Latest posts

Running a Raspberry Pi from an SSD is a lot faster and more reliable than from a flash card. But how to move the OS to the SSD when you don't have access to the desktop utilities or an external M.2 enclosure? TLDR: Boot from a flash card / desktop version of Raspberry Pi OS first, use Raspberry Pi Imager utility to copy your OS of choice onto the SSD, and change the boot order to SSD-priority using raspi-config. You can then get rid of the flash card entirely or keep it as a backup OS.

A demonstration of Tuskfish's mapping capabilities. This track was recorded on my Garmin Forerunner 245 watch, as I drove back from Batemans Bay on the south coast to Canberra. The map is automatically generated from an exported .kml file of the track, which Google Maps can put bounds around. The tracks are downloadable so others can use them on their own devices if they wish. You can also prepare maps in Google Earth or Google Maps itself.

The Installation Guide and User Manual have now been updated for Tuskfish CMS V2. An updated API and Developer Guide will follow soon!

The user manual provides a comprehensive guide to Tuskfish CMS operations. It covers all all aspects from installation to adding and curating content, managing site security and customisation of themes. For additional information on how to customise Tuskfish please see the developer guide.

Tuskfish 2.0.3 brings compatibility with PHP 8.1, so if you want to wring the last few milliseconds of performance out of your site, use this version. New features include support for embedding Youtube videos, a sitemap generation facility, a 'minimum views' preference before displaying the views counter, and a live character counter for the meta description field. Third party libraries have also been updated, including adoption of Bootstrap 5.1.

To robbery, slaughter, plunder, they give the lying name of empire. They make a wasteland and call it peace.

- Calgacus, 83 BC

Most tutorials about dockerising Golang apps tell you to use the Golang image as the base so that you can compile it. Don't do that! Why would you want hundreds of megabytes of unnecessary cruft in your image, when you could just have a tiny standalone binary, running in a container by itself? Build the binary on your development machine with a flag to statically link required libraries, and copy it directly into a scratch image. This will give you a wonderfully small, portable image with a minimal attack surface.

Update: I have an additional (as yet untested) solution: Use an access control list to grant an exception to the webserver user (www-data) to access the TLS private key. This should allow you to follow good practice in running the Docker container as a non-root user (eg. www-data), while maintaining standard restrictive root privileges on the key. The other solution, which I am running in production, is to put an NGINX reverse proxy on the host machine in front of the Apache container, and terminate the TLS connection there. If this proves workable, it is hands down the easiest way to solve the problem.

At time of writing, all other "solutions" on the internetz either tell you to weaken the file ownership permissions, or run the container as root, which you should not do. Even the official docs example doesn't explicitly set a user...which means the container will default to running as root.

php --ini

You're welcome.