Pro-tip: host everything yourself, and pay for it

Years ago when I started this blog, certain types of hosting were much more expensive than they are today, particularly if you wanted hosting that didn’t suck.

Storing and transmitting websites that were mostly text (say, a blog), for example, was relatively cheap and widely available. However, hosting a lot of pictures (such as one might embed in a post about shooty goodness with friends) was pricey: the storage itself added up, and bandwidth costs were non-negligible.

Around that time, Google was in its do-no-evil phase and was offering free photo hosting for users, with the additional benefit of free embedding in one’s blog posts and other websites. Considering I was but a college student at the time, not utilizing them for hosting would be foolish indeed. Thus, I would upload my photos to their service, PicasaWeb, and get the necessary snippet of HTML to embed a thumbnail and a link to the full-size image in my posts. Fantastic.

More than a decade on, Google has given up the do-no-evil mantra, and also stopped offering that photo hosting service, as well as their excellent photo management program, Picasa. While it appears the thumbnails of the photos still exist and are still available on my earlier posts, clicking them to see a full-sized image results in a 404 Not Found Error.

Fortunately, I still have the originals on disk and will update them at some point, but it’s definitely more of a hassle with a bunch of manual work needed. Apologies if you’re running into issues seeing images in old posts.

Lesson learned: using third-party services as a key part of one’s site is probably not the best of ideas. Doubly so if you’re not paying them — remember, if you’re paying them you’re a customer. Otherwise you’re a liability or, worse, the product being sold. Such services can be discontinued at any time.

Using a content distribution network (CDN) to make things more efficient and faster? Awesome, but always be able to turn off the CDN or switch to a different provider at any time without much hassle. Using off-site backups? Smart! But be sure the backup service is a backup of your own, locally-maintained files rather than being the sole repository.

Still Alive

I’m still here, though due to life happening, kids taking up lots of my time (and me loving every minute of it), and work being crazy busy, I haven’t had much time to post.

What little free time I have has been spent upright and outside (trying to rehabilitate the backyard) rather than cooped up by a computer. I’m still actively reading various gun blogs, writing to legislators, and contributing in what small ways I can with the time and resources I have. At some point I’ll get to the range.

I’m pleased to report that I’ve had several opportunities to take advantage of this useful provision of California’s oppressive ammo laws to order ammo online and have it delivered right to the house, and in each case all has gone well. My thanks to Target Sports USA (uncompensated, non-affiliate link) for playing along with California’s nonsense and continuing to do business with California residents.

At the risk of sounding somewhat sappy, having a few dozen articles and posts from gun bloggers showing up in my feed every day is incredibly pleasing and gives me a lot to read. The fact that such postings are coming from independent, usually individually-hosted (as opposed to easily-suppressed groups on social media) blogs written by people passionate about the issue and not doing so for remuneration makes me happy.

Combine an active gun blogging community, the enormous number of fellow Californians who bought huge numbers of magazines during freedom week, and a variety of freedom-loving local people posting positively on Nextdoor (which is social media for folks living within a few physical miles of each other; useful for reuniting people with lost pets, finding good local contractors, and general discussion) about gun rights, even in one of the most gun-hostile counties in California (this is Swalwell’s district), and I find myself reinvigorated, feeling of a “stranger in a strange land” as a gun owners in California, and optimistic about the future of gun rights.

In short, I’m still here, still doing my thing, will try to make an effort to write more, and very much appreciate the community of like-minded others (both locally, in the state, and elsewhere). Thanks for all you do, and thanks for reading.



RSS Feed Oops

I was recently fiddling with some options on the blog and ended up introducing an error into the RSS feed. The error was minor (a blank line on the first line of the feed) and many (but not all) RSS readers end up automatically compensating for it, but it may have caused issues for some readers.

I’ve corrected it and it everything should be back to normal. Mea culpa.

Yet another host move, this time to self-hosted.

The web host that was hosting this site is shutting down its US hosting facility at the end of the year, so I decided to move things from that host to a system I control (a Raspberry Pi 3 by my desk at home).

For testing, I may switch between using Cloudflare to proxy elements of the site for speed and security or allowing direct connections. Right now, I’m preferring direct connections.

Naturally, SSL/TLS (this time via Let’s Encrypt) and DNSSEC are enabled. Please feel free to use the TLS-encrypted version of this site in your feed reader, browser, etc. In fact, I prefer if you use the encrypted version for your own privacy.

I’ve also taken the opportunity to do some much-needed miscellaneous housekeeping around the blog, updated the theme somewhat, etc.

From what I can tell, the transfer seems to have gone off without a hitch. If you run into any issues, please let me know.

Well, that was fun.

My web host, who is otherwise outstanding, had some critical failure of their networking gear in the?facility where this server is hosted.
As such, the site was offline for ~9 hours. Considering how infrequently I tend to post, I’d be surprised if anyone noticed. Still, sorry about that.


As mentioned earlier, I use Varnish to cache static pages on this site to improve performance. I use a WordPress plugin that detects when parts of the site are added or modified (e.g. a new post is published, or an existing one is edited) and it purges the cache for that particular page so the cache content will be refreshed with the new content.
Unfortunately, it was not purging the RSS/Atom feed, so subscribers weren’t getting any updates for several days. That’s very odd.
Until things get resolved with the plugin, I’m manually purging the cache for the feed so subscribers will get more timely updates.
Sorry for the trouble.
Update: What luck! A new version of the cache-purging plugin was just released today and fixes the problem. This pleases me.

On Caching

A flurry of new visitors from Tam’s (hi everyone, welcome!) got me thinking a bit about the performance of this site. Combined with not much going on with gun-related topics here in Switzerland, I figured I’d write a bit about tech.
This site runs WordPress on a S-sized Simple Hosting instance at Gandi‘s Baltimore facility. As a sort of hybrid of shared hosting and a VPS, it has a surprising amount of “oomph”: it has dedicated Apache, PHP, and MySQL processes, uses APC to cache PHP opcodes, and sits behind a series of load-balanced Varnish cache servers which cache static content. It’d make sense to take advantage of those resources to ensure things are speedy.
Out-of-the-box, WordPress dynamically generates each page entirely from scratch: this involves about a hundred database calls and a bunch of PHP work. Considering that content here changes relatively infrequently (yeah, I should write more), it doesn’t make sense to generate each page anew for each visitor since this takes a fair bit of resources.
That’s why I use Lite Cache to cache static content: the first time a visitor requests a page, it’s dynamically generated and sent to them as normal, but the now-generated page is saved on the server in the cache. If a second visitor requests that same page, the cached version is sent to them; since this is just a static file that doesn’t need to be generated from scratch, the server can send it right away, so it loads faster for the visitor. In addition, the static file is stored on the Varnish caches, which are specifically designed for high-performance caching. If the content ever changes (e.g. I make a new post, someone leaves a comment, etc.), the cached version is updated to reflect those changes.
Combined with the front-end Varnish caches, this can swiftly serve up content to large numbers of users — I’ve load-tested it with over 1,000x the typical daily traffic and it doesn’t break a sweat.
That’s cool and all, but why bring it up now?
Because I forgot a critical detail: I only tested it with desktop browsers, where it worked great. However, once someone hit the site with a mobile browser (perhaps on their smartphone or tablet), things went wonky: the site correctly detected that the site was using a mobile browser and generated a mobile-friendly version, which the cache dutifully stored for other visitors. Unfortunately, the cache wasn’t smart enough to tell that all the other readers were not using mobile devices, and started serving up the mobile version to desktop browsers. Whoops.
I’ll make a note to test for this sort of stuff in the future.
Since mobile users make up a tiny fraction of the already-small number of readers here, I’ve disabled the mobile-friendly theme until I can get things sorted out.
Since this is nominally a gun blog, I suppose I should try to connect this situation to guns in some way. Here goes: don’t assume everything will always work the way you think it will. Train for a variety of situations. If your training consists only of calmly standing upright in a well-lit range shooting at stationary targets with a full-sized pistol, you’re not well-prepared for a situation when, for example, a bad guy mugs you with a knife outside your office when all you have is a Beretta Jetfire and a cup of coffee. It definitely doesn’t prepare you for things that go thump in the night.Whether you’re adjusting web caches, training at the range, or sending a rocket to the moon, it’s wise to keep in mind that the universe has a perverse sense of humor.


Effective immediately, I’m changing the license of my content to make it even more free.
Previously, content was licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States license.
I’ve updated to the Creative Commons Attribution-ShareAlike 4.0 International License, which clarifies several issues (particularly for people not in the US). I’ve also removed the NonCommercial restriction.
Of course, this relicensing only affects content that I’ve created. Content created by others remains theirs, and is used either with permission or under fair use.

Breaking stuff for fun and profit.

I spent a bit of the last day or two making some changes to the back-end around here, enabling SSL/TLS for the admin interface, etc.
As far as I can tell, things should be good, but if you find that some functionality has broken please let me know.
For now, I have only the admin interface accessible over HTTPS?– all other content should automatically redirect back to the HTTP version and work normally, but in some odd cases browsers seem to ignore the redirects and have formatting issues (cause: the page is loaded over HTTPS but the CSS is loaded over HTTP) and may indicate redirect loops. I’ve been unable to replicate this with testing tools, and it may just be an issue with my browsers. If you see similar issues, please let me know what page you’re visiting, the date and time of the error, and the page source (Ctrl-U) so I can see what might have caused the issue.

Intermittent hosting issues

My apologies if you’ve tried accessing the site and seen error messages, timeouts, slow responses, or other similar issues over the last week or so.
My hosting provider has a rather clever setup that allows for extremely high performance while minimizing resource use. This has generally worked well, but they recently had some issues with their routing hardware that implements this cleverness as well as some moderate attacks against customers.
Although things are stable for now, they’re looking at replacing nearly-overloaded components with higher-capacity models, implementing better monitoring and responses so they can alleviate attacks and detect problems sooner, and otherwise be able to improve things going forward. There may be some instability in the immediate future, but things should improve.
Sorry about the trouble.