Basic Meditation [Republished]

Blog indexRollingšŸ„ŽblogPermalink

[This article was originally posted on June 19 2020, however, for a reason that I thought was suitable (I was worried about 'blind leading the blind') I took it down. I am republishing it because upon reading it over I do not disagree with what I have written; and in fact is hardly misleading or a bad article. RSS chads will notice that this is in fact apart of my feed which I forgot to remove but decided to keep it there as a 'secret' article. I will add to this article because it has been 10 months since writing it and I have a few more things to say regarding it.]

Meditation is one of those things that everyone should do. I will not describe the benefits or how to meditate since that information is widely avalible and likely the reader is here to 'fact check' me or wants to compare their meditating method with mine. Instead I will describe what I wish I knew when I was just beginning.

"Meditation is just sitting there and thinking."

"Meditation will make me one with God and I will be in a deep trance and I will know everything; no secret shall be hidden from me and..." NO! If you want to go into a trance then that is what you meditate for. If you want to think about a certain topic then that is what you meditate about. I used to think what is in the quotation but when I strangly 'never became one with God and knew everything' I lost motivation... and never did it again because I 'cannot' meditate. This line of thinking cost me 2-3 years.

So to be clear: meditation will not make one equal to God or something... and it really is just sitting there and 'thinking' or if one is doing 'step 1' then only observing or doing as instructed.

With that out of the way, I will describe an important part of meditation that I also wished I knew back then: GOOD record keeping.

I will share an example of what I tried in the past here.

  • Concen trabum(?) | Aug 3 | 6 in morn
  • "I see myself in the Astral World."
  • I was am attempting to astral going to Astral Project by mere will and stubberness.
  • I don't know how long I said that.

Issues: I cannot accurately tell what was wrote in the top left unless I look at other entries, date has no year in it, '6 in morn' is not accurate enough. Despite noting that it was '6 in morn' I did not know how long I said "I see myself in the Astral World." Also, meditation does not give you super powers so I was unable to astral project (though perhaps in due time I may be able to astral project straight from meditation... meditation beginners like me really should just stick with 'sitting and thinking').

An example of better record keeping similar to the one I keep:

  • June 17
  • 12:20PM - 12:43:~43PM
  • Disturbances: Neiughbors dog was barking, text message notifications, non stop chatting in mind, suppressing yawns, extreme itch on hand. Sucked into thoughts 13 times
  • Note: I keep interacting with thoughts, need to observe only. Got 'sucked into' my thoughts 13 times. Don't sit on foot. Itch on hand was hard to ignore but it went away eventually. Consumed like 3 cups of coffee prior to.

This is better but it I forgot to add the year. 'Sucked into' may be confusing to outside readers but I know exactly what it means. It appears that getting 'sucked into thoughts' every 2 minutes is an issue in this example record so I ought to work on that... (inhaling through nose and exhaling through mouth reduces that number by a significant margin I find). I use disturbances to list the disturbances immeditally so I don't forget and I use note to note things of interest or better explain some disturbances.

One can clearly see the advantages of good note keeping vs ... bare minimum note keeping. With that I will end the blog post on the topic of meditation.

I have added another RSS feed called Media RSS. It is meant for media topics like games, anime, art... etc. RSS Feed links. [ignore this paragraph for it is totally wrong]


After about 10 months, I still have to agree that good note-keeping is good. How one takes their notes doesn't really matter as long as you mention things that you have experienced/felt/saw. This is a good habit to have since it tracks your progress with meditation which is important. Once you are able to break the 1 hour mark it is... When you go into the 'meditation pose' you will find that your body automatically relaxes, which was surprising for me, and that meditation becomes easier and easier. I feel dirty if I do not meditate for more that 1 hour a day and worse if I do not meditate at all. I don't think I've ever felt 'body happy' before until the first time I went over an hour. It is different from 'head happy' where you see a dank meme and laugh. 'body happy' is... I felt totally at ease, happy, peaceful... I couldn't stop smiling. It seemed to radiate from my body rather than my head which is why I call it 'body happy'. The world itself would've been unable to remove the feeling.

It is more than just tracking progress that you want to jot down what happens during mediation. It is common knowledge that people 'enlighten' from doing meditation; if something comes across your mind while meditating then it is a good idea to write it down, lest you forget it.

A very good point I wrote which I will write again because it is just that good, it is a golden nugget of truth: Meditation is just sitting there and thinking! (or not thinking at all)

You CHOOSE what you want to do when meditating. Want to silence your mind? You do that. Want to visualize things so that your visualization skills get better? You do that. Want to merely be aware of all things that occur while you are sitting? You do that. Want to discuss something internally? You do that. Want to count to 60, x number of times? You do that. Want to go really deep and into a trance? You do that.

There are a lot of things you can choose to do while meditating. Of course, if you are brand new, you should just meditate until the internal mental chatter and visuals (if any) are not overwhelming, but also up to you of course.

I really like mediating, more than I did 10 months ago. If it were up to me, mediation would be taught in schools.

30 Apr 2021 09:09:57 -0400

Bloat-free WOTD

Blog indexRollingšŸ„ŽblogPermalink

I've recently signed up for a WOTD (word of the day) program, naively believing that the resulting emails will simply be a pretty form of "word" : "definition". Instead, I receive an unbelievable massive amount of HTML that is nearly unparsable by the human eye which causes me to open the email in a browser.

Upon opening the email (in a browser), I am pleased to note that there is indeed a pretty form of "word" : "definition", but I am extremely displeased by the ads and external links.

I kind of have a feeling that this is 'standard practice' for this kind of thing, so I went ahead and created my own WOTD program. Unlike, what I assume is standard practice, you do not need to sign up with an email and in fact you do not receive an email at all. It is a matter of you subscribing your RSS client to the feed. Look mom! I'm fighting big tech.

You can view the WOTD program with your RSS client and your browser at appropriately named links: wotd.xml and wotd.html, respectively.

Occasionally some definitions will be "See 'x'" ... Yeah, I don't feel like doing anything about that. Enjoy!

14 Apr 2021 07:58:42 -0400

Dnsmasq and OpenNIC

Blog indexRollingšŸ„ŽblogPermalink

I've come up with a method that will work 100% of the times with accessing OpenNIC tlds (provided the upstream DNS doesn't catch on fire) and allows me to access ICANN tlds. As you probably have figured out from the title, using dnsmasq. I know this method works because I forgot to mention it on my humble blog because it works and didn't bother me until I realized that upon reading my previous blog post that, it warrants an update.

When I say dnsmasq, I do not mean NetworkManager's implementation of it. If an enslaved dnsmasq works with NetworkManager using my way of doing it then that is good but I am running a separate dnsmasq process that is not enslaved. I will go ahead and say NetworkManager will fail to run if systemd-resolved does not work so you will need put under your [main], 'dns=none' and 'systemd-resolved=false' in a NetworkManager's conf file. This stops NetworkManager from turning on systemd-resolved and it won't do some weird self DNS stuff. Additionally, in my previous post I made a suggestion about [global-dns-domain-*]. Just ignore it. It only works when it wants to and doesn't even store a local cache as far as I could tell.

In my /etc/resolv.conf my upstream DNS is 127.0.0.1 and ::1. My computer queries the DNS server located at '127.0.0.1' or '::1' on port 53 and if neither have an answer then the DNS server ('127.0.0.1' or '::1') asks it's upstream DNS servers (as determined in it's config file) for an answer.

In my /etc/dnsmasq.conf I have the following:

  • server=35.35.554.453 (ISP dns server)
  • server=/geek/libre/fur/cyb/chan/epic/neo/glue/parody/oss/pirate/indy/dyn/bbs/gopher/o/162.243.19.47
  • server=/ti/uu/te/ku/ko/rm/5.45.96.220
  • server=/null/oz/188.226.146.136
  • server=/lib/bit/coin/emc/bazar/185.122.58.37

Dnsmasq goes down the list of dns servers from top to bottom to try unless it is told to stop by a DNS server. Normally, when trying to access .geek tld, my ISP's DNS server would tell dnsmasq to essentially, just stop seeking I think (no idea what is actually happening behind the scenes). But with the /geek/.../162.243.19.47 thing dnsmasq directly queries this server rather than go from top to bottom. If that server gives dnsmasq an answer then dnsmasq stores it in its cache! You can determine if dnsmasq is caching things with the dig or the drill command.

'o' tld does not work and I don't know why. Somehow they're using a github repository as a DNS server? How do you query that? I've already added a bunch of other tlds that aren't OpenNIC with my config file. Good luck finding any non-OpenNIC websites though! You will need it. Grep.geek doesn't crawl through New Nation's tld (.ti (tibet), .uu (uyghur), .te (tamil eelam), .ku (kurdish), .ko ('internal use'), .rm ('private use') so if there even is an actual domain associated with these tlds (there is a shockingly very good chance that there isn't) I haven't found them. Grep.geek has crawled through some .fur websites ... It seems that the only person who uses the .fur tld is the same person who runs the tier 1 DNS server(s) for the tld. Through more work than should be required, I can confirm that bazar tld is being used, at least by one person.

07 Apr 2021 09:43:15 -0400

free* webhosting! (April 2021)

Blog indexRollingšŸ„ŽblogPermalink

Hey you! Do you want free webhosting? Yes? Great, I am offering free* webhosting for a limited time! Thats right, hop on your html5 compatible browser and go to http://free.jakesthoughts.xyz and start filling out the forms! What are you waiting for?? Don't delay! Get free* webhosting today!1

Oh, what's that? You're worried that the consequences of my actions will be far too much for me to bearšŸ»? Ha! Nonsense! I LAUGH at such a preposterous idea! I am a certified!TM professional webdev with about 1 months of experience (so many!). I am very qualified!TM to handle your BORING plain html/css/js website. :^)

Oh, you didn't like my joke? Oh, you will just use Neocities instead? Yes, I suppose that is good: since they do offer 1GB of space whereas I only give you 50MiB of space; since they serve websites basically immediately whereas I am self-hosting this; since they make managing your website VERY easy whereas I expect you to either learn or be good at it; since they do other things as well... that I don't remember.

B-but! Neocities does NOT offer server side scripting, DO THEY? (they don't.) Neocities doesn't give you PHP, DO THEY?? (they don't.) Well, I do! And, I allow you to upload any kind of file that you want (as long as the contents of files doesn't have an arrangement of bits and bytes that would cause a violation of US law. I'm self hosting this you know!)

"This seems too good to be true." -You.

Yeah. Yeah it does. You have to deal with me. That might be the downside to this: I am not an expert at this but I feel like I can handle about... 20(?) websites easily. Maybe. I have about 10Mps up, which I predict will be the bottleneck in this project but we'll see. If my home internet becomes slow I will stop allowing new people for sure. The main target demographic is people who want to use SSI, server side scripting, MySQL (I will add this... 'soon'), and other server side features as long as it isn't too heavy on the system. Basically, I want to get good at this stuff for the hypothetical job interview.*

I also wanted to do this because I thought it would be a lot of fun! Setting up the processes that automate most of my work was definitely fun. I've done some stuff I that I would describe as clever so your website should should be safe from people who are logged in/rouge scripts, specifically, itk module. Each virtual host has its own userid and groupid assigned to it so basically, if something on your website gets pwned it shouldn't affect the rest of the machine. I even set up your login inside a working chroot with many things that you will probably need. Apache is chrooted as well, of course. If you need/want some features then I am totally cool with it, all get them.

>inb4 chroot not secure

I also wanted to do this because running my own website is literally the easiest thing in the world. I wanted to make it more 'challenging' which is adding features that paid-for hosting would give you, like SQL databases for example which I do plan on adding. It is worth mentioning that I have never actually used a SQL database before so if setting it up is a pain in the ass it may be a while before it is accessible. I'll keep in contact with people who want it, if they want me to keep in contact.

I will explicitly mention: for those who came across this page through a search engine result, please note the date that this was posted.

Don't delay! Sign up today! http://free.jakesthoughts.xyz

01 Apr 2021 07:13:09 -0400 *Edited 03 Apr 2021 (removed off-topic musing regarding job interviews and job requirements.)

iptables, tor, hidden service

Blog indexRollingšŸ„ŽblogPermalink

A short one, probably.

Iptables is fun tool to learn. But something that wasn't fun to learn was realizing certain information required a specific search phrase, in this case 'iptables tor hidden service'. Think of it: there are things I have wanted to know about but because I wasn't sure how to phrase the search or because I was unfamiliar with the lingo (and thus was completely unable to search for it albeit in vague terms) I had to pass on it or come up with my own idea on how to implement it. Sad!

Anyway, here is a* recipe for getting your hidden service to work with iptables:

iptables -A OUTPUT -j ACCEPT -m owner --uid-owner tor
iptables -A INPUT -p tcp --dport 9001 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 9001 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 9050 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 9050 -m conntrack --ctstate ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 9060 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 9060 -m conntrack --ctstate ESTABLISHED -j ACCEPT

In this set of instructions... port 9060 is the socks port that my hidden service is listening on. I've separated my relay from my hidden service because the relay hits the cap often. I'll just assume you know how to work out the rest on your own! :)


For more information: iptables tutorial, arch wiki, linux questions forum.

* There are more than just one to do something. If anyone knows what ports Tor actually binds to when going outbound please let me know.

29 Mar 2021 07:07:47 -0400

You can directly access ipv6 addresses with web browser

Blog indexRollingšŸ„ŽblogPermalink

It is true! Example:

http://[2603:900b:207:7100:dea6:32ff:fe60:265f]/

It is also ugly as sin. You can specifiy ports as well, after the bracket.

That page is my own IPv6 address. Currently, it will 403 on you.

17 Mar 2021 18:22:00 -0400

Using OpenNIC to access alternative tlds

Blog indexRollingšŸ„ŽblogPermalink

To begin to access tlds that OpenNIC offers is quite simple really; modify or tell the program(s) that modifies /etc/resolv.conf to use OpenNIC's DNS's as its upstream DNS.

I predict three responses:

  • "Huh?"
  • "Ah, I see, I understand now" (doesn't understand at all)
  • "Ok"

From personal experience... Let me just say, NetworkManager makes it difficult to set your own DNS stuff. For about three days I was trying some strange combination of NetworkManager and dnsmasq and couldn't get it to work. I mean normal networking was fine, but accessing domains with OpenNIC tlds simply was not happening. What did work 'sort of' was creating a file in NetworkManager's conf.d/ directory called dns-servers.conf and putting in OpenNIC's DNS was well as my ISP's DNS under a header(?) called [global-dns-domain-*].

This sort of works, meaning that sometimes I simply cannot connect to OpenNIC tlds which causes me to restart NetworkManager and my browser. However, due to this method, there is NO caching. I have to query DNSs every time I want to resolve something. Obviously, not good, but at the moment it works. I will work out the kinks later, I feel kind of bad for querying things that should already be in my cache.

Anyway... http://jakesthoughts.geek is officially a website! (I serve the same files as my .xyz tld, you are not missing much). You might want to keep this topic in mind (OpenNIC, the tlds, etc) when ICANN mafia decides that they are arbiters of justice and must start yoinking domains left and right (you don't want little Timmy being exposed to unauthorized anime, do you?).

08 Mar 2021 03:47:46 -0500

Noticer Noticing IPv6

Blog indexRollingšŸ„ŽblogPermalink

This will be a small one.

I've noticed that all of the devices connected to my WiFi router have their own IPv6 address (if they support it) and that when accessing the internet that is the IP address that gets logged in remote servers (if they support IPv6, of course). What this means is, when banning IPv6 addresses, there are a lot more devices that could connect to you from the same house. For some reason my main computer has two IPv6 addresses. One stays static and the other changes but I am unsure of the frequency of changes.

If/when IPv6 becomes the de facto standard, the implications of this can be... spooky. Who is assigning the IPv6 addresses to each of the internet devices? The ISP most likely (albeit through an automated system). This seems like it can be used in a way for an ISP to be able to tell if there is a new internet device connected to the router (if Mr. Hacker Man accesses your router to do bad shit it will have his own IPv6 address which would hopefully aid you legally, somehow [probably not, gotta keep that conviction ratio up!]. Thinking more about it, if Mr. Hacker Man connects to a lot of random routers... they all have to get their IPv6 address from the ISP so the ISP could determine stuff about the device if they wanted to, maybe, idk, I do not know anything about assigning IP addresses*). A way of mitigating this, I suppose, is to attach your own router to the ISP's router and have all of your devices connect to your router. If my thinking is correct and there is a very good chance that it is not, it should seem, to the ISP router, there is only one device connected? Maybe some kind of communication between routers will tell the ISP router that there are 'x' devices connected to it and each need their own IPv6 address.

Oh god, imagine this: every virtual machine gets it's own IPv6 address. Hahaha, try to ban each one if someone wants to grief your website or something. I don't fucking believe it. I did that as a JOKE. My virtual machine has it's own IPv6 address. Two of them in fact, different from the host machine. And my other virtual machine has two IPv6 addresses... AND THE OTHER ONE DOES TOO. Apparently IPv6 addresses grow on trees or something! Ok, I did a search and discovered that there are 340,000,000,000,000,000,000,000,000,000,000,000,000 IPv6 addresses*.

With that in mind, banning IPv6 address will be... Why even bother? It is so easy to circumvent IPv6 bans. I did notice however, when I did a look up on each, it pretty much put it in the same area that I do live in so, so banning by up looking location might be effective short term..... depends of course.


* One of these days I will actually learn something about networking (haha WiFi adapter goes blinkblinkblinkblinkblinkblink)

25 Feb 2021 22:26:11 -0500

Audiobooks are dangerous

Blog indexRollingšŸ„ŽblogPermalink

They won't stab you, true, but they also won't encourage you to think. These days when people are 'bored' they open their phone, but you can't do that while driving. So, here comes a solution: a book reader that talks to you while you drive, now you can't be 'bored'. Perfect solution! That is if, you are a NPC.

This is what NPCs do: "Oh noooooo, that sucks! I'm alone with my thoughts! Normally I'd be watching TV (for HOURS WITHOUT A BREAK) or scroooolling on my phone but now I'm driving! Now I have to be alone with my thoughts!! Oh noooooooooooooo! Oh wait! I don't have to think thoughts, I can just listen to the voice of God audiobook, so now I won't ever gain an internal monologue! Yes!"

Obviously, since NPCs don't think, the last paragraph couldn't happen: they feel and use their brain's logic powers to help them express their feelings. Their feelings can be complex and have many interacting components which their brain typically is able to handle. In the case of an audiobook, it is simple: "I'm bored. Audiobook relieves boredom. I listen."

Audiobooks prevent the NPC from forming his own thoughts because the audiobook occupies the NPC's mind with what the speaker is saying. Likewise, the TV and the phone prevent the NPC from thinking as well since they are preoccupied with the activity. Being bored inspires you. It causes you to do something to relieve it, ideally thinking about anything. This is why audiobooks are dangerous. And the TV and the phone. I am probably barking up the wrong tree here. Obviously, audiobooks can be useful, but do not use them to relieve boredom. Also, obviously, this rule is not black and white. The blind for instance might as well ignore it, maybe. In all the years of my life I have never seen a braille book, so I will just assume they are extremely rare.

Since I brushed the topic of NPC and seeing that I am not an NPC (probably), it might be beneficial to explain the 'other side'. This is my thought process: I have an idea, I have a feeling about the idea, I express/explore the idea the best way I can (usually to myself), I have a feeling about the way I expressed/explored my idea (can it be 'better'?, etc), I reevaluate the way I feel about the idea when expressed/explored, and regardless of the result I ask myself "do I agree with this idea and the way I expressed it?" As you can see, I am not an NPC. Seriously, what NPC would accidentally express his feelings of his insecurity about being a NPC by using the logical part of his brain to express how he is NOT an NPC? Definitely not me... :^)

Ah, but if he actually has enough self-awareness to realize someone might 'read-in-between-the-lines', he might just make a joke which would cause the attack (at least from that angle) to be less effective while at the same time stroking the ego of 'not-NPCs' (NPCs who believe they are not NPCs and their identity revolves around the fact 'they are not NPCs') who 'realize' the 'joke' is about him being a NPC because he is scared of confronting the fact that he might be one and does not want to question it or go down that line of thought which would ironically be a starting point in becoming a real human being. Truly, he is a smart man if he does that! By the way, totally unrelated, not sure if you can tell, but my IQ is at least 3 (three) digits.

Ah, AH! But if he actually has enough self-awareness to realize someone might 'read-in-between-the-lines-IN-BETWEEN-THE-LINES' then... no, no, he's just a NPC, so that wouldn't happen.

The Socratic method is how I found out some people in my life probably haven't had an original thought before and act primarily on semi-controlled emotion. I am not saying that it is bad to be an NPC. If they are good people and the emotions they possess causes them to be altruistic of sorts then maybe they are better than 'not-NPCs' and genuine people. Asking pointed questions to myself reveals things to me, which sort of requires extreme honesty which NPCs are incapable of possessing.


I should have mentioned this earlier: I now have a new secure GPG key, if you care about that sort of thing.

I have made my website slightly more accessible for the blind/hard-of-sight/people who use screen readers. I am aware that my comment form need some improvements. I am toying with the idea of adding an 'audioblog' file along with each blog post so that people can listen rather than read.

19 Feb 2021 21:42:31 -0500

Thought-ception

Blog indexRollingšŸ„ŽblogPermalink

I am finally happy enough with how I implemented comment system on my blog. It was possible to leave a post on my blog for a while, but now I am finally talking about it.

You can find the source codes here (jcs-v08.tar.gz) (NSFW, super ugly code). Feel free to use any of them! Or do not, I don't care. Actually, if you want a comment system I suggest you make your own as that is a lot of fun and you learn some stuff about coding, html, and css. Be sure to understand what tainting is and how to untaint user submitted info.

Both scripts do one thing: comment.cgi reads comments, and post.cgi writes comments. Diligent observers will notice that my guestbook, guestbook.cgi is actually a different script. It is a modified version of comment.cgi with hard-coded values.

How do they work? Both read and write plain text files. Each comment is kept on one line. Substitution is heavily used by comment.cgi to make comments appear presentable. Both are written in Perl. I did not go for a database type of system as that, at least to me, seemed super overkill. Keep it stupid simple (KISS), as they say. My code has references to files like 'comment_form.html' and these are files which allow me to edit them and they get reflected without me editing the script itself to print html code which is an annoying hassle. The form allows post.cgi to work. Since I use SSI, all of my blog pages has this line of html: <!--#include virtual="../comment.cgi?blog=some-blog-post" -->. In this example, comment.cgi would try to load 'some-blog-post.txt'. It would replace and put 'some-blog-post' as the hidden blog value.

These scripts are definitely abuse-able in some way. I know for a fact that the following will work:

curl -d blog=guest -d captcha=thoughts -d comment=this-is-a-comment https://jakesthoughts.xyz/post.cgi

This leaves an entry on the blog post 'guest', with the correct captcha, and a comment. A way to deal with this would be to roll out some kind of real captcha system or maybe if I wanted to make things hard, store IP addresses in logs and monitor the rate of commenting. I'm sure my meager website won't attract the attention of people who would automate the one line of code to run a thousand times... :). Well, since I decided to share that useful tidbit I guess I better think of some kind of captcha system that I could implement easily...

comment.cgi could create a file in '../tmp/captcha/' with the correct value and post.cgi can compare the values between the file in '../tmp/captcha/' and the user submitted value. The user submitted value will need to be untainted because comparing something like 'rm -rf /' may end badly for me. The main issue with it is there will be a lot of files created in '../tmp/captcha/' that will remain basically unused from people just looking at each blog post. A crontab might be able to clean it all up at the end of everyday depending on when the file was created. This would work and should not be that difficult to implement.

Issue then becomes what should the captcha be? It cannot be something hard-coded, or if it is then there has to be like a million hard-coded values as spam scripts could have only one captcha value and could get lucky enough times to spam... In other words, if I have 100 captcha answers, and assuming spammer is lazy, the spammer can have the script try one answer repeatedly without stopping for hours WHICH WILL WORK. Maybe some automatically generated math questions could work. Assuming the spammer is dedicated the spammer can easily write a script to circumvent that. Maybe I could ask things like "What country is Rome located in?" but then the spambot can search for that and return some answer. I am becoming aware of the fact captcha is not easy create efficiently without also impacting user experience. Maybe I could do something where images spell something..? But that is what 90% of other captcha systems do!

Well, I won't fret about it until I need to. That is it for this blog post. If you feel like you want to break my website through my comment section, do it with loveā¤.

05 Feb 2021 16:50:11 -0500

2020's rolling blog!