David's blog

Twitter / X changed the rules and I’d like to cancel my subscription now

When I signed up, I did so without installing an app to my cell phone. I signed up with the website, email, and SMS texting only. I had two-factor authentication enabled, and all that worked well. I paid for a subscription. Like a dumbass, when it came time to renew, I bought a year’s subscription because of a discount.

For an unknown reason, they’ve locked me out of my account. I get a prompt “Let’s confirm you are a human” with a URL to an app store.

I don’t want to install an app.

Really, X / Twitter wasn’t much fun for me anyway. If they’re going to be jerks about randomly locking me out of my account and demanding I install an app so that they don’t have to respond to email, I might as well just cancel my account.

I’ve tried the automated help at https://help.x.com/en/managing-your-account/locked-and-limited-accounts three times now, but no one there is bothering to help me. It’s been about a week since the first time I asked for help.

I’d received an email from paidfeatures@x.com and tried to ask them about my account lockout, but received the reply: “Our customer support options have changed and this mailbox is no longer monitored.

If you are a Premium user please DM @Premium: https://x.com/premium“

Can’t very well DM you if you won’t let me log in, dudes.

Generally, I think it was terrific for Elon Musk to buy Twitter. Before Elon, Twitter was a willing conspirator with the US government to throw the 2020 election.

But somewhere along the line, X (new Twitter) gave up on keeping all the forms of customer service open.

I’d like to cancel my account, please.

Another bit of Let’s Encrypt inspired trouble

One of the pieces of bad advice I got while trying to diagnose the Let’s Encrypt problem was to reset my Nextcloud File Sync client connection. No big deal, they said, just recreate the connection.

BY THE WAY (said no one) WE’RE GOING TO TRASH FILES WAITING TO SYNC.

Well, I’m being a bit overly dramatic here. The files aren’t syncing, but I do see them on the laptop they were transferred to. So they are not lost, which is important because they were audio recordings of speakers from Wednesday the 24th and Sunday the 21st. But the sync process that worked before, now isn’t. It reports everything is fine, but the files are not copying across.

Let’s Encrypt dropped a spanner in the hole

Admittedly, the way I’ve done things is a little unusual. It’s annoying that my setup broke when Let’s Encrypt changed things, but I understand they can’t test every setup. Still, I was caught off guard and spent a couple of days trying to figure out what went wrong.

What happened is that Let’s Encrypt started issuing certificates where the chain of trust goes up to a new root CA certificate.

That new root CA certificate is not in any of the standard root certificate bundles any of my machines are configured with (yet).

For web browsing clients, this wasn’t a problem, because web browsers work really hard to climb the chain of trust and verify it. They want to look at certificate revocation lists too, so climbing the chain of trust was something they were going to do anyway.

But me, I’ve got Thunderbird configured to pull my address book from my Nextcloud server. Thunderbird is not a web browser. Thunderbird gets really pissy when climbing the SSL chain of trust fails. This is a feature, not a bug!

DITTO the Nextcloud File Sync client.

Further complicating the matter is that I’m getting my wildcard Let’s Encrypt certificates via an ACME client on pfSense. The pfSense scheme works well; every six months I have to update the API key for permission to dink with DNS, but, it works well. After automatically renewing the wildcard cert, pfSense can also run a command to copy the cert files to another machine. I use that machine to hold the certs that I could use on other hosts in my network.

Diagnosing this trouble, the suggestion was to edit the pfSense ACME configuration to add “Preferred Chain: 'ISRG Root X1'” – which I did, but it doesn’t work. During the Issue/Renew phase, I could see the command line that the acme.sh script was running, and it included –preferred-chain 'ISRG Root X1' and everything appeared to work correctly. But when I download the CA file, it says it is:

subject=C=US, O=Let’s Encrypt, CN=YR1
issuer=C=US, O=ISRG, CN=Root YR

I specifically asked for X1 and I got YR. Sigh.

I thought I had it solved by specifying SSLCertificateChainFile in the Apache config, but Thunderbird is still barking at me.

It does appear that adding SSLCertificateChainFile to the Apache config did fix the Nextcloud File Sync client.

The Thunderbird fix was to add the .ca file to the authorized servers certificate store:

Thunderbird > hamburger / pancakes menu in the upper right corner > Settings > Privacy & Security > Security > Certificates:

Then, on the Authorities page, choose Import. I had to change the drop-down in the file picker to allow all files, because .ca files aren’t normally something one would (have to) import.

Nextcloud server playlist import

I really like the Nextcloud Music app. Previously I had complained that music playlist import by hand is more complicated than I would like. But today I found that Nextcloud Music has a server-side playlist import feature. Neat!

When I reset my music collection in Nextcloud (because I was messing with ID3 tags or such), I lose my playlists in the web interface. There is a nice import function to fix this – but it has a catch.

sudo -u www-data php occ music:playlist-import me --overwrite --file "Music/playlists/the_elder_scrolls.m3u"

I would try this inside the server, and it would report zero tracks imported.

Turns out this is no good for my m3u file contents:

A Chance Meeting.mp3 Ancient Stones.mp3 Aurora.mp3 Awake.mp3 A Winter's Tale.mp3 Before the Storm.mp3 Beneath the Ice.mp3 Blood and Steel.mp3 Caught off Guard.mp3 Dawn.mp3 Death or Sovngarde.mp3 Distant Horizons.mp3 Dragonborn.mp3 Dragonsreach.mp3 Far Horizons.mp3

The m3u file needed to have this:

../A Chance Meeting.mp3 ../Ancient Stones.mp3 ../Aurora.mp3 ../Awake.mp3 ../A Winter's Tale.mp3 ../Before the Storm.mp3 ../Beneath the Ice.mp3 ../Blood and Steel.mp3 ../Caught off Guard.mp3 ../Dawn.mp3 ../Death or Sovngarde.mp3 ../Distant Horizons.mp3 ../Dragonborn.mp3 ../Dragonsreach.mp3 ../Far Horizons.mp3

I think this is because most people organize their music collections to keep their files in subdirectories based on either album or artist. I throw everything into one subdirectory because I rely on the Nextcloud Music app to find the ID3 tags and organize it that way.

I’ve written a Perl script to read the same m3u file, and to pull a random file from it and throw that at Music Player Demon when the current track list gets too low. But the file paths on the server are different from what inside Nextcloud knows, so I was keeping the m3u file super simple and letting Perl figure out how to tell MPD where the file could be found.

Microsoft list of “We’re not done until you don’t run”

I’ve since seen a few more instances of “Microsoft software isn’t done until competitors won’t run”. I don’t have a nice succinct list, though.

I don’t think I should include the WordPerfect for Windows font problem in the above list. In the above list, Microsoft wrote code to damage their customers who used competitors products. Microsoft tested that code and shipped that code using their monopoly position to customers who were then blindsided by the malevolent code.

The WordPerfect for Windows font problem was different from that. Like the DOS isn’t done until Lotus won’t run problem, WordPerfect and Microsoft had a formal partnership agreement. But Microsoft didn’t ship subverting software in this case. They promised to ship a working API spec for calling a font to be rendered, and then … just kept delaying. While Microsoft Word was getting rewritten to use TrueType, their partners were crippled by not being allowed to know how to call TrueType. So “withholding support” isn’t the same as shipping corrupting software. More details at Ars Technica.

Playing a new video game: Warhammer 40,000: Gladius – Relics of War

Financial

Apparently the Warhammer video game people do an annual event in the spring, called Skulls, and put things on sale and announce new products for pre-order.¹

This year (2026), the event runs from May 21 through 28.

On Steam, Gladius – Relics of War is free.

Obviously, they are hoping you’ll want to buy their DLC packs²

I didn’t know this game was going to go on sale, so I’d bought it on Good Old Games (gog.com) about two weeks prior. I went the GOG route because the Steam price was really quite high in comparison. But really, GOG was simply discounting it early because they knew that it would be going on sale.

I think I got a very fair deal. And I’m pretty sure the DLC packs I bought were 12% less expensive than the price on Steam, although of course, I paid GOG $5 for the base game, and Steam two weeks later was giving it away for free. Steam does have the achievement badges, which are fun.

Gameplay

I am definitely a fan. If you like the Sid Meier’s Civilization series, you’ll like the gameplay of Gladius – Relics of War. It is a classic 4X game: explore, expand, exploit, and finally exterminate the enemy.

Gladius – Relics of War came out in 2018 – eight years ago as of the time of this post. The advantage here is that it doesn’t assume that I’ve got super advanced hardware. It runs very smoothly because it was originally written for hardware a little on the puny side, by today’s standards.

The tutorial and the user interface aren’t as good as I’d hoped. There wasn’t an explanation of what the user interface is trying to tell me.

I’m early enough that it will take me a while to figure out what map features and what factions to play to not wipe. But the game is both interesting and soothing. I know what I’m doing, even if I don’t yet know the best way to maximize the faction that I am playing.

One thing I definitely don’t miss from the Civilization series is its woke politics. I was tremendously disappointed when Civ 6: Gathering Storm added climate change as an obstacle to manage. I’m old enough to have seen the furor over Global Cooling, and then Global Warming, and then eventually for the shysters to call it Global Climate Change because who the hell can say if the disaster will be one of warming or cooling? Still: doom! Doom! DOOM!!!³

Anyway, Gladius – Relics of War has none of that. Thank goodness.

It also doesn’t do diplomacy. I like that in a 4X game.

I suspect that I will get to play this game for a long time, and I will continue to enjoy it immensely.

Music

I love the music.

In fact, I’d read that the music score was excellent, so when the Steam Summer Sale showed up in 2025, I bought the soundtrack. I didn’t know anything about the gameplay at that time. I added it to my MP3 stream of whole-house music and like it a lot.

The only thing that is a little weird is that because it is a video game soundtrack, the data for it in MusicBrainz is a little off. I guess this is because it’s not like they went to a record publisher and said, “Hey, let’s make a CD of this and sell it”. There’s no “album” so MusicBrainz doesn’t really know how to deal with that.

Still, I like the music from the game well enough that sometimes I’ll add the entire playlist to my queue, and get 4 hours 50 minutes of play time out of it.

I don’t think I’ve ever pre-ordered a video game, and I’m pretty sure I never would. It is a terrible idea. ↩︎
The acronym DLC stands for Down Loadable Content. ↩︎
Pay us for carbon credits, dumbass ↩︎

Microsoft does the I.F.S. again.

I.F.S. = Incredibly Fucking Stupid

TL/DR: 5,000 workstations are hit with a surprise reboot in the middle of the morning because the policy says “Audit mode only” and the documentation doesn’t warn that “Oh by the way….”

At work, one of our security team members changed a policy in Microsoft Defender. The policy had a piece: Audit Mode Only.

When I read Audit Mode Only, I would believe that this would be a low-impact change. Nothing really is going to change, but some things will start to be logged. That’s what I would expect, and that’s what my co-worker expected.

Silly him. He hit Apply and 5,000+ machines got notified that they would be rebooted in 5 minutes. And then 2 minutes. And then all the work you have in progress was sent to go kick rocks.

If adding Audit Mode Only were going to impact things, wouldn’t it behoove Microsoft to warn people? Yeah, no, we’re talking about Microsoft here. Nowhere before the Apply button is one warned that one is about to reboot every machine in the organization.

Look at the date on that: 5 years ago. And four years later in the same thread, one guy reports still being hit with it.

Turns out that hitting Apply deploys the policy that won’t do anything but audit, but deploy does force a reboot. Surprise!

I think the biggest failing here is that for five years, Microsoft had a chance to put large warnings into the product about what will happen, and they did not.

The icing on this cake was that it happened at 10:30 AM on a Tuesday. Once per week, at 10 AM on Tuesdays, our highest elected officials hold a Public Meeting, in their chambers, where official business is conducted, with a couple hundred people in attendance. The timing couldn’t have been worse (or better, if the goal is to expose what clowns Microsoft are).

APTUI

gesundheit

😉

Listening to the Untitled Linux Show over on the TWiT.tv network, they mentioned APTUI, and I love it.

I cut my Linux teeth on SuSE Linux, coming from twelve years as a Novell NetWare administrator. YaST (Yet another Setup Tool) under SuSE was great. I particularly liked finding and installing new Perl modules using YaST – it took care of dependencies and everything. Just wonderful.¹

Unfortunately, the OpenSuSE project doesn’t like YaST and is working to get rid of it. This is one of the reasons I’ve abandoned OpenSuSE.

I’m currently back on Debian. It is fine, but it is frustrating to add Perl modules. First, I have to find the name of the Perl module I want, because apt wants to know exactly the name of the file to install.

APTUI (a Text User Interface for APT) is everything I liked about yast sw-single

If I type DateTime into APTUI, it shows me all the Perl modules that I might want to use. Although I know it as DateTime::Format::ICal, apt wants to know that the file is named libdatetime-format-ical-perl. aptui simply lets me select the module (with a mouse or keyboard) and hit the i key to launch the install. This is great.

So thank you to the guys over at the Untitled Linux Show. This was a great command-line tip of the week. And gesundheit. 😉

I suppose much of that is Zypper and RPMs, and not so much YaST, but the experience is what I liked. ↩︎

MusicBrainz Picard: good, mostly

The problem I am trying to solve is that when I am in-person at work, there is a ton of talking going on around me, and I’d like to blot that out with music. But I’m usually wanting a genre of music. Also, I’d like to choose the option for the player to randomly pick which song to play and then work through the entire list.

I have my own Nextcloud server on the public Internet, and I can log in on my cell phone and go to the Music app page and play the music via Bluetooth to my headphones. This lets me not bother anyone, I’m blotting out the stuff I don’t care about, like baseball, how drunk my cubicle neighbor got with his friends over the weekend, etc.

I’d previously used Kid3 to change genres on files, but that was mostly a manual process. Purchasing MP3 files from Amazon is still something I do, but I don’t really want to have to then manually mess with every file. So I looked at MusicBrainz Picard. Actually, I’d heard about it from the Untitled Linux Show over on the TWiT.tv network.

At first, it did exactly what I wanted: replace all the tagging I’d done with whatever was in their database. That was fine. I went from probably 15 to 20 genres to 123, but that was to be expected. FWIW:

exiftool -p '$genre' -q . | sort -u | wc -l

One of the things that looks good in Picard is the plugin or scripting features. This looks promising. So I tried that, but… ooof.

Part of the problem is definitely my own fault: I’d like to have a song show up in multiple categories, and I’d like to use the genres tag, and I’d like to use the Nextcloud web page for playing. So this is my fault for wanting too much.

It appears that the multiple genre tags are not something the Nextcloud Music app can handle. Perplexity suggested I try the Nextcloud Audio Player app, but it didn’t appear to be any better. It appears that the Nextcloud apps don’t know how to do multiple genres, but I didn’t know that going in.

Back to MusicBrainz Picard: I had successfully gotten the genre tag of each file set to their Internet database default. Now to recategorize things. For example, the B-52’s Love Shack shows up as Alternative Rock, and I’d like to have it show up under both Rock and Fun.

On the one hand, it appears that Picard was able to mess with the genre tag and perhaps be able to add multiples. I couldn’t tell, though, because the Nextcloud apps did not play nice with that file after I’d touched it with Picard. It is entirely likely that I did something wrong with scripting.

But what was the real problem? Resetting back to normal. Thankfully, I’d only touched the one file. Wow, Picard was not willing to undo the tag update I’d told it to do.

I tried all the things I’d done during the first run, to reset the tags to only what the MusicBrainz database out on the Internet has. Picard would not let go. Ultimately, I had to exit Picard, crank up Kid3, delete the genre tag entirely, then crank up Picard and refresh from the Internet. Thank goodness I’d only messed with the one file.

Ultimately, I’ll go back to creating playlist files, either .3mu or .m3u8 files. These are a pain in the ass to deal with in Nextcloud, however. Every time I reset the music collection and rescan my files, it deletes the playlists from its database. Loading them from disk is a single-playlist-file-at-a-time operation. This may be heresy to say, but for this, I am more capable on Windows than on Linux, because I have WinBatch available: I’d be able to script driving the mouse and keystrokes to load the files each time.

I do already have my playlists down to about eight categories, which isn’t too bad. But loading the .m3u8 files into Nextcloud is a poor experience: it wants the name of the playlist before I can import the file, and then if I want to save the changes, it may create a new, different file name on export. I’m much happier with MPD (Music Player Demon) simply reading .m3u files. My whole-house audio is great. But that doesn’t help me with needing Nextcloud when I’m in-person in the office at work.

The Audio Player app in Nextcloud is braindead regarding playlists. The instructions are to “Add new tracks to playlist by drag and drop” – from where, you idiot? Changing the list to Titles moves away from the Playlists screen. I don’t want to drag and drop files, because they are already in Nextcloud. Sheesh. Music app it is.

I feel a little betrayed by Perplexity.ai

I’d signed up for the service, paying $20 per month. I understand that running this stuff costs money, so sure, I’ll buy a subscription. And some of the Perl programming I was doing, when I asked Perplexity.ai to help, it was excellent.

But recently, the stuff I want, they are putting behind a new tier called “Computer” for $200 per month.

I feel betrayed.

Yes, I would like “Ready-to-paste Picard script for true multi-genre tags – tested on mixed genre tracks”. But I don’t have $200 per month, and never will.

I asked Perplexity.ai if I could turn off the prompting to use “Computer” and of course the answer is no.

It is still useful, of course. What these programs can do, using statistics of word association, is spectacular. But, there’s no Intelligence in Large Language Models (LLMs) yet. If I were going to whine about work, I’d tell how MS Copilot literally wasted 6 hours of my 8-hour day yesterday. It is amazingly bad at generating PowerShell (and if any company should have PowerShell expertise, it should be Microsoft). After getting past all the syntax errors, the script finally worked, except it searched a mailbox and matched nothing. Turns out Copilot hallucinated a function for matching Sent Items. Gah! I am so ready to be retired from this hell.

Anyway, back to Perplexity.ai – the bait-and-switch of getting me to sign up and then putting the good stuff behind a bigger paywall is… well, it doesn’t feel good, man.