Now powered by GitLab, Nikola, and Cloudlfare

I just finished moving my website from Wordpress to Nikola (static site generator), GitLab (git and hosting), and CloudFlare (CDN, HTTPS and more).

Why Nikola

Their attitude in the handbook is "DON'T READ THIS MANUAL. IF YOU NEED TO READ IT I FAILED, JUST USE THE THING." That's my kind of software methodology. Don't blame the user, make the system better.

It is also a great handbook that has had pretty much every question I've asked. Documentation is still essential, but it's nice if the commands are self explanatory.

It just worked to import my Wordpress site (minus comments which I "inlined" or deleted for various reasons). I did do some manual HTML to markdown conversion for pages I want to edit more.

Why GitLab

I first tried and had Nikola working with GitHub, but GitLab gives me:

  • Automatic building - I don't have to have a separate branch for output, I just git push my changes (or change on the website) - and GitLab will run a job to create my website. I know this is possible on GitHub, but GitLab just makes it easy.
  • The option to upload SSL Certs. If I need to drop CloudFlare for some reason, I can have GitLab maintain my website using HTTPS (Which I need to because I'm on the HSTS preload list).
  • Easier drive by contributions. GitLab lets you sign in with Google, Twitter, GitHub, or BitBucket. I'm thinking for suggesting changes to say a paper (or even this blog post!), that will make for a lower barrier to entry. (Of course, I'd prefer any OpenID but it's better than requiring a new account)

I absolutely love that they have their company handbook maintained in Git and public to the world (with merge request welcome!).

Why CloudFlare

CloudFlare's free plan rocks. And if I ever need to be able to handle more traffic faster, I can upgrade/downgrade as necessary.

  • Free (Good) SSL with TLS1.3 Beta too
  • Free IPv6
  • Free HTTP2

Who we trust | Building a computer

I thought I was being smart.  By not buying through AVADirect I wasn't going to be using an insecure site to purchase my new computer.

For the curious I ended purchasing through eBay (A rating) and Newegg (A rating) a new Ryzen (very nice chip!) based machine that I assembled myself.   Computer is working mostly ok, but has some stability issues.   A Bios update comes out on the MSI website promising some stability fixes so I decide to apply it.

The page that links to the download is HTTPS, but the actual download itself is not. I flash the BIOS and now appear to have a brick.

As part of troubleshooting I find that the MSI website has bad HTTPS security, the worst page being:

Given the poor security and now wanting a motherboard with a more reliable BIOS  (currently I need to send the board back at my expense for an RMA) I looked at other Micro ATX motherboards starting with a Gigabyte which has even less pages using any HTTPS and the ones that do are even worse:

Unfortunately a survey of motherboard vendors indicates MSI failing with Fs might put them in second place.   Most just have everything in the clear, including passwords.   ASUS clearly leads the pack, but no one protects the actual firmware/drivers you download from them.

Main Website Support Site RMA Process Forum Download Site Actual Download
MSI F F F F F Plain Text
AsRock Plain text Email Email Plain text Plain Text Plain Text
Gigabyte (login site is F) Plain text Plain Text Plain Text Plain text Plain Text Plain Text
EVGA Plain text default/A- Plain text Plain text A Plain Text Plain Text
ASUS A- A- B Plain text default/A A- Plain Text
BIOSTAR Plain text Plain text Plain text n/a? Plain Text Plain Text
A quick glance indicates that vendors that make full systems use more security (ASUS and MSI being examples of system builders).

We rely on the security of these vendors for most self-built PCs.  We should demand HTTPS by default across the board.   It's 2017 and a BIOS file is 8MB, cost hasn't been a factor for years.

RSS Reading - NewsBlur

Bye Tiny

Some recent hacking attempts at my site had convinced me to reduce the number of logins I had to protect on my personal site.   That's what motivated a move from the -still- awesome Tiny Tiny RSS that I've been using since Google Reader ended.   I only follow 13 sites and maintaining my own install simply doesn't make sense.
  • None of the hacking attempts appeared to be targeting Tiny Tiny RSS ~ but then again I'm not sure if I would have noticed if they were.

    Enter NewsBlur

    My favorite site for finding alternatives to software quickly settled on a few obvious choices.  Then I noticed that one of them was both Open Source and Hosted on their own servers with a freemium model.

It was NewsBlur

I decided to try it out and haven't looked back.  The interface is certainly different than Tiny (and after 3 years I was very used to Tiny ) but I haven't really thought about it after the first week.   The only item I found a bit difficult to use was arranging folders ~ I'd really prefer drag and drop.   I only needed to do it once so not a big deal.

The free account has some limitations such as a limit to the number of feeds (64), limit to how fast they update, and no ability to save stories.   The premium account is only $24 a year which seems very reasonable if you want to support this service or need those features.  As of this writing there were about 5800 premium and about 5800 standard users, which seems like a healthy ratio.

Some security notes: the site get's an A on but they do have HSTS turned explicitly off.   I'm guessing they can't enable HSTS because they need to serve pictures directly off of other websites that are HTTP only.

NewsBlur's code is on Github including how to setup your own NewsBlur instance (it's designed to run on 3 separate servers) or for testing/development.   I found it particularly nice that the guide the site operator will check if NewsBlur goes down is public.  Now, that's transparency!

They have a bunch of other advanced features (still in free version) that I haven't even tried yet, such as:

  • finding other stories you would be interested (Launch Intel)
  • subscribing to email newsletters to view in the feed
  • Apps for Android, iPhone and suggested apps for many other OSes
  • Global sharing on NewsBlur
  • Your own personal (public in free version) blurblog to share stories and your comments on them
Give NewsBlur a try today.  Let me know if you like it!

I'd love to see more of this nice combination of hosted web service (with paid & freemium version) and open source project.  Do you have a favorite project that follows this model?   Two others that I know of are Odoo and

Comments: Mihai

NewsBlur is awesome. I have been using it since the demise of Google Reader with no issues and almost no downtime. It has been getting better and better, especially the Android app.

teh 1

I tried NewsBlur a blue moon ago. How it may’ve changed I don’t know, but I’ve kept steady with CommaFeed (with a few hiccups in between with service availability in the first few years and loss of all starred items) since the demise of Google Reader. It’s open-source too:

When should i386 support for Ubuntu end?

Are you running i386 (32-bit) Ubuntu?   We need your help to decide how much longer to build i386 images of Ubuntu Desktop, Server, and all the flavors.

There is a real cost to support i386 and the benefits have fallen as more software goes 64-bit only.

Please fill out the survey here ONLY if you currently run i386 on one of your machines.  64-bit users will NOT be affected by this, even if you run 32-bit applications.

Ubuntu 16.04 LiveCD Memory Usage Compared

The latest Ubuntu LTS is out, so it's time for an updated memory usage comparison.


Boots means it will boot to a desktop that you can move the mouse on and is fully loaded.  While Browser and Smooth means we can load my website in a reasonable amount of time.


Lubuntu is super efficient

Lubuntu is amazing in how much less memory it can boot in.  I believe it is still the only one with ZRam enabled by default, which certainly helps a bit.

I actually did the memory usage for ZRam to the nearest MB for fun. The 32 bit version boots in 224 MB, and is smooth with Firefox at only 240MB!   The 64 bit boots at only 25 MB more (251), but is needs 384 MB to be smooth.

If you are memory limited, change flavors first, 32-bit won't help that much

Looking just at "Browser and Smooth" because that's a more clear use-case.  There is no significant memory  difference between the 32 and 64 bit varients of: Xubuntu,  Ubuntu Gnome, Ubuntu (Unity).

Lubuntu, Kubuntu, and Ubuntu Mate do have significant deltas, which let's explore: Kubuntu - If you are worried about memory requirements do not use. Ubuntu Mate - It's at most a 128MB loss, likely less.  (We did that to 128MB accuracy). Lubuntu 64 bit is smooth at 384MB.  32 bit saves almost 144 MB!  If you are severally memory limited 32-bit Lubuntu becomes your only choice.

Hard Memory Limit The 32-bit hard memory requirement is 224 MB. (Below that is panics) The 64-bit hard memory requirement is 251 MB.  Both of these were tested with Lubuntu.

Check out the 14.04 Post.   I used Virt-Manager/KVM instead of Virtualbox for the 16.04 test.

Extras: Testing NotesSpreadsheet

Presidential Candidate Website Survey Update

The race is now down to 5. (From 21!)

What's changed in their website setups?

Donald Trump got rid of Flash, otherwise everything else appears to be the same.

Ted Cruz went from a A+ rating to just an A (lost HSTS?).

Nothing changed for John Kasich.

Hillary Clinton went from an inconsistent server setup with many IPv4 addresses to just 1 IPV4 address.   The www. redirect behavior (from without to it) does mess up HTTPS Everywhere and ssllabs tests.     A major plus is she added HSTS to her site, so her ssllabs rating is now A+.

Bernie Sanders added IPv6 support and HSTS to the main site.  Unfortunately a sha2 intermediate certificate prevents his site from going from A to A+.  And his donation provider has HSTS setup correctly and get's an A+.

At this point in the campaign, only A ratings (ssllabs) are left!  The Democrats seem to have prioritized implementing HSTS, but neither appears to have gone for the preload list.

HSTS - Means you tell the browser to enforce SSL

You can find the raw data in this spreadsheet

I also included sub domains in this list, but it wasn't as interesting as I hoped.

Do you have any old file format images?

I'm specifically looking for: OS/2 Metafile (.met) PICT (Mac's precursor to PDF)

Also useful might be: PCD - Kodak Photo CD RAS - Sun Raster Image

I'm trying to evaluate if LibreOffice should keep support for them (specifically if the support is good). Unfortunately I can only generate the images using LibreOffice (or sister projects) which doesn't really provide a great test.

Please either: Provide a link in a comment below Email me B @ (If emailed, please mention if I can share the image publicly)

If I find the support works great I'd try to integrate a few of them into LO tests so we make sure they don't regress.


I know that the ffmpeg project has a huge set of sample images:


Maybe this is of help to you,

Take a look at the File Formats wiki, they may have links to samples:

Please contribute to the wiki if you can.

Thank you!  [Update, files are now part of LibreOffice's test server]

Packaging Notes

I've done easy fixes (debdiffs) in Ubuntu and find I need to look up exactly how I want to do a debdiff every time.   Last time I had to look at 5 different docs to get all the commands I needed.   The bug I based this on was a debian only change (Init script), I plan to update it next time I have an actual source change.

  1. Start a new VM/ Cloud instance
  2. sudo apt-get install packaging-dev
  3.  apt-get source <package_name>  ;  apt-get build-dep <package_name>
  4. cd into-directory-created
  5. Make the change (if it's only a debian/ change)
  6. dch -i   (document it)
  7. debuild -S -us -uc  (build it)
  8. debdiff rrdtool_1.4.7-1.dsc rrdtool_1.4.7-1ubuntu1.dsc > rrdtool_1.4.7-1ubuntu1.debdiff   (make the debdiff - note to me, change the name later)
  9. cd into-directory; DEB_BUILD_OPTIONS='nostrip noopt debug' fakeroot debian/rules binary  (build it)
  10.  Test it
Docs used:

My understanding is the current best practice is to use mk-build-deps, provided by the devscripts package, to install build dependencies. See

With apt-get build-dep, the installed packages are marked as manually installed and so won't be offered for autoremoval. mk-build-deps creates a dummy metapackage with the build deps as dependencies. When that generated package is later removed, so are the build deps.

Or, add "APT::Get::Build-Dep-Automatic true;" to your apt.conf to mark the build deps as automatically installed so they will be removed with the next "apt-get autoremove"

Would you crowdfund a $500 Ubuntu "open to the core" laptop?

UPDATE 2 (11/28) - We're 77% of the way to 1000.  I guesstimate we would have raised at least $300,000 if this we're a live campaign.

UPDATE - I've removed the silly US restriction.  I know there are more options in Europe, China, India, etc, but why shouldn't you get access to the "open to the core" laptop! This would definitely come with at least 3 USB ports (and at least one USB 3.0 port).

Since Jolla had success with crowdfunding a tablet, it's a good time to see if we can get some mid-range Ubuntu laptops for sale to consumers in as many places as possible.  I'd like to get some ideas about whether there is enough demand for a very open $500 Ubuntu laptop.

Would you crowdfund this? (Core Goals)

  • 15" 1080p Matte Screen
  • 720p Webcam with microphone
  • Spill-resistant and nice to type on keyboard
  • Intel i3+ or AMD A6+
  • Built-in Intel or AMD graphics with no proprietary firmware
  • 4 GB Ram
  • 128 GB SSD (this would be the one component that might have to be proprietary as I'm not aware of another option)
  • Ethernet 10/100/1000
  • Wireless up to N
  • HDMI
  • SD card reader
  • CoreBoot (No proprietary BIOS)
  • Ubuntu 14.04 preloaded of course
  • Agreement with manufacturer to continue selling this laptop (or similar one) with Ubuntu preloaded to consumers for at least 3 years.

Stretch Goals? Or should they be core goals?

Will only be added if they don't push the cost up significantly (or if everyone really wants them) and can be done with 100% open source software/firmware.
  • Touchscreen
  • Convertible to Tablet
  • GPS
  • FM Tuner (and built-in antenna)
  • Digital TV Tuner (and built-in antenna)
  • Ruggedized
  • Direct sunlight readable screen
  • "Frontlight" tech.  (think Amazon PaperWhite)
  • Bluetooth
  • Backlit keyboard
  • USB Power Adapter
Take my quick survey if you want to see this happen.  If at least 1000 people say "Yes," I'll approach manufacturers.   The first version might just end up being a Chromebook modified with better specs, but I think that would be fine.

Survey Closed.