Here's a simple fix that works. Why don't they just fix it already? This has been driving me mental across multiple distros for ages on every box I have. There's just no excuse to leave an obvious irritation like this sitting around for years. But that's what you get on Linux.

I put together some scripts to set up a dockerised PHP-Apache2 environment. Dockerhub actually has official images for this, but the problem is that they don't include the GD2 image library, you have to compile it in yourself. So, my scripts do that. They also create a persistent volume via a bindmount on the host machine, so that you can freely remove or rebuild the webserver container without losing your website data. 

Tuskfish 2.0.5 is a maintenance release with no new features, but updates to third party libaries (Bootstrap 5.2, DICE 4.03, FontAwesome 6.2, HTMLPurifier 4.14, jQuery 3.6.1). It includes one bugfix: .png compression was misconfigured (off), so automatic thumbnail generation in templates will now return vastly smaller file sizes.

Tired of paying for a commercial VPN? I set up a private WireGuard VPN server, running in a Docker container on a cheap virtual machine I already have with Linode. No need to pay for additional infrastructure! It works straight out of the box, and is fast and simple to set up. This article closes a few gaps in the documentation that might slow you down. Set up time was about 10 minutes, including configuring client devices. It's a nice facility to have, and is so lightweight you can run it on existing infrastructure without paying anything more.

In a blog post annoying titled Heroku's Next Chapter, Heroku's General Manager has announced they will discontinue their free plans. On 28 November they will reduce free resources to zero and start deleting hobby-dev databases. Yep, they are going to bin your data with no warning other than an email, to "manage fraud and abuse". The good news is that you don't need them. Get your virtual machines from a cloud provider and containerise your apps with Docker instead. You'll never look back.

The marketing materials lean heavily on its ‘advanced security features’, but TLDR it doesn’t have any, unless you think VPN capability is something special. It’s just a small, portable wireless router that can accept a WIFI signal as its WAN input. So you can use it in a coffee shop and have a firewall between you and their network, but the firewall is just like any other home router firewall. You can forward ports and so on, but that’s about it, and it doesn’t provide any visibility into the traffic or what’s going on. Sadly, it does not support DFS channels (52-140) on fast 5GHz WIFI, so it is not compatible with any access point using them.

The Firewalla Purple brings firewall management to the masses: It has a great GUI that makes it easy for less-technical users to see what is happening on your network and to manage devices. Firewall rules are easy to set up and content filtering policies can be toggled on and off by device or group. There are a few minor shortcomings but the feature set is still being extended. The Purple is an excellent device for managing small networks and the online activities of children. However, it is highly overpriced.

Trying to find truly free stock photos has always been painful. Usually, the available 'free' resources come with unwieldly terms such as the requirement to publicly attribute the source or acknowledge the author. Now I fully support the Creative Commons licenses for literary works, but you just can't plaster attributions across the artwork for a brochure, website banner or logo. It's not an appropriate model. Recently I stumbled upon unsplash.com, a stock photo site that is actually free, has a remarkably permissive license, and is also excellent.

Tuskfish 2.0.4 brings a user management module, which allows you to enrol trusted users in an Editorial role, so that they can create and edit content. The core structure has been refactored to improve modularity for development of new extensions. Internal login checks now test admin status against a surrogate password hash, rather than a simple session flag, which is a small security improvement: If an admin/editor changes their password at any time, any existing logged-in sessions are rendered invalid.

Running a Raspberry Pi from an SSD is a lot faster and more reliable than from a flash card. But how to move the OS to the SSD when you don't have access to the desktop utilities or an external M.2 enclosure? TLDR: Boot from a flash card / desktop version of Raspberry Pi OS first, use Raspberry Pi Imager utility to copy your OS of choice onto the SSD, and change the boot order to SSD-priority using raspi-config. You can then get rid of the flash card entirely or keep it as a backup OS.