• Thoughts on the 1Password-Fastmail partnership

    A week ago, the wonderful folks at 1Password announced a new feature: automatic generation of email aliases when creating a new vault entry. As an user of SimpleLogin, I am already familiar with the concept of using unique aliases for each website. It’s the same functionality that 1Password and Fastmail announced, except that generating the alias doesn’t require a visit to the email provider’s website.

    Fastmail vs SimpleLogin

    I see how this is helpful for the common user, but I am also slightly sad that smaller players like SimpleLogin and Anonaddy get left out in these corporate partnerships. From a quick comparison between Fastmail’s alias service and the smaller players, the best choices are the latter ones. For some context, SimpleLogin does not have any limits on the number of aliases that I can generate or the number of reply addresses (address that you send an email to, so that SimpleLogin sends out that email to the final destination from the actual alias address), while Fastmail limits them to 600 aliases and 500 sending identities (equivalent to SimpleLogin’s reply address).

    In my 2 years of being a SimpleLogin customer, I have generated over 1200 aliases and I guess, about 50% reply addresses. All of that is available at a fantastic cost of 30 USD per year.

    An image from my SimpleLogin dashboard that shows the number of aliases that I have generated, incoming emails, outbound responses and blocked emails.
    An image from my SimpleLogin dashboard that shows the number of aliases that I have generated, incoming emails, outbound responses and blocked emails.

    Except one outage, the service has been spectacular so far and support is great. The founder, Son, often responds to my emails, welcomes feedback and sometimes includes users in future product discussions. If you are looking for a privacy-respecting email alias generator, look no beyond SimpleLogin. This is not a sponsored post. I am just a happy user.

    SimpleLogin is also open-source and can be self-hosted.

    Final words

    I am not a Fastmail user today, but I hear great things about their service. I wouldn’t be switching to them though, as my existing mailboxes on WordPress.com Professional Email and Migadu haven’t seen any issues so far. Plus, Fastmail is based in Australia which is known for poor encryption laws.

    I love that 1Password is headed in a great direction with extensions. First they announced privacy-respecting, unique cards for online transactions with Privacy.com. And now, this partnership with Fastmail. Can’t wait to see what the future holds.

  • Among Us roles πŸ‘€

    Looks like Innersloth is working on roles for Among Us! I have enjoyed countless hours playing Town of Us. Can’t wait to see what official roles bring.

  • Thoughts on WordPress Full Site Editing

    For years, design on WordPress had been in the form of PHP templates bundled together as a WordPress theme. The templates apply to specific content as desginated by the WordPress Template Hierarchy. The largest issue with this approach would be that anyone wanting a custom design on their site must have PHP skills to write theme code.

    Full Site Editing (FSE) is changing that process. Those with programming knowledge can design custom designs for their pages, posts or even for search archives or 404 pages. This is largely possible, thanks to the extensible nature of Gutenberg blocks. They are now available for use on sidebars in the form of widgets, on the header and footer areas, in the form of Full Site Editing.

    Personally, I wanted a theme that shows all of my blog posts on the homepage, but with a customization that only short posts display the full output and longer-form posts require the visitor to open the blog post to view it. I have tried many themes over the last few years, Twenty Nineteen, Twenty Twenty and Spearhead, and everything involved a lot of CSS hack to display the output I wanted. After trying Blockbase with Full Site Editing, I have come to a conclusion that this is the future.

    New design with Blockbase and Full Site Editing

    Right now, my homepage looks as shown below, this is a two column layout:

    An image showing my blog's homepage design, which is composed entirely using the new WordPress Full Site Editing experience.

    The content on the right isn’t my sidebar. Rather is the right column of my homepage’s FSE editor. For comparison, my editor view is as shown below:

    An image showing my blog's homepage design on the editor view, which is composed entirely using the new WordPress Full Site Editing experience.

    Likewise, here’s a comparison of the single blog post view:

    An image showing my site's blog post design, which is composed entirely using the new WordPress Full Site Editing experience.
    An image showing my site's blog post editor view, which is composed entirely using the new WordPress Full Site Editing experience.

    See how the editor looks very similar to a blog post or page editor?

    Things that I would like to see improved

    Block navigator to be visible by default

    Most people don’t realize that a block navigator is available at the top left, next to the undo and redo icons. I know this because I have work in customer support and I have seen hundreds of customers try to navigate or edit blocks from the editor view. When there are many blocks on screen, it becomes tricky to choose the one you mean to edit. That’s when the block navigator helps.

    If I remember correctly, Elementor automatically shows their sidebar whenever one opens the editor view. A similar design would be neat here.

    It’s possible that this is already on Gutenberg’s (which is a open source, community-driven project) radar already. I haven’t looked yet.

    Different templates for different widths

    This was my most frustrating issue when I started building the new design. Blocks come with intelligent design guidelines, like a 2 column block automatically changing its orientation to vertical mode when the visible screen space is less. But this came with a challenge that the right column, which is moved to the bottom on mobile widths, wouldn’t have enough space between itself and the footer-located blocks.

    I tried a bunch of CSS-based workarounds, but eventually, I decided that it would be a good idea to have two versions of the same content. That’s why you can see my index template editor to have two “Query loop” blocks, where one is placed within a columns block and one without a columns block.

    And I hide each “Query loop” block using CSS, on certain widths.

    If you inspect the source code of my index page, you can see two “Query loop” blocks. That’s not ideal. That’s not a good idea in terms of SEO either. I am yet to read more about the impllications of doing this, but for now, I am happy with this approach.

    Importing template design

    I am able to export template designs using a handy option at the top right of the template editor. But it’s not clear how I can import them today. I asked about it on the community forums for now.

    I tried copying the full content from the top right menu, and pasting that on a different site’s template editor, but I couldn’t get the same design. I suspect that happens because some plugin-blocks plugins that I used on my first site’s template editor are not activated on the other site. I didn’t give this a good look as I was short on time and ended up fixing the missing block settings (like padding settings and custom CSS selectors) manually.

    Block breakage when certain settings are applied

    Only one example comes to mind at the moment. When a “Post title” block is added to a template editor, and when it is marked as to appear as a link, the editor view breaks. I have reported this on the Gutenberg project repository.

    There was another issue with a block, but I don’t remember it at the moment.

    Overall, like any software, WordPress Full Site Editing is not perfect. But the community and my colleagues at Automattic are hard at work. I imagine Full Site Editing to be the gold standard of website building experience in the coming years. If you wish to participate in the testing, the instructions below can help.

  • Growing my home lab: Tailscale TLS certificates for each Docker with Caddy

    I have grown up reading Raspberry Pi users build amazing projects on this wonderful reddit: r/homelab. Until an year ago, I didn’t have a clue where to start, mostly because the idea of setting up Wireguard to access these self-hosted services was a bit intimidating. Tailscale changed everything.

    Tailscale is a mesh VPN software that makes it incredibly easy to connect your devices together. This includes your laptops, mobile devices, servers, and even printers. The idea is that, Tailscale acts as an interface for all devices to talk to each other, without having to create, manage and install Wireguard certificates manually.

    Self-hosted services with Docker and Tailscale

    Thanks to Docker, I have been running a Whoogle instance and a libreddit instance for a while. Each on a different port, while Tailscale and pihole are installed on the Raspberry Pi directly. It has worked well so far, but one thing that bugged me is the lack of HTTPS support.

    That changed a while ago because Tailscale TLS certificates are now available for each node address: Provision TLS certificates for your internal Tailscale services. Obtaining the certificate and its key was very easy. Setting up my services (pihole, libreddit and Whoogle) to use the TLS certificate was a different challenge though.

    Caddy to the rescue

    That’s when I discovered Caddy, which turns out to be a web server that can provision TLS certificates as well.

    But my use-case was to run Caddy as a reverse proxy, to serve each Docker container on the Tailscale node address, each on a subfolder. After a lot of trial and error, reading documentation, reading GitHub issues, I have the following running with TLS:

    • Libreddit on the root domain mew.tailnet-b593.ts.net.
    • Whoogle on mew.tailnet-b593.ts.net/google
    An image showing a TLS certificate instance on a self-hosted Whoogle instance.
    Tailscale TLS certificates on a Whoogle instance

    I wanted to access my pihole admin on HTTPS too, but I couldn’t get it working on a subfolder, like mew.tailnet-b593.ts.net/pihole. When I assigned the root domain to pihole, libreddit had to go to a subfolder like mew.tailnet-b593.ts.net/reddit and when I tried that, CSS on my libreddit instance broke.

    Firefox reports that this is happening because of an incorrect MIME on the stylesheet:

    The stylesheet https://mew.tailnet-b593.ts.net/style.css was not loaded because its MIME type, β€œtext/html”, is not β€œtext/css”.

    I bet this is fixable. It’s an incorrect replace rule on my Caddyfile. I plan on looking at this sometime next week.

    Caddyfile to route and use Tailscale TLS certificates

    For now, my Caddyfile looks like this:

    	order replace after encode
    :80 {
    	reverse_proxy localhost:1080
    mew.tailnet-b593.ts.net {
    	tls /etc/caddy/mew.tailnet-b593.ts.net.pem /etc/caddy/mew.tailnet-b593.ts.net.key
    	reverse_proxy localhost:8080
    	route /google {
    		redir /google /google/
    	route /google/* {
    		uri strip_prefix /google/
    		header Location "mew.tailnet-b593.ts.net" "mew.tailnet-b593.ts.net/google/"
    		replace {
    			"mew.tailnet-b593.ts.net" "mew.tailnet-b593.ts.net/google/"
    		reverse_proxy localhost:5000

    replace directive in this configuration is a Caddy module: replace-response. It’s not bundled with Caddy out of the box. Setting that up was an interesting challenge as well, because that involved installing xcaddy and using that to build a custom binary for Caddy.

    In the above file, mew.tailnet-b593.ts.net.pem and mew.tailnet-b593.ts.net.key are the TLS certificate and key issued by Tailscale. The first file actually is named mew.tailnet-b593.ts.net.crt but I renamed that to ending with .pem. Gotta read up on how .crt and .pem files differ.

    If you are looking for a web server or reverse proxy manager, I cannot recommend Caddy enough. Their documentation and support on the community forums are impeccable.

    Oh also, I tried learning in the public for the first time by tooting my progress.

    That helped me retain my lessons better and held me accountable, in the way that I wanted to see this completed. No wonder many successful people learn or build in the public. I plan on doing this more often.

  • libreddit: Self-hosted reddit on the Tailscale network

    If you have been following my posts, you might have noticed a trend recently, where I am looking for self-hostable alternatives for common websites and apps that I access. And I put them all on the Tailscale network so that they are easily accessible from other devices.

    Today, I stumbled upon libreddit, a self-hosted, tracker-free reddit interface. It’s important to note that this is just an interface and does not allow accessing your reddit account through it.

    Installation of libreddit

    The installation process was fairly straightforward: SSH into my Raspberry Pi, and use the Docker instructions on libreddit homepage. That’s it — a libreddit UI would be available on on your computer, and if the Raspberry Pi was is connected to a Tailscale network, it becomes immediately available at the Tailscale node address as well. In my case, I can access the libreddit interface at http://mew:8080 too, thanks to Magic DNS.

    Setup and usage

    I like how libreddit is fast on desktop and mobile views, and is configurable in many ways: wide UI, theme, sorting of posts and comments, and most importantly, supports importing of existing subreddits that you follow. Here’s a guide on that process.

    A screenshot from GitHub that shows instructions from the author of libreddit project to import subreddit subscriptions from reddit
    A screenshot from GitHub that shows instructions from the author of libreddit project to import subreddit subscriptions from reddit

    Since one doesn’t have to log into their reddit account, all of libreddit settings and subreddit subscriptions are stored locally. They will be lost when browser cookies are cleared, but libreddit goes one step further in allowing one to import back settings and subreddits using a link. Look for the details at the bottom of the libreddit settings page.

    Whoogle on Tailscale

    Access ad-free, tracker-free Google search results.

    Hydroxide on Tailscale

    Access your ProtonMail emails on a self-hosted, open-source bridge called Hydroxide.

    Pi-hole on Tailscale

    Install pi-hole on Tailscale, to get ad-blocker functionality on all devices

    Overall, I am very happy with libreddit. I have made it available to my friend who is on my Tailscale network as well, using Tailscale ACLs, and the subreddits/settings he configures wouldn’t be visible at my end. Likewise, he cannot see what I configure.

  • Whoogle on the Tailscale network

    I am a happy DuckDuckGo user of many years. It matches all of my requirements: good results, ability to jump to the first result with a keyword (using “\”), bangs to search within particular websites and tracker-free search results.

    I recently learned about Whoogle though and I had been wanting to try that for a while. It’s a self-hosted, ad and tracker-free search engine that fetches results from Google. The project promises that it’s free of cookie and IP address tracking too. It’s open source and it seems that it can be set up on any device. I have two Raspberry Pi devices at home, both connected on my Tailscale network, acting as Pi-hole nodes to block ads. One of the two Raspberry Pis also acts as my Hydroxide node to fetch ProtonMail emails.

    I decided to install Whoogle on the same Raspberry Pi that runs Hydroxide. The process turned out to be really simple. Whoogle has thoroughly documented instructions to install on a Raspberry Pi with Docker; I installed using these Docker Hub instructions:

    docker pull benbusby/whoogle-search
    docker run --publish 5000:5000 --detach --name whoogle-search benbusby/whoogle-search:latest

    I ran into a hurdle involving a dependency’s compatibility with my Raspberry Pi image, but that was easily solvable. Once all that of was done, the Whoogle instance was available at but it was neatly exposed on the Tailscale interface too, thus being available at my Tailscale node’s IP address: Thanks to Tailscale’s Magic DNS, this instance becomes available at a readable address too: http://mew:5000. mew is the name of my Tailscale node. It’s configurable on the Tailscale admin.

    An image showing a search query on my Whoogle instance.
    An image showing a search query on my Whoogle instance

    Since all of my devices are connected to the Tailscale network, my Android can access it as well:

    An image showing a Whoogle search query on Android.
    An image showing a Whoogle search query on Android

    It’s nice overall. I am not bothered by the http queries as the communication between my device and the Raspberry Pi is end-to-end encrypted, thanks to Tailscale.

    I configured access control lists on Tailscale to make this Whoogle instance available for my friends connected to the same Tailnet.

    I plan on using Whoogle for a few weeks to see how it fits into my workflows. I will be missing out on some rich DuckDuckGo features like DuckDuckGo Bangs and jumping to the first result, and if it becomes too much to compromise on, I plan on going back to DuckDuckGo.

    libreddit on Tailscale

    Self-host a private, ad and tracker-free reddit frontend UI with libreddit.

    Hydroxide on Tailscale

    Access your ProtonMail emails on a self-hosted, open-source bridge called Hydroxide.

    Pi-hole on Tailscale

    Install pi-hole on Tailscale, to get ad-blocker functionality on all devices

  • Exit nodes: Control internet access using Tailscale ACLs

    I love Tailscale‘s exit nodes functionality. Makes it easy to tunnel out of a virtual machine in any country. The idea is very similar to commercial VPNs like Mullvad and NordVPN, but is self-hosted.

    I share my Tailscale network with friends and family, mostly to allow their usage of my pi-hole nodes. I wanted to prevent them from using my exit nodes though.

    Last week, I found that Tailscale engineers have a new Access Control Lists (ACLs) functionality to enable or disable internet access on such nodes. Add autogroup:internet:443,22 to your devices’ accept rule, and you are good to go.

    A screenshot of a GitHub comment, which describes a new host to control internet access on the exit nodes using Tailscale Access Control Lists.
    New host to control internet access

    Every other device on your Tailscale network wouldn’t be able to use the public internet when they tunnel out of such nodes.

  • Excluding draft posts from search index

    For a while, I have been thinking about excluding draft posts from search engines’ indexes. When I say draft posts, I am talking about the blog posts that aren’t worthy of being indexed; those that aren’t subjected to the level of quality that I expect the public to read. Think of draft blog posts similar to tweets. I have been trying to use my blog as a source of my thoughts, while being cross-posted to other social networks.

    That’s why I started classifying my blog posts into two categories: links and posts.

    Links are often short posts without an image, links or a featured image, or just a link with some content. On the other hand, posts are long-form articles that are worthy of being indexed on search engines for the general public to read.

    Of course, anyone can read blog posts from the “links” category if they visit the blog.

    The setup

    Yoast is my choice for search engine optimization today. With some search, I found that they offer some filters to noindex blog posts, and to exclude them from the sitemap as well.

    I found this snippet to automatically mark all blog posts in the links category as noindex:

    add_filter( 'wpseo_robots', 'wpseo_robots' );
    function wpseo_robots( $robotsstr ) {
    	if ( is_single() && in_category( 1 ) ) {
    		return 'noindex, follow';
    	return $robotsstr;

    I found another snippet to exclude blog posts from this category on the sitemap:

    add_filter( 'wpseo_exclude_from_sitemap_by_post_ids', function( $excluded_posts_ids ) {
    	$args = array(
    		'fields'         => 'ids',
    		'post_type'      => 'post',
    		'category__in'   => array( 1 ),
    		'posts_per_page' => -1,
    	return array_merge( $excluded_posts_ids, get_posts( $args ) );
    } );

    Yoast has a built-in functionality to exclude a category (available on the category editor view of the WordPress wp-admin dashboard) archives, but that’s not quite my goal. My goal is to exclude individual posts.

    My links category is basically the default WordPress category; that explains why the category ID is 1. This is particularly helpful when I blog on the go using the WordPress mobile app, meaning I don’t have to mark the blog posts on the links category explicitly. WordPress will default the blog post to it, thus being noindex‘d and removed from sitemaps.

  • Safari tip: Tab key to highlight next items in navigation

    If you use Safari as your browser on Mac, here’s a Safari tip to easily navigate to the next field using tab. Enable Press tab to highlight each item on a web page setting under Safari > Preferences > Advanced.

    An image showing the Safari browser's advanced settings, enable tab key functionality for navigation between fields of a web page.
    Safari settings to enable tab key functionality for navigation between fields of a web page

    This comes in handy for me, especially because I spend a lot of time on reddit’s old UI. After typing a comment, I need to navigate to the Save button, and that requires a tab input. Unlike the modern reddit UI (which is really bad), Cmd + Enter hotkey doesn’t work for submitting comments here. That’s a tradeoff I can live with, as long as old reddit UI is available.

    Know any other Safari tip? Let me know; I am trying to make it my primary browser these days, at least on my personal M1 chip MacBook. The battery life on this thing is amazing (but that’s a story for a different blog post) and I can further improve it by using Safari over Firefox. Safari pretty much ticks all of my needs for personal usage.

  • Zoom live captions

    Not much know about it, but if you have any kind of premium account on Zoom, enable closed captions feature on Zoom settings so that everyone joining your (your account being the host) call can benefit from captions. Instructions here: Enabling and managing closed captioning and live transcription.

    Once that is enabled, all members on the call can optionally turn on/off captions as needed.

    The feature has a neat transcription history too! If you have to step away from the call for a few minutes, and when you come back to it, you can read the history.

    I pinged Zoom to consider enabling it by default for all premium accounts, but they haven’t responded just yet. There’s no reason not to enable it, as the functionality itself has to be activated during the call.

Hey there! I am a Happiness Engineer at Automattic, working on WordPress.com support. If you enjoy discussing online privacy, encryption, and fediverse like I do, you can reach me by commenting on my posts, or by email.