Skip to content

Blog

Serving Pi

I recently completed a physical migration of my server, the one that hosts this very page! It all went successfully, and without any noticeable downtime for this site, which I am pleased to be able to do.

There was, however, a period of time during which this server needed to be physically switched off and moved to the new location. To enable zero downtime, something would need to be able to host the server during that period.

Enter my Raspberry Pi!

Raspberry Pi in box

This amazing little thing is capable of running Raspbian, a modified version of Debian, which means I get access to the rich library of Debian packages that are available. I have a private Git repository containing a modular set of Puppet manifests. These describe the exact configuration of this server, so by applying the Puppet manifests, I can spin up a new instance of this particular server’s configuration on a whim.

So, I dusted off an SD card that was lying around, dropped Raspbian on it, and installed Puppet and Git and applied the manifests.

If I’m honest, there were a few components that weren’t quite so happy to run, despite packages being available. Varnish didn’t seem to like my VCL file, so I had to run the site here directly with Nginx pointing to PHP-FPM instead.

To cut a long story short, it worked! I was successfully serving up this site, from the Pi, using (almost) my existing configuration. Performance was not stellar, even compared to the modest hardware that normally serves this page, with page load times about 10 times slower than uncached page loads normally would be. The main blog page did take 1.5 seconds to render! For the short time I needed it though, I was very happy to have a very inexpensive and easy solution.

Working on Total Slider 2.0

Total Slider Banner

I’ve been fortunate this week to have a little time to work on Total Slider, my (and Van Patten Media’s) open source WordPress plugin for making those neat little slideshow things, like so:

Example Total Slider slider

I have been meaning to get to this project again for a while, so it is great to get a moment or two to give it the love and attention it deserves.

My focus thus far has been on a complete overhaul of Total Slider’s data storage format — away from using wp_option records and using a custom post type.

This change is not only the right thing to do to clean things up and follow best practices, but it opens doors to other neat features that will make Total Slider feel like it fits into the WordPress Way even more. Without making undeliverable promises, I’d love to see automatic saving of slide drafts make it into 2.0! ;)

One of the things I have found that is pleasing is that much of the code I have already written is sufficiently abstracted that ripping out the fundamentals of the data format has been a lot less painful than it could have been!

It is nice as well to use this blog for one of its original purposes, to give updates on the projects I am working on. :)

You can follow progress in the unstable branch on the project’s GitHub page.

The Changing Face of Vulnerability News

Heartbleed logo  Shellshock Logo

The recent news about the bash vulnerability being called “ShellShock”, and the degree to which it is getting mainstream press has got me thinking about how software vulnerabilities are now being reported in the mainstream media.

Apparently, no vulnerability these days is complete without a catchy name and logo — see Heartbleed and Shellshock! Joking aside, though, the very fact that these vulnerabilities are making non-tech news headlines puts pressure on everyone running potentially vulnerable systems to do their duty — usually as straightforward as running a pre-packaged security update.

The Heartbleed and Shellshock stories are taking the place of what we used to see reserved for particularly influental computer worms, like Sasser and Mydoom. It’s most definitely positive that some vulnerabilities are getting attention — unfortunately it is still the case that for some companies and system administrators, only outside pressure will convince them to promptly, diligently and consistently apply security updates.

What I’d like to see, is some way for people interested in improving computer security, the “good guys” for lack of a better term, to leverage this media interest to send a message to system administrators that it’s always necessary to apply software updates promptly, even when they don’t get on the TV news!

The Curse of The Black Box

The other key issue that Shellshock highlights, as did Heartbleed, is the issue of embedded ‘black box’ systems that might be vulnerable. This kind of system is everywhere — and because in many cases they are ‘set it and forget it’ machines, they represent a particular risk. It’s often very difficult to convince vendors of these systems of the importance of pushing upstream software updates down to end users, particularly when there is a lack of understanding and a lack of financial incentive.

Something big and mainstream, like Shellshock and Heartbleed, might convince system administrators to badger vendors to release patches for this kind of product, but we need to extend this further, and make it a social (or even a legal) expectation on vendors to supply security updates for any product they ship, for a reasonable lifetime period for that product.

The security landscape is too complex, and everything too interconnected, for anyone to have the opinion that “I don’t need to patch that, because there’s nothing important on it”.

Leaving Yourself in the Loop

I want to part with a few bullet points, with some actions I try to take to stay up-to-date. Automatic updates are increasingly common, but not universal, and these simple things can help you not miss a known vulnerability.

  • Document and understand the whole software footprint of the systems for which you are responsible. (This means embedded systems, software libraries, and more!)
  • Subscribe to announce mailing lists, follow Twitter accounts of the software projects and systems you use. (It pays to be in the know about available updates, and not hear about them after it is too late!)
  • Look for useful vulnerability resources for particular projects you use. (For example, for WordPress, the recently launched WPScan Vulnerability Database.)

Adventures with WindowMaker and Debian

Back in my earlier Linux days, I would experiment and fiddle a lot with different setups for desktop environments and appearance, customising my Linux system to my heart’s content! An example: I loved the 3D desktop effects of Xgl/Compiz back in 2006.

Time moved on, and I ended up settling with the defaults that distributions provided. I liked Ubuntu’s direction with Unity, upon its release in 2011.

I have fallen out with Ubuntu and Unity more recently, however. The troubling privacy issues with the Amazon ‘lens’ and other changes to their corporate behaviour scared me off.

So, I moved over to Debian for my personal server and my Linux desktop systems, and I have been very happy with it. At the same time, though, I wanted to get back to my previous spirit of playing around with different bits of software instead of just going with the defaults and surrendering to a full-size desktop environment. Frankly, the way I use Linux means I don’t find an overwhelming need for a wide variety of graphical applications.

With that in mind, I have set up a very unusual, and minimalist, desktop experience, which I thought I would document a little here for those that might be interested.

WindowMaker screenshot, showing Iceweasel, Terminal and others

» Read the rest of this post…

Shrewsbury

I continue to really enjoy the iPhone 5s camera — it may not have a mind-boggling megapixel count, but it seems to do an amazing job with its autofocus and in particular, it seems to capture the light in a balanced way.

Bridge in Shrewsbury

Upgrading to MariaDB 5.5 on CentOS 6

Following on from my previous video, showing how to install PHP 5.5 on CentOS 6, I now complete the tasks needed to meet the requirements for installing Moodle 2.7 on CentOS, and replace the Oracle MySQL distribution with MariaDB 5.5.

As always, feedback is appreciated!

Installing PHP 5.5 on CentOS 6 using IUS Repositories

I have been inspired once again to fire up my screencasting rig, to show you how to install PHP 5.5 on CentOS 6 using Rackspace’s IUS Community Repositories.

More and more web applications now are likely to require versions of PHP beyond 5.3. CentOS 6 users are stuck with 5.3, with backported security updates, unless they diverge from standard repositories or compile PHP themselves! Until CentOS 7 is with us, those of us trying to run a rock-solid web server on CentOS will be left out in the cold running recent web applications like Moodle 2.7 which require a newer PHP.

In this video, I show you how to use the IUS repositories to get PHP 5.5 running. These repositories, with their Rackspace backing, seem likely to be nice and stable going forward.

As always, I’d love any feedback you might have.

Better

On the face of it, this is just another corporate “aren’t we so great” feel-good video, the kind that we have every right to look at cynically.

However, and at the significant risk of being judged a Tim Cook fanboi, I actually think something has changed under his leadership. Even if it is just that we are allowed to see more of this side of Apple now, Tim’s tenure so far seems to be bringing about a much stronger focus on values than ever before.

We have their ‘Intention’ video, Tim’s public musings at the Fuqua School of Business, and perhaps more importantly, actions like their Supplier Responsibility work and bringing the manufacturing of the new Mac Pro to the USA.

“There are some ideas we want every company to copy”

Perhaps what is most exciting about this new, very public, focus on these issues is the idea that ethics can become a point of competition.

Not every customer is going to care about this stuff, but most people will want to feel like they’re doing the right thing. The pressure that companies like Apple can put on their competitors might be one of the most effective tools for actually making a difference to a whole industry’s behaviour.

I hope we see that.

Time for a Refresh

New site design screenshot

I have had a few design overhauls in my time here on this site. I haven’t, however, done anything significant to the site’s design since the beginning of 2012!

I have just finished another unrelated web design project with which I am very pleased, and, as frequently happens, it threw into sharp relief just how tired this site looked!

I am well aware that this site is also in need of a fairly generous content refresh as well — and I hope I will make some time to do that soon. For now, though, I hope the visual refresh keeps things going.

It is primarily a typographical refresh this time around. You might notice:

Who Shot the Serif, Part 2!

All serif fonts are gone!

Headings

Colaborate font sample

Colaborate, by Carrois Type Design, replaces Charis SIL for the header at the top of the page, and also does significant service for header text across the site.

Body Text

Roboto font sample

Colaborate’s funky looking ‘t’ character adds… well, character… but it wasn’t working for me across all the body text. Body text, then, loses its traditional Helvetica/Arial choice from before, and uses Roboto by Christian Robertson. It’s being included via Google Fonts, which should keep things nice and speedy!

There’s More… (I Hope!)

I have further ideas to tweak and refine the design, and of course, a desire to get some new content out here as well. With any luck, there will be a bit of time soon to act on those things. Watch this space.

Miles per gallon

Miles per gallon