Where you can find me online

Last week, Elon Musk bought twitter.  As soon as the deal was complete, he fired the chief executive, chief financial officer, and head of legal policy, trust, and safety.  That last one was what worries me the most.  I have been mirroring my tweets over on mastodon for a while now.  I’m planning on staying on twitter for the moment but mastodon is a good escape hatch if things get really bad. Continue reading Where you can find me online

What is a CSS Reset?

The goal of a CSS reset is to reduce inconsistencies with things like line height, font sizes, and margins.  Every browser defaults to different sizes and spacing and if you set a common baseline, you end up with a better end-product.

A basic example would look like:

body, div, h1,h2, h3, h4, h5, h6, p,ul {
margin: 0;
padding: 0;

Andy Bell and Josh W. Comeau have pretty good, pre-packaged CSS resets but the OG might be the one by Eric A. Meyer.

There is an argument that a CSS reset violates DRY (Don’t Repeat Yourself) but a good CSS reset is minified, blindly pasted in, and is common to all of your projects.  You might be setting things only set them again later but it will save you time and pain for a minimal cost.


[ Cover photo by Tom Grünbauer on Unsplash ]

Notes on my trip to India and Nepal

At the end of December 2019, I was getting an itch to travel some more.  I started browsing TourRadar and found a tour that hits both India and Nepal.  In my 2020 Timecapsule post, I even talked about having found the tour but not booked it, yet.  I was supposed to travel in April of 2020 but of course, COVID-19 ended up happening.  When I read the “we don’t cover pandemics or civil wars” part of the two seperate travel insurance policies, I figured that I was out of luck but the company that I used offered offered a travel credit with a deadline that kept getting moved.

When the deadline was moved to the end of September 2022, I figured that I better go while I can.

Continue reading Notes on my trip to India and Nepal

Hide My Ass VPN sucks for app testing

This past July, I found myself looking for a way to test a web application from behind “the great firewall of China” (aka Golden Shield).  The problem is that I can’t test that something works in China if I’m not in China.  My first thought was to use Nord VPN to connect to a VPN server in China but the closest that Nord offers is Hong Kong.  I did a little light investigating and found that Hide My Ass VPN claims to have 4 servers in Beijing.  After paying $59.88 for an account, I was ready to start testing.

Unfortunatly, it looks like HMA VPN is doing some shinanigans to make it look like your traffic is originating from the country without it actually originating from that country.

When you use their client, it shows that you are connected using an IP that is in China.  You can use IP Chicken to prove that it is your new public IP address and you can use a service like MaxMind GeoIP or IP Location Finder to prove that IP address is in Beijing.  The problem was that despite that, the Golden Shield limitations were not happening.  I could still visit things like Google and Twitter and see things like photos of the Tiananmen Square massacre.

The first thing that came to mind was to use nmap to trace the path between the remote server and my computer.  It does that by sending packets to the server with decrementing TTL, in an attempt to elicit ICMP time-exceeded messages.  That didn’t work great because the result didn’t show my public IP.  My next idea was to use traceroute since instead of decrementing the TTL, it increments it.

Since the traceroute goes from where your computer is to the target server, the first hop should be your public IP address but in this case, it isn’t.  So, where is


It looks like for some reason, when you select China, you get a Chinese IP address but the traffic actually emerges onto the internet in Singapore?!?

I have no idea why this is happening but when I asked them, they said:

The most I can do to show you we are indeed telling you the correct information is to point you to the database of the official registry RIPE NCC:

RIPE NCC is one of five RIRs worldwide coordinating and maintaining the information databases about the registered IPs and operating under IANA (Internet Assigned Numbers Authority). You can also confirm these IPs are allocated to RIPE by looking them up here: https://www.iana.org/whois.

I understand that the inner working of the internet is not your prime concern, but rather the websites recognizing your location correctly. Still, I just wanted to demonstrate that we have taken all the necessary actions on our end. At the moment, incorrect IP details appear, but they appear less and less frequently as other websites conduct updates of their databases.

So, they aren’t denying that they are faking the traffic.  They are just saying the IPs are registered in China (which doesn’t help).

I still need to figure out if there is a legitimate way to test if I site works in China.  Have a suggestion?  Feel free to drop a comment, below.

I got a flipper this summer and it is really neat!

Earlier this year while at CypherCon, I saw people using the Flipper Zero and immediately thought “Wow, that’s neat!”.  Unfortunately, I missed their kickstarter and at the time I didn’t know when it would be available.  On June 8th, they put out something on Twitter saying that they had a limited number of units available purely for sale inside of the US.  I bit and ordered both a flipper and a WiFi dev board.  The flipper arrived in July and while it can’t do as much as I thought it could do (out the gate), it is really neat!

In order to fully “unlock” it, you really need to run a third-party firmware like Unleashed or RogueMaster.  Luckily, it is reasonably easy to do so.  There are a ton of crazy payloads out there.  I have cloned hotel room keys, remote started cars, and unlocked cars with it.  There are payloads for messing with the sign showing the price of gas at a gas station, for opening the barrier at the exit to a parking garage, and the charging port door on teslas.  It can set off restaurant pagers and mess with jukeboxes.  There is definitely room for a lot of mischeif.

Have a question, comment, etc?  Feel free to drop a comment, below.

Heroku eliminated free plans. Now, what?

Last week, Heroku announced that they were killing off their free teir.  I have been using it off and on ever since a creating an OWASP Juice Shop instance on it at That Conference, a few years ago.  Recently, I used it for my How to deploy a Laravel app example and an example on Laravel Socialite that I don’t seem to be able to get into a presentable shape.

So, what’s next?  You could keep using Heroku and just pay for it.  Render still has a free tier and there are a lot ways it is better than Heroku.  I have used Cloudflare Workers for some stuff.  That is free and works well.  If JAMstack is your jam, there is Cloudflare PagesDigitalOcean Functions has a free alotment (but I don’t understand the pricing terms at all).  Google Cloud has a free offering and I hosted this very blog using it for years.  I don’t think that I ever paid more than $3/mo for the VM while I was using the service.  My employer bought me a Visual Studio Professional subscription that includes a generous monthly Azure credit but even if you don’t have that, Azure has it’s own free offerings.

The big benefit of Heroku was the fact that you could easily run server-side code and attach it to a PostgresSQL database.  I liked the ease of installing things like Laravel on Heroku.  If you are looking to do that elsewhere there isn’t a great answer (maybe Forge?).  If your jam is Node or vanilla PHP, I would say that you should check out Render or Cloudflare Workers.

Like a service that I didn’t meantion?  Have an opinion one way or the other?  Please drop a comment, below.

How to deploy a Laravel app

As I promised in the most recent Laravel post, today we are going to talk about how to deploy a Laravel app to a production environment.  At the time that I write this, the most recent version of Laravel is 9.x but when you read this, there is a good chance that 10.x or 11.x will be available.  Starting with the release of Laravel 8, they transitioned to yearly releases.  Prior to that they were releasing major versions every 6 months.  Version 9 was released on February 8, 2022, it is scheduled to receive bug fixes until August 8, 2023, and it is scheduled to receive security fixes until February 8, 2024.  Laravel used to have an LTS (long-term support) version (similar to what Ubuntu does) but the LTS had 3 years of support and every version after version 8 has two years of support, so I’m guessing that it is what killed the LTS.  For this post, we are going to focus on version 9. Continue reading How to deploy a Laravel app

Joe Steinbring's thoughts on coding, travel, and life

Exit mobile version