Long time no update!
I've been busy with quite a lot of randomness. Among them is that I'm now streaming synthwave and similar music on a live internet radio station. If you'd care to have a listen, try one of the following streams:
Alternatively, the radio stream provider I'm with seems to have a widget, let's see if that works:
So, it's been a while since I wrote about that fortune cookie server. I had sort of gotten bored of it, you know how that happens. But over the long weekend, I found some time to revisit that - this time as a proper API. Since I like to make fun of this whole "frob as a service" thing. And because I can.
So I came up with this API for fortune cookies. It's all on GitHub, doesn't have an SLA, because that would be silly, but it did just get its first release. Long weekend and all.
Like any good microservice thingy, you can query it with curl:
curl https://api.ef.gy/fortune
Disqus is actually surprisingly annoying to inline, and I wasn't really happy with how it pretty much forces you to also load Google Analytics, so I've killed it on the site.
The DNT setting in your browser still has an effect, though. It controls whether or not iframes get to load in the page or whether they turn into links for you to follow. For YouTube, etc.
Seeing as how most of the discussion on contents of this site aren't really happening here, and the disqus plugin is broken half of the time anyway, this shouldn't really affect anyone. If you do want to add comments to an article, just do so on Facebook or Google+ and tag the author or something :).
Right. Now carry on, then!
You may remember the picture of my shiny little To-enabled Pi on the last blog post about monitoring the very same device through Tor. It had just received a shiny new PIco UPS backpack with a LiPO battery from pimodules.com. It turns out, however, that I first had to hack that a bit to make it usable for my purposes.
For one thing, it was a wee bit too big to fit in the current case, so I had to make room by getting a new one. Which obviously made the Pi rather happy:
For another, the device actually requires you to run a Python script as root so that the firmware can figure out if your Pi is booted or not, and to get it to shut down if a power failure is imminent. Now, I don't know if you follow my Twitter, but on there I'd previously quite proudly declared that I'd gotten rid of Python on the sucker, and I wasn't about to put it back on permanently just to get the UPS to work.
So you've set up monitoring via Prometheus, e.g. by following a guide like this one. The obvious next step is to make sure all the servers you want to monitor this way are actually reachable by Prometheus - and you definitely want to make sure your monitoring data isn't tampered with in transit.
This is reasonably straightforward if you control or trust the network, but if your monitoring targets are on remote networks and will traverse unsafe networks, such as the internet... well... not so much, then. There, you basically need to solve three problems:
In particular the reachability is a bit of doozie - the inspiration for all this was basically that I wanted to monitor my portable, battery-powered Raspberry Pi Tor gateway from one of my servers. The typical way to do that is to play with my firewall at home and use NAT to allow inbound connections to the Pi, but since the thing is portable that wouldn't always work - for instance when the Pi is resting comfortably in my backpack at work.
div is one of the universal staples of web design. It really shouldn't be. The same goes for span. It's not like these tags are never the right tool for the job, but most of the time they're used they really shouldn't have been.
The problem is that using these tags when they wouldn't be necessary turns your HTML into a meaningless mess, which at the same time will make CSS to style it a lot harder to read and write than it would otherwise have to be - which in turn leads to people thinking that CSS is hard, when really it's not. So I've compiled this handy list to highlight the more common abuse cases out there. It also requires extra bandwidth, and I've yet to see a single site doing any of the following that then actually set up proper compression to fix it - or the extra whitespace and HTML comments people are so fond of, at that.
Please note that I made none of these examples up. I literally keep seeing them every time I use an HTML inspector on just about any random site.
Time to have some fun with a shiny new Raspberry Pi! Obviously one of the things I had to do, was to make it work as an AP for my iPad Pro to connect to, so I could SSH in and do some actual work.
It turns out that it's pretty straightforward to go from there to a neat little Tor gateway. For, you know, whenever you'd need that. The finished product looks something like this:
To create one of these handy little buggers, you'll need the following:
I got a heads up about this a few days ago. As it turns out, the most excellent feed reader Feedly can't handle atom:content nodes with full XHTML content, i.e. of the form:
<atom:content type="application/xhtml+xml">
<xhtml:html ...>
<!-- ... -->
</xhtml:html>
</atom:content>
The content gets rendered all sad and unformatted, with just the literal text content of the nodes rendered. Like so:
My old personal laptop was due for a refresh around the time the iPad Pro was announced. While I still really like it, the previous four years of abuse are starting to take their toll on the poor thing, with the display doing flickery things no display ever should and the battery starting to last less than three hours. I guess four years is a good run for a laptop these days.
I went browsing for a suitable replacement when I noticed that I really only ever do three things with it: Use a web browser, SSH into things to work and watch videos. Apparently I'm not a power user, because all of these things are quite doable on an iPad, other bloggers' assertion that it's "not quite ready for power users" notwithstanding.
1.2k USD and several weeks of waiting for the thing to ship later, I'm actually finding myself liking this thing a lot more than I thought I would. Yeah, it does sound expensive when I'm putting it like that, but to be honest that's the same price range as the Chromebook Pixel 2, or any other decent laptop at that.
I've recently "inherited" some PHP scripts for an otherwise pretty cool project. Now, I used to get paid for my PHP, back in the day. Doing medical trials. Back when PHP was considered the duck's nuts and you couldn't tell people otherwise. Even though some people really should've.
We spent a lot of time making sure our code was not exploitable. Naturally I assumed that everyone else was also taking those precautions. Because, you know, you always assume everyone else is doing the same stuff you're doing.
Anyway, this code made me realise that there's still people out there using PHP's mysql(i) interface. In rather... injectable ways. Basically creating SQL queries doing string concatenation. Which is bad, mmmkaaay? So I figure someone should reiterate this again: Do NOT, _EVER_ do that!
Just say NO. There's never a legit reason for this. Use PDO with prepared statements instead. The prepared statement part being really important here.