Pre-announcing my musings on GDPR

I’ve only very recently really had to face some of the GDPR “niceties” as member of the board of a Portuguese association (ANSOL).

From the brief discussion we had, even though I’m a staunch supporter of privacy rights, I had this gut feeling quite reinforced:

GDPR looks like another stone in the Roman road (of Good Intentions) to Tartarus.

You can quote me on that if you want. I already am quite convinced that other stone (The Right to be Forgotten) was a huge mistake prone to abuse by miscreants unwilling to have egg on their online faces…

Now I have to read it, I bet I will find lots of issues…

#Keto Recipe: the best roquefort cheese hot scrambled eggs

Today I’m going to share with you a powerful fat bomb meal very friendly to people living a healthy keto diet, a scrambled eggs recipe I’ve been having sometimes that just takes me to heaven.

I known you have to like some of these ingredients, specially roquefort cheese which is not legally available in the USA because of unhinged law makers although you may be able to find it at some place under the counter (if you wink-wink, nudge-nudge the right way of course). Sorry guys, try other replacements, it may still be good for you!

Here it goes, first the ingredients (remember to get the most from so called organic, grass fed, free range,or whatever… sources that are less likely to have the sweet poison of sugar or other potentially dangerous chemical additives):

  • 3 eggs per person (or for two if you eat less, or for many if you share as an appetizer)
  • emmental cheese
  • roquefort cheese
  • hot sauce (make your own, preferably), I like it quite hot
  • a pinch of salt
  • coconut oil (cold extraction)
  • salted butter
  • and optionally, bacon (in this case I had to finish three slices of bacon before they went bad, but the meal is quite awesome without it too)

Start by preparing a good amount of diced emmental cheese:

The, cut a good slice of roquefort cheese…

… and dice it into small pieces:

Then, open your eggs into a cup (one by one in a helper glass, check their smell) and add both a pinch of salt as well as as much hot sauce as you want (I used two tea spoons of my own):

Give them a good vigorous wisk until it’s all very well mixed together:

Finally put a decent amount of butter like between 20 g and 30 g (a good butter to buy in Portugal is Milhafre dos Açores) and a tablespoon of coconut oil in a frying pan:

Now that you have everything ready…

… it’s time to put the frying pan on strong fire and let it melt, mix, and get a quite hot:

At this point, I added my slices of bacon, let them fry a bit and then set them on a plate aside:

Then I poured in the eggs and let it solidify just a bit:

It’s now time to lower the fire, break these eggs and spread the emmental cheese:

Now spread the roquefort cheese over (if you had mixed the roquefor cheese along with the eggs, you’d get green eggs, maybe not very appetizing):

Let the cheeses melt a bit (you can probably cover the pan in order to let them melt better than in these photos) and serve to a dish preferably with the eggs still bit runny, either on top of (easier) or under (looks nicer) the bacon slices we saved up earlier:

It’s now ready for eating straight away and while it’s still hot.

Enjoy the yumminess!

Using Let’s Encrypt with getssl and minimal root usage #letsencrypt

Let's Encrypt is an amazing initiative to have X.509 certificates for your website, or even your email servers, but most instructions just tell you to run (some more some less) complicated programs as root in order to run the periodic certificate renewal workflows, and that is sub-optimal as it substantially increases the number of attack vectors your already exposed system is susceptible to.

This article is just a way to enjoy the benefits of Let’s Encrypt while minimizing the need for root privileges in your system,and thus keeping it reasonably secure, and this example is doing it with getssl (don’t be scared it hasn’t changed much for some time, they’re working on the new APIv2 support).

It’s taking in account a typical CentOS/Red Hat 7 server, your mileage might vary with other systems but it should mostly be the same.

You can start setting up your environment by adding a non privileged user, let’s say… acme… who will run the renewal workflow:

# useradd acme

Then you can proceed to installing getssl and setting up directories for your files:

# curl > /usr/local/bin/getssl
# chmod 0755 /usr/local/bin/getssl
# mkdir -p /etc/letsencrypt/acme/ssl.{crt,key,pem}
# chown -R acme:acme /etc/letsencrypt/acme
# chmod -R 0755 /etc/letsencrypt
# chmod 0750 /etc/letsencrypt/acme/ssl.{key,pem}
# mkdir -p /var/www/html/letsencrypt/.well-known/acme-challenge
# chown letsencrypt:letsencrypt /var/www/html/letsencrypt/.well-known/acme-challenge
# echo 'letsencrypt yourhostname=NOPASSWD: /usr/bin/systemctl restart httpd' >> /etc/sudoers.d/letsencrypt

That last line adding a sudo rule is part of the magic and the single root command that is executed.  You can also make it restart Postfix, Dovecot, or any other service you use a certificate and that needs restarting in order to take the new certificate.

In order to let you read it all from this article, I’ll borrow the example’s from getssl’s github page and then add in my own suggestions.

Now you want to prepare the environment (as the user acme) for your domain:

getssl -c

This will create a ~/.getssl/ directory, the main files you want are called getssl.cfg, there’s a global file on ~/.getssl/getssl.cfg and then more specific files per domain, ~/.getssl/

In the main file, ~/.getssl/getssl.cfg, you’ll need to set up the values accordingly to your needs (I won’t dive into how to get an account), but  for this setup you’ll want to change the following:

RELOAD_CMD="/usr/bin/sudo systemctl restart httpd"

And that RELOAD_CMD right there is part of the magic…

Now edit  ~/.getssl/ and change the following:


Now all you need is to set up a cron job:

45 6 * * * /home/letsencrypt/getssl -u -a -q

And finally you configure Apache httpd to use the files paths for the CERTificate and its KEY:

SSLCertificateFile /etc/letsencrypt/acme/ssl.crt/
SSLCertificateKeyFile /etc/letsencrypt/acme/ssl.key/
SSLCertificateChainFile /etc/letsencrypt/acme/ssl.crt/lets-encrypt-x3-cross-signed.pem
Alias /.well-known/acme-challenge /var/www/html/letsencrypt/.well-known/acme-challenge

And you’re done: the cron job will run every day, and when you reach the 30 days to renew threshold your certificate will be renewed with minimal root usage.


Não, #Lidl e #SilverCrest, depois de vender vocês não mandam…

Caros Lidl e SilverCrest,

Gostei muito dos auscultadores que comprei esta semana na vossa loja mas fiquei a-bis-ma-do com a vossa falta de vergonha e muita lata:

Condições de utilização

«Os auscultadores só podem ser utilizados para uso privado, e não com fins industriais ou comerciais

O quê? Mas a que propósito se acham sequer com coragem de declarar isto? É vergonhoso que achem isto correto!

Depois desta falta de vergonha, ainda têm a distinta lata de terminar com a seguinte frase ao virar a página, na mesma secção:

«Deve respeitar as leis e os regulamentos nacionais do país de utilização.»

Olha, ninguém quererá mesmo saber disto, eu por mim estou só a dar um desabafo e vocês, Lidl e SilverCrest, seguramente nem querem saber.

A verdade é que eu estou satisfeito com o produto e vocês ficaram satisfeitos com o dinheiro.

Só não dou o devido uso a este papel porque prefiro algo muito mais fofinho, está bem? 🙂

I retired some pants, thanks to #keto

After having passed yesterday feeling always very worried my pants would fall off, I did a most needed check on pant sizes.

7 were retired for being too big to use, even with a belt
4 I can still use, with a belt
2 perfect fits (and boy did I miss these two 501’s)
3 that are still a bit too tight to feel comfortable

This means I should consider buying a few transitional cheap pants in a couple of months,  on the sales period.

All this I achieved by keeping myself quite faithful to a ketogenic diet.

No more staples!

I was told in follow-up that I’d be having some of the staples removed today, but things looked so good that all of them were removed!

Staples, after removal

In a few days, the remaining stitches will also be removed.

Got rid of a plugin!

In WordPress , it’s not so much the CMS or PHP that’s usually the problem but most frequently plugins.

So whenever one can get rid of a plugin, it’s always a cause for celebration.

Yay, for I now use WordPress’s native galleries!