Today in "Google broke email".

Dear Lazyweb, how do I forward my employees' email to their gmail accounts and have it get there?

To recap, my domain hosts its own SMTP server running Postfix, and /etc/postfix/virtual contains a bunch of entries forwarding "" to whatever their actual email address is, usually gmail.

This has been mostly working fine for a decade or so, but lately there have been more bounces due to "strict SPF". For example,'s SPF record includes "-all" (dash instead of tilde) which means that when tries to mail, we forward that along to, and then Google rejects it with 550 "SPF hard fail".

So, I don't know whether it has recently become more common for people to use dash-all instead of tilde-all, or whether Google recently started actually enforcing dash-all in a way that they didn't before, and while I am curious about that answer, it doesn't really matter.

Another thing that doesn't matter is that SPF is bullshit that solves no problems and should not exist. Let's just take that as a given and move on.

What does matter is, what the fuck do I do about it?

Telling all of these people, "Hey dummy, use tilde-all instead of dash-all" is obviously not practical.

"Provide an IMAP server for all of my employees" is a terrible answer, in terms of both maintenance headache and disk space.

"Turn over your MX record to some third party service" is an even more terrible answer, because so many of our custom internal systems touch email. Order confirmations. Shipment notifications. Calendar mailings. Sales reports. Bounce and unsubscribe handlers. Address verification and password resets.

Is there a third option?

Finally, here's a concrete question: let's say I desired to have a filter plugged into my Postfix that looked at a message, identified it as one that Google is definitely going to reject because of strict SPF and then... did something else with it. Like, say, forward it as an attachment instead. (This would obviously be insane and terrible, and yet still better than bouncing.) Is that a doable thing, or should I just stick forks in my eyes right now?


    My current approach is to provide a POP3 server for all of my employees. It turns out that POP3 is a thing that still exists in the Twenty-First Goddamned Century. Gmail provides an option to download mail from external POP3 servers, if you trust them with your password. As far as I can tell so far, Google doesn't penalize my server for spam that is relayed that way, they just process it normally.

    But, every now and then, instead of downloading a message, they deliver a message to the recipient that says "The message [...] contained a virus or a suspicious attachment. It was therefore not fetched from your account and has been left on the server." And in that case they leave it on my server forever, which is annoying.

Previously, previously, previously.

Tags: , , , , , ,


The truck's driver lost control and hit the center divide, dumping tomatoes across eastbound lanes. Four cars trying to drive through the sauce crashed into each other.


Previously, previously, previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , ,

Solving mazes with spring kinematics


Previously, previously, previously.

Tags: , , ,

Dali Clock 2.46 released

Portability and installation fixes for X11.

It probably still doesn't work on some systems running GTK earlier than 3.22 and I could use some help with that.

I'm putting bits on the screen using OpenGL (because typically that is the fastest way to do so), and the code is written for OpenGL 1.3, AKA "Real GL" (because that's what I had already, and because every Linux system supports it and will until the end of time).

However, apparently GtkGLArea has other notions, and on some systems, creates a GL context that only works with... OpenGLES 2.0? OpenGL 4.3? Who can tell. If I set the "use_es" flag on the GtkGLArea, things work on those systems, but that flag was only implemented in GTK 3.22.

So, two requests:

  1. If you have a pre-3.22 system, and it is not working, and you can figure out how to make it work, please let me know. Possibly this involves the "create_context" callback in window.c, but I dunno.

  2. If you would care to rewrite my dead simple GL code that just blasts a texture onto a quad in such a way that those failing systems are happy with it, please let me know what you did. I'm guessing this means using GLSL, but since I don't know what version of the OpenGL spec is being targeted by GtkGLArea, I'm not sure.

The failing systems are absolutely capable of running OpenGL 1.3 code, because they are all capable of running XScreenSaver and that's what it uses, so GtkGLArea's requirements are baffling, particularly that they shift like the sand depending on.... distro? Video card? Who can tell.

Oh yeah, some other stuff:

  1. Is there a way to tell GtkWindow "draw on this X11 Window ID instead of creating your own"? Asking for a friend who is a screen saver.

  2. Is there a way to tell the compositor to respect the alpha channel of the OpenGL frame buffer, so that (as in the Mac version) the clock can have a translucent background while the foreground digits are fully opaque?

By the way, here's a rundown on the various versions of OpenGL, ask me how I know:

OpenGL 1.0 1992: Standardized version of SGI's "GL"
OpenGL 1.1 1997: Improved texture support
OpenGL 1.2 1998: Nothing interesting
OpenGL 1.3 2001: Multisampling, cubemaps
OpenGL 1.4 2002: Added auto-mipmapping
OpenGLES 1.0 2003: Deprecated 80% of the language; fork of OpenGL 1.3
OpenGL 1.5 2003: Added VBOs
OpenGLES 1.1 2004: Fork of OpenGL 1.5
OpenGL 2.0 2004: A political quagmire, added shader language GLSL 1.1
OpenGLES 2.0 2007: Deprecated 95% of the language; fork of OpenGL 2.0; GLSL 1.20
OpenGL 3.0 2008: Added FBOs, VAOs, deprecated 60% of the language
OpenGL 3.3 2010: OpenGL 3.3 and OpenGL 4.0 released concurrently; 3.3 has GLSL 3.30, but 4.0 has GLSL 4.00
OpenGLES 3.0 2012: Same as WebGL 2.0, but has GLSL 3.00
OpenGL 4.3 2012: Superset of GLES 3.0, but has GLSL 4.30
Anything later: My ignorance is blissful.

Previously, previously, previously.

Tags: , , , , , ,

"dot eth" pseudo-domains about to go offline because domain owner is in prison

Web3 is going just great:

If you've seen people with usernames ending in .eth, that's an ENS address. The problem is that .eth is not a functional top-level domain, and so many services relied on to surface these DNS records to other services. [...]

The domain's owner, Virgil Griffith, is "unavailable". By this, they mean that he is currently serving his first of five years in prison for helping North Korea evade sanctions. With Griffith "unavailable", the project has found itself at the mercy of GoDaddy. Welcome to the decentralized web3 we've all been promised! [...]

"If the name expires and is acquired by someone with ill intent, the damage they could do via phishing is substantial," they wrote.

Previously, previously, previously, previously, previously, previously, previously.

Tags: , , , , ,

Write 'n' Fight

Famous writers. Hitting each other.
That is what I want to see.

"Here is a 100% real screenshot from the game of Ernest Hemingway punching HP Lovecraft in the nuts."

Previously, previously, previously, previously, previously, previously, previously, previously, previously, previously, previously, previously.
Tags: , , , ,

Dali Clock 2.45 released

I basically hadn't touched the X11 version since the Twentieth Century, so it was looking pretty threadbare compared to other platforms. I replaced the 1991-vintage Xlib version with a backport of the macOS OpenGL version to GTK 3. Let me know how it works on your incomprehensibly powerful hundred dollar supercomputer.

Source only release. I didn't bother re-spinning the various other platform builds just to bump the version number.

Previously, previously, previously, previously, previously, previously.

Tags: , , , , , ,

CDC's updated guidelines for living with the zombie apocalypse

From noted comedy zine The Washington Post:

Great news! The zombie war is over! You can come out of your bunkers now!

Did we win? No. We did something even better than winning: We suddenly became aware of the passage of time! Wars can end lots of ways -- by winning, by surrendering, by a negotiated settlement, by simply deciding in our minds that they are over with or without consulting the facts on the ground.

Why are there new guidelines if nothing has changed?

Look, it is hard, and everyone's trying! That's the takeaway here! We've all learned and grown, and it's time to move on!

But is the zombie war over?

Well, the fighting-zombies phase of the zombie war is over!

The way you phrased that made it sounds like the zombies are not ... gone.

Yes, technically, in the most literal sense, the zombies are still among us, but much as we would like to be living in a totally zombie-free world, that was never the goal, except for a brief time when we were way too optimistic about what people were capable of.

Look, some people decided that the effort of eradicating the zombies wasn't worth the inconvenience. Imagine having to bring a heavy, metal bat with you every time you go out! Imagine living like that! Well, because some people couldn't do that for a limited time, now other people will have the opportunity to do that forever.

Previously, previously, previously, previously.

Tags: , ,

DNA Lounge: Wherein we have once again angered Poseidon

It's time for this blog to get back to its core competency: complaining about plumbing disasters!

Last weekend we had a minor sewer backup, but we snaked it out via the clean-out port on the sidewalk and things seemed to be going ok. But on Friday afternoon, things were going very much not ok. Nearly complete blockage, which means almost no drainage from anything on the "Main Room" side of the building: no bathrooms! No amount of snaking made a difference. Panic and horror.

Our theory was that the connection between our main drain and the sewer had finally failed, as our various plumbers have been giving that the side-eye for several years now. It was looking very much like "time to jackhammer the sidewalk". We called the City, who wouldn't commit to a date more firm than "maybe Monday".

So... we rented four porta-potties and a handwash station. Inside Lands! All of the grossness of attending a festival without having to be around trees!

The city folks did show up on Friday evening, though, and told us that the part of the pipe that had turned to dust was on our side of the junction, not theirs, and so -- congratulations -- it was our problem, have a nice night.

This is beyond the scope of what your average plumber is prepared for, and also, this is a "call before you dig" situation, since the street is riddled with gas lines, so even once we find a plumber-slash-demolitions-expert who can do the work, they can't do anything until a different city crew shows up and spraypaints things with "cut here, not there".


Fortunately the DNA Pizza building is on a different drain system, due to them originally being separate properties, so the restaurant and Above DNA restrooms still work. But that's only 4 toilets for the whole building, so that's not ideal. But unsurprisingly, many people were happier waiting in line there than using the porta-potties.

I'd recommend you switch from beer to shots, you'll have to pee less. And never drink water. Fish fuck in it.

And now, a deep dive into the sewers!

I think this photo from 2000 shows the inside portion of the "lateral" that connects us to the sewer. It's the deeper one.

You will be excited to learn that there is an interactive map of the San Francisco Sewer Collection System which looks exactly like the sort of thing you'd see on a heist show, where the hacker in the van pulls this up and dramatically intones, "I'M IN". What they never say, though, is, "Give me a minute, the site is kind of slow, SFPUC doesn't have much of an IT budget." But from this map we can see that the DNA Lounge drain is "Lateral Service Connection L-157660, 6" diameter" (Pizza being L-157390), and the destination is "Eleventh Street Main Sewer P-98524, 36" diameter". It feeds south to "Harrison Street Main Sewer P-76719, 7' diameter", installed 1911.

The map says that the DNA lateral was installed in 1998 and the sewer in 1997, but that cannot be true. I'm reasonably certain that they were not digging up the sidewalk here in 1998. We didn't do our plumbing excavation until 2000, and that all stayed inside the building: we did not open the sidewalk. So that's a bit of a mystery.

The Eleventh Street Main Sewer feeds into the Mission & Fourth Street Tunnel P-98155, 8', installed in 1972, and thence to the "Transport / Storage Boxes" under The Embarcadero. These are vast, 35' tall, miles long cisterns (photos here!) that serve as buffers in case of high flow from rainfall, and in storms will let the sewers vent directly into the Bay (after "slight decantment") instead of backing up into your kitchen. This is necessary because San Francisco has a single system instead of separate sewers and storm drains, as in most other cities. As far as I can tell, the reason for that is "it seemed like a good idea during the Barbary Coast days, and it would cost billions to change now, so yolo."

The arrows on the interactive map aren't very clear on this next part, but my understanding from the SFPUC site is that the next step of the journey depends on whether it's raining. Normally everything flows from the Transport / Storage Boxes to the Southeast Treatment Plant which vents into the Bay ("Outfall") via Islais Creek, but sometimes it is also allowed to flow to the North Point Wet Weather Treatment Facility, which vents along Piers 33 and 35.

(Points West instead use the Oceanside Facility near Lake Merced. SF has two "sewersheds" that divide the city roughly in half vertically, which is why there are only two graphs on the COVID-19 Wastewater Surveillance Network.)

I'm not sure when the (extremely scenic) Mission Creek Channel Pump Station comes into play.

Anyway, let this be a lesson to you: the movies have lied to you. Only the Harrison Street sewer widens enough for a dirtbike, and even then only barely. Most of these sewers could not fit an alligator of any distinction. It's the Transport / Storage Boxes where the real action is.

For a detailed description of the SF sewer system, including its history going back to 1899, check out the San Francisco Sewer System Master Plan, 2010. I also enjoyed skimming SFPUC's Sewer System Emergency Response Plan. It's full of flowcharts and checklists, worksheets for computing overflow volume, and pictures of their awesomely-named drill bits: "Select appropriate nozzle for breaking a stoppage. This would be either a Pipe Wolf (6"-15"), Tadpole/Polywog with penetrator (18"-24"), Warthog or Bulldog with penetrator." (And if you're into that kind of thing, you may also enjoy the FDNY Forcible Entry Reference Guide, or "Care and Feeding of your Halligan Tool".)

I love this stuff because we are extremely focused on checklists to keep this place running, and it's fun to see how other organizations do it. The title of the DNA Lounge employee handbook is literally "Checklists Get Shit Done". 72 point type, right on the cover.

In conclusion: I have no idea how expensive this shit is going to be, so please contribute to our Patreon, AKA the DNA Lounge Adopt-a-Sewer program.


The One Place That Hasn't Been Corrupted by Capitalism

I am Escaping To The One Place That Hasn't Been Corrupted by Capitalism

Previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , ,

  • Previously