Using @font-face with Octopress

This is an old post. It may contain broken links and outdated information.

Octopress comes with awesome support for Google Web Fonts, which lets you quickly and easily add fonts to your web site from Google’s large library, but Google Web Fonts have their drawbacks. Using one Google Web Font will have little impact on your site’s load time, but every additional font you add to your web page increases the page’s load time, as clients must use additional HTTP requests to pull the web fonts from Google’s servers while at the same time loading your page and its contents. Plus, sometimes you want to use a (free and legal) font that’s not in Google’s library.

There’s a workaround—a CSS method named @font-face (more info), which allows you to host your own fonts on your web server and serve them to clients along with your page. At first glance, this doesn’t seem too terribly different from simply including fonts from a web source like Google, but hosting your own fonts via @font-face on a web server with keepalive is much quicker than pulling them from a separate server, as far fewer HTTP sessions have to be used to load the page and its contents. Fewer sessions means faster page loading!

While Octopress comes with a ready-made method of adding Google Web Fonts, it’s not set up out of the box to use @font-face-served fonts. However, it’s pretty easy to change the configuration!

Read more

Nginx: stable or dev?

This is an old post. It may contain broken links and outdated information.

Like most open source projects, Nginx has more than one “branch” of code—that is, more than one version available for public consumption. Ignoring platform-specific versions, the two main branches are “stable”, and “development”.

This is a common dichotomy. For projects divided thusly, the “stable” branch is intended to be a thoroughly tested, minimally-bugged, production-ready version of the application which can be deployed in real life. Conversely, the “development” branch usually has more features, but is typically a lot more rough and potentially buggy, having undergone less testing. Stable is for production, development is so that users can test upcoming features.

Read more

Securing Openfire clients

This is an old post. It may contain broken links and outdated information.

The last post on Openfire (discussing how to add SSL/TLS certificates) proved to be pretty popular, and I’ve gotten more than one request for a follow-on about securing Openfire clients—that is, forcing them to communicate with the Openfire server using only an ecrypted SSL/TLS connection rather than cleartext. In this post we’ll go through how to configure three popular IM applications to use SSL/TLS with Openfire. I’ll also add notes about how to enable OTR messaging encryption on two of those IM clients.

Read more

Embedding images in CSS

This is an old post. It may contain broken links and outdated information.

I’ve mentioned before that I’m CSS-stupid, and the practical effect of not knowing how to do damn near anything means that even small modifications to the Bigdinosaur.org main site usually involve a tremendous amount of reading and experimentation. I’ve stuck firmly to the current school of thought in web design, which is that HTML is purely for content, and layout should be done exclusively with CSS, and I’ve managed to produce a very simple but nice-looking site as a result.

However, running the site through a few web performance benchmarking sites led to a universal recommendation: use CSS sprites or CSS image embedding to reduce the number of HTTP connections necessary to load the site. Each HTTP session costs the web server a little bit of overhead (although using Nginx instead of Apache helps a whole lot with keeping the web server processes under control), and one of the ways to ensure your site loads as quickly as possible is to reduce the number of times a client has to ask the web server to send it things.

Read more

Openfire and SSL/TLS certificates

This is an old post. It may contain broken links and outdated information.

I’m a huge fan of StartCom’s StartSSL service—these days there are no few certificate authorities who will get you free or low-cost SSL/TLS certificates, but the customer service experiences I’ve had with StartSSL have been outstanding. They respond to e-mail very quickly, sometimes within minutes, and that’s what keeps me using them.

Bigdinosaur.org has been rocking the HTTPS ever since I came across this Ars Technica article a couple of years ago detailing how to get free SSL/TLS certificates for your web site. Once you start using real CA-generated certificates, you quickly realize how awesome it is to no longer have to deal with the hassle of self-signed certificates and worthless browser security warnings; I wanted a certificate for everything! The easiest way to do that, actually, is with what’s called a “wildcard” certificate, so named becaue instead of being valid for just a single host name, the certificate is valid for several. Shortly after signing up for free class 1 SSL/TLS certs from StartSSL, I went back and paid the fee for a class 2 identity validation, which then gave me the right to get as many class 2 certificates as I wanted—and, more importantly, gave me the ability to request wildcard certificates, too. Rather than deal with several certs for the several hosts that make up Bigdinosaur.org, I opted for a single wildcard certificate that covers *.bigdinosaur.org.

It was great and I installed it everywhere. The Bigdino web server uses it, my firewall uses it, postfix uses it, Murmur (the Mumble voice chat server we used for Minecraft) uses it, and even the Bigdino Openfire Jabber/XMPP instant messaging server uses it. In fact, this morning I got the notice that it had been two years since I’d generated the wildcard certificate, and it needed to be renewed. I spent a few minutes plugging the new certificate in to all the places where it needed to go, but I was a bit stymied by Openfire. I recalled going through some gymnastics to get the certificate installed on it a couple of years ago, but like a fool I didn’t write anything down, and so I had to embark on a long Google hunt to recreate whatever the hell I’d done in 2009.

Openfire makes it pretty darn easy to generate a self-signed certificate, or to generate a certificate signing request that you can send to your certificate authority, but it’s a little more difficult to take an existing certificate and import it. No small part of the problem is caused by Openfire’s web console not actually doing what you think it’s going to do when you attempt to import new certificates. Fortunately, several others have gone down this road before, and so here’s the procedure I pieced together from several different web sites and from posts on Openfire’s forum, particularly this one.

Read more

Serving Minecraft on Ubuntu

This is an old post. It may contain broken links and outdated information.

The first thing I ever saw of Minecraft was this video of an impossible waterslide which stretched up across the sky and down through footless caverns. I was entranced, and started playing shortly after that. Minecraft is primarily a sandbox game where you dig for resources and build things, all in glorious faux 8-bit graphics. Of late its creators have tried to turn it into a really bad Zelda clone, but fortunately it’s possible to ignore all the worthless stupid shit they keep adding and instead play it in the proper manner. It can be played single- and multiplayer, and while I normally hate playing with anyone online, Minecraft is my exception.

In October of 2010 I decided to download the Minecraft server application and take a stab at running my own Minecraft server, so that my buddies and I could have a private place to build things without worrying about random crazy people from the Internet kknocking down our sandcastles. There were some errors along the way, but I’ve settled on some guidelines and methods that have worked out very well for me.

Read more

Postfix, Google Apps, and you

This is an old post. It may contain broken links and outdated information.

All the cool kids have web servers, but all the REALLY cool kids have web servers with the ability to send e-mail. In days of yore, when dragons roamed the Internet and a web page with a graphical background was considered a novelty, sending e-mail from your home was as easy as setting up sendmail (or your preferred MTA) and letting ‘er rip. Things are different these days, though, as spammers long ago ruined it for everyone and made doing your own e-mail a lot more difficult.

If you’re doing your web hosting through an actual hosting provider, then chances are you already have some avenue available for your web server or its applications to send e-mail; if you’re hosting out of your basement or closet, though, like I am, it can be a little more complicated. The first obstacle is that most ISPs will block the standard SMTP TCP ports; even if you get past that (by having an unblocked business-class connection, for example), damn near every operating e-mail system in the world blacklists the IP address ranges used by ISPs for customer connections, in order to stop infected home PCs from drowning them with viagra spam.

Here again spammers have peed in the pool, because no mail server will just happily relay messages.

The solution is mail relaying, where you send e-mail to a trusted e-mail server, which then sends it on to your recipient. Here again spammers have peed in the pool, because no mail server on the Internet is set up to just happily relay messages—in fact, any mail server that is configured as a so-called “open relay” will quickly find itself blacklisted by every other mail server.

But there is an easy way that your web server and its appliations can send e-mail outside of your LAN, and that way is to relay your mail through Google. Specifically, through a Google Apps Standard e-mail address.

This is a tutorial that’s been done elsewhere in lots of different ways—googling around for “postfix gmail relay” or “relay postfix through google apps” will net you scads and scads of results. I’m going to add to the pile by going through the method that I settled on. I was interested in setting up e-mail because I wanted to be notified of changes to the Bigdinosaur.org Minecraft wiki, and DokuWiki has a nice customizable notification system.

Read more

Changing Octopress’s header

This is an old post. It may contain broken links and outdated information.

I’ve been wanting to modify Octopress’s default layout for a few days, and had time this afternoon to sit down and puzzle it out. I’m about as facile with CSS as I am with German—I can ask for directions to the closest schnitzelhaus and possibly apologize for accidentally spilling beer on someone’s wife—so this was a process involving a lot of trial and error. Changing around the background colors was easy, and I’ll touch on that first, but what sent me down an entire series of rabbit holes was trying to figure out how to stuff an image up in the title bar area; or, rather, how to stuff up an image into the titlebar area that could be styled by CSS and reflow as the page is resized. Fortunately, by staring intently at the source for both the official Octopress page and also Angelo Stavrow’s blog, I was able to piece together some results that I’m happy with.

Read more

PDFs from man pages

This is an old post. It may contain broken links and outdated information.

I’m constantly consulting man pages as I blunder about in bash, and a way to quickly reference man pages while in the middle of something else is very valuable to me. The easiest way, at least for me, is to have the man pages saved somewhere so that I can consult them without breaking away from whatever deep shell-fu I’m immersed in. There’s a quick way to convert man pages into PDFs on OS X, and a slightly different but similarly quick way to do the same thing on Ubuntu.

Read more

Easy PS1 colors

This is an old post. It may contain broken links and outdated information.

Some time back I found a nifty little function to nicely and neatly add color to my bash prompt, and to do so in a readable and easily editable way. I forget the site where I originally saw the function, so I apologize to its author for displaying it here without attribution, but it’s certainly made my life easier; I have my prompt set to display the time, the user name and host name where I’m logged in, the directory I’m in, and the root/other token. I’m a visual kind of guy, too, so I alter the user/hostname so that it’s a different color for each of the boxes I’m regularly accessing at home.

On GNU/Linux and OS X, the two operating systems I’m most frequently using, the prompt the user most often sees is stored in a variable named PS1. PS1 contains some pretty boring default values for most OSs, especially OS X, but fortunately we can make it a lot more informative and useful by modifying its value in the .bashrc file in your home directory, assuming you’re using bash as your shell—if you’re familiar enough with Unix and/or BSD to use a shell other than bash, you probably have your own ideas what PS1 should look like and probably think including colors in a prompt makes the baby Stallman cry. Or you use emacs for your operating system.

Read more