Partial proxying of TLS in Nginx

Nginx is best known for being a really good web server. (The page you're reading was served by it! Unless it's been a really long time and I've revamped things. Check the Server header to confirm, I guess.) It's also known for being a really good TLS-terminating reverse proxy server. It's less well known for being a non-terminating reverse proxy for TLS connections, but it's actually capable of that, too.

So I have this use case where I'd like Nginx to serve some static web sites (again, like this one); serve as a TLS-terminating reverse proxy for some other services; and serve as a non-TLS-terminating reverse proxy for yet others (specifically, I'm proxying those connections over a VPN to my LAN, but that's not important here). And this… turns out not to be straightforward.

More…

Fixing freetype, redux

Waaaaay back in 2020, I wrote about fixing font hinting in Debian Buster and later versions. My fix involved maintaining a mildly-tweaked forked version of the package, which needed to be rebuilt at every update. At the time, I speculated that doing this in configuration might not be possible. Recently, however, I discovered that it is possible.

It's actually very simple; Freetype reads the FREETYPE_PROPERTIES environment variable. Set it to truetype:interpreter-version=35 to get the desired old behavior back on an unpatched Freetype.

And that's all there is to it. There's no “below the fold” on this one; enjoy!

More…

Thinkpad X13s Review

Yesterday, I reviewed a Thinkpad X13, finding it almost not terrible.

Today, surprise! Shortly after buying the X13, I got a screaming deal on an X13s, a device with virtually nothing in common with the X13. The X13s is almost good.

More…

Thinkpad X13 (AMD, gen 2) Review

You may recall that I've been using a Thinkpad X62 (an amateur-designed, small-run custom motherboard in the chassis of an X61, along with a display upgrade) as my personal laptop since 2018. Unfortunately, the nature of amateur-designed, small-run hardware is such that this (already somewhat janky) device has been slowly accumulating jank; and replacement parts to repair and refurbish it with are essentially non-existent. Given that, I've been faced with the truly horrifying prospect of upgrading my laptop for some time now. (This is horrifying because no OEM has made an acceptable laptop since roughly 2012, when Lenovo jumped on the abominable chiclet keyboard bandwagon and destroyed the most important touchpoint of their systems. But I digress, for now.)

A few months ago I picked up a refurbished Thinkpad X13 (second generation, with AMD processor) and started messing around with it. Having now suffered through it for a bit, here are my thoughts. This is a cranky curmudgeon's review, old-man-yells-at-cloud style.

More…

Why You Can't Divide by Zero

Well, why not? The usual answers boil down to either an appeal to arithmetic intuition (e.g. treating division as repeated subtraction, you can never subtract zero to get anywhere) or definition (you can't divide by zero because zero is defined not to have a multiplicative inverse, i.e. “because I said so”). But the former is mathematically naïve and the latter is unsatisfyingly circular. So let's dig in to why we want to define zero out of division.

More…