No Comments!

Yes, I’ve gone and done it. I’ve disabled comments on my site. Oh, how I wish I could say it was because I was so popular and was being harassed by trolls, but the simple fact is … comments suck. Really, I just felt inspired by the recent uptick in browser plugins and CSS files that hide and otherwise disable comments on sites. 🙂

This site is my vehicle for communication thoughts, ideas, etc. I fully welcome open discourse but realized there are better mechanisms for that; namely Twitter and other similar services. If you want to converse, please start a conversation. 

Coffee Cap

More 3D printing tonight!

This time, a screw top for our ground coffee. This clever top pieces together on top of an existing bag of beans (ground or whole) to make sealing and pouring much easier.

Cora – Coffee Bag Lid

I tried printing this one with a 0.15mm layer height. I have to sand down a few pieces since they’re pretty tight, but when trying to seal coffee that’s a good thing! If you check out the Thingiverse project you’ll notice there is also another cap that can be used for pouring; I may have to add that next.

Apple Lightning Cable Protector

While I’m much happier with the durability (and ease of pluggable use) of Apple’s Lightning cable, I’ve noticed that all my cords have started to disintegrate. Electrical tape seems to extend the life, but doesn’t feel very solid and looks gross especially after gunk starts accumulating on the cord end.

A battle-worn lightning cable

Apparently I’m not the only one since I found this model on Thingiverse to print your own protector.

Lightning cable protector model previewed in Cura

It’s a relatively quick print at 28 minutes. My main advice is to be sure to add a brim around the edge on this model since it is so skinny at the base. My first print attempt broke free from the glass plate as the leverage applied to it grew the taller the object became.

World Maker Faire NYC

This past weekend was the annual World Maker Faire in NYC. Having never been, my hopes and expectations where very high – and were subsequently smashed by how great it was!  The faire itself felt natively appealing to adults and kids alike, not catering to only one crowd. I walked away feeling inspired in a very achievable way.

Throughout the faire we saw a wide variety of crafts and projects; some to view, some to buy, and others to participate in. Just a few of the projects we saw:

Supporting Net Neutrality with CloudFlare

This post (and therefore, site) is now being hosted by a server sitting in my basement! To many of my international colleagues, this didn’t sound like anything special until I explained to them that most United States IPSs block outgoing traffic on port 80. They were very surprised by this (and I was very aggravated). After all, would we accept the phone company restricting who we could accept phone calls from (same concept)?

I should be able to host a small site on the internet leveraging the connection and hardware I have already purchased. Granted, it’s a residential connection and non-server hardware so there are inherint risks and limitations. I don’t expect magic, after all. Fortunately I have figured a way around the port blocking and and quite happy with all of the implications of the workaround.

The key to all of this is CloudFlare. Basically it is a CDN that offers free introductory plans and a few features that make this all possible. Here’s how you set it all up (after you register for your account, of course):

  1. Add your site, configure your DNS
  2. Configure your server to host SSL-based pages (port 443)
  3. Configure CloudFlare crypto settings
  4. Create page rules

Add your site, configure your DNS

The first step is of course to add your site to CloudFlare. The setup is fairly straight forward and is well-guided by CloudFlare so I won’t be duplicating that information here. I will add that waiting on DNS refreshes can be frustrating, so after I got it set up I switched my local DNS resolution over to Google’s (8.8.8.8) so I could test more quickly.

Configure your server to host SSL-based pages (port 443)

My ISP blocks port 80, but not 443. It would probably not hurt anything to leave port 80 running and open but I figured why chance it, so I shut all port 80 configurations down. My home server and all my sites are only configured for port 443 traffic now. The important part is that you must have port 443 (HTTPS) configured and running on your server.

This brings up the first implication and rather cool solution: self-signed certificates. Configuring HTTPS requires that you have a SSL cert which usually costs money. You can create a self-signed cert but then traffic would be prompted about how your certificate didn’t come from a Certificate Authority.

With CloudFlare, they actually handle the certificate between themselves and the browser, and will accept your self-signed certificate between your server and their servers. This is great news as it means you can have HTTPS traffic without having to buy a certificate and without having users prompted on every visit that your cert … blah blah blah.

So, set up your web server to serve up pages via HTTPS on port 443 and configure the related self-signed SSL cert for it.

Configure CloudFlare Crypto Settings

Now comes the really good stuff. There are two aspects here; SSL (with SPDY) and HTTP Strict Transport Security (HSTS).

After you select your site in CloudFlare, go to the crypto section.

CloudFlare Crypto Section

SSL (with SPDY)

This config is easy. Just make sure it’s set to “Full”.CloudFlare SSL Settings

HTTP Strict Transport Security (HSTS)

Right below the previous config is the HSTS section. HSTS is a little more involved but not bad. Basically we want to force this domain to always serve HTTPS traffic and never allow for HTTP, even if a user tries to downgrade.

Click  ‘Change HSTS settings’ to enter into the configuration screen. You’ll first be prompted with some warning text to read and then check an ‘I understand’ box and click ‘Next Step’. Now you’re into the good stuff:

CloudFlare HSTS Settings

Here are the important settings:

  1. Turn the enable switch on
  2. Set the Max Age Header (I accepted the default of 6 months)
  3. Apply HSTS policy to subdomains. I did this as a precaution in case I ever wanted to add self-hosted subdomains in the future

Create page rules

The last step is to set up page rules. This ensures that we redirect any attempted undesirable traffic to use our desired configurations.

Select the ‘Page Rules’ section from the top of the screen:

CloudFlare Page Rules

You’ll want to add 2 page rules:

  • http://*.YOURDOMAIN.COM/*
  • http://YOURDOMAIN.COM/*

These two rules capture any subdirectory of natenine.com (or your domain in your case), as well as any subdomains with any subdirectory of nateofnine.com.

When entering these rule patterns, the only setting you need to select is ‘Always use https’. This will disable all other settings.

CloudFlare Always use HTTPS

That’s it!

Now, you are happily hosting from your port-80-blocked home ISP! You have complete control over your server, can use it for other household automation or serving tasks, etc. Mine is also hooked up to a Drobo for redundant backups and I’m also researching for an offsite backup solution. Just because I host in my basement doesn’t mean I’m throwing caution to the wind.

You may also want to investigate using one of the many DNS updaters to keep CloudFlare up to date with your current home IP address. Apparently DDclient works well though I opted for RealDNS.

The really nice part is, you’re protected by CloudFlare from traffic increases by both popularity and attacks, as well as forcing all traffic to always be secure over HTTPS. Keep in mind this is all through CloudFlare’s free-tier service. You may want to consider upgrading to a higher level of service especially if your site becomes more popular.