This article is a great explanation of the details. To explain.. no, too much. To sum up:

  • Go to Google Fonts and browse around and select ones you like, then click the bar in the footer to get an installation guide. This generated link is the important part:
    • https://fonts.googleapis.com/css?family=Lato|Montserrat|Oswald|Quicksand|Roboto
    • Because it is a “heavy thing”, I pared that list down to Montserrat for paragraph text and Quicksand for headings.
  • Put one-shot loading of the link into functions.php (details on wiki); example:
function custom_add_google_fonts() {  
wp_enqueue_style(
'custom-google-fonts',
'https://fonts.googleapis.com/css?family=Montserrat|Quicksand',
false
);
}
add_action( 'wp_enqueue_scripts', 'custom_add_google_fonts' );
  • Specify the style in CSS (details on wiki):
body {  font-family: Montserrat, sans-serif;  font-weight: normal;  }
#content h2 { font-family: Quicksand, sans-serif; font-weight: bold; }

Today I updated my gentoo server’s eselected PHP from 5.6 to 7.2 and wordpress phabricator and mediawiki didn’t even hiccup. WordPress went from a steaming pile of stubborn version upgrade refusal right back into line. I used mysqldump to back up all my databases, less than a GB. I git pulled phabricator’s stable branch (updated weekly from master) and ran a boatload of database patches that went smooth as coconut milkfat. I git-skipped the .arcconfig files so i could just update them in place. OK… why did that all just work?

Update: I went ahead and made the phabricator-recommended changes to mysql and PHP, including installing a PHP memory-based cache:

emerge -DavuN dev-php/pecl-apcu

And that, of course, cascaded me into a gentoo server update.

  • first I had to [emerge -av glibc] as it was ancient
  • do not put comments in [/etc/portage/package.use/zzz_autounmask]
  • used advice from gentoo perl docs:
emerge -uDNav --with-bdeps=y --backtrack=100 --autounmask-keep-masks=y @world

And away we go…

UPDATE: ok these are a few more of my “favorite” things…

  • mediawiki required an update, I had to manually tweak my multi-site LocalSettings overrides since some themes were removed, and some were added.
  • I decided to go through all the phabricator tweaks that it complains about.
  • I fell into an update of my fork of Simple Web Server, not really related except that it was YA deep rabbit hole.
  • Files served up were made real pretty with this; I had to tweak the .htaccess to make it correctly mo safe.
  • Moving to boost 1_69_0 was actually a lot of (CPU) work.
  • While I was moving things around, I set up a nice git flow for my stock app, with branches:
    • develop
      • feature/postgress-archive
      • refactor/use-archive-db
    • master
      • release/1.55.41-pre-archive-database

Sometimes you just gotta stop and have a bump…

These are really good libraries that got my dates and times flowing client-server full circle, with all the UI and math tools I needed.

KISS!


  // Date sanitation: limit ancient and future days and ensure start isn't beyond end
  date today = second_clock::local_time().date();
  date s = startdate;
  date e = enddate;
  if (e > today)
    e = today;    
  if (e - s > date_duration(cn_max_days_to_look_back))
    s = e - date_duration(cn_max_days_to_look_back);
  if (s > e)
    s = e;

One deep dive with haproxy and I have handed it complete control of all my certificates.

* One bind statement with every single cert file I own, and haproxy is instantly handling every host’s SSL handshaking using SNI
* It is handling dynamic conversion of http requests to https
* It has removed the need for https on any webserver on the secured LAN
* It allows incredibly flexible load balancing via host, port, url, etc etc
* It is easy to set up to use ssl best practices, so every one of your websites instantly gets A+ ratings on ssl labs

Unbelievable, I’m stunned.

Here’s all I needed to get ssl labs A+ ratings:


global

    # MDM NO SSLv3!  Good ciphers!
    ssl-default-bind-options no-sslv3 no-tls-tickets force-tlsv12
    ssl-default-bind-ciphers AES128+EECDH:AES128+EDH

frontend ....

  # MDM We need to provide an HSTS header to get A+ at ssllabs!
  http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
      
  reqadd X-Forwarded-Proto:\ https

Also needed this in wordpress wp-config.php:

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
       $_SERVER['HTTPS']='on';