2026-04-08 05:41:00
I stumbled across this great post by Spencer Mortensen yesterday, which tested different email obfuscation techniques against real spambots to see which ones actually work. It's a fascinating read, and I'd recommend checking it out if you're into that sort of thing.
The short version is that spambots scrape your HTML looking for email addresses. If your address is sitting there in plain text, they'll hoover it up. But if you encode each character as a HTML entity, the browser still renders and uses it correctly, while most bots haven't got a clue what they're looking at.
From Spencer's testing, this approach blocks around 95% of harvesters, which is good enough for me.
On this site, my contact email shows up in two places:
Both pull from the site_email value in Pure Blog's config, so I only needed to make a couple of changes.
The reply button lives in content/includes/post-meta.php, which is obviously a PHP file. So the fix there was straightforward - I ditched the {{ site_email }} shortcode and used PHP directly to encode the address character by character into HTML entities:
<?php
$_email = load_config()['site_email'] ?? '';
$_encoded = implode('', array_map(fn($c) => '&#x' . dechex(ord($c)) . ';', str_split($_email)));
?>
<a class="button reply-button"
href="mailto:<?= $_encoded ?>?subject=Reply to: {{ post_title }}">Reply by email
</a>Each character becomes something like k, which is gibberish to a bot, but perfectly readable to a human using a browser. The {{ post_title }} shortcode still gets replaced normally by Pure Blog after the PHP runs, so the subject line still works as expected.
The contact page is a normal page in Pure Blog, so it's Markdown under the hood. This means I can't drop PHP into it. Instead, I used Pure Blog's on_filter_content hook, which runs after shortcodes have already been processed. By that point, {{ site.email }} has been replaced with the plain email address, so all I needed to do was swap it for the encoded version:
<?php
declare(strict_types=1);
function on_filter_content(string $content): string
{
$config = load_config();
$email = trim((string) ($config['site_email'] ?? ''));
if ($email === '') {
return $content;
}
$encoded = implode('', array_map(fn($c) => '&#x' . dechex(ord($c)) . ';', str_split($email)));
return str_replace($email, $encoded, $content);
}This goes in config/hooks.php, and now any page content that passes through Pure Blog's filter_content() function will have the email automatically encoded. So if I decide to publish my site_email elsewhere, it should automagically work.
As well as the obfuscation, I also set up my email address as a proper alias rather than relying on a catch-all to segregate emails. That way, if spam does somehow get through, I can nuke the alias, create a new one, and update it in Pure Blog's settings page.
Is this overkill? Probably. But it was a fun little rabbit hole, and now I can feel smug about it. 🙃
Thanks for reading this post via RSS. RSS is ace, and so are you. ❤️
You can reply to this post by email, or leave a comment.
2026-04-07 21:31:00
In the last year or so I've read about many people moving from streaming services, like Apple Music and Spotify, to their own music library. To support these local libraries, many seem to be getting themselves a music player, such as the Fiio Echo Mini.
While moving to a local library is something that I've thought about many times1, I don't understand why people are buying these little music players.
The big selling points generally seem to be:
With the exception of the 3rd point, pretty much every smartphone on the market will do all of this. And let's be honest, #3 doesn't really matter as most people use Bluetooth buds these days.
Yes, I know some people still use old school wired earphones. I don't need an email from you.
So if the device that's already in your pocket will do everything these little music players will already do, why get an extra device to lug around everywhere?
I want to stress, these look really cool, and if that's why you want one, that's totally fine. But anecdotally, that's not what I'm seeing.
Can someone enlighten me? I see the advantages of owning your own music library, but I don't get why people want to carry another device everywhere.
I've decided to stick with streaming, but that's a post for another day. ↩
Thanks for reading this post via RSS. RSS is ace, and so are you. ❤️
You can reply to this post by email, or leave a comment.
2026-04-07 00:25:00
So yesterday I received an email from Admiral, our insurance provider, where we have a combined policy for both our cars and our home. Last year this cost £1,426.00, but this year the renewal had gone up by a huge 33%, to £1,897.93 broken down as follows:
Even at last year's price this was a shit tonne of money, so I started shopping around and here's what I ended up with:
These policies have at least the same cover as Admiral. In some cases, better.
I knew it would be cheaper shopping around, but I didn't think it would be nearly half. So, I called Admiral to see what they could do for me, considering I've been a loyal customer for 7 years.
They knocked £167,83 (8.8%) off the policy for me, bringing the revised total to £1,730.10. Nice to see that long-term customers are rewarded with the best price! 🤷🏻♂️
So I obviously went with the much cheaper option and renewed with 3 different companies. It's a pain, as I'll now need to renew 3 policies at the same time every year, but if it means saving this much money, I'm happy to do it.
Next year I'll get a multi-quote from Admiral to see if they're competitive. Something tells me they will be, as with most things these days, getting new customers is more important than retaining existing ones.
Unfortunately having car and home insurance is a necessary evil in today's world, but I'm glad I was able to make it a little more palatable by saving myself over £700! If your insurance is up for renewal, don't just blindly renew - shop around as there's some serious savings to be had.
Thanks for reading this post via RSS. RSS is ace, and so are you. ❤️
You can reply to this post by email, or leave a comment.
2026-04-04 21:18:00
Sanjay asked me in a comment on my AMA post:
I am a fellow reader of multiple blogs of yours and others. But somehow I have been searching for any article where any one can setup of his entire digital life using subscription free model.
I am not talking about to get everything FREE and become a PRODUCT. If you think you can setup everything using opensource then how would you setup all of your essentials. You can write a post anytime when you have a time.
For example.
And so on.. There may be many more things. I always think what would happen to my subscriptions if I will no more or I will have some issue or financial constraint. Will the subscription be a burden to my family when I will not be there. Or any of my important services will stop working for not paying suddenly?
Currently I am not paying any subscription for any of my services as I have reduced as minimum services I can opt.
Regards,I think the short answer to your question, Sanjay, is mostly yes. But I'd advise against it for some things*.
Some of the items on your list are really easy to get without a subscription, for example:
Unfortunately, some things on your list are either going to cost you money, privacy, or time somewhere along the line.
Domains cost money. I know some don't but they tend to be very spammy and have poor email delivery as a result. Also, any email service worth their salt will require you to pay. If not, they're probably sniffing your mail.
You could self-host your email at home, but there's then a cost associated with the hardware to host the mail server, or your time administering the system. Email is notoriously difficult for self-hosters too.
As with most things that are free on the web, if it's free, you're probably the product. And that's true with both GitHub and Cloudflare, in my opinion.
You can host a site for free on either service, but you would either need to buy a domain, or be happy using one of their free sub-domains. There's also the technical debt required to create the static sites that these services support. So there's a time cost.
Again, you can host at home, but there's the same hardware or time costs that are associated with self-hosting email.
Like email hosting, any service worth their salt is going to charge. Some may have initial tiers that are free, but I doubt they will be very generous. I personally use Bunny for my CDN needs. They're reasonably priced and have a pay-as-you-go model, so no subscription involved. Obviously you can't host a CDN at home, as that would defeat the object of the whole thing.
For databases; same story as above. You can host at home, but there's a hardware/time cost associated, or you can pay for a reputable host to do it for you.
I think this one is easy. Your options are threefold:
I think these decisions ultimately come down to personal preference, and a compromise in one of three things - cost, time, or privacy.
There's always a trade off with this stuff. It just boils down to what you're willing to trade off, personally.
Thanks for reading this post via RSS. RSS is ace, and so are you. ❤️
You can reply to this post by email, or leave a comment.
2026-04-04 01:54:00
Last week I wrote about how I thought I was being scammed by someone on eBay. In the post I said the following:
I've asked eBay to step in and help resolve the situation, so we will see what happens. But there's a lot of buyer protection on eBay (and rightly so) but there's very little in the way of seller protection, even though I'm not a business. So I have a feeling they will find in favour of the buyer and I'll be out a few quid.
Well, a few days after publishing that post, I received an automated email from eBay, saying:
I then logged into eBay to check the conversation I'd had with this user via the eBay messenger. At the bottom of the message thread, there was a notice that said:
So it seems that eBay, for whatever reason, deemed the user's account to be problematic enough to warrant a suspension/termination.
Honestly, I don't know. I haven't had the payment for the watch taken from my account, and eBay haven't requested that I refund the payment. So I assume that I get to keep Ollee watch2, and the money the potential scammer originally paid.
We message back and forth on WhatsApp, and they haven't messaged me there - if I were in their position and a legit buyer, I'd be seething and would have definitely messaged on WhatsApp. So something tells me this isn't their first rodeo, and the potential loss is just collateral damage.
Does this mean that for once the scammers have lost? We'll see. At this point I think the issue is closed from an eBay perspective, so I'm planning to re-list the Ollee Watch for a much discounted price in the next few. If eBay subsequently request the money be returned to the scammy user, I'll just have to take the hit on that.
If you're based in the UK and interested in this watch, please get in touch using the reply button below.
Albeit now worth way less since it doesn't have the original Casio module, or any of the Ollee packaging. ↩
Thanks for reading this post via RSS. RSS is ace, and so are you. ❤️
You can reply to this post by email, or leave a comment.
2026-03-29 19:26:00
Back in November I pre-ordered an Ollee Watch, which was delivered in February. After playing with the watch, I decided I didn't want it, so I posted it up on eBay - never worn, so brand new.
A week or so later it sold and I posted it off to its new owner. A day or 2 later, the buyer messaged me saying the backlight wasn't working. This immediately raised my suspicions as the watch was brand new and I had packaged it up well.
Anyway, I gave them the benefit of the doubt after they had sent a video of the apparent problem, accepted the return, and paid for them to return the watch to me.
I took delivery of the watch yesterday, opened the package and all of the Olle packaging has been removed, as well as the original Casio module. It came back like this, with only half of a Casio box:
I tested the backlight; low and behold, it's working fine! So now I have a new Ollee watch, with no packaging, and no Casio module. So it's worth a lot less than it was previously.
Fucking brilliant.
I've asked eBay to step in and help resolve the situation, so we will see what happens. But there's a lot of buyer protection on eBay (and rightly so) but there's very little in the way of seller protection, even though I'm not a business. So I have a feeling they will find in favour of the buyer and I'll be out a few quid.
Double fucking brilliant.
I messaged the buyer once I'd received the watch back, politely asking WTF? and they replied with:
I'm sorry I thought the original packaging was all there, there definitely was a problem with the backlight and I think the original Casio thing is in the little compartment on the stand.
The module is 100% not there.
Now, the buyer may be legit. The backlight may not have been functioning properly while they had it. They may have binned all the Ollee packaging3, and the Casio module, but I find it hard to believe.
The backlight works flawlessly. It's not like it works occasionally or anything like that. You tap the light button and it lights up every single time. It's in perfect working condition.
My guess is that they've done this to get the Ollee packaging, then they're going to scam some other poor bastard by selling them a standard F-91W (which costs around £15) dressed up as an Ollee watch for around £100.
Anyway, we will see what happens as eBay get involved. If you're in the UK and interested in getting yourself a fully working, brand new, Ollee watch (albeit with no Ollee packaging) for cheap, get in touch.
Why would you keep the other half of the packaging though?? ↩
Thanks for reading this post via RSS. RSS is ace, and so are you. ❤️
You can reply to this post by email, or leave a comment.