Tales of an IT Nobody

devbox:~$ iptables -A OUTPUT -j DROP

PHP Interface rant June 15, 2015

This isn’t my first rant about interfaces (which are finally receiving a due adjustment).

I haven’t tested it, but don’t believe I’ve seen anything pertaining to interface inheritance, look at the following use case for example, which fails in current PHP 5.6:

There are some benefits to doing this, however as you can be implicit with the interface while supporting explicit behavior in other areas.

No Comments on PHP Interface rant
Categories: php rant

How to show us your company is immature. June 9, 2015

I’ve seen ‘Sentry‘ pop up a few times – it’s a neat SaaS that ails the pains of logging and monitoring  for development level logging. It’s pretty neat, has a spot for business for sure.

Here’s the problem and I touched base on this a while ago – your business WILL be judged on it’s class. (As in ‘classy person’).

2015-05-01 21_03_05-Sentry_ Track exceptions with modern error logging for JavaScript, Python, Ruby,

Want my business’s money? Be more eloquent.

Remember, not everyone with a pocketbook is looking to trust critical data and infrastructure decisions on a company that thinks unnecessary words are professional enough for their home page slogan.

I can swear like a fish some days, but I maintain professional behavior to those outside my ‘circle’; there’s a song and dance you need to do for B2B and government relationship to open up the coffers for you. (This ain’t it).

No Comments on How to show us your company is immature.
Categories: rant Uncategorized

A PHP bug – really? (custom session handlers) April 18, 2015

It’s not often I ramble about PHP, since it’s my bread and butter. But after perusing the RFC notes to get up to speed on the PHP 7 pipeline, I found this: https://wiki.php.net/rfc/session.user.return-value

That bug has been around for how long? I’m amazed folks with pitchforks haven’t come out on that one sooner. I myself have suffered great pains dealing custom session handlers for this exact bug. Shame shame! (At least it’s getting fixed)

/rant

No Comments on A PHP bug – really? (custom session handlers)
Categories: php programming rant

PHP 7 Roundup: RETURN TYPES! March 27, 2015

Many years ago (in 2011) I wrote “interfaces are worthless“. For the most part they have remained mostly worthless for me as typically a superclass of sorts has proven to be a better solution for taxonomy and enforcing the exact typing rules I have criticized interfaces in PHP for in the past.

Feast your eyes on this: https://wiki.php.net/rfc/scalar_type_hints_v5  – not enough for you? ok, how about THIS! https://wiki.php.net/rfc/return_types

PHP 7 is shaping up to be a pretty awesome release. FINALLY. RETURN TYPES. INTERFACES. JOY.

No Comments on PHP 7 Roundup: RETURN TYPES!
Categories: php programming rant

MySQL’s max_connect_errors … 6 years later… August 2, 2013

Having recently been bitten by the awful default value (10) for max_connect_errors on a production server – I’m having a very hard time coming to terms with who the heck thought this would be a good way to do it.

This type of “feature” allows you to effecitvely DOS yourself quickly with just one misconfigured script – or Debian’s stupid debian-sys-maint account not replicating.

I’ve been thinking about how I could avoid this scenario in the future – upping the limit was a no brainer. But another item of curiosity: How do I know what hosts are on the list?

 

Have a look at this, 6 years later: http://bugs.mysql.com/bug.php?id=24906

 

So up until 5.6 (still brand new in the DBMS world) – there was no practical way to find out who was on this list.

The default needs to be changed, and this feature should be able to be turned off…

 

No Comments on MySQL’s max_connect_errors … 6 years later…
Categories: linux mysql rant servers

Atlassian Fisheye starter license and 10 commiter limit November 28, 2012

The problem with Atlassian Fisheye starter license:

I love using Atlassian Fisheye at work. It’s a very nice frill to have for a small team especially since it saves us time and adds a very easy, fast way to document the reviews and be open about feedback.

I have one gripe however; the 10 commiter limit (5 repos is bad enough). Our team has 4 developers – so we’re _technically_ 4 committers.

When we first started to use source control (Mercurial), our system setups would have inconsistencies in usernames: “Justin Rovang”, “RovangJu”, “rovangju” are all treated as unique usernames. Add to the fact that after we converted from HG to Git, all of the email addresses associated with those turned into <devnull@localhost> from the conversion script.

Git is sensitive to username AND email address for unique users. So our new set ups would be ‘Justin Rovang <justin.rovang@domain.com>’; but the history that was converted would have ‘Justin Rovang <devnull@localhost>’. So it’s easy to see how quickly even a small team could exceed that 10-commiter limit very fast in that circumstance.

Enter the .mailmap file:

So here’s the rundown, first you need to know what to map to what – so take an inventory of all of the incorrect/out-dated usernames that should point to a more modern/recent one; to do that I used this one-liner:

That provides an output like so:

I want to map those according to the page linked in the subtitle above; so here’s an example .mailmap entry:

You can verify the results by running the command above again (git log –format … etc); and you’ll see that the list has changed. This applies to -ALL- git log output, and therefore fixes the ’10 committers’ issue I was having with Atlassian Fisheye and Crucible.

No Comments on Atlassian Fisheye starter license and 10 commiter limit
Categories: git rant tools

PHP: array_merge(array $a, [ array …]); October 9, 2012

Wait, PHP wants to array_merge an array with… itself?

Take another look at this: array_merge(array $a, [ array …]);

If you’re good at reading API’s – you’ll see how … odd this is. Seeing as I just got nipped in the butt by forgetting to have another array to merge into – it’s curious as to why the hell it doesn’t enforce a minimum of two arguments… any guesses? Or should we tack this up as a valid, non-nit-picky pitfall of PHP? Otherwise, what are you merging into? Doesn’t make sense…

No Comments on PHP: array_merge(array $a, [ array …]);
Categories: php programming rant

Java – What do you want from me!? September 4, 2012

But….

Chances are; it’s firefox; but I have the plugin disabled…

No Comments on Java – What do you want from me!?
Categories: rant

Why Rackspace is bad! July 10, 2012

Fanatical support != Customer service, at all!

Recently I’ve migrated a customer that’s been on Rackspace for 6 years, and paying a handsome penny for it at that. The migration was to Amazon Web Services (AWS) and I sent a friendly reminder to the client to cancel the RS account (9 days in advance to the renewal date).

Here’s how things went down:

RS: “We require a 30-day written notice to cancel your account”.

This is on a host that is on a month-to-month basis and the costs have been on an incline. In fact, the cost was to go up $10/month next month. (Suffice it to say, it’s not much compared to the overall monthly bill).

So I’m thinking to myself, well that’s a crappy “policy”. I give them a ring on behalf of my client and see if we can leverage some flexibility. I simply ask to waiver the 30 day ‘penalty’. Not even a pro-rate for the days unused for the month.

The RS rep is quick to tell me how many people call that dislike that policy and try to get somewhere with it, but they stick to it. At this point I’m thinking, wow – this will be a little challenge.

I explained that the cost was going up and is something that wasn’t agreeable and therefore there is good cause to waive that type of penalty. No go.

We go circular a bit on customer service – I blab a bit about how the competition (Linnode, AWS, etc) allow me to do more than they offer, for cheaper and not have a penalty. I also say that it’s odd that in most circumstances you’ll get a counter offer from a retention specialist (you know, we’ll knock off 10% on your hosting). Still kind of a nod-n-smile go screw yourself attitude from this rep.

Then he says “We value your feedback and it helps us become better”.
I respond: “OH REALLY? You start the call by telling me how many pissed off people are calling about this policy, try to stick it to me as well and then give me a line like that?

Enough is enough – I ask for a manager and exclaim I understand if he “has to say that” but this is an unacceptable situation.

The manger’s response: They won’t deal with me. They’ll only talk with my client. (Who in turn, told the client to hose off in the same manner).

All I can say is this:

  1. Rackspace prices aren’t that hot. Look elsewhere.
  2. The fanatical support thing is cute, but the customer service is pure garbage in the above context. I’ve never been treated like that. I’ve had better luck with credit card companies and land lords than this.
  3. There’s this 30-day thing (Beware!)
  4. If they give you support, they’ll want the root password for your server.
  5. Their SLA is a lie, it reports on the 30 minute interval. Which means they can be down for 29 minutes every hour and not record it as downtime.
  6. Their backup system on dedicated hosting is a bloated, un-tamed mess if you let them manage it, they let the ‘rack’ account on my client’s server exceed 60GB of crap that should be cleaned up. E.g.: backup software updates, provisioning/monitoring tools
  7. They ask for root before sudo configuration (See #4)
6 Comments on Why Rackspace is bad!
Categories: rant servers

Why are we spending so much time refuting? July 5, 2012

There’s a nice juicy war going on in the ‘data / web’ sector, that seems more heated than I can remember.

It essentially boils down to sensationalist claims from the likes of MongoDB and MemSQL, which in turn draw refuting remarks from industry professionals that are typically embedded with RDBMS technologies.

The typical responses to these new ‘hipster’ systems are usually transaction/consistency centric – as that’s where the RDBMS systems shine – they can perform wonderfully while being ACID compliant.

Or in the case of Node, refuting the ‘Apache doesn’t have concurrency, node is better’ arguments. I have a hunch 99% of the Node fanboys have a damn clue how capable Apache itself is.

There’s also things like Node.js that rub the seasoned people the wrong way, perhaps it’s the sensationalism without actually proving anything? (Check the first few comments) Or the utter lack of security focus? (That’s what bugs me) – I also think it has to do with their approach to enter the market: guns blazing, criticizing other solutions and hoisting their own as THE single option with more tenacity than appropriate for such an immature project. Guys in the trenches can’t stand that crap, we know it’s just another tool to get the/(‘a’) job done in a particular scenario.

But really, I think about how much time is wasted on these subjects going back and forth, so let’s stop wasting time. Be open minded to the new technologies as tools for a particular job and stop making all or nothing stories out of future tech, like it or not – we all have to share the same space.

No Comments on Why are we spending so much time refuting?

Say goodbye to iGoogle. Boo! July 3, 2012

In a clear effort to push Android and Chrome, Google is discontinuing iGoogle Nov, 2013.
This announcement comes as an early 4th of July surprise from Google.

It’s getting really hard to trust Google with how they bait and switch, and kill projects I know are more popular than they even state.

iGoogle is still new, and they’ve dumped effort into a recent redesign, this reverberates yet again how volatile things are. I hope I haven’t made a crucial mistake in using Gmail as well as instructing clients to use them for business mail.

People who use iGoogle use it as the homepage for their browser. Am I to believe they just want to toss out that un-tapped advertisement revenue (which they never tapped)? That’s how I know it’s a play on Chrome, and unfortunately iGoogle cannot be replaced by all the widget and gadget crap that you can install into Chrome, functionally: yes – but not having a birdseye view of many vectors of information on one page (a dashboard) is a very different deal.

At this point there’s no way I could possibly trust an app infrastructure with Google (with their pricing change history). I’m at a new level of paranoia: How long til Google kills their Web Fonts service? Google Web Toolkit (GWT)? Charts API? Blogger?

No Comments on Say goodbye to iGoogle. Boo!
Categories: google rant

Note to self: Digest hashing and crytpological hashing are birds of a different feather June 7, 2012

Over decades of enhancements in computer science, there’s always a revolution going on in cryptography and hashing, MD5, SHA1 yesterday, SHA256/512 today.

As a programmer, it’s sometimes hard to avoid the back and forth talk about how algorithm A is inferior to algorithm B, and forget how hashing can be used in two ways.

Let this be a reminder to myself if anything – At it’s core, the intention for hashing is to take data; and based on it, generate a unique string so unique the value will never be (realistically) generated again using different data.

The cryptology part is the level of difficulty involved in reversing any said ‘one way hash’.

Don’t let the consistent bad-press of SHA/MD5 make you feel they’re insufficient for unique identifiers.

No Comments on Note to self: Digest hashing and crytpological hashing are birds of a different feather
Categories: programming rant

GitHub hacked, and private repositories March 5, 2012

And this is precisely why albeit ‘nifty’, storing your private/proprietary code in a ‘private repository’ on the likes of GitHub / Bitbucket is a generally poor idea. – Keeping your code in SCM behind closed doors isn’t difficult. I find it very troublesome (annoying) to see how many people can’t function using Git without GitHub. (If you don’t believe me, look back several months to the PHP.INTERNALS discussion about moving to new SCM)

GitHub’s response was far too gracious to this guy. I understand the power he had, and behaved responsibly for it. But you could have just as easily made other communication attempts.

GitHub wants to stay afloat by having paying customers? You OWE your paying customers much, much more you do this bozo. Ban him. File a criminal complaint.

It seems that the majority of people posting on the Blog posts regarding this disclosure are “still happy customers” and are generally “ok” with it.

I have three categories for these kinds of people:

1. FSF (Free software foundation)-style hippies
2. “Younger” coders who are pushovers (limited sight)
3. Hacker-types who feel the same way to convey that something is insecure: via “lulz”.

p.s.: I should add, you can’t draw a comparison to the past breaches to Apache.org, or MySql.com because the resulting risks were much less than this. Comparing it to kernel.org’s intrusion would be a better fit, as that was more serious and they went dark for almost a full month reloading everything and thoroughly investigating.

No Comments on GitHub hacked, and private repositories
Categories: git rant security

If you’re not off of Godaddy yet … December 23, 2011

You should be. The Godaddy girls are stupid. The commercials are worse. Bob Parsons is kinda creepy (not just the elephant thing). The ads are terrible. The site is terrible.

Do you need another excuse to move your registrar needs to another company such as Gandi or Namecheap?

You need another excuse? here it is.

You should know what SOPA  * is about between the lines. (Job growth? Puh-leese, the job growth from the .com boom didn’t need SOPA thank you very much!)

Over the last few months I’ve moved a dozen domains off of Godaddy on to others (client’s discretion).
If you’re still on the fence, there’s a pretty good run down of good alternative registrars on this blog post.

ICANN also has a full (but impersonal) list of accredited registrars as well.

PS: Namecheap has a coupon code for a little bit off “SOPASUCKS”.

2 Comments on If you’re not off of Godaddy yet …

Day of the Googmonster – from … a google blog… September 12, 2011

This is a must read for anyone who feels Google can do no evil, putting them on a pedestal.
If you embrace every little ‘tech’ knick knack they throw out to the world, or If you’re in the percentile with a who’s seeing Google turn into a cashgrabber like everyone else – you should read it!

It is by far the most concise rundown of why I have a love-hate relationship with Google. I’m not against a company making some coin; anyone who knows me knows I’m a reasonable capitalist, but I do -not- agree with the direction Google seems to keep poking at.

The pace of change from Google over the past year has been alarming. I’m not talking about the new pretty UI stuff – I’m talking about their business and technological tact.

Google business observations:

– Apps angine, dirt cheap – now expensive and complicated for saving money.
– Labs is being retired (I view this as a strong indicator of their new business stance).
– “Music beta” – seeing this first hand makes me wonder “what’s the catch” – it doesn’t feel like Google, it -WILL- change dramatically! (I predict this will either be pulled, or quickly move to a “paid” service – another ‘get em hooked’ tactic).
– More aggressive advertisement in every facet – especially GMail.
– Self driving cars. What don’t they want their fingers in?
– Drop of Android app inventor (Platform training / consultation anyone?)

The above things are all OK with me – they can do what they want with their company!

My problem lies in an old fashioned tactic used by the likes of Microsoft, Netscape, etc to round up users and get them stuck on an exclusive technology (ranging from mundane protocols to programs) – now it’s Google bringing Dart and the likes of WebP to the fray.

I don’t hate Google – a lot of engineering feats give them their credibility and “trust” from the masses – the world has benefited for sure! However, I trust them much less than I did 2+ years ago… and most certainly don’t think that there’s no strings attached to these attempts to re-invent (add to) old problems.

Maybe my contention for all of this is just a sign of being winded in “web development”… I’d rather setup key gen + git access on “dev”, or work on making MegaCli stomachable than tread water in the emotions of  browser and it’s dependent technology…

No Comments on Day of the Googmonster – from … a google blog…
Categories: google rant

Google App Engine – Pricing changes and another prediction September 9, 2011

I’m not sure what the Goog’monster is thinking with so many dramatic changes over the last year. Most of them have been good – but the loss of labs, app inventor and the pricing hikes for the Google App Engine platform is really rising some eyebrows for me – It seems they’re tightening their belt and distancing themselves from individuals and more toward bigger dollars.

Anywho, anyone unhappy with the pricing changes will enjoy reading what I will call the “GAE reaming” thread.

Is it a matter of time before they trickle pricing for Music and Docs? Starting to wonder …

No Comments on Google App Engine – Pricing changes and another prediction
Categories: google rant

Apple updater today… March 10, 2011

I need music. I spend a lot of time holed up in an office with IM with my peers as my main form of human interaction.

For a long time, I’ve relied on iTunes. Things have changed – I dont want to purchase through iTunes anymore – I don’t want DRM’d music. I’ve converted everything I have to mp3’s and it’s staying that way.

The biggest beef I have with Apple – is every time they push an update, it removes icons from quicklaunch and I have to re-create. It’s a monster download, and they always push quicktime into the bundle.

Today was the last straw – I did the latest “update” from apple – after installing it brings the updater app back to show you that things were updated.

Something was amiss, and I wish I took a screenshot: ‘updater’ icon was malformed looking. The gradient was low quality and there were pink/red/orange colors – almost as if an old game engine was rendering opacity colors incorrectly.

Fast forward a few hours – I notice “Windows action center” has a notification for windows defender wanting to send samples of those icons to microsoft, under the tune of “need more information”.

By now my head has a big red flashing strobe on it – I need to check my PC at home to see if this has happened; but that’s two strikes of suspicion for me, enough to be the last straw of Apple and my already-low trust in them.

Time to find a new music player.

No Comments on Apple updater today…
Categories: rant security

Google profile images, FAIL- Worthy of distribution March 5, 2011

Most folks probably don’t know that google has updated the user profile pages look’n’feel. Including some changes to profile pictures… Most of us feel somewhat comfortable uploading an image and cropping it using the interface provided to us from sites (Granted,  you get what you ask for if you upload anything with a naughty factor) – but this is just plain stupidity, and it’s straight from our techlord google.

Basically the uploaded files that are “Cropped” are still easily visible on a google profile page, even when uploaded to a private album, and cropped to be made public. Fail.

No Comments on Google profile images, FAIL- Worthy of distribution
Categories: rant security

Another rant on cutesy March 3, 2011

Codenames for releases are ok.

But the countless cutesy names for *nix tools get tiring … (And don’t help their adoption). 

From an email from debian security list today:

“Several vulnerabilities have been found in the Iceape internet suite, an
unbranded version of Seamonkey:”

Imagine if these tools were used in a corporate environment “I removed Iceape and just went with Seamonkey”.

EOF.

No Comments on Another rant on cutesy
Categories: linux rant

Crossing the line January 10, 2011

It’s always fun to watch a huge entity like Google develop a sense of humor. Things like custom logos – the pacman google logo, 1e100, the messages on youtube takedown notices saying ‘sorry’ with a little sad face.

There’s a fine line between being ‘professionally cutesy’ like that, and crossing the line and making yourself look like a teenage kid or worse is working on things behind the scenes.

Google just added a new ‘cutesy thing’ that goes past the line of ‘profesionally cutesy’ to ‘childish’. Basically, it’s a contextual menu for the HTML5 youtube player that has a ‘save video as’ option – when you click on that you’re directed to the ‘Rick-roll’: http://googlesystem.blogspot.com/2011/01/youtubes-html5-rickrolling.html

It’s a humorous touch; but it’s destined to confuse users who aren’t experts in the “terms” – and what stands out to me, is the immature handling of their ‘video saving’ problem by a bait and switch link. The repercussions of something like this delve deeper than just saying “get a sense of humor”. Corporations and institutions looking to leverage youtube expect a somewhat professional conduct of the site.

Interestingly enough – a few years back my peers and I were evaluating PHP frameworks – one of them was CodeIgniter ( http://codeigniter.com/ ). Something of a little nitpick I pointed out while we were talking about it – was that the main phrase in the graphic on the CI site said “… that helps you write kick-ass PhP programs”. I mentioned it might be a poor decision because people like us research, pawn and direct others to it; to other professionals it might look tacky to have ‘kick-ass’ written on there when you want to utilize it in a professional matter. The verbage on that graphic has changed … wonder if google will figure it out…

No Comments on Crossing the line
Categories: rant