Two minor things:
A simple shell-script to submit metrics to a graphite server, extensible via local plugins, but covers the obvious metrics by default.
Metrics are submitted via simple calls to netcat.
Trivial, but much more lightweight than collectd and similar.
A perl module for converting HTML like "<p>:smile:</p>" into something graphical.
This was written for my markdown sharing site, but is pretty fun.
The konami-code page demonstrates usage.
(This parses the HTML so it won't transform attributes, ids, or anything that isn't in the "text" part of any HTML input.)
The graphite sending script is perhaps the most useful, but at the same time it feels too small to be a package of its own. I'm tempted to bundle it up into my sysadmin-util collection, but I can't quite decide if it belongs there either.
For the past few years I've hosted all my websites in a "special" way:
The webserver I chose initially was thttpd, which gained points because it was small, auditable, and simple to launch. Something like this was my recipe:#!/bin/sh exec thttpd -D -C /srv/steve.org.uk/thttpd.conf
Unfortunately thttpd suffers from a few omissions, most notably it doesn't support either "Keep-Alive", or "Compression" (i.e. gzip/deflate), so it would always be slower than I wanted.
On the plus side it was simple to use, supported CGI scripts, and served me well once I'd patched it to support X-Forwarded-For for IPv6 connections.
Recently I setup a server optimization site and was a little disappointed that the site itself scored poorly on Google's page-speed test. So I removed thttpd for that site, and replacing it with nginx. The end result was that the site scored 98/100 on Google's page-speed test. Progress. Unfortunately I couldn't do that globally because nginx doesn't support old-school plain CGI scripts.
So last night I removed both nginx and thttpd, and now every site on my box is hosted using lighttpd.
There weren't too many differences in the setup, though I had to add some rules to add caching for *.css, etc, and some of my code needed updating.
Beyond that today I've setup a dedicated docker host - which allows me to easily spin up containers. Currently I've got graphite monitoring for my random hosts, and a wordpress guest for plugin development/testing.
I was rather excited to receive my box set of Doctor Who: Dark Eyes 2 today. Not just because it’s the follow-up to the BBC Audio Drama Award-winning first series. Here’s the splendid artwork that accompanies the 4 CD release:
You see the photographs of Nicola Walker from Spooks on the box, album art and even the disk itself? I took those! Thanks to the design wizardry of Damien May they blend seamlessly with the photographs of Paul McGann, Ruth Bradley and Alex Macqueen in costume that they already had. It’s tremendously exciting to see one’s efforts printed on an actual BBC authorised CD.
Nick Briggs (Executive Producer and voice of the Daleks) asked if I could attend the recording session at the studio to photograph Nicola, Alex, Ruth and other cast members. Not knowing exactly what I would encounter when I got there, I tried to cover all the possibilities. I ended up shooting using off camera flash to get the dramatic lighting suitable for the covers and album art, and natural light for the more straight-forward shots. It was fascinating to see how a complex audio drama is recorded, and yes, the lunches at the Big Finish studios are every bit as good as they are made out to be!
I can see more of my photos of Ruth (below), Alex and Nicola in issue 60 of Big Finish’s free magazine, Vortex. Dark Eyes 2 is available now from bigfinish.com. I suppose I better go and listen to it now!Pin It
I've updated my markdown-pastebin site, to be a little cleaner, and to avoid spidering issues.
Previously every piece of uploaded text received an incrementing integer to describe it - which meant it was trivially easy for others to see how many pieces of text had been uploaded, and to spider all past uploads (unless the user deleted them).
Now each fresh paste receives a random UUID to describe it, and this means spidering is no longer feasible.
I've also posted the source code to Gitub so folk can report bugs, fork, etc:
That source code now includes a Dockerfile which allows you to quickly and easily build your own container running this wonderful service, and launch it without worrying about trashing your server ;)
Anyway other than the user-interface overhaul it is still as functional, or not, as it used to be!
Today I setup a new website:
Something I want, something I'll use, and something that might be useful to others?
After Monkigras 2013, I was really looking forward to Monkigras 2014. The great talks about developer culture and creating usable software, the amazing buzz and friendliness of the event, the wonderful lack of choice over which talks to go to (there’s just one track!!), and (of course) the catering:
The talks were pretty much all great so I’m just going to mention the talks that were particularly relevant to me.
Rafe Colburn from Etsy talked about how to motivate developers to fix bugs (IBMers, read ‘defects’) when there’s a big backlog of bugs to fix. They’d tried many strategies, including bug rotation, but none worked. The answer, they found, was to ask their support team to help prioritise the bugs based on the problems that users actually cared about. That way, the developers fixing the bugs weren’t overwhelmed by the sheer numbers to choose from. Also, when they’d done a fix, the developers could feel that they’d made a difference to the user experience of the software.
While I’m not responsible for motivating developers to fix bugs, my job does involve persuading developers to write articles or sample code for WASdev.net. So I figure I could learn a few tricks.
A couple of talks that were directly applicable to me were Steve Pousty‘s talk on how to be a developer evangelist and Dawn Foster‘s on taking lessons on community from science fiction. The latter was a quick look through various science fiction themes and novels applied to developer communities, which was a neat idea though I wished I’d read more of the novels she cited. I was particularly interested in Steve’s talk because I’d seen him speak last year about how his PhD in Ecology had helped him understand communities as ecosystems in which there are sometimes surprising dependencies. This year, he ran through a checklist of attributes to look for when hiring a developer evangelist. Although I’m not strictly a developer evangelist, there’s enough overlap with my role to make me pay attention and check myself against each one.
One of the risks of TED Talk-style talks is that if you don’t quite match up to the ‘right answers’ espoused by the speakers, you could come away from the event feeling inadequate. The friendly atmosphere of Monkigras, and the fact that some speakers directly contradicted each other, meant that this was unlikely to happen.
It was still refreshing, however, to listen to Theo Schlossnagle basically telling people to do what they find works in their context. Companies are different and different things work for different companies. Similarly, developers are people and people learn in different ways so developers learn in different ways. He focused on how to tell stories about your own failures to help people learn and to save them from having to make the same mistakes.
Again, this was refreshing to hear because speakers often tell you how you should do something and how it worked for them. They skim over the things that went wrong and end up convincing you that if only you immediately start doing things their way, you’ll have instant success. Or that inadequacy just kicks in like when you read certain people’s Facebook statuses. Theo’s point was that it’s far more useful from a learning perspective to hear about the things that went wrong for them. Not in a morbid, defeatist way (that way lies only self-pity and fear) but as a story in which things go wrong but are righted by the end. I liked that.
Ana Nelson (geek conference buddy and friend) also talked about storytelling. Her point was more about telling the right story well so that people believe it rather than believing lies, which are often much more intuitive and fun to believe. She impressively wove together an argument built on various fields of research including Psychology, Philosophy, and Statistics. In a nutshell, the kind of simplistic headlines newspapers often publish are much more intuitive and attractive because they fit in with our existing beliefs more easily than the usually more complicated story behind the headlines.
The Gentle Author spoke just before lunch about his daily blog in which he documents stories from local people. I was lucky enough to win one of his signed books, which is beautiful and engrossing. Here it is with my swagbag:
— Laura Cowen (@lauracowen) February 1, 2014
After his popular talk last year, Phil Gilbert of IBM returned to give an update on how things are going with Design@IBM. Theo’s point about context of a company being important is so relevant when trying to change the culture of such a large company. He introduced a new card game that you can use to help teach people what it’s like to be a designer working within the constraints of a real software project. I heard a fair amount of interest from non-IBMers who were keen for a copy of the cards to be made available outside IBM.
On the UX theme, I loved Leisa Reichelt‘s talk about introducing user research to the development teams at GDS. While all areas of UX can struggle to get taken seriously, user research (eg interviewing participants and usability testing) is often overlooked because it doesn’t produce visual designs or code. Leisa’s talk was wonderfully practical in how she related her experiences at GDS of proving the worth of user research to the extent that the number of user researchers has greatly increased.
And lastly I must mention Project Andiamo, which was born at Monkigras 2013 after watching a talk about laser scanning and 3D printing old railway trains. The project aims to produce medical orthotics, like splints and braces, by laser scanning the patient’s body and then 3D printing the part. This not only makes the whole process much quicker and more comfortable, it is at a fraction of the cost of the way that orthotics are currently made.
If you can help in any way, take a look at their website and get in touch with them. Samiya and Naveed’s talk was an amazing example of how a well-constructed story can get a powerful message across to its listeners:
"This is supposed to be a compliment, but your talk made me cry" – @monkigras
— Charlotte Spencer (@Charlotteis) January 31, 2014
After Monkigras 2014, I’m now really looking forward to Monkigras 2015.
— Paul Johnston (@PaulDJohnston) February 12, 2014
Recently I started doing a internet-wide scan for rsync servers, thinking it might be fun to write a toy search-engine/indexer.
Even the basics such as searching against the names of exported shares would be interesting, I thought.
Today I abandoned that after exploring some of the results, (created with zmap), because there's just too much private data out there, wide open
IP redacted for obvious reason:shelob ~ $ rsync rsync://xx.xx.xx.xx/ ginevra Ginevra backup krsna Alberto Laptop Backup franziska Franz Laptop Backup genoveffa Franz Laptop Backup 2
Some nice shares there. Lets see if they're as open as they appear to be:shelob ~ $ rsync rsync://xx.xx.xx.xx/ginevra/home/ drwxrwsr-x 4096 2013/10/30 13:42:29 . drwxr-sr-x 4096 2009/02/03 10:32:27 abl drwxr-s--- 12288 2014/02/12 20:05:22 alberto drwxr-xr-x 4096 2011/12/13 17:12:46 alessandra drwxr-sr-x 20480 2014/02/12 22:55:01 backup drwxr-xr-x 4096 2008/10/03 14:51:29 bertacci ..
Yup. Backups of /home, /etc/, and more.
I found numerous examples of this, along with a significant number of hosts that exported "www" + "sql", as a pair, and a large number of hosts that just exported "squid/". I assume they must be some cpanel-like system, because I can't understand why thousands of people would export the same shares with the same comments otherwise.
I still would like to run the indexer, but with so much easy content to steal, well I think the liability would kill me.
I considered not posting this, but I suspect "bad people" already know..,