Category Archives: In English

In memory of John Lewis: Natural therapeutics on pancreatic cancer updated

RIP John Lewis

I remember him being very much alive and doing what he always did, which is to speak the truth, for example during the impeachment hearings in the House.

Updated Natural therapeutics § Pancreatic cancer

3 studies were added about pancreatic cancers and cannabis and one study about pancreatic cancer and dandelion root.

The in vitro study on ginger and pancreatic cancer should be followed up with in vivo testing.

The dandelion root water extract working against cancers, including pancreatic, has been established to the level of animal models in the case of bowel cancers. The Dandelion Root Project at University of Windsor, Ontario has studied dandelion root since 2009.

Section of article copy-pasted quite unchanged below. Sorry about the refs not quite working, I’m going to get them sorted.

Pancreatic cancer

Pancreatic cancer and cannabis

Studies about pancreatic cancer and cannabis

Pancreatic cancer and ginger

The ginger plant has shown effects against cancers in vitro, so in vivo studies are needed.

“Gingerol has been investigated w:in vitro for its effect on cancerous tumors of the bowel,[13][14] breast tissue,[15] ovaries,[16] and pancreas,[17] with positive results.”

~ Wikipedia on Gingerol as of 2019-11

Pancreatic cancer and dandelion root

The dandelion root contains the keys against many cancers.

Hand coloured print, plate 1 of Dens Leonis in A Curious Herbal, 1737 by Elizabeth Blackwell

The Dandelion Root Project at University of Windsor, Ontario has studied dandelion root since 2009 and they state on on their website:

“Since the commencement of this project, we have been able to successfully assess the effect of a simple water extract of dandelion root in various human cancer cell types, in the lab and we have observed its effectiveness against human T cell leukemia, chronic myelomonocytic leukemia, pancreatic and colon cancers, with no toxicity to non-cancer cells. Furthermore, these efficacy studies have been confirmed in animal models (mice) that have been transplanted with human colon cancer cells.[18]

~ The Dandelion Root Project on anti-cancer properties of dandelion root water extract

Studies about pancreatic cancer and dandelion root


Tested my vocabulary size in Finnish and in English

I did the Finnish vocabulary size test provided by first and the results was that my Finnish vocabulary size is about 17,280 words which puts me at the top 7.33%

Then to the English language vocabulary size test by Here I did a little better with approx. 22,350 words in my vocabulary which puts me in the top 6.08%. So it would seem my English vocabulary is slightly better than my native tongue’s.

Both tests commented that my vocabulary is on the level of “professional white-collar”. I did not cheat in either test by looking up words in Wikipedia or Wiktionary. I’m considering whether to try the French test, but kinda put of by knowing in advance that I will get a dismal result.




Upgrading Debian GNU/Linux from Jessie to Stretch

The official Debian GNU/Linux logo
Debian is a very reliable OS for servers, though you can install it on desktops too.

Objective: To safely upgrade from Debian 8 (Jessie) to Debian 9 (Stretch) two servers and to keep good records of what was done to perform the upgrade.

  1. Server #1 is used just to verify and hold backups of other servers so it has no public services running.
  2. Server #2 hosts a diaspora*, a Hubzilla, a GNU social, a Friendica and a GNU Mediagoblin.

The definitive source on how to achieve the objectives

There are various tutorials with very brief instructions on how to go about the upgrade, but I decided to follow  The definitive guide to upgrading from Debian Jessie (8) to Debian Stretch (9) at to learn how to do the upgrade very carefully.


First off: I informed the users of the free social media instances about the upcoming upgrade and the downtime to be expected.

Make sure all the software are in their latest version

# apt update && apt upgrade

Made backups of /etc, /var/lib/dpkg, /var/lib/apt/extended_states /home/username, /var/www and the output of dpkg --get-selections "*" and stored them off-site. Additionally I took a snapshot of the system disk just in case the upgrade doesn’t go well then it is possible to revert to the pre-upgrade situation.

Next checked for non-Jessie software with

$ apt-forktracer | sort

It found some items from jessie-backports but nothing that is in use.

Checked for half-installed packages with

# dpkg --audit

Nothing of interest was found. Just one dummy package.

Check for packages on hold

# dpkg --get-selections | grep 'hold$'

None were found.

Edit the /etc/apt/sources.list

Now update the /etc/apt/sources.list changing each occurrence of ‘jessie’ with ‘stretch’. I did it with sed (Stream EDitor) but it is also possible to manually edit the file with your favourite editor.

# sed -i 's/jessie/stretch/g' /etc/apt/sources.list

Start session recording for later reference

Next start session recording with (replace step with a number. When needing to reboot then restart the session recording with an incremented number)

# script -t 2>~/upgrade-stretchstep.time -a ~/upgrade-stretchstep.script

If you have used the -t switch for script you can use the scriptreplay program to replay the whole session:

# scriptreplay ~/upgrade-stretch1.time ~/upgrade-stretch1.script

The upgrade

Update the package list with the Stretch sources in place

# apt-get update

Make sure you have enough disk space for the upgrade

# apt-get -o APT::Get::Trivial-Only=true dist-upgrade

There is ample of space so proceed with minimal upgrade (upgrading only the installed software).

# apt-get upgrade

Now time to upgrade the system. This will take a while.

# apt-get dist-upgrade

Next check if you have already installed the linux-image* meta-package

# dpkg -l "linux-image*" | grep ^ii | grep -i meta

If you do not see any output, then you will either need to install a new linux-image package by hand or install a linux-image metapackage. To see a list of available linux-image metapackages, run:

# apt-cache search linux-image- | grep -i meta | grep -v transition

If unsure which linux-image metapackage you can get longer description of the linux-image in question by running

# apt-cache show linux-image-amd64

Looks good. Let’s install it.

# apt-get install linux-image-amd64

apt-get reports that there are installed packages that are no longer needed. Remove them with

# apt-get autoremove

Now it is time to reboot for the new kernel to take effect.

# reboot

Login and check the OS version

$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 9.5 (stretch)
Release:        9.5
Codename:       stretch

Verified that the services were up-and-running. Upgrade successful!

UPDATE: It seems there are 2 PostgreSQL running: Version 9.4 (the old one from Jessie) and Version 9.6, which ships with Stretch. Going to look into removing the old one safely.

Installing a wildcard certificate on Linux using and a DNS Api

Let’s Encrypt is a certificate authority (CA) that offers free SSL/TLS certificates

Objective: To acquire and install a wildcard SSL/TLS certificate from to a GNU/Linux system with automatic renewal enabled by using a registrar’s DNS API to prove the ownership of the domain. In this case I’m using the Gandi LiveDNS API but the instructions work with other DNS providers with APIs too that have DNS plugins available.


sudo su
git clone
cd ./
./ --install

Get API key from Gandi

Go to and click on “security” and generate an API key and store it in a safe place and export it with

export GANDI_LIVEDNS_KEY="fdmlfsdklmfdkmqsdfkthiskeyisofcoursefake"

Generate the cert

Followed the official DNS API instructions at GitHub.

Now use the staging environment (–test) for the certificate issuing. This will save you on the issuing limits of production platform. --issue --test --log --dns dns_gandi_livedns --log -d *.domain.tld -d domain.tld

Notice that this will fail on the first run but succeed on the second one.

Once the –test finishes successfully you can switch to the production environment by deleting the /root/*.domain.tld-directory (it contains the staging server’s information and will be regenerated with the production server’s info on next run)

rm -rf /root/*.domain.tld

Now run the issuing command twice (it will fail on the first run) just changing –test to –force --issue --force --log --dns dns_gandi_livedns --log -d *.domain.tld -d domain.tld

Install the certificate in some sensible place as the directory structure of /root/ may change in the future.

Certificate deployment instructions for Apache at GitHub --install-cert -d *.domain.tld -d domain.tld \
--cert-file /etc/apache2/*.domain.tld/*.domain.tld.cer \
--key-file /etc/apache2/*.domain.tld/*.domain.tld.key \
--fullchain-file /etc/apache2/*.domain.tld/fullchain.cer \
--reloadcmd "service apache2 force-reload"

Edit Apache configuration to take the SSL/TLS protected site into use

Create a VirtualHost-directive for the SSL/TLS protected site

<VirtualHost *:443>
   SSLEngine on
 SSLCertificateFile /etc/apache2/*.domain.tld/*.domain.tld.cer
   SSLCertificateKeyFile /etc/apache2/*.domain.tld/*.domain.tld.key
  SSLCACertificateFile /etc/apache2/*.domain.tld/fullchain.cer

Once you are sure that the HTTPS site works redirect requests from the http-site to the HTTPS site with URL rewriting.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

Enable forward secrecy in your Apache configuration

Enabling forward secrecy makes users of the site more secure. Instructions by SSLLabs research here at GitHub.

That’s it. The installation added a cronjob to run it daily and it will renew the certificate automatically when it is nearing the end of it’s validity period.


UPDATE 2018-07-16: If you need to use more than one API Key do as follows. This usually occurs when you are hosting sites for many different registrants.

Export the API key if this is the first time you are using that key. If you have already created certificates with this API key the will read it from the config file from the file /root/ --issue --config-home /root/ --log --dns dns_gandi_livedns --log -d *.domain.tld -d domain.tld

First run will fail. Run it again.

Create the target directory for certificate installation.

mkdir /etc/apache2/\*.domain.tld

Now install the certificate

./ --install-cert --config-home /root/ -d *.domain.tld -d domain.tld \
--cert-file /etc/apache2/\*.domain.tld/\*.domain.tld.cer \
--key-file /etc/apache2/\*.domain.tld/\*.domain.tld.key \
--fullchain-file /etc/apache2/\*.domain.tld/fullchain.cer \
--reloadcmd "service apache2 force-reload"

Now you are ready to proceed to configure your website’s Apache configuration as described in the original instructions (scroll up).

If you have any improvement suggestions or would just like to say thanks you can use the contact form below.

Migrating a Mediawiki to a new Linux server

To get you started: Get a Linux VPS.

I chose, an ecohosting company with the data center deep inside the Finnish granite bedrock, a “renewable electricity only”-policy and a cloud infrastructure built on top of OpenStack.

For OS I chose latest Debian Stable which was version 9 at the time of writing.

Mediawiki's logo
Mediawiki is a wiki system of awesome quality and reliability created the VPS on their OpenStack based cloud in a matter of few tens of seconds.

Then the system gave a temporary password and on login via ssh the system required a new password was set.

Login with the new password and run

sudo apt update && sudo apt upgrade

This will get the pre-installed software to their latest version numbers and may take a while.

Then I added a user name I usually use on Linux systems by entering:

sudo useradd -m -s /bin/bash <username>

Now set a password for username with

sudo passwd <username>

and add the user to /etc/sudoers (make a copy of the line that says “root” and change ‘root’ to your user name of choice) and log out and log in as the newly created user.

Now is a good time to get an firewall going so do so.

Now grab a list of installed packages with

dpkg --get-selections > packages-YYYY-MM-DD.list

This could be useful for later use.

Now install some software

sudo apt install tmux nmap apache2 lynx
  1. tmux is a shell session multiplexer
  2. nmap is a port scanner
  3. apache2 is a web server
  4. lynx is a terminal-based web browser

And some more software

sudo apt install htop atop itop iotop glances chkrootkit
  1. htop, atop, itop and glances are system monitoring (for humans)
  2. iotop is a IO (Input/Output) monitoring system for humans (requires sudo)
  3. chkrootkit is a software for checking if your system has a known rootkit installed (bad for you)

Migrating the Mediawiki

First install the dependencies as described below and only then we switch to following the moving a wiki guide. which consists of actually three operations:

  1. Making a backup of the Mediawiki on the old server
  2. Moving the backup to the new machine
  3. Restoring Mediawiki from the backup.

Installing Mediawiki’s dependencies

Now we move on to installing the dependencies of Mediawiki. For this we will follow the Mediawiki installation guide for Debian and Ubuntu (generic guide here) up-to-the-point of actually installing one.

sudo apt-get install apache2 default-mysql-server default-mysql-client php php-mysql libapache2-mod-php php-xml php-mbstring

We installed MariaDB instead of MySQL. They are binary compatible so you can choose one or the other and also interchange them afterwards. Add the database and database user of your wiki and grant all rights on the database to the database user.

Those are the mandatory components and next up are the beneficial components out of which we chose the following

sudo apt-get install php-apcu php-intl imagemagick php-cli

Move required files and the database to new machine

If possible make sure that your Mediawiki is the latest version on the old server.

Next I packed and moved

  1. The database
  2. The Mediawiki directory /var/www/mediawiki
  3. The Mediawiki logs from /var/log/sites/mediawiki
  4. site configuration from /etc/apache/sites-available

and expanded them into the right place on the new server.

A sane approach to the Mediawiki files ownership is as follows

First recursively make you the owner of all of the Mediawiki directory and its subdirectories and files with

sudo chown -R <username> /var/www/mediawiki

and then explicitly making the images/-directory, where Mediawiki stores its writables, to be posession of user www-data (www-data is the user that Apache and Mediawiki run as) by

sudo chown -R www-data /var/www/mediawiki/images

Minimize downtime

The TTL (Time To Live) of the domain at the DNS also naturally affects the length of the outage so modifying it to very short time such as 15 minutes way in advance of commencing the migration.

I temporarily modified the domain name of the Mediawiki (in /etc/apache2/sites-available and also LocalSettings.php) to a temporary subdomain to test that the Mediawiki is working on the new server before doing the DNS change of the production Mediawiki. After you have viewed that the wiki is working on the new server change the domains back to the “real” one.

Following these two practices are simple practical things to do that help to make the imminent outage of your service as short as possible.

Configure Apache2

Link the .conf files with symbolic links from /etc/apache2/sites-available to /etc/apache2/sites-enabled.

ln -s ../sites-available/

Enable mod_rewrite which is needed for the pretty URLs to work.

sudo a2enmod rewrite

Test your Apache2 configuration with

sudo apachectl configtest

and fix your config untill the configuration says ‘Syntax OK’

The last step is that we need to make the Apache2 reload its configuration which is accomplished with

sudo service apache2 reload

Now navigate to the temporary subdomain’s /wiki/-directory and you should see your wiki there.

Warning: The Mediawiki extensions may have dependencies that are not satisfied so also check that each extension works.

If using reCAPTCHA

Google’s reCAPTCHA stopped working (CAPTCHA shows up but when it is time to approve the human as a human I got an error message that reCAPTCHA “cannot contact server”.

This seemed to be solved by logging in to the CAPTCHA management page at Google and deleting the old keys and generating new keys and naturally changing the keys to the new ones at Mediawiki’s LocalSettings.php

Important: Enable outgoing email for Mediawiki

Now we need to put in place a way for the Mediawiki to send emails (very important).

My registrar provides a mailing system which enables the one to use $wgSMTP (set this in LocalSettings) to send outgoing mailing. They also have 5 mailboxes and 1000 forwards included for each domain for all registrants so I can confidently use … addresses since is rock-solid operation with a very wide palette of TLD’s though maybe 20% higher prices than the price leader which is often buggy, slow and unreliable if they just compete with the “cheapest on planet”.

Other method to get email to go outwards is to install a MTA (Mail Transfer Agent) such as Sendmail, Postfix or Nullmailer and configure it to send the messages.

Whichever method you chose to enable email do check that it works!

Happy wikiditing! – Juho

Installing a Kubuntu 17.04 (again)

This is a blog post mainly about how to flexibly reinstall Kubuntu 17.04 GNU/Linux OS after the previous install running into troubled waters and break down.

Cycle through more than one disk in the install clean approach so get an USB-to-SATA3 casing and some hard drives. The idea is that to install the next OS you do not need to overwrite the previous OS.

  • Get FireFox sync. This way you don’t need to import your bookmarks as sync does it for you.
  • Take previous disk out of the computer and insert another disk, connect the USB installation medium (and select boot order in BIOS or UEFI) and power up.
  • Install Kubuntu.
  • Boot Kubuntu
  • Open a shell and run ‘sudo apt update && sudo apt upgrade’ to get the installed software to the latest version.
  • Install software
    • Monitoring: ‘sudo apt install htop atop iotop glances’ (glances will install python)
    • Database: ‘sudo apt install mariadb-server’
    • Graphics and video: ‘sudo apt install inkscape gimp kdenlive’
    • Audio: ‘sudo apt install linux-lowlatency audacity fluidsynth patchage’
    • Shell multiplexer: ‘sudo apt install tmux’
    • Virtual machine: ‘sudo apt install virtualbox’
  • Copy files:
    • Connect the old disk to the computer with the USB-to-SATAIII casing and mount it
    • I am trying to avoid getting broken confs from the old machine so only conf file I will take is in /media/username/UUID/username/.config/kdenlive. I used cp command in the shell to get it
    • Copy all files and directories from your old home directory to the new home directory, tick “apply to all” and select “write into” when it asks what to do with directories that exist.
    • Copy any other files you need. Unmount the external drive and remove and put in a cool and dry place.

Law draft to ban covert modeling

Law draft to ban covert modeling

covert what?!??!

Since the early 00’s it has become (nearly) impossible to determine in still or moving pictures what is an image of a human, imaged with a (movie) camera and what on the other hand is a simulation of an image of a human imaged with a simulation of  a camera.

When there is no camera and the target being imaged with a simulation looks deceptively human it is a digital look-alike.

Now the equivalent thing is happening to our voices i.e. they can be stolen to some extent with the 2016 prototypes like Adobe Voco and DeepMind WaveNet and made to say anything. When it is not possible to determine with human testing what is a recording of a real voice and what is a simulation it is a digital sound-alike.

It is time to act and ban covert modeling.

9 images showing various techniques on a model derived interactively from a single photo
Image 1 (low resolution rip)
Sculpting a morphable model to one single picture (1)
Produces 3D approximation (2)
Texture capture (4)
The 3D model is rendered back to the image with weight gain (3)
With weight loss (5)
Looking annoyed (6)
Forced to smile (7)
Image 1 by Blanz and Vettel – Copyright ACM 1999 –
doid=311535.311556 – PPermission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page.
finding the specular and the diffuse components of the light
Image 4: Separating specular and diffuse reflected light
Normal image in dot lighting (a)
Image of the diffuse reflection which is caught by placing a vertical polarizer in front of the light source and a horizontal in the front the camera (b)
Image of the highlight specular reflection which is caught by placing both polarizers vertically (c)
Subtraction of c from b, which yields the specular component(d)
Images are scaled to seem to be the same luminosity.
Original image by Debevec et al. – Copyright ACM 2000 – – Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page.




In the cinemas we have seen digital look-alikes for over 10 years. These digital look-alikes have “clothing” (a simulation of clothing is not clothing) or “superhero costumes” and “superbaddie costumes”, but unfortunately organized criminal gangs with this weapons capability at their disposal are spreading naked digital look-alikes with unnatural “physical” interactions. These industrially produced delusions cause human suffering and societal suffering and the parts that can be outlawed should be outlawed for the protection of the citizens from the arbitrary disinformation attacks by criminal leagues.

Anecdotally we can say: “Do you think that was Hugo Weaving’s left cheekbone that Keanu Reeves punched in with his right fist?”

Brief look at laws that intersect with covert modeling concerns

Chapter 24 of the Finnish Criminal Code “on violating privacy, peace and honor” includes some laws that are touching the issue but unfortunately do not yield sufficient methods to stop crime.

  • § 6 Covert watching
  • § 7 Preparing for covert listening or watching
  • § 8 Spreading information that violates right to private life
  • § a 8 Aggravated spreading information that violates right to private life
  • § 9 Defamation
  • § 10 Aggravated defamation


Proposed law to ban covert modeling

§ 1 Covert modeling of appearance

Acquiring a 3D model and making a 7D bidirectional reflectance distribution function model¹ or similar but technically different model without consent i.e. covert modeling of appearance is illegal. Also possession, purchase, sale, yielding, import and export of covert models are punishable.

§ 2 Of using covert image likeness models

Animation and projection from the covert models defined in section 1 to still and animated 2D image or stereo-images² and making these available is forbidden³.

§ 3 Covert modeling of a human voice

Acquiring a model of human voice⁴ that deceptively resembles a human voice, possession, purchase, sale, yielding, import and export without the consent of the target is illegal.

§ 4 Of using covert voice models

Generating and making available audio material from a covert model of a human voice is illegal.

  1. The seven dimensions of the bidirectional reflectance distribution function are as follows: 3 cartesian X,Y,Z and 2 for the entry angle and 2 for the exit angle of the light.
  2. In movie lingo the so called “3D”. In reality it supposedly is only 2 pcs 2D planes in its dimension.
  3. Those in posession of the end product should be encouraged to seek help and not criminalized.
  4. E.g. Adobe Voco ja DeepMind WaveNet. Not yet publicly audible.

Ending words

It may be seven dimensional and we are in approximately 4 dimensions but they cannot leave the 2D projection if we don’t let it anymore. Is there any political will to do something about it?

Serious viewing on the situation

This is a document is the translation of a Finnish original from 2016 intended to be a citizens initiative.

Translation: Tao Te King – Chapter 81. Proof of simplicity

Chapter 81. Proof of simplicity

Honest words are not high and mighty, mighty and high words are not reliable.

The man of  Tao does not argue.

Statue of Laozi in Quanzhou
Statue of Laozi in Quanzhou 中文: 福建泉州老君岩. Uploaded via Flickr to Commons by Dirrival.

Those who argue are not skilled in the Tao.

Those who know it are not scholars. The scholars don’t know it.

A wise man does not amass treasures.

The more he spends on others the more he himself has.

The more he gives to others the richer he becomes.

This is the heavenly Tao that passes through all things, but offends no-one.

This is the wise man’s Tao that acts but does not fight.

End of the Book of the Way of Virtue

Own translation from 1925 Finnish translation by Pekka Ervast (ISBN 951-8995-01-X) with kind permission of Ruusu-Ristin Kirjallisuusseura ry.

Translation: Tao Te King – Chapter 2. Becoming perfect

Chapter 2. Becoming perfect

When the world speaks of the beauty of beauty then ugliness is defined in the same.

Painting picturing Laozi looking troubled
Laozi is not totally free of the pain of knowledge but knowing the Tao decreases the pain caused by search for information. PD-life-plus-70

When good is seen as good then evil is also immediately clear.

Thus being and unbeing both awaken each other; same as difficult and easy, distant and near, high and low, sounding and tinkling, head of the troop and the follower.

A wise one deals only with what is unprejudiced.

He teaches without using words; he works effortlessly, he produces without owning; he acts without seeking the fruits of labor; he finishes his tasks without borrowing; and as he does not claim anything to be his, it cannot be said that he would ever lose anything.

Own translation from 1925 Finnish translation by Pekka Ervast (ISBN 951-8995-01-X) with kind permission of Ruusu-Ristin Kirjallisuusseura ry.

Translation: Tao Te King – Chapter 80. Standing alone

Chapter 80. Standing alone

If I had a small kingdom and only ten or hundred able men, I would not use them for government.

I would teach the people to view death as a high thing and then they would not go abroad to seek it.

Even if they had ships and carriages, they would not leave with them.

Painting of 2 women mending a fishing net
“Improve the present hour” by Winslow Homer depicting two women mending a fishing net. Uploaded by Davepape. PD-life-plus-100

Even if they had war gear they would never have an opportunity to wear them. The people would return again to using yarn and knots (instead of writing).

They would notice coarse food to be palatable, keep their simple clothing beautiful, see their houses as places of rest and would enjoy their simple entertainments.

Even if nearby there was another state and from there the crowing of the roosters and barking of the dogs sounded, my people would grow old and die without needing to socialize with them.

Own translation from 1925 Finnish translation by Pekka Ervast (ISBN 951-8995-01-X) with kind permission of Ruusu-Ristin Kirjallisuusseura ry.