Web – Something Odd!

Get the scope right in Authentik

I set up Authentik in front of some of my self-hosted services recently. Authentik allows you to use 2-factor auth when logging into other services that support OpenID. The first one I tried was Immich, and the docs are pretty good.

The one thing they forgot to mention was that you had to set the scope in Authentik too. In the provider configuration, make sure that all of openid, email, profile are allowed.

Also, if you use Cloudflare to proxy your services, make sure Authentik isn’t proxied, or it will try to rewrite some of the HTTP headers used. Make sure your reverse proxy generates its own SSL cert too. You might be using a Cloudflare cert if everything is going through there.

Who said self-hosting was fun, eh?

I’m an AI source

Screenshot of a Perplexity AI search results page displaying the query "How do I set up the Godox TT685 as a remote flash with the X1T-S." The page shows a step-by-step guide for setting up the Godox TT685 (Sony version) as a remote flash using the Godox X1T-S transmitter. The instructions include powering on the TT685, entering wireless (radio) slave mode by pressing the wireless selection button until the radio slave icon appears, and preparing the flash to receive signals from the X1T-S. The top of the page features related video and website links.

A few weeks ago, I was attending a birthday party and wanted to take some photos. I have a Godox flash, and a remote, but I couldn’t get them to talk to each other and remembered it was a bit finicky.

Being in a hurry, I asked Perplexity how to set up the Godox TT685 as a remote flash with the X1T-S and I spotted this blog among the sources. This post about the Godox TT685 was there, and the AI summarised it pretty well, and I got the settings fixed.

One thing I hadn’t forgotten was keeping the TEST button on the X1T-S down while turning it on so it would work in “close range” mode. That was painful enough figuring that out.

Is the web dead yet? We’ve had walled gardens for decades, and they’re growing taller, and now AI agents are slurping down all our content. Apparently, adding the word “fucking” to a Google search query stops them showing a summary. What if I add “fucking” to every post when I detect an AI bot visiting? “I’m a fucking AI source” now am I?

Yes, yes, I used an AI to ask a question and found my blog there. I’m still complaining about it. Humans are weird.

Press F to pay respect

I only recently found out why people sometimes comment “F” on Reddit threads. It comes from Call of Duty: Advanced Warfare (2014).

At one point, you walk up to a casket at a funeral and have to press F to pay respects to the fallen soldier.

As others on that Reddit thread said, I thought it had something to do with following a thread to get notifications. Just to prove how out of touch I am, it even has a Wikipedia page where the viral meme is described as iconic, but the authors of that page describe it well:

“Press F to pay respects” is an Internet meme that originated from Call of Duty: Advanced Warfare, a 2014 first-person shooter in Activision’s Call of Duty franchise. It originated as a set of instructions conveyed during an in-game quick time event at a funeral service. Widely mocked by critics and players due to its forced element of interactivity that was not perceived to be tastefully executed, the phrase would later become a notable Internet meme in its own right. It is sometimes used by Internet commenters to convey solidarity and sympathy, either sarcastic or sincere, in response to unfortunate events.

I never thought I’d be tagging a post with “Call of Duty” again, but here we are in 2025!

Now on http/2

This guide made it pretty easy to update Apache2 so it uses http/2 rather than http/1.1. If you notice anything gone astray, please let me know!

There was no change in PageSpeed scores, but then it was pretty good already, thanks to Jetpack Boost!

A screenshot from Jetpack Boost showing the PageSpeed scores for this website.
Mobile was 98, desktop was 100.

This Cloudflare article is a good, high-level description of what it’s all about.

The Netnewswire Reader View rocks

Netnewswire is an RSS reader for macOS and iOS devices. You know podcasts? Like that, but for reading.

RSS readers have been around for a long time, long before social media sites like Twitter and Facebook. They allow you to follow updates on your favourites sites, which could also include the personal sites of people you know. Twitter used to have RSS feeds, Facebook never did (AFAIR), but Mastodon sites (and other Fediverse services) do.

This blog has an RSS feed. You can follow my interesting posts there. Chances are, if you’re reading this, you already know all this.

Anyway, Netnewswire has a “Reader View” that will load entire posts in the reader, which is very useful if a site only shares extracts of their articles. Sometimes it doesn’t load the entire article, so you’ll need to visit the site anyway. It’s a convenient way to read without leaving the app when it works.

Oher RSS readers include the WordPress.com Reader, Feedly and many more. Wired has an overview of some, as does Zapier.

RSS won’t replace social media, it’s just another way to read the news.

Record your life one second at a time

1 second everyday records one second of footage every day and then builds up a compilation video when you’ve got enough video. Google Plus did something similar with their auto awesome video of the year too but I guess this will let me squeeze in a whole lot more!

I started a few days ago with the Android app and got a few clips of dinners, family and pets so far. Give it a go!

Who gets your data after death?

I have to admit that filling in the inactive account settings for my Google account gave me the shivers. There’s not much that would stop me logging into my Google account for more than 3 months. It would have to be one of the following:

Trekking through a rainforest pursued by secret agents monitoring all radio communications.
Lost on a desert island with only 80’s computer equipment to keep me amused.
In a coma after a botched attack by terrorists who are hell bent on killing open source developers.
Dead.

None of the above are very appealing options but at least one is as inevitable as, err, taxes, so it must be faced.

I added a trusted contact and was then presented with a popup asking for a subject and email body. Writing that was unsettling but I hope more services do something similar. I’ve heard too many horror stories about Facebook accounts that have been frozen on the death of an account holder.

You can choose what data is or isn’t shared with a contact. Included is Latitude, which has tracked my whereabouts for the last 2 years and will continue to do so. It makes me wonder how my descendants will cope with the deluge of information. It may very well end up as an anonymous zip file on someone’s computer I guess.

The list won’t be frozen in time either. Do I add my siblings? What about my son when he’s older? What age? I should set a calendar reminder for his 18th birthday. I’ll have to warn those trusted contacts because Google sends an email and a text message when the account goes inactive. Like a letter from the grave.

Who's abusing your website?

I wanted to know what IP addresses were hitting my website. I’d done this before and it only took a moment or two to recreate the following commands. Still, here it is for future reference.

This code:

Excludes “wp-content” and “wp-includes” requests.
Uses “cut” to cut out the IP address.
Sorts the list of IP addresses.
Uses “uniq” to count the occurrence of each IP.
And finally reverse sorts the list again, by number of occurrences, with the largest number at the top.

You’ll probably find Google and Yahoo! bots near the top of the list, but I also found the “Jyxobot/1” bot was quite busy today.

Gooochi talks to /bc/123kah.php

This is weird, a huge number of POST requests started to hit the Shite Drivers website a few days ago. The requests came from lots of IP addresses and all requests went to the non existent /bc/123kah.php

The payload was an array that looked like this:

Array
(
    [showed] =>
    [clicked] =>
    [version] => 2.6.2.4
    [id] => c3b342beb6ad7adf39499e7a38f93c09f681611d
    [tm] => 1266855758
    [aff_id] => gooochi
    [net_id] => gooochi
    [safe] => 1
    [exceed] => 2505,2507,2582,2597,2602
)

So I presume it’s the Gooochi malware referenced in this search for that word. Strange that the infected PCs hit my server though.

The traffic was never overwhelming but I decided to put a stop to it with a simple deny from all in a .htaccess file. Much better than having WordPress serve up a 404 page.

I mentioned the 123kah.php file on Twitter and I’m not the only one to see these odd requests. I guess even malware has bugs! (which is all the more reason to keep your anti-virus software up to date if you use Windows)

Skimming the web

The way I see it, there are three stages to web browsing:

The web is new. You visit the blogs of friends and colleagues every day. You use Gmail or Yahoo mail and check in on your favourite sites a few times a day.
It quickly becomes tiring visiting websites every day that may not have any new content. You discover feed readers and play around with a few of them. You find that Google Reader is a pretty good one and you start subscribing to every single interesting blog or feed you find.
Not long after you suffer feed fatigue. There are just too many blogs. Too much noise, too much chaff. You discover Stumbleupon, Friend Feed and Twitter (I’m ‘donncha’ on each of those if you’d like to subscribe/follow!). Now the feeds or sites you read are recommended by your trusted circle of friends. You’ll still dig into your feed reader but it seems to happen less and less and that unread items count keeps going up and up.

Now if only I had time to check out Friend Feed properly. I find I’m skimming through the web these days. If I can’t scan a blog post and understand the main points of the page within a few seconds I’m gone. It’s a sad state of affairs.

If you’re time poor, how have your web surfing habits changed? (paradoxically, if you have time to comment here, you’re not that time poor. What a bind!)