Publishing from Obsidian to WordPress

I partially published this post from Obsidian using the WordPress plugin. It was actually easier to setup than I expected with the main hurdle being Basic Authentication. There are still a lot of missing things from the integration that require a fair amount of manual work.


If you’re site is not using TLS i.e it doesn’t start with https as follows https://[] then using basic authentication is about as secure as Pampers Splashers, you might get away with using it for a while but eventually something really nasty is going to happen and you’ll wish you’d secured your application using TLS.


The steps where as follows.

1. Install the miniorange WordPress REST plugin and enable Basic Auth.
2. Install the Obsidian wordpress plugin and test the connection. 
3. Enable the wordpress icon on the left menu in Obsidian.
4. Write this post.

The only problem I had was the following error

{“status”:”error”,”error”:”MISSING_AUTHORIZATION_HEADER”,”code”:”401″,”error_description”:”Authorization header not received. Either authorization header was not sent or it was removed by your server due to security reasons.”}%

This was fixed by add the following snippet to my apache.conf

RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule ^(.) – [E=HTTP_AUTHORIZATION:%1]
SetEnvIf Authorization “(.*)” HTTP_AUTHORIZATION=$1


I think the WordPress obsidian plugin has a lot of potential but it needs a some polish. It could be good at pushing a body of text up quickly and convert it manually to a finished post but it’s still a fair amount of effort.

WordPress Authorization header not received

If you are getting this error when trying to get miniorange basic authentication to work.

Authorization header not received. Either authorization header was not sent or it was removed by your server due to security reasons.

Try using the following in your apache2.conf file. Note RewriteEngine On needs to be enabled before these settings.

RewriteCond %{HTTP:Authorization} ^(.) 
RewriteRule ^(.) - [E=HTTP_AUTHORIZATION:%1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

New Relic Guided installation

I just installed New Relic to play around with it a bit and I noticed that the default installer will try and install a bunch of crap that will, at least in my case fail. HAProxy and MySQL are two that fail miserably because in one case the HAProxy is not setup the way New Relic expects and MySQL us in a Docker container that New Relic is also not expected. In order to get around this you need to install specific parts of new relic. See docs here

.inputrc stopped working

I’m trying to bite the bullet and move from bash to zsh in order to avoid further pain in the future as Apple are phasing out Bash on the mac.

A major feature that I use a lot on bash is search completion in .inputrc. Zsh broke this for me and using command line is like pulling teeth without it ie in bash you woul dadd the following to .inputrc

“\e[A”: history-search-backward
“\e[B”: history-search-forward
“\e[C”: forward-char
“\e[D”: backward-char

In zsh this not longer works as expected. To get normal behavior back I had to add the following to .zsh

bindkey “^R” history-incremental-search-backward
bindkey “\e[A” history-beginning-search-backward
bindkey “\e[B” history-beginning-search-forward

Vespa Search Engine

I just heard that Oath have released the Vespa Search Engine open source. When I was in Yahoo! it was used for everything. I predict that a company will exist in a few months selling it as a service.

I think Vespa was one of the best written pieces of infrastructure at Yahoo! that I worked on. It was well documented for an internal app and it was blazingly fast. The guys working on it were also super smart. It will be interesting to see where it goes but I think it will be a contender in the search space

Generating a random password from command line

The following uses openssl to generate a random binary sequence “N” bytes long encoded in hex or base64. The “N” is all important. If you use base64 you get uppercase characters in the string which some sites require, you can also use hex which makes for a more readable string but it will be longer. If the people cracking your password are using an offline database (rainbow table) to crack the password longer random strings are better (this assumes they don’t know how you encoded your random bytes).

openssl -rand -base64 32

openssl -rand -hex 32

How long should “N” actually be? This table at wikipedia lists the given entropy in bits for various character sets. If using hex and you want 80 bits of entropy you need 16 bytes. Base64 is not listed but the character set has 64 symbols so the entropy is similar to the case sensitive with numbers which has 62 symbols so 80 bits would require 12 bytes. The number of bits you choose for entropy is up to you. Generally the longer the better and with tools like LastPass there are no reasons not to use 20 or more bytes per password.

Google Indexing Geo Specific Content

A question came up on cofounderslab asking about how to deal with pages that changed content based on geolocation, in particular it was about google indexing the content.

The problem is trying to serve geo specific content on the same URL’s, this is breaking URL Semantics. The “R” in URL means Resource and in the case given the city is the resource, at least when I searched it was city specific content that I got on the site, if the city changes based on users location the resource is changing and this breaks the semantics. There are two ways to deal with this, one is sub directories and the other is sub domains.


You can redirect the user to a subdirectory ie[city here]

You can hit some gotchas with cities with the same name etc but this way the google index will see each url as unique content which it is. An example of sub directories is yelp, if I visit yelp at their main domain I get redirected from



Craigslist uses subdomains, if I go to their main website I get redirected to

The thing to remember is that a web resource should remain fixed at a single URL, the method chosen has some ramifications but as you can see from Yelp and craigslist both methods work well.

I’ve used both methods and the sub domain route is a bit more work because it involves DNS and some way to manage it that isn’t manual but it’s easily doable ie attach DNS to a database etc (PowerDNS is wonderful at this).

Jenny Portrait WIP

The following is where I’m at with Jenny’s portrait. I started off with a rough drawing and painted in the grisaille ie mostly black and white until you have the main drawing and tones complete. This looks gray because the grisaille is very much still showing. This painting requires a lot more work. A good example of what needs doing is the eyebrow, it looks painted on which it literally has been but it should not look that way 🙂

The reason for the composition came from Rembrandt. He had a tendency to light his subjects very strongly from one side or from above, with this portrait I wanted something similar but I also liked the fact that it looks like Jenny is emerging from the dark. I’m not sure how it’s going to turn out yet but it’s getting there.


I can remember building sheds with my dad. One in particular was a wendy house built for Jackie Gault that sat in front of the house and was painted in some lovely but very bright colors. He also built numerous sheds, pigeon sheds etc, the materials all seemed to arrive from off casts on jobs he was doing with Jimmy Caves building contractors or wherever he was working.

I think the most important thing I learned from this is if you want to get shit done just start building it, he never had a plan that I was aware of, I’m not even sure he had a plan he just got on with building the shed. I’ve always wanted to build a shed so when the opportunity arose in the form of building a Wendy House for the girls I jumped at it.