OS X does not, as of May 2015, support the RAW (*.RAF) files produced by the Fujifilm XQ1. The easiest way to edit them is to download the Adobe Camera RAW and DNG Converter. This can be used to convert RAF files into DNG files. Importantly, "Compatibility" must be set to "Camera Raw 6.6 and later". The default setting of "Camera Raw 7.1 and later" creates files that OS X cannot handle.
Andrew Ho-Lee andrewlkho
andrewlkho
/ gist:6f3ed6d32e8f1071e62f
Created
May 20, 2015 19:51
How to edit RAW files produced by Fujifilm XQ1 in Photos (OS X)
Adapted from Nigella.
- 1.5 kg pork belly
- 4-6 tbsp tahini
- 4-6 tbsp soy sauce
- Juice of 1 lemon
- Juice of 1 lime
- Salt
andrewlkho
/ README.md
Last active
July 22, 2024 16:24
Implementing HTTPS on NFSN (nearlyfreespeech.net) hosting using Let's Encrypt
These instructions are for implementing HTTPS on a NFSN-hosted static site using a certificate from Let's Encrypt. The certificate is generated manually on a separate computer.
Start off by installing the letsencrypt client. This requires sudo privileges and will install a bunch of packages:
% curl -O https://dl.eff.org/certbot-auto
% chmod +x ./certbot-auto
% ./certbot-auto
Generate the certificate. This will require you to publish some challenge responses on NFSN. I find it easiest to use tmux with letsencrypt running in one window and an SSH session to NFSN in another:
andrewlkho
/ README.md
Created
April 6, 2016 21:36
How to run sshd as a Tor hidden service on a Raspberry Pi
I keep a Raspberry Pi at a relative's house which backs up my cloud storage to a Time Machine on their network. Previously I had port 22 NAT'd to the Raspberry Pi so that I could ssh in for occasional admin. However, I found that even with iptables/fail2ban installed, there were daily attempts at getting hacked. As I only infrequently need to access the server, I decided to set up sshd as a Tor hidden service which did not require port 22 to be exposed to the wider internet.
Setup sshd as a hidden service
The first step is to install tor:
# apt-get install tor
Add the following lines to /etc/tor/torrc:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| \documentclass[a4paper,10pt]{article} | |
| \usepackage[utf8]{inputenc} | |
| \usepackage[T1]{fontenc} | |
| \usepackage[scaled]{helvet} | |
| \renewcommand{\familydefault}{\sfdefault} | |
| \usepackage[margin=1in]{geometry} | |
| \setlength{\parindent}{0pt} | |
| \setlength{\parskip}{\baselineskip} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *filter | |
| :INPUT DROP [0:0] | |
| :FORWARD DROP [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| # Boilerplate acceptance policy | |
| -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT | |
| -A INPUT -i lo -j ACCEPT |
andrewlkho
/ debian-strongswan.md
Last active
April 16, 2025 15:03
Setting up a secure VPN with strongSwan on debian
With heightening concern regarding the state of internet privacy (fuelled in part by the passing of the Investigatory Powers Act in the UK), I have set up a VPN server on the virtual server I have hosted with Mythic Beasts. This uses strongSwan and certificate-based IKEv2 authentication.
Assumptions:
- Debian Jessie server already set up and accessible via
debian.example.com, a public IPv4 of203.0.113.1and a public IPv6 of2001:db8::1 - Client username of
me - Clients are running the latest versions of macOS and iOS (Sierra and 10 respectively at the time of writing)
- No need to support any other operating systems (although the setup is easily translated)
For automated deployment of a similar setup, albeit Ubuntu-based and using ansible for deployment, I recommend you take a look at Algo VPN. I used that project as a basis for my configuration.
andrewlkho
/ gist:3d05108ddb363243198d93526980522e
Created
March 23, 2017 18:48
Expanding storage on a Raspberry Pi using Amazon S3
I've been playing around with a Raspberry Pi hosted with Mythic Beasts and wanted a way to keep a large number of infrequently-accessed files on the server. A cost-effective place to store such data is on Amazon S3. After looking around at ways to mount an S3 bucket on the Raspberry Pi and have it appear as a regular filesystem, I came across s3backer. This provides a single file, divided into blocks, each of which is stored as an S3 object. A filesystem is mounted onto this file using a loopback mount. This setup has many benefits which are explained well in the README. Here's how to set it up on the Raspberry Pi.
I'm going to assume that you have an S3 bucket mybucket created and a user with credentials to access it. Although not explicitly specified, some of the commands below need to be run as root.
First, install prerequisites (the first line is
andrewlkho
/ zotfile.wildcards.user
Created
November 14, 2017 22:51
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Format: {%a }{%y }{%1|%j} | |
| {"1":{"default":{"field":"journalAbbreviation","operations":[{"function":"replace","regex":"\\.","replacement":""}]}}} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "j" = "nextMessage:"; | |
| "k" = "previousMessage:"; | |
| "^a" = "selectFirstMessageRow:"; | |
| "^e" = "selectLastMessageRow:"; | |
| "n" = "newMessage:"; | |
| "r" = "replySender:"; | |
| "R" = "replyAll:"; | |
| "F" = "forwardMessage:"; |
OlderNewer