Talk from my dad’s funeral

A bit of a different topic for the post today, but as several people have asked here is the text of the talk I gave at my dad’s funeral last week. If you prefer, you can find the audio of the talk on the page with other audio recordings from the funeral.


Looking through some photos of my dad Charles as a child, many people have said how similar we looked. I guess we say “A chip off the old block”. In some respects this is true – we were both interested in computers and work in IT, we both love to travel. In other respects we were very different – I have never liked wine and for the past 8 years we’ve not had any car – I’m not sure those things were ever true of Charles! However in the area that was most precious to my dad – that of following and loving Jesus – he raised all of his children to follow his good example. So, I wanted to share a few words about what my dad taught me about Jesus, and in particular the hope that it gave him as he lived and as he was dying.


I remember my first experience of death. I must have been about 4 or 5 and our family had been given a friends’ pet gerbil to look after while they went on holiday. As my mother Joyce didn’t really like animals this was the first pet we had ever had in the house, and as it turns out, also the last! The first morning I went downstairs to look through the cage bars at it, but I found it on its’ back not moving. I went and asked my mum and she said it had died. I remember we made a small marker and buried it in the back garden – I don’t know what my parents said to our friends when they got home though!

I didn’t really understand death, but I started to be both fascinated and frightened by the idea. Shortly after this incident Charles had his wisdom teeth come through. I remember him lying in bed for a few days in pain and asking my mum “Is daddy dying?” and being scared and fearful of this.


A few years later when I was about 8 years old my great grandfather died. I remember beforehand having nightmares about him dying and was very scared. On several occasions I ran downstairs crying to my dad. He couldn’t explain much, and certainly couldn’t comfort me that my great-granddad would not die or that I would not die, but he read these words of Jesus to me from the gospel of John (14:1)

“Do not let your hearts be troubled. You believe in God; believe also in me. 2 My Father’s house has many rooms; if that were not so, would I have told you that I am going there to prepare a place for you? 3 And if I go and prepare a place for you, I will come back and take you to be with me that you also may be where I am. … 6 I am the way and the truth and the life. No one comes to the Father except through me”

As he read those words and prayed for me to know this comfort, I felt the peace of the Holy Spirit come on me even though I couldn’t have described it like this at the time.


For several weeks before Charles died we feared this would happen, and again, following my dads’ example I turned to the Bible for comfort, reassurance and guidance, and thinking about how Charles would understand these verses. Paul writes to the Corinthians:

1 Cor 15:20 … Christ has indeed been raised from the dead, the firstfruits of those who have fallen asleep. 21 For since death came through a man, the resurrection of the dead comes also through a man. 22 For as in Adam all die, so in Christ all will be made alive. 23 But each in turn: Christ, the firstfruits; then, when he comes, those who belong to him.

In the story told by the Bible, God created humans in a world without death, without pain, without sorrow and with the presence and glory of God in every area of it. But because of our natural inclination to disobedience and sin; decay and death – both physical and spiritual – came into the world. This is the first creation, perfected by God but ruined by humans, symbolized and summarized in this passage by our forefather Adam.

But God could not bare to see his good creation continually be ruined by people and sought out people who wanted to follow Him – not those who thought they were perfect, but ordinary fallen people like you and me and Charles, through whom He could display His Glory and Grace. Throughout thousands of years through the people of Israel he showed that no-one could achieve this on their own merit but rather everyone was in need of a saviour. And throughout this time he promised that one day a new creation, a new beginning, a new dawn would be ushered in by the True King of the world. And in time Jesus Christ, Son of God and Son of Man came into the world and redeemed humanity dying, rising from the dead and ascending into heaven. Just as decay and death entered the world through our forefather Adam, so true renewal and life for all who wish entered through Jesus.

Paul says here that Jesus was the first example of new creation – one day God will finally return to recreate and restore this beautiful artwork of a world to its intended state. Charles didn’t believe that we would all sit in heaven strumming harps, he had a sure and certain knowledge that at the end of time God would return and usher in the new creation with no more pollution, no more ill health, no more grief or pain and no more death.


24 Then the end will come, when he hands over the kingdom to God the Father after he has destroyed all dominion, authority and power. 25 For he must reign until he has put all his enemies under his feet. 26 The last enemy to be destroyed is death.

As Jesus died on the cross he dealt the death blow to Satan and evil by turning their own weapons against them. Satan and evil are still in the world until the new creation, however they know are defeated and their time is limited. Their end will soon come.

35 But someone will ask, “How are the dead raised? With what kind of body will they come?” 36 How foolish! What you sow does not come to life unless it dies. 37 When you sow, you do not plant the body that will be, but just a seed, perhaps of wheat or of something else. 38 But God gives it a body as he has determined, and to each kind of seed he gives its own body.

Here Paul explains what the resurrection will be like, and why physical death is necessary. It’s like the difference between an apple pip and an apple tree. No-one looks at an apple pip and says “if I plant this I’ll get a giant apple pip” they say “if I plant an apple pip I’ll get an apple tree which will make lovely apples”. An apple tree, an apple pip and an apple itself all have the same essence – they are all the same thing – but how they look is totally different from each other. And Paul continues:

42 So will it be with the resurrection of the dead. The body that is sown is perishable, it is raised imperishable; 43 it is sown in dishonor, it is raised in glory; it is sown in weakness, it is raised in power; 44 it is sown a natural body, it is raised a spiritual body.

How can someone come to this more amazing form if they have not been planted, if they have not died and been buried? Charles understood that physical death is a necessary passage – like planting a grain of wheat, an apple pip or some other seed; or perhaps like a caterpillar going into a cocoon and then emerging from the chrysalis as a butterfly leaving behind its shell to rot and decay as it has no more need of it.

In the resurrection Charles will be the same essence of how we knew him in his life but a more perfected and glorious form. In Charles’ final days when he was unable to say more than a few words at a time, unable to move from his hospital bed we were so upset and sad because we remembered a Charles at the peak of his life. But in the resurrection, even the Charles we knew at the peak of his life will seem like this compared to the awesome, amazing, completed, glorified and purified Charles that we shall see then. As my brother read earlier

50 I declare to you, brothers and sisters, that flesh and blood cannot inherit the kingdom of God, nor does the perishable inherit the imperishable. 51 Listen, I tell you a mystery: We will not all sleep, but we will all be changed— 52 in a flash, in the twinkling of an eye, at the last trumpet. For the trumpet will sound, the dead will be raised imperishable, and we will be changed. 53 For the perishable must clothe itself with the imperishable, and the mortal with immortality. 54 When the perishable has been clothed with the imperishable, and the mortal with immortality, then the saying that is written will come true: “Death has been swallowed up in victory.”
55 “Where, O death, is your victory?
Where, O death, is your sting?”
56 The sting of death is sin, and the power of sin is the law. 57 But thanks be to God! He gives us the victory through our Lord Jesus Christ.

One day the end will come, one day the new creation will come, one day death will be rendered dead and Jesus will be shown to be victorious, the true King over all creation. Today as believers in Jesus we can look forward at that time and spit in the face of death – yes it hurts now, but this is part of a greater process of renewal of this world and of defeat of evil. Charles realised this – he wasn’t afraid of death – saddened by the thought but not worried or scared by it because he knew it is a necessary step in the great picture of God’s plan for the universe. He knew that death was not a permanent fixture here.

58 Therefore, my dear brothers and sisters, stand firm. Let nothing move you. Always give yourselves fully to the work of the Lord, because you know that your labor in the Lord is not in vain.

This is what Charles believed in, standing firm, letting nothing move him he gave himself fully to the work of the Lord because he know that this was the one thing that lasts. This didn’t mean he shied away from things of the world – work, enjoyment, relationships – but rather in all that he did wether it was starting his own company and looking after and mentoring his employees, enjoying a good game of Cricket or hosting people at his house and cooking for them; he did this with the aim of pleasing God and as a labour of love to Jesus, living life to the full with Him.

He did not fear death, knowing as he read to me all those years ago that Jesus had said:

“Do not let your hearts be troubled. You believe in God; believe also in me. 2 My Father’s house has many rooms; if that were not so, would I have told you that I am going there to prepare a place for you? 3 And if I go and prepare a place for you, I will come back and take you to be with me that you also may be where I am.”

Charles is in this place now, resting from his labours and enjoying the presence of his king and redeemer, Jesus. And one day all who follow Jesus will meet him in the new creation, with a renewed body, and realise that what we saw in this life was but a shadow of the true Charles, and get to enjoy an eternity together with him. We come today to celebrate his life, to say goodbye to this pip, this chrysalis of a body in the ground, and to assure each other that one day we will see him again in the fullness of life in the glorious new creation.

Styled cross-platform number input (in Angular but applicable to any HTML/CSS app)

Native elements in HTML 5 such as the number input are great, but unfortunately our designers often want them to render the same between different browsers and operating systems. For example on linux/chrome the number input has an up/down spinner on the right hand side which is always visible. On Mac the spinner is only visible on mouse over, on firefox it is rendered differently and on mobile the spinner is not there at all usually. In this case, my designer wanted number input with up/down buttons always available. This was for an order quantity input, so it should be integers from 1 upwards. With bootstrap you can easily add buttons etc to the left or right of an input, however I couldn’t see an easy way in ‘native’ bootstrap to have two buttons stacked as one of the addons, so I created my own html/less. This is for Angular 1, bootstrap 3 and fontawesome but it should be very easy to change for different platforms.

Here’s the HTML

And the LESS:

Transparently serving WebP images from Apache

I’ve recently been working on a website where we are creating a tool to customize a product. We have various renders from the designers with lots of transparency and then combine these together on the frontend to produce the customized render. As a result of needing transparency we can’t use the jpeg format so we need to use PNG format, however as this is lossless it means the image sizes tend to be very big. Fortunately the WebP format can compress transparent images including the transparency layer (but this is not set by default). Running the WebP converter with light compression over our PNG assets for this projects produced a set of WebP’s which were in total only 25% of the size of the PNG assets and still a high quality. This means much faster loading for the site, especially when displaying multiple renders of the customized product and its 5-10 layers per render.

However, WebP support is only available in about 70% of the browsers today. Rather than trying to test for it on the client side, it would be great to just keep the browser-side code the same but serve different assets depending on whether the browser supports it or not.

I found a good start for apache support for transparent loading of WebPs on github, however there were a few bugs in the script. Here is the final version that I used – you need to put it under a <VirtualHost> section.

And here is a script to convert all png, jpg or gif files under your image directories to WebP format in such a way that they will be automatically served by the code above.

Note the -nt comparison that only updates files if the source has changed. You could add this script to git post-checkout and post-merge hooks to automatically keep your WebP assets in sync with the images in the code (and add a .gitignore entry for *.webp – no need to keep 2 copies of each resource in the repository).

Important note: If you’re using an older version of imagemagick such as on Ubuntu 14.04 (imagemagick 6.7.7), it doesn’t pass the alpha compression arguments through correctly so if you have a lot of transparency you won’t see much in the way of compression happening. Switch the convert line to be something like the below, however you need to remove the gif support as that requires using the gif2webp command to convert:

Also note that this causes some issues when you have for example a jpg and png of the same base name whose contents are different (I found a few in the old code I inherited). You can find the base name of any of these clashes clashes using the following command:

Using wildcards in ssh configuration to create per-client setups

In my role as a linux consultant, I tend to work with a number of different companies. Obviously they all use ssh for remote access, and many require going through a gateway/bastion server first in order to access the rest of the network. I want to treat these clients as separate and secure as possible so I’ll always create a new SSH key for each client. Most clients would have large numbers of machines on their network and rather than having to cut and paste a lot of different configurations together you can use wildcards in your ~/.ssh/config file.

However this is not amazingly easy – as SSH configuration requires the most general settings to be at the bottom of the file. So here’s a typical setup I might use for an imaginary client called abc:

Using Letsencrypt with Wowza Media Server

As part of a work project, I needed to set up Wowza Media Server to do video streaming. As the webapp (which I wrote using the excellent ionic 3 framework) is running under https, it won’t accept video traffic coming from non-encrypted sources. Wowza has some pricey solutions for automatically installing SSL certificates for you, you can also purchase ones however these days I don’t see why everyone doesn’t just use the free and easily automated letsencrypt system. Unfortunately however, letsencrypt doesn’t let you run servers on different ports particularly easily, although it does have some hooks to stop/start services that may already be listening on port 443 (ssl). I happen to be using a redhat/centos distro, although I’m pretty sure the exact same instructions will work on ubuntu and other distros.

Firstly, you need to download the wowza-letsencrypt-converter java program which will convert letsencrypt certificates to the Java format that Wowza can use. Install that prebuild jar under /usr/bin.

Now, create a directory under the Wowza conf directory called ssl and create a file called jksmap.txt (so for example full path is /usr/local/WowzaStreamingEngine/conf/ssl/jksmap.txt) which lists all the domains the Wowza server will be listening on like:

‘secret’ is not actually a placeholder; it’s the password that the wowza-letsencrypt-converter program sets up automatically so keep it as it is.

Configure SSL on the Wowza server by editing the VHost.xml configuration file (find out more about this process in the wowza documentation). Find the 443/SSL section which is commented out by default and change the following sections:

Note the <KeyStorePath>foo</KeyStorePath> line – the value foo is ignored when using jksmap.txt, however if this is empty the server refuses to start or crashes.

Next, install letsencrypt using the instructions on the certbot website.

Once you’ve done all this, run the following command to temporarily stop the server, fetch the certificate, convert it and start the server again:

Then, in order to ensure that the certificate continues to be valid you need to set up a cron entry to run this command daily which will automatically renew the cert when it gets close to its default 3 month expiry time. Simply create /etc/cron.d/wowza-cert-renewal with the following content:

Easily setup a secure FTP server with vsftpd and letsencrypt

I recently had to set up a FTP server for some designers to upload their work (unfortunately they couldn’t use SFTP otherwise it would have been much simpler!). I’ve not had to set up vsftpd for a while, and when I last did it I didn’t much worry about needing to use encryption. So here are some notes on how to set up vsftpd with letsencrypt on ubuntu 14.04 / 16.04 so that only a specific user or two are permitted access.

First, install vsftpd:

Next, you need to make sure you have installed letsencrypt. If not, you can do so using the instructions here – fortunately letsencrypt installation has got a lot easier since my last blog post about letsencrypt almost 2 years ago.

I’m assuming you are running this on the same server as the website, and you’re wanting to set it up as ftp on the same domain or similar subdomain as the website (eg ftp access direct to example.org, or via something like ftp.example.org). If not, you can do a manual install of the certificate but then you will need to redo this every 3 months.

Assuming you’re running the site on apache get the certificate like:

You should now have the necessary certificates in the /etc/letsencrypt/live/example.org/ folder, and your site should be accessible nicely via https.

Now, create a user for FTP using the useradd command. If you want to just create a user that only has access to the server via FTP but not a regular account you can modify the PAM configuration file /etc/pam.d/vsftpd and comment out the following line:

This lets you keep nologin as the shell so the user cannot login normally but can log in via vsftpd’s PAM layer.

Now open up

Because we’re running behind a firewall we want to specify which port range to open up for the connections (as well as port 21 for FTP of course):

If you want to make it even more secure by only allowing users listed in /etc/vsftpd.userlist to be able to log in, add some usernames in that file and then add the following to the /etc/vsftpd.conf configuration file:

You can test using the excellent lftp command:

If the cert is giving errors or is self-signed, you can do the following to connect ignoring them:

Fixing Ubuntu 16.04 massive internal microphone distortion

A while ago I upgrade from Ubuntu 14.10 to 16.04. Afterwards, my laptop’s internal microphone started to become massively distorted to the point that people on the other end of skype or hangouts calls couldn’t understand me at all.

Looking in the ALSA settings I noticed that the “Internal Mic Boost” was constantly being set to 100% and when I dropped this down to 0% everything went well. It seems on my laptop at least to be coupled with the “Mic Boost” which boosts both but without quite so much distortion, ie the “Internal Mic Boost” is a boost on top of the “Mic Boost” which is obviously a problem.

I couldn’t find much detail about how to configure this properly, so after some hacking around I was able to come up with the following solution. Go through every file in /usr/share/pulseaudio/alsa-mixer/paths, look for the section “[Element Internal Mic Boost]” if it is there. You should see a setting under that section like “volume = merge“. Turn that into “volume = off“. To prevent it being changed later when ALSA is updated, you can run:

I’d love to hear if there is a simpler way to work around this issue, but it works for me at least!

Full-stack Linux development (AngularJS, Bootstrap, Modern Perl) and Life in Turkey