I'm writing a specification for a web app that will store sensitive user data, and the stakeholder asked that I consider a number of fairly standard security practices, but also including that the data be "encrypted at rest", i.e. so that if someone gains physical access to the hard disk at some later date the user data can't be retrieved.

The app is to be Node/Express on a VPS (probably against sqlite3), so since I would be doing that using an environmental variable stored in a file on that same computing instance, is that really providing any extra security?

I guess cloud big boys would be using key management systems to move the key off the local instance, and I could replicate that by using (Hashicorp Vault?) or building a service to keep the key elsewhere, but then I'd need secure access to that service, which once again would involve a key being stored locally.

What's your thoughts, experience, or usual practice around this?

I asked for some advice here a couple of months ago about transitioning to espresso from Aeropress, and have since done that, and thought my journey my have some lessons for others, or y'all might have some ideas for my remaining issues.

Journey

Instant -> Nespresso pods -> Aeropress -> multiple daily espresso

Machine

After a bit of research, I was quite keen on the Sage/Breville Dual Boiler, but it was well out of my price range. I ended up purchasing "The Infuser" which is like their bean to cup Barista Express without the built in grinder. I had been planning on getting the Bambino, but the Infuser was less money (AUD350 - perhaps this model is being retired) and seemed more like a 'real' espresso machine.

The Infuser is a 54mm portafilter, PID, three way valve machine. The water heats quickly (although not as quickly as the Bambino) although I tend to turn it on and let it sit for a while to let the group head warm through anyway.

It's supposed to have volumetric dosing, but the volume output changes with the grind, so perhaps this is just setting how many pumps of the little piston pump or something. It's not time either. In any case, it does allow you to make repeatable shots once you've dialed in and set it. The setting is very simple to change.

The water tank is plenty big enough for me, and the drip tray might be on the small side - I generally empty it every coffee but you could probably do two.

Accessories

I have a personal failing wherein I buy too many gadgets when I'm excited about a new hobby. I'd originally started with a Rhinowares hand grinder with my Aeropress, but had found a 2021 Timemore C2 on eBay which is nicer to hold, and grinds the same amount of beans with a lot less turns. Perhaps it is visibly more consistent particle size, or perhaps I'm imagining that to justify this purchase.

I'm very happy with the eBay puck screen I purchased. I don't know that it's making the coffee any better, but it's keeping the group head clean enough that I don't bother scrubbing it after each shot, and the pucks I tip out of the portafilter have gone from 6.5 to a 3.5 on the Bristol stool chart.

I also got the cheapest ring that goes over the portafilter I could get for charging the basket, and that plus reducing to around 16gm of beans (I only use the double unpressurised basket) means I don't up with tiny specks of coffee all over the kitchen which was a constant issue when I started.

I also have a $2 eBay needle distribution tool, a couple of swirls with that means that when I bang the portafilter on the bench a twice I have a pretty flat, clump free looking bed of grounds that I've just been tamping with the supplied plastic tamp. I've never used anything different, so this seems fine to me although I wish it was a tiny bit bigger as there's a visible ridge left around the outside after tamping. This is probably a future upgrade.

I bought a couple of 220mlish ceramic cups, which I love the look and experience of. If you popped in to see me, that's what I'd serve you, but for daily use I use Duralex 220ml latte glasses since I'm still getting used to the milk frothing process and it's easier to see how that's gone in a glass.

The Experience

My main concern going to espresso was that it would be more mucking on than the Aeropress and that I'd give up and go back to that. Actually, it's probably a similar amount of carry on - just more bench space. They are both more time consuming than the Nespresso machine, but in my opinion worth it for the better coffee experience.

Dialing in has been a bit of a challenge - I'm chasing 16 in, 32 out in 30 seconds, but the click steps on the Timemore seem too big. For example on the medium roast I'm drinking this week that recipe goes from 22 seconds to 50 seconds with a single click. I'm not sure if I'm doing something wrong - I don't think so. In any case, I've just been choosing whatever is closest, and altering the dose and tamp pressure tiny bits to try and improve it a little as I work though that lot of beans. This seems fine for milk drinks.

Fussing on frothing the milk seemed like an optional thing to me, and I wasn't sure I was going to bother (with the Aeropress I just microwaved my milk) but that silkiness of the milk coffee when this is done correctly turns out to very worth. My latte art is highly variable, tending to mostly rubbish @daddyjones@lemmy.world knows what I'm talking about. I think my frothing is fine, but other people seem to be able to decide when the white blob appears on top, whereas mine randomly appears when it feels like it - often too close to the end of the pour when the cup is full. I'm sure this is to do with distance and speed of the pour and I'm missing something important. Feel free to offer suggestions.

The steam wand on this Breville is quite slow (which is probably a plus for me while I'm learning to steam milk), and makes a horrid squealing noise that no one would want to hear in the morning. I don't know if that's all steam wands in the world, just this model, or just my machine or my technique, but the cure seems to be to lower the jug and make half a second of stupidly large bubbles then put the tip back in.

Stopping steaming when I was burning my hand on the jug (which seems to be the standard advice) produced coffee that wasn't hot enough, so I purchased a milk temperature gauge, and highly recommend this. I've started counting how many seconds after the jug is too hot for my hand before the temperature gauge is just touching the red zone, so I could probably ditch it now.

Conclusions

Basically - no regrets. I'm enjoying lovely coffees that feel like a treat every day. I think a grinder with finer steps might be in my (distant) future, and I'd like to solve my latte art issues, but overall the experience has been a source of joy.

*What rights do you have to the digital movies, TV shows and music you buy online? That question was on the minds of Telstra TV Box Office customers this month after the company announced it would shut down the service in June. Customers were told that unless they moved over to another service, Fetch, they would no longer be able to access the films and TV shows they had bought. *

I've been thinking about writing a script that would alert me if there was an updated version of an image I was running.

DockerHub shows an image digest on the page for that tag:

!

And I can extract the digest for an image I am running with:

docker inspect --format='{{index .RepoDigests 0}}' jc21/nginx-proxy-manager:latest

This matches the one from the DockerHub screenshot. But I can't see a CLI way to get the image digest from a registry. It seems like:

docker manifest inspect jc21/nginx-proxy-manager:latest

should do it, but it pulls out the digest of each of the architecture builds for that tag instead of the one shown in dockerhub.

Is there a way to compare the current local image with one in a registry from the command line? Or perhaps there's a more sensible way to do this?

I'm currently brewing in an Aeropress, and considering one of the lower end espresso machines.

But based on a few comments from James Hoffmann about him drinking filter coffee at home, I'm wondering if an espresso machine is something that people end up using every day, or if people are brewing with simpler methods and just making espressos when they've got time on the weekend or people over?

What's your experience, did you buy a machine and it mostly just takes up counter space, or is it a daily source of joy?

Somewhat bewildered by the millions of Aeropress recipes on youtube, I'm wondering if daily users end up settling into a reliable, simple process that's similar from person to person.

In particular, I note that my method (basically a french press) is vastly different from the one in the instructions which is ground much finer, uses less water, and starts dripping through the filter immediately.

Anyway, here's me:

• 12g mild-roast (coarse ground a touch finer than most people would use for a french press, done with a C2)
• inverted
• one filter paper, not washed, but damp enough to stick
• fresh boiled water (so probs 95°+) 180g
• stir enough to break up the floaties
• push the plunger in far enough that the liquid is almost at the top before I put the filter on
• tip over and start plunging at 1:30, finish by 2:00
• into ~70g warmed milk

I'd love to hear yours.

Moved from a Rhinowares to a 2021 Timemore C2, stumbled out to breakfast and used the same clicks without thinking.

I'm a coffee newb - bought an Aeropress and a Rhino hand grinder, and I've sort of flailed around changing things randomly and ended up with an enjoyable repeatable cup by sticking to the same beans, grind, water temperature, brew time & method that seems to work for me.

My issue is I'm not really sure about the terms used to describe the basic aspects of coffee taste - eg bitter, sour, acidic, under extracted, over extracted, etc. I feel like if I did understand them, that would give me the skill to try different things (such as a different roast) and adjust the other factors to match them to get something that suits me, or to be able to make a cup of coffee that would suit someone else's taste.

I'm wondering if you're able to tell me how to deliberately create these other tastes - I imagine I could comparatively taste them and mentally match the words to the sensations. For example, how can I deliberately create an obviously bitter cup, an over extracted cup etc.

The resources I've got for this project are the Aeropress and grinder mentioned, Nespresso machine, a medium and a dark roast, a French Press, and whatever coffee I can get from a supermarket.

Does this sound like a viable plan? If so, what are the tastes I should learn, and how can I create guaranteed and slightly exaggerated versions of them?

I started on Elitedesk 800 G1s when Raspberry Pis got hard to find and expensive, and I now feel they are better in every respect if you don't need the GPIO pins.

Every time I open them up to upgrade something I'm impressed with the level of engineering. There are quality manufacturer manuals for them, the cooling is good and they look great

The P20iX is a tacticool type 21700 size light. It's very floody - perfect for inside buildings or close range outside where you need a big field of view, and bright enough at 4000 lumens .

The bumps on the front are something super tough for breaking car windows etc - so I guess aimed at first responder types. I quite like the double clicky tail switch. One is a really solid on/off click and the other cycles between light levels.

It has two modes, I use it in the everyday mode where it remembers the light brightness from when you turned it off. There also a hard core mode where it always turns on in max.

The hard plastic holster has a hole in the bottom, which I assume is to avoid melting it with the 4 x 4 x CREE XP-L2V6 leds, but I have occasionally just turned it on in the holster for general lighting if I needed both hands.

Since it's quite easy to pull it out of the holster, I do have a slight worry that it will come out by itself if I'm clambering around somewhere - but it never has yet. The holster is intended for clipping on those massive duty belts - it would swing around a bit otherwise. I have a vague recollection it came with some clips to use on narrower belts but perhaps I've thrown them away.

The 21700 battery it needs is a weird Nitecore one with positive and negative contacts each end. I wasn't wild about that, but in practice I never carry spare batteries, so they can be weird or built in and it's no particular problem. If you really hate this idea, there is an optional caddy for 2 x cr123s - but less brightness and lower run times.

!

!

The RovyVon A5x is my EDC at the moment, and I love it enough that I bought another one when I killed it in the washing machine (it's IP66 - but only with the charging plug in - long story at the end).

Like a few of these little lights, it has ancillary LED's on the side. I chose the white+UV side LEDs. The other option is white + red which would probably be more useful, except this is the glow-in-the-dark case, and the UV supercharges that in a couple of seconds.

The GITD is not amazing, but if you're camping away from city lights, it's still bright enough to find the next morning right up till the sun comes up.

The choices for the main LED are CREE XP-G3 or Nichia 219C. I went with the Nichia with a warmer CRI. The Nichia is 450 lumens vs the Cree 650.

The battery is rated 330mAh and is USB-C chargeable (I think my old one was mini USB?). The story with the charging plug on my old one was I washed it in the pocket of some pants, and it still worked, but I could see a drop of moisture inside. I pulled the charging port stopper right out since it kept half closing itself in the rice. Then I couldn't get it back in (probably could have with tweezers) so I thought I'd do that later, then washed it again the following weekend without the plug in. I went all out with the drying attempts, but it was properly soaked through, and never came back from that.

It doesn't really tailstand unless you've got the magnet on (I do) and something to stick it to. It's just a lovely little general use torch for your pocket.

!reflector view

I own, and often carry, a lot of lights. The i1R2 probably hasn't got the most hours on it, but in terms of the number of times it gets turned on, it's by far the winner.

I've EDC'd something like this for about sixteen years. This is the RovyVon Aurora A5 (G3)-UV + White with the Nichia 219C LED. I mostly just use the UV to give the glow in the dark case a little charge as I'm dropping it on the nightstand.

It's not my first A5 - I've killed one in the washing machine. I replaced that one with a Fenix E05R which is way more washing machine proof, but I just never had the same love for it as I do for the A5.

Before those, for many years it was the Fenix LD01 - mine has that wonderful beat up look you only get from using a light every day for years.

There's also been a number of no-name 10440 lights that I seem to lose more easily than the brand name ones :-/

In the same pocket is an Olight i1R 2 on my keys - so it also has the 'well worn' look.

I've been downloading SSL certificates from my domain provider, using cat to join them together to make the fullchain.pem, uploading them to the server, and myself adding a 90 day calendar reminder. Every time I did this I'd think I should find out about this Certbot thing.

Well, I finally got around to it, and it was one of those jobs which turns out to be so easy you wish you'd done it ages ago.

The install was simple (I'm using nginx/ubuntu).

It scans up your server conf files to see which sites are being served, asks you a couple of questions, obtains the Let's Encrypt certificate for them, installs it, updates your conf files to use it, and sets up a cron job to check if it's time to renew the certificate, which it will also do auto-magically.

I was so pleased with it I made a donation to the EFF for it, then I started to think about how amazingly useful Let's Encrypt is, and gave them one too. It's just a really good time to be in this hobby.

I highly recommend Certbot. If you've been putting this off, or only just hearing about it, make some time for it.

>Nats says that the failure was triggered by a single piece of data in a flight plan that was wrongly input to its system by an unnamed airline.

It will be fascinating as the details of this emerge.

I have an ancient domain that for years has been hosted with a company that allowed wildcard email forwarding - so *@example.com was forwarded to my gmail. So over the years, I've just used a new email address for every signup of anything.

Sadly, the company is getting out of hosting, so I need to move the domain somewhere. The commercial email hosting I've seen seen around is all paid for per mailbox.

Is there a commercial email host that would allow a wildcard like that?

I have low desire to run my own email hosting, but perhaps if it's just a bunch of forwards that might be simpler?

Such a good feeling cancelling my paid tier on Dropbox this week. I've been 'playing' at self hosting for a few months, and now I'm confident in my infrastructure and processes so I can start turning off some of the cloud things I've been paying for.

Dropbox has gone in favor of Syncthing over Tailscale in a hub and spoke arrangement to a VM at home. The main compromise I've had to make is on the iOS experience.

The next subscriptions I'll be cancelling will be Evernote (I have so loved this over the years, but as they've added 'features' the app experience has degraded to the point where it's no longer reliable to add notes from my phone). I'm currently trying Obsidian for this , but thinking about a simpler web markdown editor for mobile.

After that, all my Wordpress blogs will be coming home to my VPS, I imagine with some sort of static site generator.