Weeknotes 239

25th January, 2026

“Inevitable to some degree”

Remember I was going to try a try a lo-fi approach to using a proper domain on my home network? Well I have now got that working, and with a little sprinkle of DNS-01 ACME challenge I’ve also got legit Let’s Encrypt certificates for all my services, which will just work everywhere (but, at the moment, you know, just on this computer).

I chose the simplest option for moving forward with this which was to get myself a brand spanking new domain name. After many fraught hours trying to find something not shit I bit the bullet and registered a new domain with our friends Porkbun.

I wasn’t intending to set everything up straight away but I suddenly realised out of nowhere that Porkbun actually provided a lot of the things I wanted in order reduce the impact of any potential API secret leaks, my main concern with the whole endeavor.

Now, the risk of token leak is small, but if it did happen, the consequences are potentially massive. If some nefarious actor got access to my DNS records very bad things could happen. […] they could do something like change my MX records and take over my email. Once someone has your email it’s game over, man. Keys to the kingdom.

Isolating any impact was my goal. We practice good security over here in these here parts. As long as it fits into budget and is convenient.

I was looking for:
- DNS-01 ACME challenge support – So that we can use Let’s Encrypt for TLS certificates.
- Scoped access tokens – Tokens that only allow access to certain domains and/or certain types of records (TXT only).
- To not to pay any money, if possible.
Firstly, Porkbun does have a compatible API we can use for DNS-01 challenges (and support for Caddy available) ✅

Secondly, Porkbun doesn’t actually provide scoped access tokens. But, but, but, they do require you to turn on the API for each domain which you intend to use the API with ✅

If we turn on API access for just that single “homelab” domain we get the required isolation, and even if the Porkbun authorisation code were to fail somehow, I’m only hosting the single DNS zone with them – my other domains have their nameservers pointed at DNSimple, whom I use to handle other DNS needs.

You’ve gotta think about your failure modes.

Thirdly, this is all included by default with Porkbun as your domain registrar, so no extra money changes hands ✅
Stack Exchange data dump releases – You know you can download all of Stack Exchange? If you were considering it you might want to do it now.
Rewriting git-pkgs in Go

The Ruby version worked fine, but installing a Ruby gem as a git subcommand has friction: you need Ruby installed, the right version, maybe a version manager, and gem install puts binaries somewhere that might not be in your PATH. Go compiles to a single binary with no runtime dependencies. It’s pure Go, so there are no C extensions or platform-specific compilation issues to deal with. You download it and it works.

This is why, as a Ruby developer, I would be reluctant to write cli programs that need to distributed in Ruby. Too much friction. I’m also reluctant to install those that others have written.

And when I CTRL-c a Ruby cli program and see a Ruby stacktrace, no thanks.
Relinq – “A tiny Mac app that converts song links between Spotify, Apple Music, YouTube Music, and more.”
I was speaking to a friend who recently got a 3D printer and he was saying that he didn’t want to just print things for the sake of it due to the “landfill” involved. I’ve had others say similar things to me, and I completely agree with that sentiment.

The problem is that the hobby in general necessitates some waste. When you create a model, and print it, you are never going to end up with a perfect result the first time. It will need tweaking, revising, and printing again, probably multiple times. I do my best to plan ahead to minimise waste (and money!) and I’m often reluctant to print due to concerns over producing waste, but it is inevitable to some degree.
“Apprise - Push Notifications that work with just about every platform!”

This is a very cool idea to stop reimplementing notifications for every app.
I discovered from “Caddy Could Be Leaking Your Secret Domains” that TLS certificates issued by certain Certificate Authorities (including Let’s Encrypt) are a matter of public record due to Certificate Transparency. This means that if you’re using Let’s Encrypt for your homelab, you could be leaking your subdomain names into the public. This isn’t a massive deal, but it’s worth knowing it’s happening.

The solution is to use a wildcard certificate.
Plezy – “A beautiful Plex client” – Giving this a go.
PSA: Spotify has a Basic plan without all the audiobooks that you probably didn’t want anyway. I was able to downgrade my plan, keep everything music related, and save a couple of quid.
The upgrade to iOS 26 doesn’t seem to have been good for my battery. I’m having to charge half way through the day at the moment. I hope it gets better.
I plucked up the courage to take my A1 apart and replace the AC Board. The instructions provided by Bambu on their wiki were good. The most difficult part was disconnecting the existing wires to the board, but I eventually got them. Seems fine so far. I guess it works or doesn’t work.
BASIC APPLE GUY: CREATOR STUDIO ICON HISTORY

Is there anyone who doesn’t find this sad?

This is pretty sad.
Cooklang

Cooklang is a simple, human-readable text format for writing recipes that can be understood by both cooks and computers.
I finally managed to sack off my Twitter account. What a faff it was. They really don’t want you to do it.

I created a new account, then changed my username on the original account, deactivated that account, then changed the username on the new account. A process which spanned several days during which I could’ve lost control of the account.

I didn’t want to just deactivate the original account because I wasn’t 100% sure I hadn’t used this identity to sign up to some service from when Twitter was a trusted identity provider, and didn’t want someone squatting it.

The only fallout I’ve seen so far is some complaining from Keybase, which I don’t use anyway.
CODEBOOK - An unholy spell checker for code
Email from Family in Minnesota – You know, I’d say his second term is much worse than the first.
York Ruby had a nice little resurgence this week, first after the Christmas lull, with a brand new person attending their first, and another returning for their second, meetup. Lots of good chats about how using <font> tags was cool back in the day.
“NVIDIA Contacted Anna’s Archive to Secure Access to Millions of Pirated Books”

Well, well, well, well.
Small quality of life improvement this week: when I buy a coffee at my local coffee shop they insist on sending me an email receipt (I use their loyalty app). Because I am attention deficient this is annoying, unnecessary, and distracting for me.

I setup an email rule that filters those messages and just marks them as “read”. It’s a small thing, but removes friction. I’ve started adding similar rules for other regular emails I receive too such as “invoice” emails which I need to deal with later.

Let the computer work for you.
TIL about “The Pile”

The Pile is an 886 GB diverse, open-source dataset of English text created as a training dataset for large language models (LLMs).
CageMaker PRCG - Parametric Rack Cage Generator

This is very cool. Need to mount something in your rack? How about printing a whole new rack?