The Christmas Playlist That Doesn't Suck (2019)

A photo of a beautiful strange nativity taken in the Czech Republic, December 2012 by Yossi Gurvitz
`weird nativity scene` by Yossi Gurvitz

I’ve scoured Soundcloud to find the best Christmas music I could find. It’s chock full of Christmas favourites that are guaranteed to:

  1. Bring Christmas cheer
  2. Not suck

This years playlist includes:

Many originals and covers of well known Christmas songs such as ‘Christmas (Baby Please Come Home)’, ‘O Come All Ye Faithful’, ‘Joy To The World’, ‘We Wish You A Merry Christmas’, ‘Up On The Housetop’, ‘Auld Lang Syne’, ‘Have Yourself A Merry Little Christmas’, and many more reimagined in ways that don’t suck.

The whole Christmas Playlist That Doesn’t Suck (2019) is up on Soundcloud right now, go have a listen!

Thank you to all the artists who have shared their Christmas songs on SoundCloud for the rest of us!

Chick Magnet

Meet Neo

The very next day after our successful chick sky-drop, one of the eggs our broody hen had been diligently sitting on hatched too, bringing on chickpocalypse.


/ ˈtʃɪk pɒk ə lɪps /


A great and scary change brought about by the birth
(or purchase) of too many young domestic fowl at one time

In the space of two days we’ve jumped from five to eight chickens, and while we have some time to plan for it, this means one of two things:

  1. We prepare to sell two or three chickens when they’re older
  2. We prepare to keep two or three chickens when they’re older and I build another coop that can house 8 or more chickens at once.

As I have three children, option 1 was discussed, but never once taken seriously by anyone involved in the discussions, and now I need to learn how to build things with wood.

Hard hard can it be?

Here are some chickens:

This is Iris with her two adopted chicks
Brown-butt is Peckycephalosaurus
And facing the camera is Violet

Observing... ness

My greatest hurdle to writing here is myself. I have plenty of opinions, but nothing I feel is worth inflicting on anyone else (unless you sit within a few feet of me at work). I have lots of ideas, but very few fully formed, or that survive a withering stare. I have drafts galore, but rarely hit publish because on the path to writing things, I so very often disappoint myself with what I actually write.

Then today Kat posted and published her first blerg post and reminded me that the reason I love this can-and-bits-of-string style of old-school post is because they’re not polished thought pieces on the nature of mortality, but simply a glimpse into what other people are thinking and doing in their lives1. Rubenerd has being doing exactly this for many many years and I still love reading what he’s doing and thinking, even though it’s not hosted on Medium or written like he’s got VC funding he needs to justify. They’re just slice-of-life observations and thoughts, and they’re the good stuff.

Even the above is more waffle than I meant to do in this post, but this time I mean to cut through the attempt to formulate a thesis and simply put down stuff that was on my mind tonight while I did the dishes. So, some things I’ve observed today in no particular order:

  • I tried a new coffee place. My boss incredulously asked if we really walked to get coffee two blocks away. So I thought I’d see what the coffee was like at the new(-ish?) place at the end of our street. The coffee was good, but a large was miniscule, and I can’t imagine the thimble size I would have got if I’d asked for a regular. I had to get another coffee later in the day to make up for it.
  • My partner and kids are excitedly buzzing about two new chicks we got to give to one of our broody hens. We couldn’t make her take them yesterday, but we just successfully executed a Mission: Impossible style coordinated operation to drop the chicks in in the dead of night, and it seems to have worked. Apparently you know it worked when the new mother purrs like a cat. I’m only disappointed I didn’t get to use the mask I’d made to infiltrate the coop by impersonating our rooster.
  • I’m still struggling with my self-imposed Reddit ban (which is my most recent shunning of social media after Twitter and Facebook). I’ve replaced it in some small part with a combination of the ABC news app, Hacker News (top stories), an Aussie Mastodon instance with a bunch of people I met through Twitter, and, but none of them are a drop-in replacement (minus the crap I was getting tired of). I really miss the not-thinking-ness of being able to just witlessly scroll through Reddit when I’m not doing anything better.
  • Speaking of - I can’t find a simple way to just see top posts in any field. As far as I can tell, my feed (and the week/month/year/all-time) feeds are only the tags I’ve subscribed to, and ‘latest’ is the only un-filtered list I can see. Maybe I’m missing something, but one thing I really appreciate about HN and Reddit is that I get posts on topics I’ve never even heard of before, and I really need it. 100 posts on “#javascript” is not my idea of a good time.
  • I chiselled a hole in my desk this week in my never-ending crusade against cables. This hid a further 30cm of cable beneath the desk, bringing me ever closer to the glorious day when everything I own will hover fractionally above the desk and nothing will be connected to anything except by invisible forces.

I’m going to stop here. Observing-ness maybe shouldn’t be a brain dump of everything I’ve thought this week.

Maybe I’ll be back again soon with more observation… nesses?

  1. Also, Kat happens to have picked the same theme I chose for the site of the podcast my daughter and I made ages ago↩︎

Balancing Humanity and Technology

I’ve been listening to a podcast called Team Human ever since the host Douglas Rushkoff was a guest on another favourite podcast, You Are Not So Smart. The basic premise of the podcast, book of the same name, and indeed the guest episode he appeared on, was about taking back society for humans.

It took me a while to warm up to the argument. Rushkoff was writing about the cyberpunk movement when I was still in high school, and wears his counter-culture credentials with pride. Me with my quiet Australian suburban Christian upbringing know nothing about what was happening in technology circles in that time, or what anyone was really even railing against back then.

So the idea that technology today isn’t really serving humans any more made me stop and think. And it’s stupidly obvious when you give it more than a moment’s thought, but it hadn’t really occurred to me that it’s the exact reason I’m lost on the internet nowadays.

Today we’re served by technology more than ever, and the internet is responsible for the feeling that we’re getting more done, and we’re more connected than ever before, but despite the vision of early internet visionaries, we’re also stuck in tiny silos, and fighting bigger and bigger monopolies for control of our data.

Instead of really serving us, technology is being used to sell us, divide us, and make us happy to hand over everything that makes us human. Which isn’t to say that we should head back to caves and poop in the open, but we need to be able to make informed choices about how our data is used.

Full disclosure: I’ve tried to write this article before, and encourage you all to switch to, and, but every time I start it, I see the little Google Home on my wall blasting out electro swing and telling me when my pomodoro timer is complete, and I wail and gnash my teeth for being a godless hypocrite.

A small Google Home device attached to a wall under a piece of art
out, foul temptress

The upshot is, I’m extremely interested in how we can maintain our privacy and autonomy while still enjoying the benefits of connected technology. I don’t want to miss out on the benefits that these big companies can provide, but I also want to know that it’s serving me, not the other way around. I believe we forfeit too much data to large companies, but I also believe the benefits and fun of technology can make the trade off worthwhile if we do not enter into it with our eyes closed.

I’m looking for is a community of people who are also treading that fine line between tin-foil-hattery and open embrace of our corporate overlords to work within the system to make it safer for humans.

Rushkoff would argue that this isn’t possible online. He wants people to get out there and make real face-to-face connections with people. I get where he’s coming from - by communicating online, we’re letting algorithms and companies decide who we talk to - pushing us into silos of like-minded people. That happens in real life too, but the process is manual - we have to decide to stop talking to someone whose ideas aren’t our ideas. Online, the algorithms are getting better and better at showing us similarly minded people, sheltering us from “the other” before we have to ask.

Take YouTube for instance - I recently discovered a Star Trek youtuber who also happens to also do videos about rationalism and atheism. He’s exactly my cup of tea, and I spent a good few evenings listening through his back catalogue. Then another guy popped up who makes videos poking fun at far-right youtubers and then another who makes videos about the differences between right and left. I’ve thoroughly enjoyed them all, and they give me just that little tickle of satisfaction that I’ve discovered someone else who “shares my thoughts” on these topics. In some sense they play a role to help cement or crystallise thoughts I hadn’t yet properly synthesised into my own words, so it’s not bad that I get these recommendations, but over time if YouTube’s AI does it’s job, it does mean I’m going to see fewer and fewer alternative ideas, hear fewer voices, and fall deeper and deeper into that filter bubble that people talk about a lot lately1.

I don’t know how to socialise in the real world any more. It’s a lost art for many people, and even close to impossible for others. The internet brought on a golden age of social interaction for some people who in years gone by might have lived lives of utter loneliness. I’m not one of them, but I’ve let myself lose a lot of the skills I once had to leave the house and be “real”. Finding the time and strength to put myself in places the algorithm can’t get me is going to be hard work. I would even like to think there might be a technological solution, but it would have to be radically different from anything else that currently exists, or it risks being susceptible to the same problems as today’s social technology.

The upshot is that I’m starting to see the cracks, and I don’t have the tools to even understand them, let alone fix them by myself. I fix problems better when I have other people to work with, and I don’t know if other people around me are also seeing the cracks and wondering if they should say something or just keep quiet. If you’re reading this, and you’re concerned about what we can do to balance safety and progress, then get in touch with me. Leave a comment here2, or say hello on Telegram, Discord or now Mastodon or Keybase. Maybe you don’t think the way I do - and I look forward to it.

  1. And don’t get me wrong, I’m not arguing that all voices deserve to be heard, or that all arguments on all sides have equal merit. Honestly I don’t know the answer to “how do you avoid a filter bubble, but also not get drowned in shit” ↩︎

  2. If it works… ↩︎

The Reverend @mygirlbetty

Something really weird and special happened a couple of weeks ago, and I didn’t and still don’t really know what I want to say about it. It was a big enough event though that I want to talk about it because it involves one of my favourite people in the world.

Carlynne standing in her alb and stole with another minister during her ordination ceremony
Being reverended

My sister went and did something foolish, and got herself made a full blown minister of the Australian Uniting church. As in, she’s actually an honest-to-god reverend. And like, she can put that on forms she fills out (see below).

Title:      Reverend
First name: Cazbutt
Last name:  Nunn

Growing up, I admired my father for becoming a minister, and although I didn’t think I could ever actually do it, I often thought it might be the path I might take one day - carrying on some sort of family tradition1. When I left my faith, that was a small dream I left behind as well, and although I didn’t want it any more, I still missed it.

To see Carlynne take up the mantle now makes me happy to see that dream become a reality somehow in a silly sort of way.

Which isn’t to say that my sister’s faith and chosen path are anything like my father’s. Carlynne isn’t so much following tradition as she is taking tradition firmly by the shoulders, walking it firmly to the door, and asking it politely to leave.

The ordination ceremony itself was a rich and beautiful celebration of Carlynne’s journey so far. It was an honor to have been invited and to have been able to attend. Afterwards, my sister’s band Terry Towelling and the Tank Tops played a full set while the church family at Brunswick catered a lovely party to both celebrate and say farewell.

What I loved most about the day was this: religion might not be my thing, and the (nebulous, worldwide) church might have a lot of explaining to do, but when I think of my sister as a minister it just makes so much sense to me. What I recognise when she dons the Alb is that my own silly childhood fantasy of becoming a minister was always about my own status - about the title - being able to put reverend on the form.

When I look at my sister’s road to ordination, I instead see a truly humble servant who only wants to meet people where they are. She has already spent much of her adult life learning to accept people how they are just because they’re human. It’s a trait I admire so much in her, and I’m overjoyed when I see her keep embracing it, using it.

The world has always been pretty fucked up, and too often we hear about the people who take their positions and leverage their power to look after themselves, leaving it just a little more fucked than it was before. What I love about my sister and the path she’s chosen is that she really will leave it a little less fucked than how she found it. This step is just another on that road.

Congratulations The Reverend Carlynne @mygirlbetty. You’re a Starasaurus and I love you and I’m proud of you. Keep making the world more awesome.

  1. or old charter or something. ↩︎

Hugo Missing Posts

Just to help out anyone else who’s brain is turning to mush trying to figure this out:

I went to write a new post tonight and discovered that Hugo flat out refused to render the new post. Nothing I did would make Hugo display or serve up the new page. Digging further, Hugo wouldn’t convert the post using the conversion functions, and running –verbose or –debug showed that as far as Hugo was concerned, the new pages flat out didn’t exist.

I was wracking my brain for hours over this - checking and double-checking paths, ensuring file permissions were correct, removing old posts, attempting to disable caches - until I did some frontmatter splitting and discovered that if I left the date field off, the posts showed up.

It turned out that something in my config has changed since I created my last posts, and Hugo is now rendering posts relying on the post’s timezone to determine when it should be published. I recently updated my version of Hugo to v0.54.0, and I also specifically altered the way my dates are generated in archetypes\ to match how I’d like them to be stored, and one or both of those changes meant that Hugo went from generating new posts in a consistent timezone, to generating them in my local timezone but acting as though they were in UTC. This meant that posts were being ignored but would have published without a problem +1030 hours from the time I wrote them.

Now I’ve simply altered my archetype to include -0700 to tell Hugo to append my local TZ to new dates, and now a hugo new posts/ generates a file that shows up immediately when I serve the file.

In my archetypes\ file I’ve set date to:

date: "{{ dateFormat "2006-01-02 15:04:05 -0700" .Date }}"

HTTPS Content Security Policy

After having followed in his footsteps and converted my site to Hugo, Rubenerd also prompted me to check out my HTTPS score on Mozilla’s Observatory with his post on the topic.

Using Wordpress my grade was an F, but the change wasn’t enough in-and-of-itself to change the grade at all. It turns out Mozilla is super persnickety about HTTPS security and focuses on your site’s Content Security Policy as one of it’s primary measures.

The CPS is not something I’d ever heard of before. Other sites gave my site a clean bill of health when I’d checked to see if my SSL certificate was doing it’s job, so I figured my site was safe. It turns out that browsers now support a Content Security Policy header that can tell the browser to ignore any potentially dangerous content that isn’t explicitly allowed by the creator.

What this means is that the webmaster identifies where all their Javascript, CSS, iframe embedded content, images and other content might come from, then set up a ruleset that tells the browser to block anything else.

My ruleset (via Headers in .htaccess) looks something like the following:

default-src 'none';
object-src 'none';
frame-ancestors 'none';
base-uri 'none';
form-action 'self'
img-src 'self'
script-src 'self';
style-src 'self';
  • default-src is the base level rule, and by setting it to ‘none’, we tell the browser to ignore anything that isn’t explicitly spelled out below.
  • frame-src is set to allow only iframes (eg. this post)
  • form-action only allows submitting forms to for comments and for the search form on the front page
  • font-src is set to allow google fonts
  • img-src allows images from my amazon s3 bucket, Flickr, Gravatars, and an image for visitor statistics (using Matomo so your data isn’t going anywhere).
  • script-src allows cloudflare hosted JS because the theme I’m using uses some libraries there.
  • style-src allows CSS from and cloudflare, again for the theme.

By specifying ‘self’ for JS and CSS, and explicitly not using ‘unsafe-inline’ I’ve forced myself to move everything to self-hosted CSS and JS files, instead of using inline style on html elements or onClick JS. From the Mozilla docs on the matter:

Inline JavaScript – either reflected or stored – means that improperly escaped user-inputs can generate code that is interpreted by the web browser as JavaScript. By using CSP to disable inline JavaScript, you can effectively eliminate almost all XSS attacks against your site.

And with comments enabled, I want as much protection from XSS as possible.

Now The Geekorium scores a delightful A+ on the Mozilla Observatory, and a score of 125/100, which is the sort of ‘extra-credit’ number I’m looking for in my security.

Posting from Mobile

One thing that moving away from WordPress means is that I can no longer publish on the go.

I mean, I never really did, but at least I had the option. Now to post I must be in front of my PC with the Hugo software installed and a copy of my repo. I could get the repo on any computer and even install Hugo if I needed to be elsewhere, but my home computer has the key to log into my server, so I’m not making it easy on myself.

I can however, use a portable git client (I’m trying out FastHub for GitHub and write my posts on the go, then tidy and publish them later.

I’m banking on the idea that reducing the barriers to writing will increase the number of posts that get published. We’ll see.

Staticman Comments Are Go

I’ve re-enabled comments here at The Geekorium, and imported all my old comments, so go nuts!

To import all your old comments, I used a script written by someone else, then parsed them through a dodgy PHP script I made myself to rename everything into the format my site is relying on, so there might be shenanigans with the imported comments. Please let me know if anything seems off.

That leaves me with the next question: how do I ensure I don’t get flooded with spam? I’ve had comments back on for all of 2 days, and I get a steady trickle of Pull Requests from the Staticman bot triggered by spam comments. On the Wordpress site I had Akismet turned on, which all but eliminated bad-faith for me, the way modern email clients almost never let the chaff through.

The simplest answer is the Google reCAPTCHKA1 - the latest version doesn’t even ask you to tick the “I’m not a robot” box let alone click on thirteen boxes of street crossings. It’s a tempting solution, but it’s owned and operated by Google, and everything your users do on your website is captured for analysis. As spelled out in their documentation:

reCAPTCHA works best when it has the most context about interactions with your site, which comes from seeing both legitimate and abusive behavior.


reCAPTCHA learns by seeing real traffic on your site.

In a perfect world, Google would only use this data to improve the service. Maybe that’s all they’re doing, but I take my reader’s privacy seriously - more than my own - and I’m genuinely concerned what Google is doing with this enormous corpus of user data capcha’d by these little blue boxes all over the web. They’re more pervasive than Facebook logins and social buttons, and unlike the earlier version, it’s no longer training robots to recognise trains or traffic lights, it’s training computers how to recognise human behaviour.

There’s also the question of how these work if people choose to disable javascript. The theme I’m using relies on more JS than I’d like already, but at least it degrades elegantly. I’m not so sure about recapcha and I can’t find an answer on their website.

It’s looking likely I’m going to have to palm user data off to someone to determine if they’re a robot or not. I’m not happy about it, but it appears to be the price unless I’m willing to sift through dozens of spam comments a day. It wouldn’t be so bad, except Git’s policy of keeping history means that the spam I receive is attached to my site’s repo forever, even if the comment never makes it here.

My final recourse is to try something that I’m guessing won’t work for long. Staticman has a feature that checks for valid form data. The check is basic enough that the field can be present in the data as long as it’s blank. If it has a value set it immediately fails validation. I’ve set a dummy field in the form that needs to be left blank. If a ‘bot fills it in, it should get picked up and fail to submit. I’m not sure how long it will slow them down, but I’m going to give it a shot.

I’ve also disabled the form on posts older than a month, so if you want to comment, do it now!

Update: 24 hours without a spam comment. Success!

  1. ↩︎

Moving to Hugo

They say “imitation is the sincerest form of flattery”, and I do hope they’re right. I’ve been reading Rubenerd for the longest time, and his lovely minimal(ist) website built on Hugo has had me dying to try out the technology for the longest time.

While there’s nothing wrong with Wordpress, I’ve always found it just a little too clunky for my tastes - and slow. That might be because I’ve always used it on shared hosting with less than optimised databases. The idea of a super fast and efficient text-only site is appealing.

So if you can’t tell the difference, today’s post (and all past posts) are now brought to you by Hugo, powered by Go.

I also used this as the excuse I needed to finally put the effort into dual booting Linux on my machine. I’m trying out Linux Mint, and I’m proud I actually got it working with Secure Boot1. Starting out, my “flow” is to create a post in Markdown, then build the site and rsync it to to the same location my old site was.

Please let me know if you notice anything funky. As usual I can be reached on Telegram, Discord, and just recently, Twitter2. However, I’m aware that there’s lots of posts that will not have survived the switch over without some… problems. I will get to them eventually.

The process of moving was interesting. All my posts in Wordpress were written in Textile which for years was my preferred markup language, but Textile turned out to be Betamax to Markdown’s VHS, or what Mercurial is to Git, or what Bitbucket is to Github, or what this sentence is to any other sentence.

The first step was to learn just enough Go to build the Go Wordpress Importer. This pulls all the posts out of a Wordpress Export XML file, then uses Pandoc to convert the HTML to whatever format you like. I built in the ability to toss in some extra Pandoc magic to convert from Textile to HTML then from HTML to Markdown.

From there, Hugo does most of the heavy lifting as long as you can find a theme you like that includes all the nice stuff you want included. I quite like Er but I’ve forked it as ooh-er for my own purposes.

The next step is to build comments back in. It’s something that Ruben has forgone - not for technical reasons I believe - but I really enjoy the one or two I get occasionally. It’s not an easy problem to solve with a static site though, but I think I’ll be leaning on Staticman to add comments into the github repo. I found a slightly different script that also uses Github, but adds comments as “issues”. While appealing, I also want to ensure I’m not tied completely to Github for all time.

Let me know what you think of the changes. I’ll post more when I have comments up and running.

  1. Through no talent of my own I might add. ↩︎

  2. God I’m such a sell-out. ↩︎

rex-havoc fun technology use-case debate direction future jones google voice-in-the-dark friend time-diversion tip extensions movie music twitter internet awesome bots official-help users christmas final-flight-of-xarnash interface iphone wordpress blogging create gadgets ortrix support the-professor voice-in-the-flesh anrianna new-feature problem cute family guide past playlist search stupid application embed first-look gina-trapani god humour