2019/2020 US FBAR filing for expats

More as a reminder to myself, here’s the easiest way to do this year on year. This is not tax advice and should not be interpreted in any legal way to rationalize that.

Prerequisite: prior year’s FBAR filing PDF and Acrobat Pro (not the free version). If you’re adding accounts especially in bulk you’ll want to edit the XML – any freeware XML editor will do, like https://sourceforge.net/projects/xml-copy-editor or a text editor like Sublime Text (install the Indent XML package which is what I used to get it formatted properly for reading).

Open your prior year filing then in Acrobat, go under the right-hand side Tools menu and choose Forms. Then click “More Form Options” to get the “Export Data” option.

** only use if edits needed – if no changes to anything but account values skip this **

Export as an XML file. Open in your XML editor. To add new accounts look for the tags like: <ffbar:FinAcctOwnedSeparately> then a bunch of data then some lines down, the closing tag </ffbar:FinAcctOwnedSeparately>.

You can just copy and paste these blocks of text to add new accounts and change the details inside accordingly. This is very useful if you have many accounts at the same bank for example for work purposes where the tags are <ffbar:NoFinInterestFinAcctOwned> and </ffbar:NoFinInterestFinAcctOwned>.

Save the XML file.

** end if editing not needed **

Open up a fresh FBAR form from FinCEN (https://bsaefiling.fincen.treas.gov/NoRegFBARFiler.html). Open it in Acrobat, then under the same “More Form Options…” choose Import data… and import the XML file you exported above.

Change the filing name to something (i.e., My 2020 FBAR).

Change Line 1 to the current year filing (2019 in this case).

As of 2020 you have to add your D.O.B. on line 5. This is new. Add this in MM/DD/YYYY with 0’s if needed.

When finished, click “Validate” on page 1. Then save and submit.

If starting with an older year than your 2018/2019 FBAR, also note you’ll need to edit the XML for a breaking change they made – find the word in the XML line with the est:FilingType tag and change FFBAR to FBARX. This was a one time change that year which was a huge pain to figure out. Thanks to http://blaisegassend.blogspot.com/2019/04/getting-your-data-into-new-fbar-form.html for finding this. Otherwise the IRS will accept the upload then send you a nice email “validation failed” without much context.

WordPress + Docker Double Caching with Redis and Nginx Reverse Proxy

While WordPress is great it’s slow and taxing on a webserver. However ultimately Redis’ object cache and the related plugin as well as Nginx’s reverse proxy caching make for an especially fast site. Combine Traefik for management and do it all on Docker for an excellent solution.

Step 1: Create a basic Traefik folder (for this example in your home directory ~/Traefik

Step 2: in the new Traefik directory, create a conf directory and create the acme.json.

mkdir ./conf
sudo touch ./conf/acme.json
sudo chmod 0600 ./conf/acme.json

Step 3: Load the docker-compose.yml into the top Traefik directory as follows:

---
version: '3.8'
services:
  traefik:
    container_name: traefik
    image: traefik:chevrotin
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - ./conf/traefik.toml:/etc/traefik/traefik.toml:ro
      - ./conf/traefik_dynamic.toml:/etc/traefik/traefik_dynamic.toml:ro
      - ./conf/acme.json:/acme.json
    labels:
      traefik.enable: true
      traefik.http.routers.api-http.rule: Host(`traefik.${HOSTNAME1}`)
      traefik.http.routers.api-http.entrypoints: web
      traefik.http.routers.api-http.middlewares: https-redirect@file
      traefik.http.routers.api-https.service: api@internal
      traefik.http.routers.api-https.rule: Host(`traefik.${HOSTNAME1}`)
      traefik.http.routers.api-https.entrypoints: websecure
      traefik.http.routers.api-https.middlewares: security@file, compression@file, https-redirect@file, auth
      traefik.http.routers.api-https.tls: true
      traefik.http.routers.api-https.tls.certresolver: letsencrypt
      traefik.http.middlewares.auth.basicauth.users: "username:httpasswd_double_$$"

  sqlwp:
    container_name: sqlwp
    image: mariadb:latest
    restart: unless-stopped
    volumes:
      - ./mysql:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
      - MYSQL_USER=${MYSQL_USER}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
      - MYSQL_DATABASE=${MYSQL_DATABASE}
    labels:
      traefik.enable: false

  nginxwp-1:
    container_name: nginxforwp-${HOST1}
    image: nginx:stable-alpine
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - ./wordpress-${HOST1}:/var/www/html
      - ${LOGS_LOCAL}:/var/log/nginx/
      - ./conf/nginx-${HOST1}:/etc/nginx/
      - nginxcache:/var/www/html/cache
    links:
      - wp-1
    labels:
      traefik.enable: true
      traefik.http.routers.nginxwp-${HOST1}-http.rule: Host(`${HOSTNAME1}`)||Host(`www.${HOSTNAME1}`)
      traefik.http.routers.nginxwp-${HOST1}-http.entrypoints: web
      traefik.http.routers.nginxwp-${HOST1}-http.middlewares: https-redirect@file
      traefik.http.routers.nginxwp-${HOST1}-https.rule: Host(`${HOSTNAME1}`)||Host(`www.${HOSTNAME1}`)
      traefik.http.routers.nginxwp-${HOST1}-https.entrypoints: websecure
      traefik.http.routers.nginxwp-${HOST1}-https.middlewares: security@file, compression@file, https-redirect@file
      traefik.http.routers.nginxwp-${HOST1}-https.tls: true
      traefik.http.routers.nginxwp-${HOST1}-https.tls.certresolver: letsencrypt

  wp-1:
    container_name: wpapp-${HOST1}
    image: wordpress:php7.4-fpm-alpine
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - ./wordpress-${HOST1}:/var/www/html
      - ./conf/php.ini:/usr/local/etc/php/php.ini
      - nginxcache:/var/www/html/cache
    depends_on:
      - sqlwp
    environment:
      - WORDPRESS_DB_HOST=${WORDPRESS_DB_HOST}
      - WORDPRESS_DB_USER=${WORDPRESS_DB_USER}
      - WORDPRESS_DB_PASSWORD=${WORDPRESS_DB_PASSWORD}
      - WORDPRESS_DB_NAME=${WORDPRESS_DB_NAME}
      - WORDPRESS_TABLE_PREFIX=${HOST1}
    labels:
      traefik.enable: false

volumes:
  dataredis:
  nginxcache:

Step 4: Create a .env file in the main Traefik directory

MYSQL_ROOT_PASSWORD=make_a_good_password
MYSQL_USER=something_but_admin_or_root
MYSQL_PASSWORD=make_a_good_password
MYSQL_DATABASE=wpdb
WORDPRESS_DB_USER=something_but_admin_or_root
WORDPRESS_DB_PASSWORD=make_a_good_other_password
WORDPRESS_DB_HOST=sqlwp
WORDPRESS_DB_NAME=wpdb
HOST1=mydomain
HOSTNAME1=mydomain.com

Follow the rest of the directions here:

https://computerz.solutions/docker-compose-wordpress-nginx-et-traefik/

Fixing Vodafone UK London Underground wifi

If you’re using an iPhone and have a Vodafone UK monthly subscription, there’s a special wireless network SSID (VodafoneWiFi) that bypasses the annoying Virgin Media login screen everytime you’re in the London Underground (as with the SSID VirginMediaWifi).

Unfortunately there’s some sort of Apple issue that doesn’t let it connect directly as it asks for a username and password instead of using the SIM authentication (EAP-SIM). This config profile forces the iPhone to use the SIM to connect itself to VodafoneWiFi. Enjoy. Click here from your mobile browser and hit Install

UPDATE for 2020 – still works on the tube, though a little unreliable on newest iOS 13 as maybe 20% of the time it will refuse to connect. I suspect that’s an access point problem vs a phone problem. Either way this is as good as it gets!