Friday, June 28, 2019

Fifty

Fifty years old. That's almost half my life gone. Half? Our first 15 years are spent learning how to be a human, then how to be an adult. I've spent thirty-five adult years so far, and I can likely expect to have another thirty to forty. That's enough time for at least another whole new career, by the way.

The second half of our lives is not the same as the first, though. Our joints wear out. Our immune systems get weaker. Old sins catch up with us. Heart disease, cancers, neurological issues, autoimmune diseases — the list of things that can get you will get longer every year.

When I started running a year ago, it wasn't just an idle whim. I'm already feeling the effects of ageing, and I can see the writing on the wall as well as anybody. I need to take my health seriously right now if I want to stay healthy and active the next few decades.

The secret of long, healthy lives isn't secret at all, of course. We know how to live long and stay healthy. Exercise, eat mostly plants, eat and drink in moderation, don't be sedentary, have an active social and intellectual life, get regular check-ups and never ever smoke.

In addition to running I've stopped drinking heavily. I had a lot of fun partying in my 20s, and I bounced back quickly from a night out. But I'm not really enjoying it any longer, and I certainly don't "bounce back". If I drink one evening the whole next day is wasted. I still enjoy a beer or two on a weekend — but I no longer drink more than that.

And yes, regular check-ups have become part of my normal life. Blood tests, dental care, EKGs and ultrasounds. I had a gastroscopy last month and it's time for my every-few-years colonoscopy next week — not exactly the anticipated event of the year, but it's a low-risk, low discomfort insurance against some very nasty high-risk conditions.

(I can get some) Satisfaction


On the other hand, it's often claimed that life satisfaction gradually drops from a high in your 20's to its lowest in your 40's. But as you continue to get older it rapidly rises again, and by the time of retirement satisfaction will surpass your 20s to reach the highest level it will ever be. I can easily believe it.

I'm certainly in a good place right now. I have an interesting, varied job that I look forward to every morning; I and Ritsuko have a close relationship and fun daily life together; and I'm free from the stresses and doubts of my younger self. Yes, I'm happier and more content than I have been in many years, and perhaps ever.

We have both marked some noteworthy milestones this year. Rather than giving each other individual gifts we decided to splurge, and got ourselves a new car as a joint birthday gift.


2019 Prius. It's blue. It's also very comfortable. And blue.

It's a 2019 model Prius, with more functions, more extras, more automation — and more computers — than you can shake a sizeable stick at. Many things, such as automatic windshield wipers and the connected Android app, are surprisingly practical. Some things — self-parking — aren't really. Some, such as the ability for the car to post updates on Line, we haven't even enabled yet.

From one perspective it's fair to say a modern car really is a complex computer system that just happens to be mobile. You have half a dozen serious computers and perhaps hundreds of microcontrollers, all connected through a hardened internal network that handles real-time data traffic in harsh environmental conditions. The wheels and engine are almost incidental.

With all that said. my favourite function — by far — is the seat ventilation. A couple of fans connected to the AC blow air through holes in the leather seat and back. This keeps your back cool and dry no matter how hot it gets. For the first time ever I can get to work in summer without my t-shirt sweaty and damp after an hour in the car. A small thing, but so very much worth it.

Tuesday, June 18, 2019

Bonsamatic Dot Com

This is a long and slightly geeky post about refreshing my home server. But I also add in a bunch of mostly irrelevant Osaka photographs, so feel free to scroll past the text and look at the pictures. They are, by the way, taken with the excellent Fuji GF670 folding camera on Kodak Ektar 100 (color); and with the Pentax 67 on Ilford delta 100 (black and white).


Nagai station, Midosuji line, Osaka.


I've had a small server at home for some years now, first only using my desktop for an RSS reader, then setting up a dedicated machine with its own public IP address. I've upgraded it once since then, but kept the installation pretty much the same. I never got around to getting a proper hostname, so I always accessed it directly through the IP address.

In March, the drive suddenly developed an issue ("suddenly" - it was five years old already) and the server went offline. I couldn't do anything about it from here in Naha, but as we planned to spend the Golden Week holiday in Osaka I decided to rebuild the whole thing when I got there. I would have to replace the failed disk, and I wanted to add more storage. Also, while the software worked it felt unreliable and difficult to maintain.


Sleepy. Amemura, Osaka.

Set up the Hardware


I got an SSD to replace the faulty drive, and an external USB hard drive for bulk storage. The computer itself - a six year old Intel NUC with 8GB of ram - is still fine, and more than fast enough for a server like this.

I installed Ubuntu server (using our TV as a monitor). The only tweak I had to do was to use NetworkManager instead of Systemd to set up my network; Systemd lacks support for PPPoE connections that I use to get my public IP address. plug in and format the external drive, and the hardware was ready.


Connecting. Shinsaibashi, Osaka.

The Web Server


I didn't want to keep the messy server set-up I used previously. To set up a real web server with a proper domain and secure connections we need the following things:

  1. A web server. I'll use Nginx.
  2. a fixed IP address. I already buy one from our internet provider.
  3. A domain name. This is the name we want for our server; something like "google.com", "docomo.jp" and so on.
  4. Set up encryption with SSL. The internet is a dangerous place these days, and we want all communication to be encrypted.

I installed Nginx from the Ubuntu repos as the main web server. It's fast, light on resources and straightforward to set up. Also, it's really well suited for redirecting requests to other applications, which is exactly what we'll want to do. I created a quick web page just to have something to look at.

Up until now I had used the IP address. I was the only one using the server so that worked, sort of, but it's ugly and clumsy, and I can't get a real SSL certificate (used to encrypt the communication between server and clients) without a domain name. Domain names are cheap, so there's really no reason not to get one for myself.


Crepe L'Oriant. Minamisenba, Osaka.

Domain Name


There are many, many domain name sellers around. They range from expensive business oriented full-stack providers to cheap sellers with hideous websites, sketchy business practices and lousy reputations. In the end I went with Namecheap, for no better reason than that they're on the FSF recommend list and their website doesn't make me want to gouge out my eyes with a fork.

Buying a domain name is very simple, and the setup is, again, fairly straightforward after a bit of googling. I got bonsamatic.com after my plant watering project a few years back. I point the "cloud.bonsamatic.com" subdomain and "bonsamatic.com" to the server, redirect "www.bonsamatic.com" to "bonsamatic.com" and everything else to an error page.

For the SSL certificate I use the amazing (and free!) "Let's Encrypt" provider. It's, again, recommend by the FSF, and let's you set up a reliable and secure certificate for your site with very little pain. You add the "certbot" repository, install the script for your webserver (so "python-certbot-nginx" in my case) and run the script with parameters for the domain names you want to use ("bonsamatic.com" and "www.bonsamatic.com"). The script then automatically configures your web server to use SSL encryption properly.

Let's Encrypt does another, clever, thing: It is set to expire in only 90 days. Sounds like a bad thing, I know, but it also let's you renew very easily by just running that script. The script sets up a periodic job that automatically checks if it's time to renew every so often. The clever thing about it is that the short expiration period forces you to set up automatic renewal, and to make sure it actually works. With a long expiration date it would be easy to neglect setting up automatic renewal, and to forget renewing it at all.

We have everything we need: a web server, a way to reach it (as https://bonsamatic.com ) and proper encryption to keep the conenction secure. We even have a small place-holder website, just to have something to look at.


HEP5, Umeda. Osaka.

Services


I'm using my server for a few different things. It is the backup target for my other computers, but this is very simple: I run "rsync" on the machines to the external disk on the server. All I need for that is a working SSH connection. I also use it for my git repositories. But again, a working SSH server - included by default in any linux distro - and git is all I need. Trivial.


Neat architecture. Nagai, Osaka.

Nextcloud


Nextcloud is a very useful "personal cloud"-type application. It gives you remote storage on the server that you can synchronise to your desktop and smartphone (there's apps for both Android and iOS), and you can share data with others using a browser or an app, very much like Dropbox. You can use it to upload pictures from your phone and share with others. But it's much more than that.

It has a large selection of "apps" you can install that add more functionality. The "Notes" application, for instance, lets you write and synchronise notes anywhere; I can work on blog posts like this one from my work computer, my desktop, and my smartphone (I'm using it right now). There's also calendar apps, email clients, image gallery viewers, collaborative editing tools and lots of other stuff.

One thing that's particularly interesting is "Nextcloud Talk". It's a full chat and video call application (using WebRTC) in your browser or using a dedicated Android app. On the Google app store it's cheap and will support the developers; but it's open source so you can also download it from F-Droid for free if you like. I haven't tested it a lot, but it seems to work well enough so far.


Complicated! Nagahori, Osaka.


Installing Nextcloud is intimidating. Like most web apps it is a complex beast with many moving parts. If you get something wrong it may refuse to work; or worse, will leave gaping security holes open to the internet. Fortunately Ubuntu has "snaps", self-contained packages with all the programs and configurations an app needs.

The Nextcloud snap contains nextcloud itself, along with PHP, MySQL and all the other bits and bobs it needs. Installing nextcloud becomes as easy as "snap install nextcloud", then edit the Nginx config so "https://cloud.bonsamatic.com" points at the nextcloud app.

I have one minor issue: Snaps are sandboxed and secure — this is a good thing — but it means that I can't give the Nextcloud snap access to the external drive. That's still OK, as I'm not storing any large data sets in Nextcloud, but I would have preferred to use the external drive for storage.


Very retro. Kobe.

RSS


I still use RSS to follow blogs, news and comics. You can simply use a standalone RSS reader without a server if you want, but then you can't synchronize the feeds across different devices. You can also use an online service (Feedly looks nice) if you like. For various reasons I prefer to host my own. Up until now I've been using "Tiny Tiny RSS" as an RSS server. I used the web client on my computers, and the TT-RSS app on my phone. It worked well enough.

But the Tiny Tiny RSS developer doesn't inspire confidence. He doesn't do releases at all, and is actively hostile to people packaging it for distributions. Instead you clone his repository whenever you want to update and trust that it doesn't break anything. The developer himself is rather abrasive and the forums are unfriendly. I really don't want to continue to rely on this software.

Fortunately Nextcloud has come a long way, and one of the apps is "News", a full-fledged RSS server and webapp, with an Android mobile client. The app itself is trivial to install: look for "News" from the list of available apps, click "install" and you're done. If you have a list of feeds in OPML format from another reader, you can import them from the settings. It works quite well on both web and mobile, and I'm not missing anything from TT-RSS. I do wish there was a "recently read" category, but that's just a quibble.


Midosuji line, Osaka.

And From Here


Setting up this server was fairly painless; much easier than the last time I did this. It took perhaps one full day in total, and that included a lot of googling and playing around. A lot of my time was spent figuring out the right domain name settings, and even that wasn't difficult, just time consuming. I also spent a lot of time double-checking that I really understand what all the Nginx and Let's Encrypt configuration settings actually do.

Next I want add some actual content to the website (I don't need a site, but now that I have one I might as well use it for something). Also, I want to test the Nextcloud Talk service a bit more; as Google is killing Hangouts this fall it might be a decent alternative for keeping in touch with family and friends.

If you have any ideas of what else I could use this server or the website for, please tell me! I feel this has a lot more potential for use.


Work is over. Relax. Nagai park, Osaka.