Add cloudflare post

output/2015/index.html

@@ -38,6 +38,9 @@
          <main id="content" role="main"><article class="listpage"><header><h1>Posts for year 2015</h1>
     </header><ul class="postlist">
 <li>
+<a href="../posts/cloudflare-shenanigans.html" class="listtitle">Cloudflare Shenanigans</a> <time class="listdate" datetime="2015-12-25T14:13:26+08:00" title="2015-12-25 14:13">2015-12-25 14:13</time>
+</li>
+        <li>
 <a href="../posts/tiddlywiki-in-the-sky-or-tiddlyweb-for-tw5.html" class="listtitle">TiddlyWiki in the Sky (or TiddlyWeb for TW5)</a> <time class="listdate" datetime="2015-12-24T14:48:20+08:00" title="2015-12-24 14:48">2015-12-24 14:48</time>
 </li>
         <li>

output/archive.html

@@ -38,7 +38,7 @@
          <main id="content" role="main"><article class="listpage"><header><h1>Archive</h1>
     </header><ul class="postlist">
 <li>
-<a href="2015/index.html">2015 (2)</a>
+<a href="2015/index.html">2015 (3)</a>
         </li>
 <li>
 <a href="2013/index.html">2013 (14)</a>

output/categories/cloudflare.html

@@ -0,0 +1,67 @@
+<!DOCTYPE html>
+<html prefix="og: http://ogp.me/ns# article: http://ogp.me/ns/article# " vocab="http://ogp.me/ns" lang="en">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width">
+<title>Posts about cloudflare | Pleasant Programmer</title>
+<link href="../assets/css/rst.css" rel="stylesheet" type="text/css">
+<link href="../assets/css/code.css" rel="stylesheet" type="text/css">
+<link href="../assets/css/theme.css" rel="stylesheet" type="text/css">
+<link href="../assets/css/custom.css" rel="stylesheet" type="text/css">
+<link rel="alternate" type="application/rss+xml" title="RSS" href="../rss.xml">
+<link rel="canonical" href="http://pleasantprogrammer.com/categories/cloudflare.html">
+<script type="text/javascript" src="//use.typekit.net/iwm5axp.js"></script><script type="text/javascript">try{Typekit.load();}catch(e){}</script><!--[if lt IE 9]><script src="../assets/js/html5.js"></script><![endif]--><link rel="alternate" type="application/rss+xml" title="RSS for tag cloudflare" href="cloudflare.xml">
+</head>
+<body>
+<a href="#content" class="sr-only sr-only-focusable">Skip to main content</a>
+    
+    <header id="header" role="banner"><div class="thomas">
+            <img src="../assets/img/thomas.gif" alt="DJ THOMAS IN DA HAUS"><img src="../assets/img/thomas.png" alt="Pleasant Programmer">
+</div>
+        
+    <h1 id="brand"><a href="http://pleasantprogrammer.com/" title="Pleasant Programmer" rel="home">
+
+        <span id="blog-title">Pleasant Programmer</span>
+    </a></h1>
+
+        
+
+        
+    <nav id="menu" role="navigation"><ul>
+<li class="twitter"><a href="http://twitter.com/pleasantprog">@pleasantprog</a></li>
+                <li><a href="../archive.html">Archives</a></li>
+                <li><a href="index.html">Tags</a></li>
+                <li><a href="../rss.xml">RSS</a></li>
+    
+    
+    </ul></nav></header><div id="container">
+         <main id="content" role="main"><article class="tagpage"><header><h1>Posts about cloudflare</h1>
+        <div class="metadata">
+                <p class="feedlink"><a href="cloudflare.xml" type="application/rss+xml">RSS feed</a></p>
+        </div>
+    </header><ul class="postlist">
+<li>
+<a href="../posts/cloudflare-shenanigans.html" class="listtitle">Cloudflare Shenanigans</a> <time class="listdate" datetime="2015-12-25T14:13:26+08:00" title="2015-12-25 14:13">2015-12-25 14:13</time>
+</li>
+    </ul></article></main><footer id="footer" role="contentinfo"><p><a rel="license" href="http://creativecommons.org/licenses/by-sa/3.0/deed.en_US"><img alt="CC-BY-SA" style="border-width:0" src="http://i.creativecommons.org/l/by-sa/3.0/80x15.png"></a> © 2015 Thomas Dy - Powered by <a href="http://getnikola.com">Nikola</a></p>
+            
+        </footer>
+</div>
+    
+    
+    
+    
+
+    <script src="../assets/js/konami.js"></script><script src="http://code.jquery.com/jquery-2.0.3.min.js"></script><script>
+        var easter_egg = new Konami();
+        easter_egg.code = function() {
+            $(".thomas").toggleClass("whoa");
+            $("body").scrollTop(0);
+        }
+        easter_egg.load();
+
+        // love you, thomas!
+        // yours, @_phi + @meggykawsek
+    </script>
+</body>
+</html>

output/categories/cloudflare.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="utf-8"?>
+<?xml-stylesheet type="text/xsl" href="../assets/xml/rss.xsl" media="all"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0"><channel><title>Pleasant Programmer (cloudflare)</title><link>http://pleasantprogrammer.com/</link><description></description><atom:link type="application/rss+xml" href="http://pleasantprogrammer.com/categories/cloudflare.xml" rel="self"></atom:link><language>en</language><lastBuildDate>Fri, 25 Dec 2015 07:25:05 GMT</lastBuildDate><generator>https://getnikola.com/</generator><docs>http://blogs.law.harvard.edu/tech/rss</docs><item><title>Cloudflare Shenanigans</title><link>http://pleasantprogrammer.com/posts/cloudflare-shenanigans.html</link><dc:creator>Thomas Dy</dc:creator><description>&lt;div&gt;&lt;p&gt;An old client of ours managed to convince a telco to zero-rate the data for their app. In order to whitelist it though, we needed to use plain HTTP for domain whitelisting. For HTTPS, they can only whitelist by IP address. Like any good developer, we were using HTTPS. Also, like any good developer, we put our server behind Cloudflare.&lt;/p&gt;
+&lt;p&gt;Now the problem is that Cloudflare can put you behind &lt;a href="https://www.cloudflare.com/ips/"&gt;any IP they own&lt;/a&gt;, which is a huge range. There's no guarantee that the IP we have now is going to be the same later on. So we did the reasonable thing and asked them to whitelist all of the Cloudflare IPs. And the telco agreed! We were in total disbelief when that happened. But hey, if life gives you free internet, you take it.&lt;/p&gt;
+&lt;p&gt;We never actually empirically tested whether other sites hosted on Cloudflare were also actually zero-rated. But I like to think that we saved a lot of people on their data costs from browsing Reddit and 4chan. But alas, good things must come to an end.&lt;/p&gt;
+&lt;p&gt;A few months after we started beta testing the app, Cloudflare added more IPs to their range. Unfortunately, our server got moved to those new IPs which were not whitelisted yet. Apparently, the telco whitelisting process was incredibly convoluted and time consuming. Our client didn't want to bother asking them to whitelist more IPs. We also tried asking Cloudflare to move us back to the original IP range, but they could only do that if we were in their enterprise tier. We couldn't really afford that, so we looked for other options.&lt;/p&gt;
+&lt;p&gt;Since Cloudflare was essentially just a giant reverse proxy, theoretically there should be no distinction between one IP address from another. The specific IP we get is probably just for load balancing. So we tried accessing the IPs in the range directly and just setting the Host header and it worked! But we get SSL errors because the IP itself doesn't have its own certificate.&lt;/p&gt;
+&lt;p&gt;After more testing, we figured out that you could actually use any Cloudflare backed domain so long as we properly set the Host header. We just needed to find one still in the old range. Coincidentally, 4chan.org was. Which led to this wonderful commit&lt;/p&gt;
+&lt;pre class="code literal-block"&gt;commit 123456789abcdef
+Author: ~~~~~~
+Date:   ~~~~~~
+
+    4chan hack
+
+&lt;span class="gh"&gt;diff --git a/src/com/client/common/Util.java b/src/com/client/common/Util.java&lt;/span&gt;
+&lt;span class="gd"&gt;--- a/src/com/client/common/Util.java&lt;/span&gt;
+&lt;span class="gi"&gt;+++ b/src/com/client/common/Util.java&lt;/span&gt;
+&lt;span class="gu"&gt;@@ -210,7 +210,8 @@ public class Util {&lt;/span&gt;
+        }
+
+        public static String getServerAddress(Context context) {
+&lt;span class="gd"&gt;-               String address = "https://backend.client.com";&lt;/span&gt;
+&lt;span class="gi"&gt;+               // String address = "https://backend.client.com";&lt;/span&gt;
+&lt;span class="gi"&gt;+               String address = "https://4chan.org";&lt;/span&gt;
+                if(!isDebug(context)) return address;
+                try {
+&lt;span class="gh"&gt;diff --git a/src/com/client/common/logging/APIClient.java b/src/com/client/common/logging/APIClient.java&lt;/span&gt;
+&lt;span class="gd"&gt;--- a/src/com/client/common/logging/APIClient.java&lt;/span&gt;
+&lt;span class="gi"&gt;+++ b/src/com/client/common/logging/APIClient.java&lt;/span&gt;
+&lt;span class="gu"&gt;@@ -101,6 +101,7 @@ public class APIClient {&lt;/span&gt;
+        private HttpResponse postInternal(String url, List&amp;lt;NameValuePair&amp;gt; data, boolean forRegistration) throws ClientProtocolException, IOException {
+                HttpPost request = new HttpPost(Util.getServerAddress(mContext)+"/api/"+url);
+                request.setHeader("X-API-VERSION", apiVersion);
+&lt;span class="gi"&gt;+               request.setHeader("Host", "backend.client.com");&lt;/span&gt;
+
+                if(data == null) {
+                        data = new ArrayList&amp;lt;NameValuePair&amp;gt;();
+&lt;/pre&gt;
+
+
+&lt;p&gt;Eventually, we did decide to just abandon Cloudflare for the server. We probably weren't going to be the target of a DDOS or anything. This also allowed us to do more secure things like pinning the server certificate in the application itself. Clearly, this is what we should have just done in the first place, but at the time we just wanted a stopgap solution.&lt;/p&gt;
+&lt;p&gt;I just still find it funny we were making people's phones go to 4chan.org everyday for more than a year.&lt;/p&gt;&lt;/div&gt;</description><category>cloudflare</category><category>sysadmin</category><guid>http://pleasantprogrammer.com/posts/cloudflare-shenanigans.html</guid><pubDate>Fri, 25 Dec 2015 06:13:26 GMT</pubDate></item></channel></rss>

output/categories/index.html

@@ -38,7 +38,8 @@
     </ul></nav></header><div id="container">
          <main id="content" role="main"><article class="tagindex"><header><h1>Tags</h1>
     </header><ul class="postlist">
-<li><a class="reference listtitle" href="lets-debug.html">lets-debug</a></li>
+<li><a class="reference listtitle" href="cloudflare.html">cloudflare</a></li>
+            <li><a class="reference listtitle" href="lets-debug.html">lets-debug</a></li>
             <li><a class="reference listtitle" href="philippine-transit-app.html">philippine-transit-app</a></li>
             <li><a class="reference listtitle" href="programming.html">programming</a></li>
             <li><a class="reference listtitle" href="sysadmin.html">sysadmin</a></li>

output/categories/lets-debug.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<?xml-stylesheet type="text/xsl" href="../assets/xml/rss.xsl" media="all"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/"><channel><title>Pleasant Programmer (lets-debug)</title><link>http://pleasantprogrammer.com/</link><description></description><atom:link rel="self" type="application/rss+xml" href="http://pleasantprogrammer.com/categories/lets-debug.xml"></atom:link><language>en</language><lastBuildDate>Thu, 24 Dec 2015 07:49:10 GMT</lastBuildDate><generator>https://getnikola.com/</generator><docs>http://blogs.law.harvard.edu/tech/rss</docs><item><title>GTFS Editor</title><link>http://pleasantprogrammer.com/posts/gtfs-editor.html</link><dc:creator>Thomas Dy</dc:creator><description>&lt;div&gt;&lt;p&gt;Link: &lt;a href="https://github.com/conveyal/gtfs-editor"&gt;https://github.com/conveyal/gtfs-editor&lt;/a&gt;&lt;/p&gt;
+<?xml-stylesheet type="text/xsl" href="../assets/xml/rss.xsl" media="all"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0"><channel><title>Pleasant Programmer (lets-debug)</title><link>http://pleasantprogrammer.com/</link><description></description><atom:link type="application/rss+xml" href="http://pleasantprogrammer.com/categories/lets-debug.xml" rel="self"></atom:link><language>en</language><lastBuildDate>Fri, 25 Dec 2015 07:25:05 GMT</lastBuildDate><generator>https://getnikola.com/</generator><docs>http://blogs.law.harvard.edu/tech/rss</docs><item><title>GTFS Editor</title><link>http://pleasantprogrammer.com/posts/gtfs-editor.html</link><dc:creator>Thomas Dy</dc:creator><description>&lt;div&gt;&lt;p&gt;Link: &lt;a href="https://github.com/conveyal/gtfs-editor"&gt;https://github.com/conveyal/gtfs-editor&lt;/a&gt;&lt;/p&gt;
 &lt;p&gt;&lt;strong&gt;TL;DR&lt;/strong&gt; they really meant under development&lt;/p&gt;
 &lt;p&gt;When I first saw the source of GTFS Editor, I was ecstatic. They used &lt;a href="http://playframework.com/"&gt;Play framework&lt;/a&gt;!!! Not only that, they're targeting PostgreSQL as the main database. Those are our favorite tools for building webapps at By Implication. I was a bit sad though, when I saw it was on the 1.x release of Play though. I did have some experience with that release, but not as much compared to 2.x.&lt;/p&gt;
 &lt;p&gt;Getting it to actually run though, wasn't very pleasant. The initial setup was easy enough. Get &lt;a href="http://www.playframework.com/download"&gt;Play 1.2.5&lt;/a&gt;, install Postgres with PostGIS, clone the repo and create backing database in Postgres. Some minor additional steps you need are to create the PostGIS extension on the database. The schema is automatically generated and applied by Play so that should be all that's necessary. Wonderful. Then, run play, open a browser, go to &lt;a href="http://localhost:9000"&gt;http://localhost:9000&lt;/a&gt;, compilation error. Fantastic.&lt;/p&gt;

output/categories/philippine-transit-app.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<?xml-stylesheet type="text/xsl" href="../assets/xml/rss.xsl" media="all"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/"><channel><title>Pleasant Programmer (philippine-transit-app)</title><link>http://pleasantprogrammer.com/</link><description></description><atom:link rel="self" type="application/rss+xml" href="http://pleasantprogrammer.com/categories/philippine-transit-app.xml"></atom:link><language>en</language><lastBuildDate>Thu, 24 Dec 2015 07:49:10 GMT</lastBuildDate><generator>https://getnikola.com/</generator><docs>http://blogs.law.harvard.edu/tech/rss</docs><item><title>Geocoding Services</title><link>http://pleasantprogrammer.com/posts/geocoding-services.html</link><dc:creator>Thomas Dy</dc:creator><description>&lt;div&gt;&lt;p&gt;A key component for any routing service is being able to do geocoding. Most people who are looking for routes most probably don't know exactly where their start and end points are on the map. Even then, manually looking for a location on a map is a time-consuming task.&lt;/p&gt;
+<?xml-stylesheet type="text/xsl" href="../assets/xml/rss.xsl" media="all"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0"><channel><title>Pleasant Programmer (philippine-transit-app)</title><link>http://pleasantprogrammer.com/</link><description></description><atom:link type="application/rss+xml" href="http://pleasantprogrammer.com/categories/philippine-transit-app.xml" rel="self"></atom:link><language>en</language><lastBuildDate>Fri, 25 Dec 2015 07:25:05 GMT</lastBuildDate><generator>https://getnikola.com/</generator><docs>http://blogs.law.harvard.edu/tech/rss</docs><item><title>Geocoding Services</title><link>http://pleasantprogrammer.com/posts/geocoding-services.html</link><dc:creator>Thomas Dy</dc:creator><description>&lt;div&gt;&lt;p&gt;A key component for any routing service is being able to do geocoding. Most people who are looking for routes most probably don't know exactly where their start and end points are on the map. Even then, manually looking for a location on a map is a time-consuming task.&lt;/p&gt;
 &lt;p&gt;The gold standard for doing geocoding right now is Google Maps. It's hard to find a better location search experience. If they actually provided routing for jeeps here in the Philippines, I imagine there wouldn't be &lt;em&gt;that&lt;/em&gt; much you could do for the competition.&lt;/p&gt;
 &lt;p&gt;When the competition started though, I took it as a challenge to avoid Google Maps as much as possible. I wanted to see how much is currently possible with other options such as OpenStreetMap. In fact, OSM does have a geocoding service called &lt;a href="http://nominatim.openstreetmap.org"&gt;Nominatim&lt;/a&gt;.&lt;/p&gt;
 &lt;p&gt;Sadly, for a mapping app, what you want to do is not simply just geocoding. With geocoding, you take an address and turn it into coordinates. When you want to search for a place in a mapping app, you take part of an address, infer the rest of it, and give the user options to choose from.&lt;/p&gt;

output/categories/programming.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<?xml-stylesheet type="text/xsl" href="../assets/xml/rss.xsl" media="all"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/"><channel><title>Pleasant Programmer (programming)</title><link>http://pleasantprogrammer.com/</link><description></description><atom:link rel="self" type="application/rss+xml" href="http://pleasantprogrammer.com/categories/programming.xml"></atom:link><language>en</language><lastBuildDate>Thu, 24 Dec 2015 07:49:10 GMT</lastBuildDate><generator>https://getnikola.com/</generator><docs>http://blogs.law.harvard.edu/tech/rss</docs><item><title>Is My Terminal Window Active?</title><link>http://pleasantprogrammer.com/posts/is-my-terminal-window-active.html</link><dc:creator>Thomas Dy</dc:creator><description>&lt;div&gt;&lt;p&gt;I've been working in OSX for almost 3 years now, but I recently switched back to Linux because of all the problems people encountered with Yosemite. There are some things I missed from OSX though. One of which is &lt;a href="https://github.com/marzocchi/zsh-notify"&gt;zsh-notify&lt;/a&gt;. It's a zsh plugin that alerts you if your long-running task is complete, and whether it failed or not.&lt;/p&gt;
+<?xml-stylesheet type="text/xsl" href="../assets/xml/rss.xsl" media="all"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0"><channel><title>Pleasant Programmer (programming)</title><link>http://pleasantprogrammer.com/</link><description></description><atom:link type="application/rss+xml" href="http://pleasantprogrammer.com/categories/programming.xml" rel="self"></atom:link><language>en</language><lastBuildDate>Fri, 25 Dec 2015 07:25:05 GMT</lastBuildDate><generator>https://getnikola.com/</generator><docs>http://blogs.law.harvard.edu/tech/rss</docs><item><title>Is My Terminal Window Active?</title><link>http://pleasantprogrammer.com/posts/is-my-terminal-window-active.html</link><dc:creator>Thomas Dy</dc:creator><description>&lt;div&gt;&lt;p&gt;I've been working in OSX for almost 3 years now, but I recently switched back to Linux because of all the problems people encountered with Yosemite. There are some things I missed from OSX though. One of which is &lt;a href="https://github.com/marzocchi/zsh-notify"&gt;zsh-notify&lt;/a&gt;. It's a zsh plugin that alerts you if your long-running task is complete, and whether it failed or not.&lt;/p&gt;
 &lt;p&gt;It's pretty convenient when you're compiling something and then go on to browse reddit while waiting. Usually, I spend too much time just reading and forget about the compilation entirely. With the plugin, I get the notification and maybe go back to work.&lt;/p&gt;
 &lt;p&gt;One nice feature it has is that if you're currently looking at the terminal window of the job that just finished, it won't notify you. It only notifies on windows that aren't currently in focus. To do this, it has to actually talk to Terminal.app or iTerm2 to see if the window and tab are active.&lt;/p&gt;
 &lt;p&gt;This is alright in OSX since those 2 are the generally most used terminal emulators. On Linux though, everyone has their own favorite terminal. Given that, I figured I could probably rely on talking to X to see if the window is active instead of each single terminal emulator. X can't tell if the tab is active though, but I don't use tabs in my current setup so it should still be good.&lt;/p&gt;

output/categories/sysadmin-tiddlywiki.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<?xml-stylesheet type="text/xsl" href="../assets/xml/rss.xsl" media="all"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/"><channel><title>Pleasant Programmer (sysadmin tiddlywiki)</title><link>http://pleasantprogrammer.com/</link><description></description><atom:link rel="self" type="application/rss+xml" href="http://pleasantprogrammer.com/categories/sysadmin-tiddlywiki.xml"></atom:link><language>en</language><lastBuildDate>Thu, 24 Dec 2015 07:49:10 GMT</lastBuildDate><generator>https://getnikola.com/</generator><docs>http://blogs.law.harvard.edu/tech/rss</docs><item><title>TiddlyWiki in the Sky (or TiddlyWeb for TW5)</title><link>http://pleasantprogrammer.com/posts/tiddlywiki-in-the-sky-or-tiddlyweb-for-tw5.html</link><dc:creator>Thomas Dy</dc:creator><description>&lt;div&gt;&lt;p&gt;I've always liked &lt;a href="http://tiddlywiki.com"&gt;TiddlyWiki&lt;/a&gt;. Back when it first came out, it was really amazing. A wiki all in one file, that worked in the browser. It didn't need a backend, it would just save itself as an all new HTML file with all your posts inside. I've used it a lot over the years, as a personal wiki/journal and a class notebook. I even had a blog with it at one point using one of the server-side forks.&lt;/p&gt;
+<?xml-stylesheet type="text/xsl" href="../assets/xml/rss.xsl" media="all"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0"><channel><title>Pleasant Programmer (sysadmin tiddlywiki)</title><link>http://pleasantprogrammer.com/</link><description></description><atom:link type="application/rss+xml" href="http://pleasantprogrammer.com/categories/sysadmin-tiddlywiki.xml" rel="self"></atom:link><language>en</language><lastBuildDate>Fri, 25 Dec 2015 07:25:05 GMT</lastBuildDate><generator>https://getnikola.com/</generator><docs>http://blogs.law.harvard.edu/tech/rss</docs><item><title>TiddlyWiki in the Sky (or TiddlyWeb for TW5)</title><link>http://pleasantprogrammer.com/posts/tiddlywiki-in-the-sky-or-tiddlyweb-for-tw5.html</link><dc:creator>Thomas Dy</dc:creator><description>&lt;div&gt;&lt;p&gt;I've always liked &lt;a href="http://tiddlywiki.com"&gt;TiddlyWiki&lt;/a&gt;. Back when it first came out, it was really amazing. A wiki all in one file, that worked in the browser. It didn't need a backend, it would just save itself as an all new HTML file with all your posts inside. I've used it a lot over the years, as a personal wiki/journal and a class notebook. I even had a blog with it at one point using one of the server-side forks.&lt;/p&gt;
 &lt;p&gt;Now, there's TiddlyWiki5 which is a rewrite of the original TiddlyWiki that looks a whole lot snazzier, and I assume has better architecture overall. It also has experimental support for all the server-side platforms (particularly TiddlyWeb) that have cropped up.&lt;/p&gt;
 &lt;p&gt;If you're just looking for a simple server setup for TiddlyWiki5, it has native support for that on its own. There's plenty of documentation on the site. But if you're looking for more advanced features (like storing your posts in git or a database), then you'll need to use it with TiddlyWeb. The problem is that most of the documentation for TiddlyWeb still refers to the old TiddlyWiki.&lt;/p&gt;
 &lt;p&gt;To support TiddlyWiki5, we'll need a version of the wiki which has the TiddlyWeb plugin already installed and configured. After that, some tweaking is necessary to get TiddlyWeb to provide what the wiki requires.&lt;/p&gt;

output/categories/sysadmin.html

@@ -41,6 +41,9 @@
         </div>
     </header><ul class="postlist">
 <li>
+<a href="../posts/cloudflare-shenanigans.html" class="listtitle">Cloudflare Shenanigans</a> <time class="listdate" datetime="2015-12-25T14:13:26+08:00" title="2015-12-25 14:13">2015-12-25 14:13</time>
+</li>
+        <li>
 <a href="../posts/removing-pldtmydslbiz-from-the-zyxel-p-2612hnu.html" class="listtitle">Removing PLDTMyDSLBiz from the ZyXEL P-2612HNU</a> <time class="listdate" datetime="2013-11-27T10:12:31+08:00" title="2013-11-27 10:12">2013-11-27 10:12</time>
 </li>
         <li>

output/categories/sysadmin.xml

@@ -1,5 +1,44 @@
 <?xml version="1.0" encoding="utf-8"?>
-<?xml-stylesheet type="text/xsl" href="../assets/xml/rss.xsl" media="all"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/"><channel><title>Pleasant Programmer (sysadmin)</title><link>http://pleasantprogrammer.com/</link><description></description><atom:link rel="self" type="application/rss+xml" href="http://pleasantprogrammer.com/categories/sysadmin.xml"></atom:link><language>en</language><lastBuildDate>Thu, 24 Dec 2015 07:49:10 GMT</lastBuildDate><generator>https://getnikola.com/</generator><docs>http://blogs.law.harvard.edu/tech/rss</docs><item><title>Removing PLDTMyDSLBiz from the ZyXEL P-2612HNU</title><link>http://pleasantprogrammer.com/posts/removing-pldtmydslbiz-from-the-zyxel-p-2612hnu.html</link><dc:creator>Thomas Dy</dc:creator><description>&lt;div&gt;&lt;p&gt;I've always thought that people were just too lazy to change their SSIDs when I see "PLDTMyDSLBizCafeJapan". It became apparent when we got our own PLDT line that it was because the bundled router/modem &lt;em&gt;does not&lt;/em&gt; allow you to remove the prefix.&lt;/p&gt;
+<?xml-stylesheet type="text/xsl" href="../assets/xml/rss.xsl" media="all"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0"><channel><title>Pleasant Programmer (sysadmin)</title><link>http://pleasantprogrammer.com/</link><description></description><atom:link type="application/rss+xml" href="http://pleasantprogrammer.com/categories/sysadmin.xml" rel="self"></atom:link><language>en</language><lastBuildDate>Fri, 25 Dec 2015 07:25:05 GMT</lastBuildDate><generator>https://getnikola.com/</generator><docs>http://blogs.law.harvard.edu/tech/rss</docs><item><title>Cloudflare Shenanigans</title><link>http://pleasantprogrammer.com/posts/cloudflare-shenanigans.html</link><dc:creator>Thomas Dy</dc:creator><description>&lt;div&gt;&lt;p&gt;An old client of ours managed to convince a telco to zero-rate the data for their app. In order to whitelist it though, we needed to use plain HTTP for domain whitelisting. For HTTPS, they can only whitelist by IP address. Like any good developer, we were using HTTPS. Also, like any good developer, we put our server behind Cloudflare.&lt;/p&gt;
+&lt;p&gt;Now the problem is that Cloudflare can put you behind &lt;a href="https://www.cloudflare.com/ips/"&gt;any IP they own&lt;/a&gt;, which is a huge range. There's no guarantee that the IP we have now is going to be the same later on. So we did the reasonable thing and asked them to whitelist all of the Cloudflare IPs. And the telco agreed! We were in total disbelief when that happened. But hey, if life gives you free internet, you take it.&lt;/p&gt;
+&lt;p&gt;We never actually empirically tested whether other sites hosted on Cloudflare were also actually zero-rated. But I like to think that we saved a lot of people on their data costs from browsing Reddit and 4chan. But alas, good things must come to an end.&lt;/p&gt;
+&lt;p&gt;A few months after we started beta testing the app, Cloudflare added more IPs to their range. Unfortunately, our server got moved to those new IPs which were not whitelisted yet. Apparently, the telco whitelisting process was incredibly convoluted and time consuming. Our client didn't want to bother asking them to whitelist more IPs. We also tried asking Cloudflare to move us back to the original IP range, but they could only do that if we were in their enterprise tier. We couldn't really afford that, so we looked for other options.&lt;/p&gt;
+&lt;p&gt;Since Cloudflare was essentially just a giant reverse proxy, theoretically there should be no distinction between one IP address from another. The specific IP we get is probably just for load balancing. So we tried accessing the IPs in the range directly and just setting the Host header and it worked! But we get SSL errors because the IP itself doesn't have its own certificate.&lt;/p&gt;
+&lt;p&gt;After more testing, we figured out that you could actually use any Cloudflare backed domain so long as we properly set the Host header. We just needed to find one still in the old range. Coincidentally, 4chan.org was. Which led to this wonderful commit&lt;/p&gt;
+&lt;pre class="code literal-block"&gt;commit 123456789abcdef
+Author: ~~~~~~
+Date:   ~~~~~~
+
+    4chan hack
+
+&lt;span class="gh"&gt;diff --git a/src/com/client/common/Util.java b/src/com/client/common/Util.java&lt;/span&gt;
+&lt;span class="gd"&gt;--- a/src/com/client/common/Util.java&lt;/span&gt;
+&lt;span class="gi"&gt;+++ b/src/com/client/common/Util.java&lt;/span&gt;
+&lt;span class="gu"&gt;@@ -210,7 +210,8 @@ public class Util {&lt;/span&gt;
+        }
+
+        public static String getServerAddress(Context context) {
+&lt;span class="gd"&gt;-               String address = "https://backend.client.com";&lt;/span&gt;
+&lt;span class="gi"&gt;+               // String address = "https://backend.client.com";&lt;/span&gt;
+&lt;span class="gi"&gt;+               String address = "https://4chan.org";&lt;/span&gt;
+                if(!isDebug(context)) return address;
+                try {
+&lt;span class="gh"&gt;diff --git a/src/com/client/common/logging/APIClient.java b/src/com/client/common/logging/APIClient.java&lt;/span&gt;
+&lt;span class="gd"&gt;--- a/src/com/client/common/logging/APIClient.java&lt;/span&gt;
+&lt;span class="gi"&gt;+++ b/src/com/client/common/logging/APIClient.java&lt;/span&gt;
+&lt;span class="gu"&gt;@@ -101,6 +101,7 @@ public class APIClient {&lt;/span&gt;
+        private HttpResponse postInternal(String url, List&amp;lt;NameValuePair&amp;gt; data, boolean forRegistration) throws ClientProtocolException, IOException {
+                HttpPost request = new HttpPost(Util.getServerAddress(mContext)+"/api/"+url);
+                request.setHeader("X-API-VERSION", apiVersion);
+&lt;span class="gi"&gt;+               request.setHeader("Host", "backend.client.com");&lt;/span&gt;
+
+                if(data == null) {
+                        data = new ArrayList&amp;lt;NameValuePair&amp;gt;();
+&lt;/pre&gt;
+
+
+&lt;p&gt;Eventually, we did decide to just abandon Cloudflare for the server. We probably weren't going to be the target of a DDOS or anything. This also allowed us to do more secure things like pinning the server certificate in the application itself. Clearly, this is what we should have just done in the first place, but at the time we just wanted a stopgap solution.&lt;/p&gt;
+&lt;p&gt;I just still find it funny we were making people's phones go to 4chan.org everyday for more than a year.&lt;/p&gt;&lt;/div&gt;</description><category>cloudflare</category><category>sysadmin</category><guid>http://pleasantprogrammer.com/posts/cloudflare-shenanigans.html</guid><pubDate>Fri, 25 Dec 2015 06:13:26 GMT</pubDate></item><item><title>Removing PLDTMyDSLBiz from the ZyXEL P-2612HNU</title><link>http://pleasantprogrammer.com/posts/removing-pldtmydslbiz-from-the-zyxel-p-2612hnu.html</link><dc:creator>Thomas Dy</dc:creator><description>&lt;div&gt;&lt;p&gt;I've always thought that people were just too lazy to change their SSIDs when I see "PLDTMyDSLBizCafeJapan". It became apparent when we got our own PLDT line that it was because the bundled router/modem &lt;em&gt;does not&lt;/em&gt; allow you to remove the prefix.&lt;/p&gt;
 &lt;p&gt;This is not the kind of thing you expect as a business customer. Even for home customers, I feel it's still a bit dishonest. I'd be fine if it was just the default SSID, but forcing people to have it as part of their SSID is like advertising that your company (I mean PLDT) is a douche.&lt;/p&gt;
 &lt;p&gt;Of course, we couldn't just leave the SSID prefix there, so we tried a number of things to get rid of it. There are articles for removing it from the &lt;a href="http://www.phandroidinternet.com/2013/06/how-to-remove-on-wifi-name-or-ssid-on.html"&gt;Prolink H5004N&lt;/a&gt; or the &lt;a href="http://www.symbianize.com/showthread.php?t=730091"&gt;ZyXEL P-660HN-T1A&lt;/a&gt; but not for the one we got which was the ZyXEL P-2612HNU-F1F.&lt;/p&gt;
 &lt;p&gt;We did still try the firebug/inspector tricks, but it seems that there is a server-side check that adds in the "PLDTMyDSLBiz". We tried a number of things, but the one that ultimately worked (and we had a good laugh about) was to backup the configuration, edit the dumped file and restore it.&lt;/p&gt;

output/categories/systemd.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<?xml-stylesheet type="text/xsl" href="../assets/xml/rss.xsl" media="all"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/"><channel><title>Pleasant Programmer (systemd)</title><link>http://pleasantprogrammer.com/</link><description></description><atom:link rel="self" type="application/rss+xml" href="http://pleasantprogrammer.com/categories/systemd.xml"></atom:link><language>en</language><lastBuildDate>Thu, 24 Dec 2015 07:49:10 GMT</lastBuildDate><generator>https://getnikola.com/</generator><docs>http://blogs.law.harvard.edu/tech/rss</docs><item><title>Console Keymap Switching</title><link>http://pleasantprogrammer.com/posts/console-keymap-switching.html</link><dc:creator>Thomas Dy</dc:creator><description>&lt;div&gt;&lt;p&gt;At the office, we have some people who use DVORAK. Normally, this isn't a problem. To each his own after all. It does become a bit problematic though, when we're dealing with the servers around the office.&lt;/p&gt;
+<?xml-stylesheet type="text/xsl" href="../assets/xml/rss.xsl" media="all"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0"><channel><title>Pleasant Programmer (systemd)</title><link>http://pleasantprogrammer.com/</link><description></description><atom:link type="application/rss+xml" href="http://pleasantprogrammer.com/categories/systemd.xml" rel="self"></atom:link><language>en</language><lastBuildDate>Fri, 25 Dec 2015 07:25:05 GMT</lastBuildDate><generator>https://getnikola.com/</generator><docs>http://blogs.law.harvard.edu/tech/rss</docs><item><title>Console Keymap Switching</title><link>http://pleasantprogrammer.com/posts/console-keymap-switching.html</link><dc:creator>Thomas Dy</dc:creator><description>&lt;div&gt;&lt;p&gt;At the office, we have some people who use DVORAK. Normally, this isn't a problem. To each his own after all. It does become a bit problematic though, when we're dealing with the servers around the office.&lt;/p&gt;
 &lt;p&gt;We normally leave the servers on QWERTY. After all, most people start off as QWERTY typists and migrate to something else. That said, it's apparently difficult to stay fluent in both. People tend to forget how to type in QWERTY once they learn DVORAK or something else. While it is true that they can just look a the keyboard while typing, my coworkers would prefer it to just be in DVORAK.&lt;/p&gt;
 &lt;p&gt;For the console, they'd typically do &lt;code&gt;sudo loadkeys dvorak&lt;/code&gt; after logging in. The problem with this is, after they logout, the keymapping is still on DVORAK. This has been quite annoying for a few times since I can't even login to change the keymap. What I wanted was something like you get in the graphical login screens where you can pick your keymap before logging in. Apparently, there isn't a readily available thing for the console.&lt;/p&gt;
 &lt;p&gt;I googled around for solutions and came across &lt;a href="http://superuser.com/questions/548234/how-can-i-easily-toggle-between-dvorak-and-qwerty-keyboard-layouts-from-a-linux"&gt;a nice idea&lt;/a&gt;. You could alias &lt;code&gt;asdf&lt;/code&gt; to load the DVORAK mapping and &lt;code&gt;aoeu&lt;/code&gt; (the equivalent to asdf in DVORAK) to load the QWERTY mapping. This actually makes sense since you don't really have to know where the letters are. The only problem is, you once again have to be logged in to change the key mappings.&lt;/p&gt;

output/galleries/rss.xml

@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="utf-8"?>
-<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/"><channel><title>galleries</title><link>http://pleasantprogrammer.com/galleries/rss.xml</link><description></description><language>en</language><lastBuildDate>Thu, 24 Dec 2015 07:49:09 GMT</lastBuildDate><generator>https://getnikola.com/</generator><docs>http://blogs.law.harvard.edu/tech/rss</docs></channel></rss>
+<rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0"><channel><title>galleries</title><link>http://pleasantprogrammer.com/galleries/rss.xml</link><description></description><language>en</language><lastBuildDate>Fri, 25 Dec 2015 07:25:05 GMT</lastBuildDate><generator>https://getnikola.com/</generator><docs>http://blogs.law.harvard.edu/tech/rss</docs></channel></rss>

output/galleries/transit/index.html

@@ -41,38 +41,38 @@
 </ul></nav><h1>transit</h1>
     <ul class="thumbnails">
 <li>
-<a href="onebusaway1.png" class="thumbnail image-reference" title="Onebusaway1">
-                <img src="onebusaway1.thumbnail.png" alt="Onebusaway1"></a>
-            </li>
-<li>
 <a href="gtfs_preview.jpg" class="thumbnail image-reference" title="Gtfs preview">
                 <img src="gtfs_preview.thumbnail.jpg" alt="Gtfs preview"></a>
             </li>
 <li>
-<a href="otp1.png" class="thumbnail image-reference" title="Otp1">
-                <img src="otp1.thumbnail.png" alt="Otp1"></a>
+<a href="onebusaway1.png" class="thumbnail image-reference" title="Onebusaway1">
+                <img src="onebusaway1.thumbnail.png" alt="Onebusaway1"></a>
             </li>
 <li>
 <a href="onebusaway2.png" class="thumbnail image-reference" title="Onebusaway2">
                 <img src="onebusaway2.thumbnail.png" alt="Onebusaway2"></a>
             </li>
 <li>
-<a href="onebusaway3.png" class="thumbnail image-reference" title="Onebusaway3">
-                <img src="onebusaway3.thumbnail.png" alt="Onebusaway3"></a>
+<a href="otp1.png" class="thumbnail image-reference" title="Otp1">
+                <img src="otp1.thumbnail.png" alt="Otp1"></a>
             </li>
 <li>
 <a href="otp2.png" class="thumbnail image-reference" title="Otp2">
                 <img src="otp2.thumbnail.png" alt="Otp2"></a>
             </li>
 <li>
-<a href="otproundabout.png" class="thumbnail image-reference" title="Otproundabout">
-                <img src="otproundabout.thumbnail.png" alt="Otproundabout"></a>
+<a href="onebusaway3.png" class="thumbnail image-reference" title="Onebusaway3">
+                <img src="onebusaway3.thumbnail.png" alt="Onebusaway3"></a>
             </li>
 <li>
 <a href="otpelevation.png" class="thumbnail image-reference" title="Otpelevation">
                 <img src="otpelevation.thumbnail.png" alt="Otpelevation"></a>
             </li>
 <li>
+<a href="otproundabout.png" class="thumbnail image-reference" title="Otproundabout">
+                <img src="otproundabout.thumbnail.png" alt="Otproundabout"></a>
+            </li>
+<li>
 <a href="upkatipunan.jpg" class="thumbnail image-reference" title="Upkatipunan">
                 <img src="upkatipunan.thumbnail.jpg" alt="Upkatipunan"></a>
     </li>

output/index-3.html

@@ -39,6 +39,26 @@
     </ul></nav></header><div id="container">
          <main id="content" role="main"><div class="postindex">
     <article class="h-entry post-text"><header><h1 class="p-name entry-title">
+            <a href="posts/geocoding-services.html" class="u-url">Geocoding Services</a>
+        </h1>
+    </header><div class="e-content entry-content">
+    <div>
+<p>A key component for any routing service is being able to do geocoding. Most people who are looking for routes most probably don't know exactly where their start and end points are on the map. Even then, manually looking for a location on a map is a time-consuming task.</p>
+<p>The gold standard for doing geocoding right now is Google Maps. It's hard to find a better location search experience. If they actually provided routing for jeeps here in the Philippines, I imagine there wouldn't be <em>that</em> much you could do for the competition.</p>
+<p>When the competition started though, I took it as a challenge to avoid Google Maps as much as possible. I wanted to see how much is currently possible with other options such as OpenStreetMap. In fact, OSM does have a geocoding service called <a href="http://nominatim.openstreetmap.org">Nominatim</a>.</p>
+<p>Sadly, for a mapping app, what you want to do is not simply just geocoding. With geocoding, you take an address and turn it into coordinates. When you want to search for a place in a mapping app, you take part of an address, infer the rest of it, and give the user options to choose from.</p>
+<p>Given a typical mapping app, you might type in "ateneo" and expect it to give you Ateneo de Manila University. With typical geocoding services like Nominatim or even Google's <a href="https://developers.google.com/maps/documentation/javascript/geocoding">geocoding API</a>, you probably won't get any result for this. What you want to use is the <a href="https://developers.google.com/maps/documentation/javascript/places">Places API</a> which provides an autocomplete search box. Using it, when you type in "ateneo", it automatically suggests in the dropdown, "Ateneo de Manila University".</p>
+<p>A downside to using the Places API is that it's against the terms of service to use it with something that isn't Google Maps, which means no OpenStreetMap. If there were more time, writing your own autocompletion engine using OpenStreetMap's data will probably be a better long term solution.</p>
+<p>For now, since the competition's deadline is just a few days away, I'll be using Google Maps.</p>
+</div>
+    </div>
+    <small class="dateline">Posted: <time class="published dt-published" datetime="2013-09-25T12:26:59+08:00" title="2013-09-25 12:26">2013-09-25 12:26</time></small>
+        | <small class="commentline">
+        
+    <a href="posts/geocoding-services.html#disqus_thread" data-disqus-identifier="cache/posts/geocoding-services.html">Comments</a>
+
+</small>
+    </article><article class="h-entry post-text"><header><h1 class="p-name entry-title">
             <a href="posts/jeep-and-bus-schedules.html" class="u-url">Jeep and Bus Schedules</a>
         </h1>
     </header><div class="e-content entry-content">

output/index.html

@@ -38,6 +38,59 @@
     </ul></nav></header><div id="container">
          <main id="content" role="main"><div class="postindex">
     <article class="h-entry post-text"><header><h1 class="p-name entry-title">
+            <a href="posts/cloudflare-shenanigans.html" class="u-url">Cloudflare Shenanigans</a>
+        </h1>
+    </header><div class="e-content entry-content">
+    <div>
+<p>An old client of ours managed to convince a telco to zero-rate the data for their app. In order to whitelist it though, we needed to use plain HTTP for domain whitelisting. For HTTPS, they can only whitelist by IP address. Like any good developer, we were using HTTPS. Also, like any good developer, we put our server behind Cloudflare.</p>
+<p>Now the problem is that Cloudflare can put you behind <a href="https://www.cloudflare.com/ips/">any IP they own</a>, which is a huge range. There's no guarantee that the IP we have now is going to be the same later on. So we did the reasonable thing and asked them to whitelist all of the Cloudflare IPs. And the telco agreed! We were in total disbelief when that happened. But hey, if life gives you free internet, you take it.</p>
+<p>We never actually empirically tested whether other sites hosted on Cloudflare were also actually zero-rated. But I like to think that we saved a lot of people on their data costs from browsing Reddit and 4chan. But alas, good things must come to an end.</p>
+<p>A few months after we started beta testing the app, Cloudflare added more IPs to their range. Unfortunately, our server got moved to those new IPs which were not whitelisted yet. Apparently, the telco whitelisting process was incredibly convoluted and time consuming. Our client didn't want to bother asking them to whitelist more IPs. We also tried asking Cloudflare to move us back to the original IP range, but they could only do that if we were in their enterprise tier. We couldn't really afford that, so we looked for other options.</p>
+<p>Since Cloudflare was essentially just a giant reverse proxy, theoretically there should be no distinction between one IP address from another. The specific IP we get is probably just for load balancing. So we tried accessing the IPs in the range directly and just setting the Host header and it worked! But we get SSL errors because the IP itself doesn't have its own certificate.</p>
+<p>After more testing, we figured out that you could actually use any Cloudflare backed domain so long as we properly set the Host header. We just needed to find one still in the old range. Coincidentally, 4chan.org was. Which led to this wonderful commit</p>
+<pre class="code literal-block">commit 123456789abcdef
+Author: ~~~~~~
+Date:   ~~~~~~
+
+    4chan hack
+
+<span class="gh">diff --git a/src/com/client/common/Util.java b/src/com/client/common/Util.java</span>
+<span class="gd">--- a/src/com/client/common/Util.java</span>
+<span class="gi">+++ b/src/com/client/common/Util.java</span>
+<span class="gu">@@ -210,7 +210,8 @@ public class Util {</span>
+        }
+
+        public static String getServerAddress(Context context) {
+<span class="gd">-               String address = "https://backend.client.com";</span>
+<span class="gi">+               // String address = "https://backend.client.com";</span>
+<span class="gi">+               String address = "https://4chan.org";</span>
+                if(!isDebug(context)) return address;
+                try {
+<span class="gh">diff --git a/src/com/client/common/logging/APIClient.java b/src/com/client/common/logging/APIClient.java</span>
+<span class="gd">--- a/src/com/client/common/logging/APIClient.java</span>
+<span class="gi">+++ b/src/com/client/common/logging/APIClient.java</span>
+<span class="gu">@@ -101,6 +101,7 @@ public class APIClient {</span>
+        private HttpResponse postInternal(String url, List&lt;NameValuePair&gt; data, boolean forRegistration) throws ClientProtocolException, IOException {
+                HttpPost request = new HttpPost(Util.getServerAddress(mContext)+"/api/"+url);
+                request.setHeader("X-API-VERSION", apiVersion);
+<span class="gi">+               request.setHeader("Host", "backend.client.com");</span>
+
+                if(data == null) {
+                        data = new ArrayList&lt;NameValuePair&gt;();
+</pre>
+
+
+<p>Eventually, we did decide to just abandon Cloudflare for the server. We probably weren't going to be the target of a DDOS or anything. This also allowed us to do more secure things like pinning the server certificate in the application itself. Clearly, this is what we should have just done in the first place, but at the time we just wanted a stopgap solution.</p>
+<p>I just still find it funny we were making people's phones go to 4chan.org everyday for more than a year.</p>
+</div>
+    </div>
+    <small class="dateline">Posted: <time class="published dt-published" datetime="2015-12-25T14:13:26+08:00" title="2015-12-25 14:13">2015-12-25 14:13</time></small>
+        | <small class="commentline">
+        
+    <a href="posts/cloudflare-shenanigans.html#disqus_thread" data-disqus-identifier="cache/posts/cloudflare-shenanigans.html">Comments</a>
+
+</small>
+    </article><article class="h-entry post-text"><header><h1 class="p-name entry-title">
             <a href="posts/tiddlywiki-in-the-sky-or-tiddlyweb-for-tw5.html" class="u-url">TiddlyWiki in the Sky (or TiddlyWeb for TW5)</a>
         </h1>
     </header><div class="e-content entry-content">
@@ -236,26 +289,6 @@ EOF
         
     <a href="posts/console-keymap-switching.html#disqus_thread" data-disqus-identifier="cache/posts/console-keymap-switching.html">Comments</a>
 
-</small>
-    </article><article class="h-entry post-text"><header><h1 class="p-name entry-title">
-            <a href="posts/geocoding-services.html" class="u-url">Geocoding Services</a>
-        </h1>
-    </header><div class="e-content entry-content">
-    <div>
-<p>A key component for any routing service is being able to do geocoding. Most people who are looking for routes most probably don't know exactly where their start and end points are on the map. Even then, manually looking for a location on a map is a time-consuming task.</p>
-<p>The gold standard for doing geocoding right now is Google Maps. It's hard to find a better location search experience. If they actually provided routing for jeeps here in the Philippines, I imagine there wouldn't be <em>that</em> much you could do for the competition.</p>
-<p>When the competition started though, I took it as a challenge to avoid Google Maps as much as possible. I wanted to see how much is currently possible with other options such as OpenStreetMap. In fact, OSM does have a geocoding service called <a href="http://nominatim.openstreetmap.org">Nominatim</a>.</p>
-<p>Sadly, for a mapping app, what you want to do is not simply just geocoding. With geocoding, you take an address and turn it into coordinates. When you want to search for a place in a mapping app, you take part of an address, infer the rest of it, and give the user options to choose from.</p>
-<p>Given a typical mapping app, you might type in "ateneo" and expect it to give you Ateneo de Manila University. With typical geocoding services like Nominatim or even Google's <a href="https://developers.google.com/maps/documentation/javascript/geocoding">geocoding API</a>, you probably won't get any result for this. What you want to use is the <a href="https://developers.google.com/maps/documentation/javascript/places">Places API</a> which provides an autocomplete search box. Using it, when you type in "ateneo", it automatically suggests in the dropdown, "Ateneo de Manila University".</p>
-<p>A downside to using the Places API is that it's against the terms of service to use it with something that isn't Google Maps, which means no OpenStreetMap. If there were more time, writing your own autocompletion engine using OpenStreetMap's data will probably be a better long term solution.</p>
-<p>For now, since the competition's deadline is just a few days away, I'll be using Google Maps.</p>
-</div>
-    </div>
-    <small class="dateline">Posted: <time class="published dt-published" datetime="2013-09-25T12:26:59+08:00" title="2013-09-25 12:26">2013-09-25 12:26</time></small>
-        | <small class="commentline">
-        
-    <a href="posts/geocoding-services.html#disqus_thread" data-disqus-identifier="cache/posts/geocoding-services.html">Comments</a>
-
 </small>
     </article>
 </div>

output/posts/cloudflare-shenanigans.html

@@ -0,0 +1,148 @@
+<!DOCTYPE html>
+<html prefix="og: http://ogp.me/ns# article: http://ogp.me/ns/article# " vocab="http://ogp.me/ns" lang="en">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width">
+<title>Cloudflare Shenanigans | Pleasant Programmer</title>
+<link href="../assets/css/rst.css" rel="stylesheet" type="text/css">
+<link href="../assets/css/code.css" rel="stylesheet" type="text/css">
+<link href="../assets/css/theme.css" rel="stylesheet" type="text/css">
+<link href="../assets/css/custom.css" rel="stylesheet" type="text/css">
+<link rel="alternate" type="application/rss+xml" title="RSS" href="../rss.xml">
+<link rel="canonical" href="http://pleasantprogrammer.com/posts/cloudflare-shenanigans.html">
+<script type="text/javascript" src="//use.typekit.net/iwm5axp.js"></script><script type="text/javascript">try{Typekit.load();}catch(e){}</script><!--[if lt IE 9]><script src="../assets/js/html5.js"></script><![endif]--><meta name="author" content="Thomas Dy">
+<link rel="prev" href="tiddlywiki-in-the-sky-or-tiddlyweb-for-tw5.html" title="TiddlyWiki in the Sky (or TiddlyWeb for TW5)" type="text/html">
+<meta property="og:site_name" content="Pleasant Programmer">
+<meta property="og:title" content="Cloudflare Shenanigans">
+<meta property="og:url" content="http://pleasantprogrammer.com/posts/cloudflare-shenanigans.html">
+<meta property="og:description" content="An old client of ours managed to convince a telco to zero-rate the data for their app. In order to whitelist it though, we needed to use plain HTTP for domain whitelisting. For HTTPS, they can only wh">
+<meta property="og:type" content="article">
+<meta property="article:published_time" content="2015-12-25T14:13:26+08:00">
+<meta property="article:tag" content="cloudflare">
+<meta property="article:tag" content="sysadmin">
+</head>
+<body>
+<a href="#content" class="sr-only sr-only-focusable">Skip to main content</a>
+    
+    <header id="header" role="banner"><div class="thomas">
+            <img src="../assets/img/thomas.gif" alt="DJ THOMAS IN DA HAUS"><img src="../assets/img/thomas.png" alt="Pleasant Programmer">
+</div>
+        
+    <h1 id="brand"><a href="http://pleasantprogrammer.com/" title="Pleasant Programmer" rel="home">
+
+        <span id="blog-title">Pleasant Programmer</span>
+    </a></h1>
+
+        
+
+        
+    <nav id="menu" role="navigation"><ul>
+<li class="twitter"><a href="http://twitter.com/pleasantprog">@pleasantprog</a></li>
+                <li><a href="../archive.html">Archives</a></li>
+                <li><a href="../categories/index.html">Tags</a></li>
+                <li><a href="../rss.xml">RSS</a></li>
+    
+    
+    </ul></nav></header><div id="container">
+         <main id="content" role="main"><article class="post-text h-entry hentry postpage" itemscope="itemscope" itemtype="http://schema.org/Article"><header><h1 class="p-name entry-title" itemprop="headline name"><a href="#" class="u-url">Cloudflare Shenanigans</a></h1>
+
+        <small>
+        <span class="dateline">Posted: <a href="#" rel="bookmark"><time class="published dt-published" datetime="2015-12-25T14:13:26+08:00" itemprop="datePublished" title="2015-12-25 14:13">2015-12-25 14:13</time></a></span>
+        |
+        More posts about
+        
+           <a class="tag p-category" href="../categories/cloudflare.html" rel="tag">cloudflare</a>
+           <a class="tag p-category" href="../categories/sysadmin.html" rel="tag">sysadmin</a>
+
+        </small>
+        
+
+    </header><div class="e-content entry-content" itemprop="articleBody text">
+    <div>
+<p>An old client of ours managed to convince a telco to zero-rate the data for their app. In order to whitelist it though, we needed to use plain HTTP for domain whitelisting. For HTTPS, they can only whitelist by IP address. Like any good developer, we were using HTTPS. Also, like any good developer, we put our server behind Cloudflare.</p>
+<p>Now the problem is that Cloudflare can put you behind <a href="https://www.cloudflare.com/ips/">any IP they own</a>, which is a huge range. There's no guarantee that the IP we have now is going to be the same later on. So we did the reasonable thing and asked them to whitelist all of the Cloudflare IPs. And the telco agreed! We were in total disbelief when that happened. But hey, if life gives you free internet, you take it.</p>
+<p>We never actually empirically tested whether other sites hosted on Cloudflare were also actually zero-rated. But I like to think that we saved a lot of people on their data costs from browsing Reddit and 4chan. But alas, good things must come to an end.</p>
+<p>A few months after we started beta testing the app, Cloudflare added more IPs to their range. Unfortunately, our server got moved to those new IPs which were not whitelisted yet. Apparently, the telco whitelisting process was incredibly convoluted and time consuming. Our client didn't want to bother asking them to whitelist more IPs. We also tried asking Cloudflare to move us back to the original IP range, but they could only do that if we were in their enterprise tier. We couldn't really afford that, so we looked for other options.</p>
+<p>Since Cloudflare was essentially just a giant reverse proxy, theoretically there should be no distinction between one IP address from another. The specific IP we get is probably just for load balancing. So we tried accessing the IPs in the range directly and just setting the Host header and it worked! But we get SSL errors because the IP itself doesn't have its own certificate.</p>
+<p>After more testing, we figured out that you could actually use any Cloudflare backed domain so long as we properly set the Host header. We just needed to find one still in the old range. Coincidentally, 4chan.org was. Which led to this wonderful commit</p>
+<pre class="code literal-block">commit 123456789abcdef
+Author: ~~~~~~
+Date:   ~~~~~~
+
+    4chan hack
+
+<span class="gh">diff --git a/src/com/client/common/Util.java b/src/com/client/common/Util.java</span>
+<span class="gd">--- a/src/com/client/common/Util.java</span>
+<span class="gi">+++ b/src/com/client/common/Util.java</span>
+<span class="gu">@@ -210,7 +210,8 @@ public class Util {</span>
+        }
+
+        public static String getServerAddress(Context context) {
+<span class="gd">-               String address = "https://backend.client.com";</span>
+<span class="gi">+               // String address = "https://backend.client.com";</span>
+<span class="gi">+               String address = "https://4chan.org";</span>
+                if(!isDebug(context)) return address;
+                try {
+<span class="gh">diff --git a/src/com/client/common/logging/APIClient.java b/src/com/client/common/logging/APIClient.java</span>
+<span class="gd">--- a/src/com/client/common/logging/APIClient.java</span>
+<span class="gi">+++ b/src/com/client/common/logging/APIClient.java</span>
+<span class="gu">@@ -101,6 +101,7 @@ public class APIClient {</span>
+        private HttpResponse postInternal(String url, List&lt;NameValuePair&gt; data, boolean forRegistration) throws ClientProtocolException, IOException {
+                HttpPost request = new HttpPost(Util.getServerAddress(mContext)+"/api/"+url);
+                request.setHeader("X-API-VERSION", apiVersion);
+<span class="gi">+               request.setHeader("Host", "backend.client.com");</span>
+
+                if(data == null) {
+                        data = new ArrayList&lt;NameValuePair&gt;();
+</pre>
+
+
+<p>Eventually, we did decide to just abandon Cloudflare for the server. We probably weren't going to be the target of a DDOS or anything. This also allowed us to do more secure things like pinning the server certificate in the application itself. Clearly, this is what we should have just done in the first place, but at the time we just wanted a stopgap solution.</p>
+<p>I just still find it funny we were making people's phones go to 4chan.org everyday for more than a year.</p>
+</div>
+    </div>
+    <aside class="postpromonav"><nav><ul class="pager clearfix">
+<li class="previous">
+                <a href="tiddlywiki-in-the-sky-or-tiddlyweb-for-tw5.html" rel="prev" title="TiddlyWiki in the Sky (or TiddlyWeb for TW5)">← Previous post</a>
+            </li>
+        </ul></nav></aside><section class="comments"><div id="disqus_thread"></div>
+        <script>
+        var disqus_shortname ="pleasantprog",
+            disqus_url="http://pleasantprogrammer.com/posts/cloudflare-shenanigans.html",
+        disqus_title="Cloudflare Shenanigans",
+        disqus_identifier="cache/posts/cloudflare-shenanigans.html",
+        disqus_config = function () {
+            this.language = "en";
+        };
+        (function() {
+            var dsq = document.createElement('script'); dsq.async = true;
+            dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js';
+            (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
+        })();
+    </script><noscript>Please enable JavaScript to view the <a href="//disqus.com/?ref_noscript" rel="nofollow">comments powered by Disqus.</a>
+</noscript>
+    <a href="//disqus.com" class="dsq-brlink" rel="nofollow">Comments powered by <span class="logo-disqus">Disqus</span></a>
+
+
+        </section></article><script>var disqus_shortname="pleasantprog";(function(){var a=document.createElement("script");a.async=true;a.src="//"+disqus_shortname+".disqus.com/count.js";(document.getElementsByTagName("head")[0]||document.getElementsByTagName("body")[0]).appendChild(a)}());</script></main><footer id="footer" role="contentinfo"><p><a rel="license" href="http://creativecommons.org/licenses/by-sa/3.0/deed.en_US"><img alt="CC-BY-SA" style="border-width:0" src="http://i.creativecommons.org/l/by-sa/3.0/80x15.png"></a> © 2015 Thomas Dy - Powered by <a href="http://getnikola.com">Nikola</a></p>
+            
+        </footer>
+</div>
+    
+    
+    
+    
+
+    <script src="../assets/js/konami.js"></script><script src="http://code.jquery.com/jquery-2.0.3.min.js"></script><script>
+        var easter_egg = new Konami();
+        easter_egg.code = function() {
+            $(".thomas").toggleClass("whoa");
+            $("body").scrollTop(0);
+        }
+        easter_egg.load();
+
+        // love you, thomas!
+        // yours, @_phi + @meggykawsek
+    </script>
+</body>
+</html>

output/posts/cloudflare-shenanigans.md

@@ -0,0 +1,57 @@
+<!--
+.. title: Cloudflare Shenanigans
+.. slug: cloudflare-shenanigans
+.. date: 2015-12-25 14:13:26 UTC+08:00
+.. tags: sysadmin, cloudflare
+.. category:
+.. link:
+.. description:
+.. type: text
+-->
+
+An old client of ours managed to convince a telco to zero-rate the data for their app. In order to whitelist it though, we needed to use plain HTTP for domain whitelisting. For HTTPS, they can only whitelist by IP address. Like any good developer, we were using HTTPS. Also, like any good developer, we put our server behind Cloudflare.
+
+Now the problem is that Cloudflare can put you behind [any IP they own](https://www.cloudflare.com/ips/), which is a huge range. There's no guarantee that the IP we have now is going to be the same later on. So we did the reasonable thing and asked them to whitelist all of the Cloudflare IPs. And the telco agreed! We were in total disbelief when that happened. But hey, if life gives you free internet, you take it.
+
+We never actually empirically tested whether other sites hosted on Cloudflare were also actually zero-rated. But I like to think that we saved a lot of people on their data costs from browsing Reddit and 4chan. But alas, good things must come to an end.
+
+A few months after we started beta testing the app, Cloudflare added more IPs to their range. Unfortunately, our server got moved to those new IPs which were not whitelisted yet. Apparently, the telco whitelisting process was incredibly convoluted and time consuming. Our client didn't want to bother asking them to whitelist more IPs. We also tried asking Cloudflare to move us back to the original IP range, but they could only do that if we were in their enterprise tier. We couldn't really afford that, so we looked for other options.
+
+Since Cloudflare was essentially just a giant reverse proxy, theoretically there should be no distinction between one IP address from another. The specific IP we get is probably just for load balancing. So we tried accessing the IPs in the range directly and just setting the Host header and it worked! But we get SSL errors because the IP itself doesn't have its own certificate.
+
+After more testing, we figured out that you could actually use any Cloudflare backed domain so long as we properly set the Host header. We just needed to find one still in the old range. Coincidentally, 4chan.org was. Which led to this wonderful commit
+
+    :::diff
+    commit 123456789abcdef
+    Author: ~~~~~~
+    Date:   ~~~~~~
+
+        4chan hack
+
+    diff --git a/src/com/client/common/Util.java b/src/com/client/common/Util.java
+    --- a/src/com/client/common/Util.java
+    +++ b/src/com/client/common/Util.java
+    @@ -210,7 +210,8 @@ public class Util {
+            }
+
+            public static String getServerAddress(Context context) {
+    -               String address = "https://backend.client.com";
+    +               // String address = "https://backend.client.com";
+    +               String address = "https://4chan.org";
+                    if(!isDebug(context)) return address;
+                    try {
+    diff --git a/src/com/client/common/logging/APIClient.java b/src/com/client/common/logging/APIClient.java
+    --- a/src/com/client/common/logging/APIClient.java
+    +++ b/src/com/client/common/logging/APIClient.java
+    @@ -101,6 +101,7 @@ public class APIClient {
+            private HttpResponse postInternal(String url, List<NameValuePair> data, boolean forRegistration) throws ClientProtocolException, IOException {
+                    HttpPost request = new HttpPost(Util.getServerAddress(mContext)+"/api/"+url);
+                    request.setHeader("X-API-VERSION", apiVersion);
+    +               request.setHeader("Host", "backend.client.com");
+
+                    if(data == null) {
+                            data = new ArrayList<NameValuePair>();
+
+Eventually, we did decide to just abandon Cloudflare for the server. We probably weren't going to be the target of a DDOS or anything. This also allowed us to do more secure things like pinning the server certificate in the application itself. Clearly, this is what we should have just done in the first place, but at the time we just wanted a stopgap solution.
+
+I just still find it funny we were making people's phones go to 4chan.org everyday for more than a year.

output/posts/tiddlywiki-in-the-sky-or-tiddlyweb-for-tw5.html

@@ -12,6 +12,7 @@
 <link rel="canonical" href="http://pleasantprogrammer.com/posts/tiddlywiki-in-the-sky-or-tiddlyweb-for-tw5.html">
 <script type="text/javascript" src="//use.typekit.net/iwm5axp.js"></script><script type="text/javascript">try{Typekit.load();}catch(e){}</script><!--[if lt IE 9]><script src="../assets/js/html5.js"></script><![endif]--><meta name="author" content="Thomas Dy">
 <link rel="prev" href="is-my-terminal-window-active.html" title="Is My Terminal Window Active?" type="text/html">
+<link rel="next" href="cloudflare-shenanigans.html" title="Cloudflare Shenanigans" type="text/html">
 <meta property="og:site_name" content="Pleasant Programmer">
 <meta property="og:title" content="TiddlyWiki in the Sky (or TiddlyWeb for TW5)">
 <meta property="og:url" content="http://pleasantprogrammer.com/posts/tiddlywiki-in-the-sky-or-tiddlyweb-for-tw5.html">
@@ -139,6 +140,9 @@ EOF
 <li class="previous">
                 <a href="is-my-terminal-window-active.html" rel="prev" title="Is My Terminal Window Active?">← Previous post</a>
             </li>
+            <li class="next">
+                <a href="cloudflare-shenanigans.html" rel="next" title="Cloudflare Shenanigans">Next post →</a>
+            </li>
         </ul></nav></aside><section class="comments"><div id="disqus_thread"></div>
         <script>
         var disqus_shortname ="pleasantprog",

output/rss.xml

@@ -1,5 +1,44 @@
 <?xml version="1.0" encoding="utf-8"?>
-<?xml-stylesheet type="text/xsl" href="assets/xml/rss.xsl" media="all"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/"><channel><title>Pleasant Programmer</title><link>http://pleasantprogrammer.com/</link><description></description><atom:link rel="self" type="application/rss+xml" href="http://pleasantprogrammer.com/rss.xml"></atom:link><language>en</language><lastBuildDate>Thu, 24 Dec 2015 07:49:10 GMT</lastBuildDate><generator>https://getnikola.com/</generator><docs>http://blogs.law.harvard.edu/tech/rss</docs><item><title>TiddlyWiki in the Sky (or TiddlyWeb for TW5)</title><link>http://pleasantprogrammer.com/posts/tiddlywiki-in-the-sky-or-tiddlyweb-for-tw5.html</link><dc:creator>Thomas Dy</dc:creator><description>&lt;div&gt;&lt;p&gt;I've always liked &lt;a href="http://tiddlywiki.com"&gt;TiddlyWiki&lt;/a&gt;. Back when it first came out, it was really amazing. A wiki all in one file, that worked in the browser. It didn't need a backend, it would just save itself as an all new HTML file with all your posts inside. I've used it a lot over the years, as a personal wiki/journal and a class notebook. I even had a blog with it at one point using one of the server-side forks.&lt;/p&gt;
+<?xml-stylesheet type="text/xsl" href="assets/xml/rss.xsl" media="all"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0"><channel><title>Pleasant Programmer</title><link>http://pleasantprogrammer.com/</link><description></description><atom:link type="application/rss+xml" href="http://pleasantprogrammer.com/rss.xml" rel="self"></atom:link><language>en</language><lastBuildDate>Fri, 25 Dec 2015 07:25:05 GMT</lastBuildDate><generator>https://getnikola.com/</generator><docs>http://blogs.law.harvard.edu/tech/rss</docs><item><title>Cloudflare Shenanigans</title><link>http://pleasantprogrammer.com/posts/cloudflare-shenanigans.html</link><dc:creator>Thomas Dy</dc:creator><description>&lt;div&gt;&lt;p&gt;An old client of ours managed to convince a telco to zero-rate the data for their app. In order to whitelist it though, we needed to use plain HTTP for domain whitelisting. For HTTPS, they can only whitelist by IP address. Like any good developer, we were using HTTPS. Also, like any good developer, we put our server behind Cloudflare.&lt;/p&gt;
+&lt;p&gt;Now the problem is that Cloudflare can put you behind &lt;a href="https://www.cloudflare.com/ips/"&gt;any IP they own&lt;/a&gt;, which is a huge range. There's no guarantee that the IP we have now is going to be the same later on. So we did the reasonable thing and asked them to whitelist all of the Cloudflare IPs. And the telco agreed! We were in total disbelief when that happened. But hey, if life gives you free internet, you take it.&lt;/p&gt;
+&lt;p&gt;We never actually empirically tested whether other sites hosted on Cloudflare were also actually zero-rated. But I like to think that we saved a lot of people on their data costs from browsing Reddit and 4chan. But alas, good things must come to an end.&lt;/p&gt;
+&lt;p&gt;A few months after we started beta testing the app, Cloudflare added more IPs to their range. Unfortunately, our server got moved to those new IPs which were not whitelisted yet. Apparently, the telco whitelisting process was incredibly convoluted and time consuming. Our client didn't want to bother asking them to whitelist more IPs. We also tried asking Cloudflare to move us back to the original IP range, but they could only do that if we were in their enterprise tier. We couldn't really afford that, so we looked for other options.&lt;/p&gt;
+&lt;p&gt;Since Cloudflare was essentially just a giant reverse proxy, theoretically there should be no distinction between one IP address from another. The specific IP we get is probably just for load balancing. So we tried accessing the IPs in the range directly and just setting the Host header and it worked! But we get SSL errors because the IP itself doesn't have its own certificate.&lt;/p&gt;
+&lt;p&gt;After more testing, we figured out that you could actually use any Cloudflare backed domain so long as we properly set the Host header. We just needed to find one still in the old range. Coincidentally, 4chan.org was. Which led to this wonderful commit&lt;/p&gt;
+&lt;pre class="code literal-block"&gt;commit 123456789abcdef
+Author: ~~~~~~
+Date:   ~~~~~~
+
+    4chan hack
+
+&lt;span class="gh"&gt;diff --git a/src/com/client/common/Util.java b/src/com/client/common/Util.java&lt;/span&gt;
+&lt;span class="gd"&gt;--- a/src/com/client/common/Util.java&lt;/span&gt;
+&lt;span class="gi"&gt;+++ b/src/com/client/common/Util.java&lt;/span&gt;
+&lt;span class="gu"&gt;@@ -210,7 +210,8 @@ public class Util {&lt;/span&gt;
+        }
+
+        public static String getServerAddress(Context context) {
+&lt;span class="gd"&gt;-               String address = "https://backend.client.com";&lt;/span&gt;
+&lt;span class="gi"&gt;+               // String address = "https://backend.client.com";&lt;/span&gt;
+&lt;span class="gi"&gt;+               String address = "https://4chan.org";&lt;/span&gt;
+                if(!isDebug(context)) return address;
+                try {
+&lt;span class="gh"&gt;diff --git a/src/com/client/common/logging/APIClient.java b/src/com/client/common/logging/APIClient.java&lt;/span&gt;
+&lt;span class="gd"&gt;--- a/src/com/client/common/logging/APIClient.java&lt;/span&gt;
+&lt;span class="gi"&gt;+++ b/src/com/client/common/logging/APIClient.java&lt;/span&gt;
+&lt;span class="gu"&gt;@@ -101,6 +101,7 @@ public class APIClient {&lt;/span&gt;
+        private HttpResponse postInternal(String url, List&amp;lt;NameValuePair&amp;gt; data, boolean forRegistration) throws ClientProtocolException, IOException {
+                HttpPost request = new HttpPost(Util.getServerAddress(mContext)+"/api/"+url);
+                request.setHeader("X-API-VERSION", apiVersion);
+&lt;span class="gi"&gt;+               request.setHeader("Host", "backend.client.com");&lt;/span&gt;
+
+                if(data == null) {
+                        data = new ArrayList&amp;lt;NameValuePair&amp;gt;();
+&lt;/pre&gt;
+
+
+&lt;p&gt;Eventually, we did decide to just abandon Cloudflare for the server. We probably weren't going to be the target of a DDOS or anything. This also allowed us to do more secure things like pinning the server certificate in the application itself. Clearly, this is what we should have just done in the first place, but at the time we just wanted a stopgap solution.&lt;/p&gt;
+&lt;p&gt;I just still find it funny we were making people's phones go to 4chan.org everyday for more than a year.&lt;/p&gt;&lt;/div&gt;</description><category>cloudflare</category><category>sysadmin</category><guid>http://pleasantprogrammer.com/posts/cloudflare-shenanigans.html</guid><pubDate>Fri, 25 Dec 2015 06:13:26 GMT</pubDate></item><item><title>TiddlyWiki in the Sky (or TiddlyWeb for TW5)</title><link>http://pleasantprogrammer.com/posts/tiddlywiki-in-the-sky-or-tiddlyweb-for-tw5.html</link><dc:creator>Thomas Dy</dc:creator><description>&lt;div&gt;&lt;p&gt;I've always liked &lt;a href="http://tiddlywiki.com"&gt;TiddlyWiki&lt;/a&gt;. Back when it first came out, it was really amazing. A wiki all in one file, that worked in the browser. It didn't need a backend, it would just save itself as an all new HTML file with all your posts inside. I've used it a lot over the years, as a personal wiki/journal and a class notebook. I even had a blog with it at one point using one of the server-side forks.&lt;/p&gt;
 &lt;p&gt;Now, there's TiddlyWiki5 which is a rewrite of the original TiddlyWiki that looks a whole lot snazzier, and I assume has better architecture overall. It also has experimental support for all the server-side platforms (particularly TiddlyWeb) that have cropped up.&lt;/p&gt;
 &lt;p&gt;If you're just looking for a simple server setup for TiddlyWiki5, it has native support for that on its own. There's plenty of documentation on the site. But if you're looking for more advanced features (like storing your posts in git or a database), then you'll need to use it with TiddlyWeb. The problem is that most of the documentation for TiddlyWeb still refers to the old TiddlyWiki.&lt;/p&gt;
 &lt;p&gt;To support TiddlyWiki5, we'll need a version of the wiki which has the TiddlyWeb plugin already installed and configured. After that, some tweaking is necessary to get TiddlyWeb to provide what the wiki requires.&lt;/p&gt;
@@ -190,13 +229,4 @@ sed -i .bak &lt;span class="s1"&gt;'/^72/ s/,600/,60/'&lt;/span&gt; frequencies.
 &lt;p&gt;The instructions on the website are already pretty good. There are just some minor errors with it. Where it says &lt;code&gt;gs_gtfsdb_build&lt;/code&gt;, you should actually use &lt;code&gt;gs_gtfsdb_compile&lt;/code&gt;. Also, when running &lt;code&gt;gs_osmdb_compile&lt;/code&gt; you might need to use &lt;code&gt;-t&lt;/code&gt; for tolerant in case you follow the instructions on chopping up the original OSM data.&lt;/p&gt;
 &lt;p&gt;A nice suggestion from the GraphServer instructions was to crop the OSM data to minimize the graph size. This is actually quite helpful if you downloaded the entire Philippine OSM dump. It reduced the original 900MB file to 135MB which was a lot more workable. I did hit a problem with their instructions though. The linked version of osmosis is an old one, which doesn't support 64-bit ids. The &lt;a href="http://wiki.openstreetmap.org/wiki/Osmosis"&gt;latest version of Osmosis&lt;/a&gt; easily did the job though.&lt;/p&gt;
 &lt;p&gt;The actual routing though, was not exactly good. I only tried one route which should normally take 1-2 transfers, it suggested a route which involved 4+ transfers. It also didn't provide any alternate routes aside from that one. I'm not sure if it's a limitation of the provided routeserver, but I didn't bother checking if it supported parameters which might provide better routes.&lt;/p&gt;
-&lt;p&gt;I think graphserver could be useful, but it seems more involved than say OpenTripPlanner. There do seem to be people who use graphserver for their routing apps, but for the bounds of the contest, or just as a side project, it might require too much effort.&lt;/p&gt;&lt;/div&gt;</description><category>philippine-transit-app</category><category>programming</category><guid>http://pleasantprogrammer.com/posts/graphserver.html</guid><pubDate>Tue, 23 Jul 2013 06:48:29 GMT</pubDate></item><item><title>Transit Wand</title><link>http://pleasantprogrammer.com/posts/transit-wand.html</link><dc:creator>Thomas Dy</dc:creator><description>&lt;div&gt;&lt;p&gt;Link: &lt;a href="https://play.google.com/store/apps/details?id=com.conveyal.transitwand"&gt;http://transitwand.com&lt;/a&gt;&lt;/p&gt;
-&lt;p&gt;Overall, this was the simplest of the &lt;a href="http://philippine-transit.hackathome.com/use-this-code/"&gt;open-source transit tools&lt;/a&gt; to actually get up and running. There's already a deployed instance of the server, and you can easily download the phone app via the &lt;a href="https://play.google.com/store/apps/details?id=com.conveyal.transitwand"&gt;Play Store&lt;/a&gt;. Even running the server by yourself didn't have any of the hiccups I had with GTFS Editor.&lt;/p&gt;
-&lt;p&gt;The phone app is actually quite simple. It allows you to capture a trip, which will record your GPS coordinates as you ride public transit. It also allows you to mark points of the trip where you stop and also how long the stop took. Lastly, it allows you to record embarking and disembarking passengers which is potentially useful for ridership data.&lt;/p&gt;
-&lt;p&gt;After doing a capture session, you can review the data on the phone. It will plot out the route on a map, with markers for the stops. You then either delete the data if it looks wrong, or you can upload it to the Transit Wand server. Uploading involves registering an account, but it's free and you don't even actually need to put in a username or anything. It simply registers the phone's IMEI on the server and gives you a 6-digit identifier.&lt;/p&gt;
-&lt;p&gt;You can then use the 6-digit identifier to view the data on Transit Wand's server, which is good since uploading any data automatically deletes it from the phone. There really isn't much else you can do with it though. It just allows you to view the data, and export it as a &lt;a href="https://en.wikipedia.org/wiki/Shapefile"&gt;Shapefile&lt;/a&gt;.&lt;/p&gt;
-&lt;p&gt;As is, this is purely a data collection client-server app. Barring looking at the database, there is no way to get a list of phones which have collected data. Only the person who initiated the data collection knows the 6-digit code to view their data. There's also no way to extract the ridership information from the server yet. This isn't to say that the data won't eventually go public though.&lt;/p&gt;
-&lt;p&gt;An interesting thing you &lt;em&gt;can&lt;/em&gt; do with the Transit Wand data is import it into GTFS Editor to make a new route. You don't even have to manually download and upload the data. Just type in your 6-digit identifier and it will give you a list of routes you've captured via Transit Wand. This is wonderful as you get all the stop data, as well as the shape of the route.&lt;/p&gt;
-&lt;p&gt;I imagine these two tools were how the DOTC came up with all the GTFS data we have now. What I don't understand is why the shape data isn't present. Importing from Transit Wand already gets you shape data. There are even facilities to edit the shape within the editor if clean up is necessary. The only problem I saw was the fact that you can't easily move stops, you have to input coordinates to change the position.&lt;/p&gt;
-&lt;p&gt;It &lt;em&gt;might&lt;/em&gt; also be possible that when the DOTC was still collecting the data, the route collection or editing features weren't present yet. That would just be lame and depressing though.&lt;/p&gt;
-&lt;p&gt;Overall, Transit Wand does what it's supposed to do. You collect data, and then upload it to a server. There is a lot of room for improvement though. It would be nice to have a better API that allows access to more of the data. Building in analysis tools for the ridership data might also be a welcome thing. I imagine it would also be great if you could encourage people to use the app and upload their own trips.&lt;/p&gt;&lt;/div&gt;</description><category>philippine-transit-app</category><category>programming</category><guid>http://pleasantprogrammer.com/posts/transit-wand.html</guid><pubDate>Mon, 15 Jul 2013 14:45:20 GMT</pubDate></item></channel></rss>
+&lt;p&gt;I think graphserver could be useful, but it seems more involved than say OpenTripPlanner. There do seem to be people who use graphserver for their routing apps, but for the bounds of the contest, or just as a side project, it might require too much effort.&lt;/p&gt;&lt;/div&gt;</description><category>philippine-transit-app</category><category>programming</category><guid>http://pleasantprogrammer.com/posts/graphserver.html</guid><pubDate>Tue, 23 Jul 2013 06:48:29 GMT</pubDate></item></channel></rss>

output/sitemap.xml

@@ -7,130 +7,138 @@
                         http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd">
  <url>
   <loc>http://pleasantprogrammer.com/2013/index.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/2015/index.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/archive.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
+ </url>
+ <url>
+  <loc>http://pleasantprogrammer.com/categories/cloudflare.html</loc>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/categories/index.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/categories/lets-debug.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/categories/philippine-transit-app.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/categories/programming.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/categories/sysadmin-tiddlywiki.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/categories/sysadmin.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/categories/systemd.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/galleries/index.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/galleries/transit/index.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/index-1.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/index-2.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/index-3.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/index.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
+ </url>
+ <url>
+  <loc>http://pleasantprogrammer.com/posts/cloudflare-shenanigans.html</loc>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/posts/console-keymap-switching.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/posts/elevation-data-in-otp.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/posts/fare-data.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/posts/geocoding-services.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/posts/graphserver.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/posts/gtfs-editor.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/posts/highways-in-otp.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/posts/is-my-terminal-window-active.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/posts/jeep-and-bus-schedules.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/posts/jeepney-and-bus-routes.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/posts/one-bus-or-maybe-jeep-away.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/posts/open-trip-planner.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/posts/philippine-transit-app-challenge.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/posts/removing-pldtmydslbiz-from-the-zyxel-p-2612hnu.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/posts/tiddlywiki-in-the-sky-or-tiddlyweb-for-tw5.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
  <url>
   <loc>http://pleasantprogrammer.com/posts/transit-wand.html</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </url>
 </urlset>

output/sitemapindex.xml

@@ -5,44 +5,48 @@
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9
                         http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd">
+ <sitemap>
+  <loc>http://pleasantprogrammer.com/categories/cloudflare.xml</loc>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
+ </sitemap>
  <sitemap>
   <loc>http://pleasantprogrammer.com/categories/lets-debug.xml</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </sitemap>
  <sitemap>
   <loc>http://pleasantprogrammer.com/categories/philippine-transit-app.xml</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </sitemap>
  <sitemap>
   <loc>http://pleasantprogrammer.com/categories/programming.xml</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </sitemap>
  <sitemap>
   <loc>http://pleasantprogrammer.com/categories/sysadmin-tiddlywiki.xml</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </sitemap>
  <sitemap>
   <loc>http://pleasantprogrammer.com/categories/sysadmin.xml</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </sitemap>
  <sitemap>
   <loc>http://pleasantprogrammer.com/categories/systemd.xml</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </sitemap>
  <sitemap>
   <loc>http://pleasantprogrammer.com/galleries/rss.xml</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </sitemap>
  <sitemap>
   <loc>http://pleasantprogrammer.com/galleries/transit/rss.xml</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </sitemap>
  <sitemap>
   <loc>http://pleasantprogrammer.com/rss.xml</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </sitemap>
  <sitemap>
   <loc>http://pleasantprogrammer.com/sitemap.xml</loc>
-  <lastmod>2015-12-24T07:49:00Z</lastmod>
+  <lastmod>2015-12-25T07:25:00Z</lastmod>
  </sitemap>
 </sitemapindex>

posts/cloudflare-shenanigans.md

@@ -0,0 +1,57 @@
+<!--
+.. title: Cloudflare Shenanigans
+.. slug: cloudflare-shenanigans
+.. date: 2015-12-25 14:13:26 UTC+08:00
+.. tags: sysadmin, cloudflare
+.. category:
+.. link:
+.. description:
+.. type: text
+-->
+
+An old client of ours managed to convince a telco to zero-rate the data for their app. In order to whitelist it though, we needed to use plain HTTP for domain whitelisting. For HTTPS, they can only whitelist by IP address. Like any good developer, we were using HTTPS. Also, like any good developer, we put our server behind Cloudflare.
+
+Now the problem is that Cloudflare can put you behind [any IP they own](https://www.cloudflare.com/ips/), which is a huge range. There's no guarantee that the IP we have now is going to be the same later on. So we did the reasonable thing and asked them to whitelist all of the Cloudflare IPs. And the telco agreed! We were in total disbelief when that happened. But hey, if life gives you free internet, you take it.
+
+We never actually empirically tested whether other sites hosted on Cloudflare were also actually zero-rated. But I like to think that we saved a lot of people on their data costs from browsing Reddit and 4chan. But alas, good things must come to an end.
+
+A few months after we started beta testing the app, Cloudflare added more IPs to their range. Unfortunately, our server got moved to those new IPs which were not whitelisted yet. Apparently, the telco whitelisting process was incredibly convoluted and time consuming. Our client didn't want to bother asking them to whitelist more IPs. We also tried asking Cloudflare to move us back to the original IP range, but they could only do that if we were in their enterprise tier. We couldn't really afford that, so we looked for other options.
+
+Since Cloudflare was essentially just a giant reverse proxy, theoretically there should be no distinction between one IP address from another. The specific IP we get is probably just for load balancing. So we tried accessing the IPs in the range directly and just setting the Host header and it worked! But we get SSL errors because the IP itself doesn't have its own certificate.
+
+After more testing, we figured out that you could actually use any Cloudflare backed domain so long as we properly set the Host header. We just needed to find one still in the old range. Coincidentally, 4chan.org was. Which led to this wonderful commit
+
+    :::diff
+    commit 123456789abcdef
+    Author: ~~~~~~
+    Date:   ~~~~~~
+
+        4chan hack
+
+    diff --git a/src/com/client/common/Util.java b/src/com/client/common/Util.java
+    --- a/src/com/client/common/Util.java
+    +++ b/src/com/client/common/Util.java
+    @@ -210,7 +210,8 @@ public class Util {
+            }
+
+            public static String getServerAddress(Context context) {
+    -               String address = "https://backend.client.com";
+    +               // String address = "https://backend.client.com";
+    +               String address = "https://4chan.org";
+                    if(!isDebug(context)) return address;
+                    try {
+    diff --git a/src/com/client/common/logging/APIClient.java b/src/com/client/common/logging/APIClient.java
+    --- a/src/com/client/common/logging/APIClient.java
+    +++ b/src/com/client/common/logging/APIClient.java
+    @@ -101,6 +101,7 @@ public class APIClient {
+            private HttpResponse postInternal(String url, List<NameValuePair> data, boolean forRegistration) throws ClientProtocolException, IOException {
+                    HttpPost request = new HttpPost(Util.getServerAddress(mContext)+"/api/"+url);
+                    request.setHeader("X-API-VERSION", apiVersion);
+    +               request.setHeader("Host", "backend.client.com");
+
+                    if(data == null) {
+                            data = new ArrayList<NameValuePair>();
+
+Eventually, we did decide to just abandon Cloudflare for the server. We probably weren't going to be the target of a DDOS or anything. This also allowed us to do more secure things like pinning the server certificate in the application itself. Clearly, this is what we should have just done in the first place, but at the time we just wanted a stopgap solution.
+
+I just still find it funny we were making people's phones go to 4chan.org everyday for more than a year.