fortuned, the second
- 2017-06-06T11:09:07+02:00
So, it's been a while since I wrote about that fortune cookie server. I had sort of gotten bored of it, you know how that happens. But over the long weekend, I found some time to revisit that - this time as a proper API. Since I like to make fun of this whole "frob as a service" thing. And because I can.
So I came up with this API for fortune cookies. It's all on GitHub, doesn't have an SLA, because that would be silly, but it did just get its first release. Long weekend and all.
Like any good microservice thingy, you can query it with curl:
curl https://api.ef.gy/fortune
No more disqus!
- 2016-05-15T22:17:16+02:00
Disqus is actually surprisingly annoying to inline, and I wasn't really happy with how it pretty much forces you to also load Google Analytics, so I've killed it on the site.
The DNT setting in your browser still has an effect, though. It controls whether or not iframes get to load in the page or whether they turn into links for you to follow. For YouTube, etc.
Seeing as how most of the discussion on contents of this site aren't really happening here, and the disqus plugin is broken half of the time anyway, this shouldn't really affect anyone. If you do want to add comments to an article, just do so on Facebook or Google+ and tag the author or something :).
Right. Now carry on, then!
Getting down to business with a Raspberry Pi PIco UPS
- 2016-01-19T21:10:33+00:00
You may remember the picture of my shiny little To-enabled Pi on the last blog post about monitoring the very same device through Tor. It had just received a shiny new PIco UPS backpack with a LiPO battery from pimodules.com. It turns out, however, that I first had to hack that a bit to make it usable for my purposes.
For one thing, it was a wee bit too big to fit in the current case, so I had to make room by getting a new one. Which obviously made the Pi rather happy:
For another, the device actually requires you to run a Python script as root so that the firmware can figure out if your Pi is booted or not, and to get it to shut down if a power failure is imminent. Now, I don't know if you follow my Twitter, but on there I'd previously quite proudly declared that I'd gotten rid of Python on the sucker, and I wasn't about to put it back on permanently just to get the UPS to work.
Secure Prometheus Monitoring via SSH over Hidden Service
- 2016-01-10T12:32:58+00:00
So you've set up monitoring via Prometheus, e.g. by following a guide like this one. The obvious next step is to make sure all the servers you want to monitor this way are actually reachable by Prometheus - and you definitely want to make sure your monitoring data isn't tampered with in transit.
This is reasonably straightforward if you control or trust the network, but if your monitoring targets are on remote networks and will traverse unsafe networks, such as the internet... well... not so much, then. There, you basically need to solve three problems:
- Make it possible for Prometheus to scrape its target, no matter where it is.
- Authenticate the target, and Prometheus to the target.
- Prevent malicious users from messing with the data in flight.
In particular the reachability is a bit of doozie - the inspiration for all this was basically that I wanted to monitor my portable, battery-powered Raspberry Pi Tor gateway from one of my servers. The typical way to do that is to play with my firewall at home and use NAT to allow inbound connections to the Pi, but since the thing is portable that wouldn't always work - for instance when the Pi is resting comfortably in my backpack at work.
A Primer on div-Abuse
- 2016-01-02T11:45:10+00:00
div is one of the universal staples of web design. It really shouldn't be. The same goes for span. It's not like these tags are never the right tool for the job, but most of the time they're used they really shouldn't have been.
The problem is that using these tags when they wouldn't be necessary turns your HTML into a meaningless mess, which at the same time will make CSS to style it a lot harder to read and write than it would otherwise have to be - which in turn leads to people thinking that CSS is hard, when really it's not. So I've compiled this handy list to highlight the more common abuse cases out there. It also requires extra bandwidth, and I've yet to see a single site doing any of the following that then actually set up proper compression to fix it - or the extra whitespace and HTML comments people are so fond of, at that.
Please note that I made none of these examples up. I literally keep seeing them every time I use an HTML inspector on just about any random site.
for marking paragraphs
Using a Battery-powered Raspberry Pi as a Tor Gateway
- 2015-12-26T11:47:35+01:00
Time to have some fun with a shiny new Raspberry Pi! Obviously one of the things I had to do, was to make it work as an AP for my iPad Pro to connect to, so I could SSH in and do some actual work.
It turns out that it's pretty straightforward to go from there to a neat little Tor gateway. For, you know, whenever you'd need that. The finished product looks something like this:
To create one of these handy little buggers, you'll need the following:
Feedly Can't Handle Full XHTML Content in atom:content
- 2015-12-26T09:06:26+01:00
I got a heads up about this a few days ago. As it turns out, the most excellent feed reader Feedly can't handle atom:content nodes with full XHTML content, i.e. of the form:
<atom:content type="application/xhtml+xml">
<xhtml:html ...>
<!-- ... -->
</xhtml:html>
</atom:content>
The content gets rendered all sad and unformatted, with just the literal text content of the nodes rendered. Like so:
How the iPad Pro Replaced My Laptop
- 2015-12-20T13:17:12+00:00
My old personal laptop was due for a refresh around the time the iPad Pro was announced. While I still really like it, the previous four years of abuse are starting to take their toll on the poor thing, with the display doing flickery things no display ever should and the battery starting to last less than three hours. I guess four years is a good run for a laptop these days.
I went browsing for a suitable replacement when I noticed that I really only ever do three things with it: Use a web browser, SSH into things to work and watch videos. Apparently I'm not a power user, because all of these things are quite doable on an iPad, other bloggers' assertion that it's "not quite ready for power users" notwithstanding.
Turns out it's just a big iPad, and that's all it ever needed to be
1.2k USD and several weeks of waiting for the thing to ship later, I'm actually finding myself liking this thing a lot more than I thought I would. Yeah, it does sound expensive when I'm putting it like that, but to be honest that's the same price range as the Chromebook Pixel 2, or any other decent laptop at that.
[PHP] Just Say "No" To PHP's mysql(i) Interface
- 2015-10-07T00:03:13+01:00
I've recently "inherited" some PHP scripts for an otherwise pretty cool project. Now, I used to get paid for my PHP, back in the day. Doing medical trials. Back when PHP was considered the duck's nuts and you couldn't tell people otherwise. Even though some people really should've.
We spent a lot of time making sure our code was not exploitable. Naturally I assumed that everyone else was also taking those precautions. Because, you know, you always assume everyone else is doing the same stuff you're doing.
Anyway, this code made me realise that there's still people out there using PHP's mysql(i) interface. In rather... injectable ways. Basically creating SQL queries doing string concatenation. Which is bad, mmmkaaay? So I figure someone should reiterate this again: Do NOT, _EVER_ do that!
Just say NO. There's never a legit reason for this. Use PDO with prepared statements instead. The prepared statement part being really important here.
On The Spot: a game about tokenism
- 2015-09-07T09:14:33+01:00
I wanted to show you a game I made about a year ago at a hackathon. I was one out of two people there who weren't men, and that gave me the idea to make something that illustrates the concept of tokenism - that is, what happens if you have a group where a very small percentage belongs to an oppressed group. You've probably heard expressions like "the token black person", "the token woman" or things like that. That's tokenism. I ended up making a prototype of a game in Processing, and I kept the game abstract on purpose, because whether you're talking about sexism, racism, ableism or any other form of oppression, the tokenism mechanisms are pretty much the same. You're never really able to blend in. You stand out, whether you want to or not. Because there are so very few of your group, everyone else sees you as a representative of all $kind-of-people - and if you mess up, that'll reflect badly on your whole group, not only on you. You're constantly on the spot.
So, I made this game. This week I was at another hackathon and ended up fixing a few bugs in the prototype, throwing processing.js at it and putting it up on the web because what is even the point of having a game like this if people can't play it? It's here - feel free to play it, although it's still got a good few bugs in it. Anyway, as I was working on this and talking to people, I got at least one person to actually look up tokenism, so it's serving its purpose already. My work here is done ;)