I made an nrk thing

Have you ever wanted to leisurely browse the subtitles for your favorite TV show? Does that specific show currently exist in the web player for the Norwegian Broadcasting Company? Boy do I have news for you!

It was made as a language learning aid, and it started as a very simple scraping app. The problem with that approach was that NRK kept changing their website so my app kept breaking. Recently I found out that they actually have an API for most of the stuff I needed, and now the app is stable enough to publish! I still have to scrape the website to figure out what shows are available, but after that we’re pretty stable.

I’m not a designer. Actually, I don’t have a single designer bone in my body, but I still did my best. The react app has drop shadows, and it’s somewhat responsive. All of which goes away when you want to print something. What more could you want?

If anyone wants to help me pick better colors, feel free to make a pull request to the repo! If you’re wondering how it looks on desktop, just run the docker container and find out! It’s all there in the readme.

Let’s do a song of the blog, it’s been a while.

I’m a wizard

My week

So you’ve been working hard and you’re just about to go on holiday break, but what’s this? You have to enter your hours into <insert invoicing system here> before you can go? You don’t remember what you did two days ago?

So I made this for me, but also more importantly I made this for you.

So you’re looking to move in Norway

Hey, long time no blag.

My other half and I are looking to relocate, which means spending lots of time on FINN.no trying to find the perfect house. One of our main criteria is travel distance to work, as I imagine is the case for most people. Lucky for us, we both work in the same area, which makes figuring that part out quite easy. Now, FINN has some nifty features that can help with this, but all of them will move you away from the page you’re browsing, or open in a new tab, or take you to google maps or something. Super useful if you’re only looking at one property, but that is most decidedly not how we do things around here.

Just a few tabs

Can’t go opening another tab for each of those tabs to see which is closer to work, cant follow links and get lost and possibly lose the best one out there. So what’s a poor web developer to do?

Dark Mode
It’s a chrome extension

I made a chrome extension. It’s not in the “app store”, you’ll have to go to chrome://extensions and turn on developer mode so you can load the unpacked extension yourself. Once you have it installed it’s pretty self explanatory, set your work address, then start finding trips to work by searching in the From address field.

But that’s not all! This extension was made for FINN.no. So if you’re viewing an ad for a house/appartment/box on FINN, the extension will automatically use the metadata on the page to grab the coordinates of your dream home, and look up the trip right away, no interaction required!

That’s it for me for now. I got to play with two Norwegian public APIs to make this, one to look up addresses and turn them into GPS coordinates, which was just plain old REST from https://geonorge.no. Cool stuff, but hardly revolutionary. The second one was from https://en-tur.no, which really surprised me. They have a fully fleshed out graphql API! Documentation was a bit sparse, but with your standard igraphql browser “IDE”, we got there.

I’ve started to take note of the different Norwegian services that expose public APIs, and I’m definitely pleasantly surprised by what’s out there. Just look around and ye shalt finde coole shit.


PS: I’ve been postponing blogging because I’ve been working on replacing WordPress with some homebrew solution. It’s getting there, but I have a job and a house hunt to deal with, so don’t hold your breath.

Certbot and apache

I promised a blog post detailing changes I needed to make to my apache config in order to move BRBcoffee to Https, but in hindsight there isn’t much to write about it, it’s basically just a refactor.

Certbot, the tool from EFF (written in Python, yay!) that gets ssl certs from Let’s Encrypt, doesn’t work with monolithic conf files with multiple hosts. I run all my projects on the same server, routing traffic based on the site address using apache’s VirtualHost directive. It used to look like this:

<VirtualHost *:80>
    DocumentRoot "/var/www/blog"
    ServerName blog.brbcoffee.com
    # Some more directives
<VirtualHost *:80>
    DocumentRoot "/var/www/archive"
    ServerName archive.brbcoffee.com
    # Some more directives
<VirtualHost *:80>
    ProxyPreserveHost On
    ProxyRequests Off
    ServerName cv.brbcoffee.com
    ProxyPass / http://localhost:5000/
    ProxyPassReverse / http://localhost:5000

So what you need to do is rip all of that out, you don’t want it in there. In their place you want this:

IncludeOptional conf.d/*.conf

Depending on your packager, it may be that this directive is already somewhere in your httpd.conf file. If it is, great, just leave it be. After that you want to take each VirtualHost that you ripped out of the main httpd.conf, and place them in individual files, like so:

<VirtualHost *:80>
    DocumentRoot "/var/www/blog"
    ServerName blog.brbcoffee.com
    # Some more directives


The configuration doesn’t change, it just needs to be in separate file for certbot to be able to do its thing. You see, after certbot goes out and gets your certificates it needs to add some rules to each vhost for redirecting traffic to ssl, which I guess they didn’t want to write a lot of ugly parsing code to be able to do in a program that really isn’t about that (although it should be trivial with BeautifulSoup.

Anyway, before, running certbot –apache probably didn’t work, it got the certs for you, but couldn’t edit your conf to do what we want. Now, when you run it, it’ll complete just fine. If you chose to set all traffic to go to https, it will add three redirect lines to your conf files, and it will create a new file as well, in my case, blog-le-ssl.conf. It’s identical to the old conf file, except that it is on port 443, and that it checks that mod_ssl is loaded. All of this is stuff we could have done ourselves, of course, but it’s a convenience thing.

So that’s all there is to it. Refactor your httpd.conf by separating each virtualhost into a different file, and run certbot –apache again.


Welcome to Https BRBcoffee, and thank you to Let’s Encrypt and certbot for making it a breeze, mostly.
Tomorrow there will be a blog post up about the changes I needed to make to my Apache configuration in order to get certbot to play nice.

For now, glory in that green padlock! And don’t go to the archive if you want it to stay green. WordPress doesn’t automatically update image links, so I’ll need to fix that at some point. The CV though I had no trouble with, even though it’s a Flask app that Apache just redirects traffic to. Good job, Apache, good job, python!

Typescript is genius

I’m teaching myself typescript, because why not, and right off the bat I’m blown away by the genius that is using public as a prefix to constructor arguments.
If you haven’t seen it before, it looks like this:

class Human {
    constructor(public name, public age, public job){
        // do more constructor things here

And that’s the same as doing this:

class Human {
    constructor(name, age, job){
        this.name = name;
        this.age = age;
        this.job = job;

It just takes the argument and sets a field with that same name in the object! It’s not a revolutionary feature, but it saves so much time in the long run. Anyway, back to it. Look forward to reading about my journey through NativeScript soon, possibly, maybe.

Switching from screen to tmux

Hello avid readers of yesteryear!

I’ve recently moved from working in a Linux/Windows environment to a Linux/Windows/OS X environment, and as such I’ve had to make some small changes to my workflows. I’m here to tell you what went wrong and how to fix it (hint: it’s in the title)

XKCD comic about using old software configured for you
Relevant XKCD title text: 2078: He announces that he’s finally making the jump from screen+irssi to tmux+weechat.

Now I’m the guy who just has it set up the way I want. I use screen in linux, and I use screen in the amazingly named Bash on Ubuntu on Windows. It works how I need it to work and I’m able to get things done. Now we introduce Mac OS X to the mix, and a seemingly tiny problem arises:

screenshot of vim
vim in normal terminal session

Screenshot of vim with different colors
vim inside a screen session

Try to spot the difference. I’ll wait.

The problem is a vim plugin called airline, which uses a lot of colors while enhancing vim’s normal ui. Something happens with the way screen identifies itself, that confuses airline, and makes the colors change slightly. No big deal, but it also makes the text less readable, which can be a bigger problem. Now there exists a separately compiled gnu screen for mac, specifically made to fix problems with screen colors. That screenshot was taken using that binary, and it looks identical to the native one. I spent about 2 hours trying to figure out a workaround for this problem, but in the end I decided to just finally give tmux a try, I’d been meaning to get around to that anyway.

vim in tmux session
That was easy

Okay, so tmux can handle colors better than screen, but what about all the other features from screen that we’re used to and love? Well once you’ve remapped your escape key to the one you’re used to from Gnu screen, you should be totally fine. To do this just add unbind C-b with C-a, replacing ‘a’ with whatever key you prefer. Splitting panes is done with ‘%’ and ‘”‘ in tmux, but you can simply unbind and bind to whatever you’re used to. Detaching is the same as always, attaching is done with “attach” instead of “-r”, so fairly easy to remember. Mouse mode is just as easy to enable as before, just replace mousetrack on from .screenrc with set -g mouse on in .tmux.conf.

All in all there isn’t much to write about when moving from screen to tmux. They do the same job, but tmux does it better, since it’s been built for a modern world than the literally 30 year old GNU Screen. If you’re using screen still, give tmux a try. You may spend a little time in the config file at first remapping things, but I swear it’s worth it.

Apple made a watch (and told you it was a revolution)

So Apple decided they needed to jump on the wearable tech bandwagon, and revealed the Apple Watch at their recent keynote. I guess iWatch would be a misleading name? As a tech blogger and rehabilitated fanboy, I feel obliged to write about this. They also released two new phones. They’re bigger, and can now be turned sideways for landscape mode. Such innovation. There, I’ve covered the new phones.

Completely scrambled RGB data
Apple Watch, according to their own press photo

I’m a good law abiding guy, so instead of just taking some picture from Google, I went to the source and downloaded the second official press image. When I tried to open it in an image viewer, it wouldn’t even let me. I tried opening it in a document viewer, and what you see above is the output. Thinking the download had become corrupted, I tried again, with the same result. I’m on Linux, so I figured this was some proprietary Apple format silliness, and spent a few minutes trying to figure it out. Then I ran another test, downloading a press photo for their Magic Trackpad, and I could open that just fine. Their keynote was completely botched as it was, and now this. Wow.

This is the Watch
This is the Watch

There, that’s better. That’s a jpeg file, copied from the same site as the tiff. It’s lower res, and I didn’t agree to their Image User Agreement to get it, because of course they have one. It’s not unreasonable though, just says I can’t edit it or use it to sell stuff. Shown in that image is both what I see as their biggest innovation and biggest mistake.

It’s a square watch.

Come on, Apple, you can do better. Nobody wants a square watch. It’s got your logo on it, so it’ll sell, but seriously, come on. You went and made a new homescreen implementation, that wonderful app cloud, perfect for a round display, but then you just went and made it square anyway. This is the opposite of what Motorola did with their Moto 360, which is that they made a beautiful round watch, but some of the UI is obviously tuned for a square display. With this you might as well have stuck with the app grid we’re used to.

Aside from that, there are a few things I’d like to mention. I’m not a big fan of this release, and I didn’t expect I’d be, but somewhere deep inside I keep hoping that Apple will become revolutionary once more. Instead they settle for telling us how revolutionary they are. They take great pride in their seriously brand new super innovative digital crown you guys this thing is the shit. It’s supposed to make their touchscreen almost unnecessary, only it doesn’t. You can use it to scroll, zoom, and for input, but when demonstrated the guy just kept tapping the screen, using the crown mostly to set the clock, which, in fairness, is what it’s supposed to do.

Oh my God you guys we make the best chargers ever! The Watch charger is magical, you just put the charger on the back and it snaps into place, just like magsafe! Only it uses induction charging! So innovative.

It’s a charger. It hopefully works. We’ve got induction chargers for the other smartwatches already, and they’re on the market. You know what would make this innovative? If you actually shipped when you announced it, you know, like you used to?

Holy hell, you won’t believe how clever we’ve been with the hardware! It’s a quantum leap in technology,  nobody has ever done anything like this before. We can’t even put in words how amazingly we’ve packaged our hardware. Everything is in one module. This is insane, an industry first!

It’s just that we’ve got that. We’ve had it for a long time. There’s System on Chip, or SoC, which puts a lot of sensors and radios and stuff on one piece of silicon. We’ve got System in package, or SIP, which packages chips inside modules to deliver supercompact working systems. How is this not that? How is this innovation and an industry first, guys? You can’t just say you’re the first to do something when you aren’t, there are laws against that kind of ting, I think. Don’t believe me? This is a direct quote from Apple.com:

Configuring an entire computer system on a single chip is an industry first and represents a singular feat of engineering and miniaturization.

I sincerely hope that wearables take off in a big way, and I hope that Apple will help achieve that, but this is not the revolution we’re waiting for. This is another subpar watch, touted as the most brilliant thing we’ll ever see until Apple makes The New Apple Watch. There’s more to the Watch than the things I’ve mentioned, but I only write about things that get me excited, and there’s nothing else. This Apple Watch is mostly boring.

Yes, you can quote me on that.
All of it.

Configuring a linux firewall

So you’ve got your Linux server going, it’s configured the way you want it , and everything is coming up roses. You try to ping it, but the server doesn’t seem to exist. You’ve been blocked by some of the best/most insane firewall in the galaxy: iptables. A firewall’s job is to block unwanted traffic, and iptables takes its job seriously. By default, it. drops. everything. Got a http request incoming? Psh, drop that packet. I don’t care if you’ve got apache running. FTP request? Same story. Mysql? Nope.

A cat shoving things off a desk
This is iptables

Ssh is usually fine though, so we can log in and edit the rules. Iptables rules are added to rule chains. The only chain we’re interested in is the INPUT chain for now; We want to be able to receive http requests to our server, ssh connections, and nothing else. We’ll also want to allow existing connections to persist. These are the switches we’ll be using (you can find all these in the manpages, of course, but some are in the iptables-extensions manpage).

  • -F flushes the rulechains. This means exactly what you’d think.
  • -A [chain] adds a rule to the specified chain.
  • -I [chain] [number] same as -A but inserts rule at a given point in the chain.
  • -i [interface] specifies the interface the rule will act on. If you don’t specify this, the rule will act on all interfaces, including loopback (more on this later).
  • -p [protocol] specifies whether the rule is for tcp, udp, or whathaveyou.
  • --dport [port] further narrows down the packets to look at by checking which port they’re headed for.
  • -m [match] this is an extension that looks at the type of traffic the packet belongs to. We use it with:
  • --state [state], which asks a different module called conntrack whether the connection is INVALID, NEW, ESTABLISHED, RELATED, or UNTRACKED. This is magic, I have only a vague understanding of how it works.
  • -j [policy] says whether to accept or drop the packet.

Alright, let’s get to it. You can think of iptables as a sieve, where every rule along the way checks out a packet and decides whether to keep it or discard it. If the rule doesn’t match the packet, it moves further down the sieve to be checked by other rules. Therefore, at the end of it, if the packet doesn’t match any of our rules, we will just discard it. A good policy for internet traffic is that if you don’t know what it is, don’t touch it. Every rule we add gets added last in the chain/sieve.

A script demonstrating the use of iptables

And that’s it. We’ve configured our firewall. It will reset every time you reboot your server, but that isn’t often. I just keep a script like the one above to reconfigure it. You can get NetworkManager to configure it for you on boot, but I don’t really see the point unless you reboot your server all the time, which, I mean, why would you do such a thing?