After close to a decade, my old Keurig brewer finally bit the dust last week 🙁

Given we can’t go long without needing hot water or got beverages in the family…it became “urgent” to replace it

We had been looking for a while, knowing a replacement was going to be necessary “soon” – so we already knew we wanted a brewer that would do both k-cups and brew regular coffee into a carafe

Keurig has a few that will do this, as do some other brands – but most of the reviews for them are…less than hearty praise

The two Ninja models we were considering, though, the CFP201 and CFP301 were very well rated

And for an added bonus – they were not more expensive than comparable Keurig models

However, I still wasn’t relishing the idea of paying well over $200 for a coffee maker :/

Thankfully, we didn’t have to

Kohl’s had a sale on Ninja appliances last week, and we has stackable coupons (percent and actual dollars off) plus Kohl’s rewards available (if you used them in store)…so to our local store I went (about 20 minutes before closing)

Picked up the Ninja DualBrew Pro CFP301 for almost 40% off their normal list price, and grabbed some rooibos stick tea, too, to try out

Been using it less than a week, but so far it’s fantastic

It has more brew size selections than the Keurig models, and will brew for specialty uses (over ice, etc) “natively”

It heats up water and starts brewing faster than any standalone brewer I’ve used (ie not connected to the wall for water)

There’s also a bypass control to get just got water – without it going through the brewpod adapter

My wife enjoyed me frothing her London fog latte’s milk a couple days ago, too 🙂

What complaints do we have [so far]?

Not many…and maybe they won’t be a big deal to you, but these are the drawbacks we’ve seen this far:

• it’s really big – it’s probably got a 10% larger footprint than our old (and large) Keurig
• if you choose to move the reservoir to the back, it juts way too far from the wall – and will not sit on the pod drawer we have
• switching between operation modes is quick…but gosh! There are a lot of options!

Haven’t had a chance to try carafe brewing yet, but I can still give this brewer a very solid ??

After a friend of mine told me he wanted to deploy Jitsi on my main webserver, and me saying “sure”, I decided I wanted to get it up and running on a new server both so I knew how to do it, and to avoid the latency issues of videoconferencing from central North America to Germany and back.

Before I go into how I got it working, let me say that the official Quick Start guide is good – but it doesn’t cover anything but itself.

Here’s the basic setup:

• CentOS 7
• Docker
• Apache 2.4

What To Do:

Once you have your new CentOS instance up and running (I used Vultr), here’s everything you need to install:

yum -y install epel-release && yum -y upgrade && yum -y install httpd docker docker-compose screen bind-utils certbot git haveged net-tools mod_ssl

I also installed a few other things, but that’s because I’m multi-purposing this server for Squid, and other things, too.

Enable Apache, firewalld, & Docker:

systemctl enable httpd && systemctl enable docker && systemctl enable firewalld

Now get your swap space setup:

fallocate -l 4G /swapfile && chmod 0600 /swapfile && mkswap /swapfile && swapon /swapfile

Add the following line to the bottom of your /etc/fstab:

/swapfile swap swap default 0 0

Restart your VPS:

shutdown -r now

Get your cert from Let’s Encrypt (make sure you’ve already setup appropriate CAA & A records for your domain and any subdomains you want to use):

certbot -t -n --agree-tos --keep --expand --standalone certonly --must-staple --rsa-key-size 4096 --preferred-challenges dns-01,http-01 -m <user>@<domain.tld> -d <jitsi.yourdomain.tld>

Create a root crontab entry to run certbot frequently (I do @weekly ~/renew-le.sh)

Go to the home directory of whatever user you plan to run Jitsi as:

su - <jitsi-user>

Begin the Quick Start directions:

• git clone https://github.com/jitsi/docker-jitsi-meet && cd docker-jitsi-meet
• mv env.example .env
• Change the timezone in .env from Europe/Amsterdam if you want it to show up in a sane timezone (like Etc/UTC)
• mkdir -p ~/.jitsi-meet-cfg/{web/letsencrypt,transcripts,prosody,jicofo,jvb}
• docker-compose up -d

Now configure Apache for SSL. Start with this reference I posted.

But in the [sub]domain-specific conf file z-[sub]domain-tld.conf, add proxy and authentication lines (so that only people you allow to use your video conference can actually use it):

ProxyPreserveHost on
ProxyPass / http://localhost:8000/ nocanon
ProxyPassReverse / http://localhost:8000/
ProxyRequests       off
ServerAdmin warren@warrenmyers.com
AllowEncodedSlashes NoDecode
<Proxy http://localhost:8000/*>
    Order deny,allow
    Allow from all
    Authtype Basic
    Authname "Password Required"
    AuthUserFile /etc/httpd/.htpasswd
    Require valid-user
</Proxy>
RewriteEngine       on
RewriteRule        ^/meetwith/(.*)$ http://%{HTTP_HOST}/$1 [P]
ProxyPassReverseCookiePath /meetwith /

Reload your configs, and make sure they’re happy, fixing any errors that may exist:

apachectl graceful

Setup at least one user who’ll be able to access the site:

htpasswd -B -c /etc/httpd/.htpasswd <user>

You should also configure firewalld to allow only what you want (http, https, ssh):

firewall-cmd --zone=public --add-service=http && firewall-cmd --zone=public --add-service=https && firewall-cmd --zone=public --add-service=ssh

With any luck, when you now navigate to https://[sub.]domain.tld in your web browser, and enter your username and password you created with htpasswd, you’ll get the Jitsi welcome page!

Other Resources:

• Check out the Jitsi subreddit – r/jitsi
• Jitsi on Twitter: @jitsinews

It would seem I have configured OpenVPN, Squid proxy, and, to a lesser extent, Pi-hole well – none of the major sites that report IP, DNS, and other connection-related security issues find anything out of the ordinary when I’m either running “just” proxied, or VPN, or VPN+proxy.

You should check yourself hereon:

1. https://ipleak.net
2. http://ip-check.info/?lang=en (ironic this site isn’t serving itself over https)
3. https://doileak.com
4. https://whatismyip.com
5. https://browserleaks.com/ip

And, of course, if you just want to see what your pubic IP address is, go hit my service – IPv4.cf

Manning Publishers has a liveBook offering.

And it allows for the type of mini transactions (through their self-hosted “token” system) that I proposed when writing about how I’d dumped Pi-hole last year.

Quoting from their recent announcement email

Book publishers follow a simple rule: put your content behind a solid paywall. At Manning, we believe you should be able to see before you buy. liveBook search and Manning Tokens make the paywall porous. Our new new timed unlock feature moves the whole wall further back!

That’s pretty dang cool, Manning.

I’ve published another super-simple tool.

A la whatismyip.com, but with no extra cruft (and no queer formatting of the IP address under the hood), welcome IPv4.cf to the world with me!

Today, I am formally announcing a brand-new service / website for secure password generation.

Go visit password.cf

Get yourself random passwords of commonly-required lengths and complexities^*.

Password Varieties:

• 4 of 4
• upper & lower alphanumeric
• lower alphanumeric

Lengths generated: 12, 16, & 24 characters

Visit the GitHub project page ..

.. if you want to run the site on your own server.

You can view the source “live” ..

.. if you’d like to see how it works without visiting GitHub – and verify nothing is saved anywhere by the code: it’s just a script with no filesystem / database access.

It’s fast ..

.. load times tend to be under 0.15 seconds!

It will always be linked from my Projects page, and from the ‘External’ links menu on this blog.

^{*_{Also findable at password.ga – same server, same code}}

Who wants to go into business with me?

I’ve got a super-cool storage company idea.

Load up a metric buttload of cubesats with radiation-hardened SSD storage, solar power, and [relatively] simple communicaton stacks (secured by SSH or SSL, of course), and launch them into orbit.

You think cloud storage is cool? What about above-the-cloud storage?

Pros:

• avoid national jurisdictional rules, since the data will never be housed “in” a specific country
• very hard to attack physically
• great reason to use IPv6 addressing

Cons:

• expensive to get the initial devices into orbit
• software maintenance on the system could be annoying
• need to continually plop more cubesats into orbit to handle both expanded data needs and loss of existing devices due to orbital degradation

Who’s with me?