the jof

(Image from In Latte Veritas on Flickr.)

No, no, no, not that kind. This kind:

jonathan@sfo:~~$ tweet Switching to shell aliases to curl commands to the Twitter API for posting to twitter now.

But how?

alias tweet='curl --basic --user jof:PASSWORD --data status="!$" http://twitter.com/statuses/update.xml'

That’s how.

Thusly, http://twitter.com/jof/status/1462312199

I’ve been brainstorming with the idea of having a sort of “brain” process to keep tabs on systems I watch. For recurring problems with consistent solutions, my hope is that it can eventually take care of these without human intervention.

• Attracting or sending too much traffic to/from a peer? Query a snapshot of cFlow records and pick some CIDR blocks to block accordingly.
• Inbound DDOS attack to a single source? Sink the traffic to a mitigator device up to a certain threshold of collateral damage. Past that, automatically inject a BGP-blackhole-community-tagged /32 route upstream.
• Route being hijacked? Determine hijacked block size, and slice up an aggregate into more specific routes where possible.
• Router CPU spiking again? Capture a process list as it happens.

I’m envisioning a set of ruby or python libraries that can interact with different systems and tools in a monitored environment, make some sane choices about what to do, and at the very least, be smart about alerting the administrator. I would much rather receive nagios and cacti threshold alerts over XMPP/Jabber than SMS while I’m in front of a real keyboard.

Come to think of it, receiving alerts over SMS isn’t that great. Email to SMS gateways add a lot of garbage to the message, and they show up as coming from different senders, so they never seem to thread on my phone. Having a programatic way to access alert data would make gathering this data into a ‘Systems Alerts’ type of app on the mobile phone possible.

Here’s what I was brainstorming in OmniGraffle:

BoingBoing Gadgets 'Referer' hiding in effect

I saw this the other day on a BoingBoing gadgets post from within Google Reader. Perhaps an over-zealous .htaccess over at BBG?

Interesting spelling nitpick: the original HTTP 1.0 spec (now in RFC1945) misspelled referrer as ‘referer’ and now it has stuck as a proper misspelling for many things HTTP.

So, note to self: when searching through natural language text, be fuzzy about spelling – it’s not so static changing over time and through repeated use in varied contexts. It sucks to miss a good result just because of a common misspelling.

It’s interesting to see what pages different people like to put up when they have to take down their site for a moment. Some put games, some put some information, some put cartoons trying to placate their users, and some just don’t seem to get it.

 

Bandwidth graph for sfo.thejof.com

Here’s an example of how poking into what your applications are really doing can really save you some compute resources. In early December, I was adding a new job to my crontab and wanted to go over all the things that were running from there.

One of these cron jobs was a script snippet to instantiate mbsync to synchronize my remote IMAP store at work to a local maildir for perusal with mutt. When I wanted to grab a capture of some example network traffic of some of its polling cycles, I was surprised to find that it was always SELECT-ing each folder and iterating through each UID to check if it had seen it before. This took a decent amount of bandwidth to poll every five minutes – around 200 kbps. And of course, with the remote mailstore being an Exchange shop, this stretched the polling cycles on big folders out longer than it should have, blurring the lines between the stop of one cycle and the start of another.

Taking a look at some of the alternatives for remote mailstore synchronization, I started taking a look at fetchmail and eventually settled on switching. By configuring it to use IMAP IDLE-ing, the same process happens faster at around only 5-20 kbps — an almost four-fold reduction in network utilization.

Efficiency victory dance!

 

Terminal Glitch

Why does this happen sometimes when I accidentally cat out some binary file to my terminal? How can I make it happen all the time, it’s great!

I thankful for having the opportunity to talk with other UNIX users on a regular basis. I guess it’s just one of those SF perks.

A coworker and I started using POSIX error messages talking to each other online. Sometimes when you’re being poked over a text-based messaging protocol (Jabber, IRC, /usr/bin/talk) and you’re really in the middle of something, having a set of coded constants you can refer to can be a big help.

[...middle of meeting...]
‘you there? can you help me track down a VM?’
’sorry, EBUSY’

or

‘do you have the next revision of that form ready?’
‘one moment, EAGAIN’

Or the hypothetical:

‘Could you print this file out real quick? I’ve got to run to a meeting’
‘WTF? ENOTTY’
’sudo Could you print this?’
‘ok, fine’

For the last six years, I’ve been making use of the same gpg identity. I’ve copied my private key onto more workstations than I can recall at this point, so I’ve decided to try and be a little bit better about keeping my keys and signatures in-order and up-to-date.

A couple of steps I took tonight in moving to a key set of keypairs:

1. Generated a new signing keypair with gpg --gen-key I cycled through the process several times until I had a nice-sounding trailing 4-bytes. I ended up going with 0×8F8CAD3D — “eight-fate-CAD-3D” I say aloud in my head.
2. Signed the new signing keypair with my old signing keypair, 0xC8579EE5. This is just to mark the new key as trusted by the old one, and to demonstrate that cryptographically.
3. Generated a revocation certificate for the old key, with the old key using gpg -u 0xC8579EE5 --gen-revoke 0xC8579EE5 | gpg --import
4. Sent the revoked, old signing keypair to a keyserver with gpg --send-key 0xC8579EE5
5. Old keypair disappears from keyservers, begin using new signing/encrypting keypairs.

As a result, I’m interesting in finding people I know that want to swap key signatures.

My new key is available here.

Update: I figured “what the heck, it’s 2009, what’s an extra 20k?”, so I embedded a photo in my key as well just for grins. Bask in the glory of a big blob of base-64.

Vimperator is great. It’s a Firefox 3 add-on that implements a separate input layer above normal Firefox controls so that you can navigate around all the browsing and browser settings with vim-like keybindings.
A coworker turned me onto the thing, and I’ve found it makes working in a browser much more productive, as I’m not always alternating between the keyboard and mouse to navigate between different input focuses.

It keeps my hands where they belong when using the computer — on the keyboard!

One feature I like in particular is a binding for ‘[[' and ']]’. The bindings in their respective directions will search for anchor (<a … >) tags on the page and do a little regexp in the inside HTML for ‘prev’ and ‘next’.

This is mucho awesome on sites like Flickr, or multi-page articles where you can just  double-tap the brackets either forward to backward to flip to the next or previous page.

Found this bash gem on some corporate BIND management scripts at work – ugh:

ZTEST=$1
if [ "x$ZTEST" == "x" ]; then
echo “Usage: …..”