April 2010 Archives

For the moment, I’m throwing shared bookmarks (a la del.icio.us or pinboard or whatever) into Evernote — you can see them at http://www.evernote.com/pub/genehack/shared (and there’s an RSS feed there too…)


| No Comments | No TrackBacks
$ history | awk {'print $2'} | sort | uniq -c | sort -k1 -rn | head
   1852 git
   1742 cd
   1176 st
    929 ls
    638 mv
    553 d
    348 prove
    323 rm
    308 push
    284 make

‘st’ is an alias for ‘git status’; ‘d’ is an alias for ‘git diff’; ‘push’ is an alias for ‘git push’…


Achievements for Git!

Set up your own by following the instructions at this repo.

  1. StatusNet is looking to capitalize on the Tweetie purchase fallout.

  2. Say Tweet Again (via)

  3. I hate the hovercard thing. HATE

Jessamyn put Oddbook up on Google Code, and there was a bug filed against my old reading list tracker, which combined to be the kick in the pants necessary to get me to start working on booklist again. Feel free to jump in if you like. Eventually there’s going to be a web layer!

Mark Pligrim on identity in the modern world:

My attempts at compartmentalization have failed. There is only one inbox.

On the down side (that was the up side), there is no “off the clock.” There is no “not on company time.” There is no “not speaking on behalf of…” Disclaimers to the contrary are commonplace, well-rehearsed, and futile. Technologies that “help” us to link our disparate personas will inevitably intertwine them with our impersonas too. There are no “strictly personal venues.” And when nothing can be said without being misconstrued, there is nothing left to be said.

My attempts at compartmentalization have failed. There is only one outbox.

I am big tired.

Read the whole thing; read the comment thread too. Ponder.

(not speaking for my employer.)

Less Talk, More Rock:

Go right from the inspiration — the vision — to actually making it. Don’t think it through. Don’t talk about it. Don’t plan it. Dive in and start making it happen. If you do that — if you can start rocking — you’ll get some momentum, and when you have some momentum then the project has a chance, because now you’re into it. It’s going somewhere, it’s tangible. Sure, you’ll still run up against problems to solve and decisions to make, but you’ll approach these in the moment and solve them in the moment. You’ll solve them so you can keep moving.

(via Paper Bits and yeah i used the exact same pullquote he did but dammit it’s the best ‘graph in the whole thing.)

Elf digs into some Javascript on a particular high-traffic site. In the same way that some people love reading about high-performance cars or bikes they’re never going to own or even use, I love reading about deconstruction of these optimizations that are only worth doing on a tiny, tiny fraction of ultra-high traffic sites.

Update: Elf points out that I missed what he was trying to say.

The Apache Software Foundation was recently the victim of a targeted attack, which they’ve detailed at great length. It’s a fascinating read, and somewhat depressing, and also awesome in a completely evil way, all at the same time.

For the tl;dr crowd, an executive summary: the attackers utilized a previously-unknown cross-site scripting bug in a third-party product, masked it by a URL shortener, and then leveraged that into enough access to trap passwords as they were changed, followed by a global “reset your passwords pls” message… and then they got lucky (or somebody in ASF got sloppy). You’ll have to read the whole thing to get the details of the end game, but all told only one box at ASF was rooted, largely due to a fairly stringent set of internal security policies.

The awesome-in-an-evil-way part: the sophistication of this attack as well as the level of detail in the post-mortem is astounding. The Apache Infrastructure team deserves some major props for their writeup, and somewhere there’s a team of black hats that should really think about trying to do something productive — this much smarts applied to something other than breaking and entering would probably do some great things…

The depressing part: the shortened URL that kicked the whole mess off came in from the outside world and was captured in a help desk system — that’s the third party product that had the previously unknown bug. That’s a pretty innocuous attack vector, all things considered — I probably click on dozens of those a day, without even thinking about it.

Imagine how your corporate or organizational security training would need to be updated to make people aware of the risks associated with URL shorteners, as well as what steps can be taken to mitigate those risks, in a way effective enough to have had a chance at preventing this attack. At this point, you’re probably either laughing or crying, so I’ll stop there, but DAMN. It gets more and more amazing to me, each and every day, that the Internet manages to function at all. That it continues to carry on is largely due to the work of people like the Apache Infrastructure team. (Remember this when Sysadmin Day rolls around…)

Devin Austin has a nice post up about MooseX::App::Cmd, which I’ve been playing with recently too. Go over and hit his article for the basics; I’m interested in showing you how in addition to MooseX::App::Cmd, you can add in MooseX::Declare to get some super cool stuff:

Note that MooseX::Declare handles the normal unpacking of arguments that would usually be the first line in a Perl subroutine — $self is just there automagically, and the other two arguments that come in via MooseX::App::Cmd are detected and unpacked because of the way the method is declared in line 14. If the command is invoked without a -n or --name option, it will throw an error about a required option being missing, and dump a helpful usage text, like so:

But wait, where are the --configfile and --file options coming in from? The parent App::Booklist::CLI::BASE class, natch. Note that this class is the one actually extending MooseX::App::Cmd::Command, and it’s also using yet another cool Moose extension, MooseX::SimpleConfig, which is where the --configfile option springs from:

Because of that simple with MooseX::SimpleConfig line, I get automagic loading and parsing of a config file in a multitude of formats — so if I have a YAML file that looks like this:

That’s sufficient to override the default embedded in the code, and the config itself can be overridden with a simple --file db/nothisfile.db on the command line when running any command that extends App::Booklist::CLI::BASE.

MooseX::App::Cmd is the goodness, and MooseX::Declare and MooseX::SimpleConfig are pretty sweet too; the next time you need a CLI app with multiple sub commands you should check them all out…