My thoughts on software licenses

Whenever you release a piece of code, a library, or any other software package, you should include a license so that other people may legally use your software. You may not think it’s a big deal, but if you don’t include a license, a lot of people won’t be able to (or feel comfortable) using your code. This is an even larger issue when somebody needs to use it for a work project, since companies have to worry more about litigation than individuals do.

Continue reading My thoughts on software licenses

Understanding S3 permissions

Amazon S3 is a great (and cheap) content storage and delivery service, used by millions of websites and applications around the world. However, their permissions system can be opaque to new users, and difficult to understand, due to the variety of ways you can set permissions, and inconsistent terminology in different UIs. This post aims to clear up the confusion.

Continue reading Understanding S3 permissions

Understanding Git Rebase

I use git’s rebase command daily, it’s an invaluable tool for maintaining a clean and sane Git history. However, most people find it difficult to understand, or use it incorrectly, as it’s not the clearest command to use.

The first thing to understand, is that rebasing typically refers to two different (but similar) operations:

  • “Rebasing a branch” is the most common use of rebase, and refers to pulling changes from an upstream branch (like master or develop) to a feature branch (rebasing your branch is cleaner than the upstream branch into your branch)
  • “Interactive rebasing” can refer to cleaning up your commit history, squashing commits, and editing commit messages. You typically do an interactive rebase before submitting a pull request/patch/branch for review

Continue reading Understanding Git Rebase

Enhanced Varnish Dashboard

I run Varnish on a number of servers, and I don’t always have a full metrics setup (e.g. Graphite/Statsd/Collectd) setup. Also, sometimes I just want a real time dashboard to watch traffic (or my clients do).

I’ve been using Varnish Agent 2 + the ITLinuxCL dashboard, which is lacking to say the least. The dashboard isn’t maintained, is very minimal, and somewhat broken. So I set out to build my own dashboard.

I wanted to make good use of the Varnish Agent API, so I added capabilities to purge URLs, view/upload VCLs, view params, logs, etc. I also added support for multiple Varnish backends, so you could host the dashboard somewhere else and just point it at multiple Varnish instances. This is currently held up until I get a patch merged into vagent to add CORS headers (currently pending review).

There are screenshots on GitHub, so check it out:

Before asking for help, make sure you understand your tools

I’m writing this blog post in response to Why Rockstar Developers don’t Ask for Help and So you want to be a Developer Rockstar?. Despite the use of the ridiculous term “Rockstar Developer” and quite a lot of humble bragging, I think the author is on to something, but just barely missed the mark.

I wouldn’t say that good developers shouldn’t ever ask for help, that’s crazyness. I’d change the wording a bit:

Try not to ask for help if you don’t understand the tools/software that you’re having problems with

Continue reading Before asking for help, make sure you understand your tools

Understanding Arrays

Arrays & hash maps are one of the cornerstones of modern computer programming. It’s almost impossible to write a useful program without them, so it’s critical that you understand them when you’re getting started with programming. In this post, I’ll explain arrays & hash maps, how they work, their differences, and when to use them.

Continue reading Understanding Arrays

Encrypted Malware Payloads

Recently, I was reading an article on the recently discovered hacker group dubbed the Equation Group[1], I stumbled across an interesting concept: encrypted malware payloads. Most server admins will inevitably have the experience of dealing with a comprised system, especially if you host sites running WordPress[2][3], IPB[4], vBulletin[5], Drupal[6], or a host of other systems which tend to exhibit a high number of easy to remotely exploit vulnerabilities (sometimes in the core software, more frequently in plugins). I’ve dealt with a number of compromised sites, analyzing the PHP that was injected into them.

Typically, what I’ve seen and what appears to be common, is an obfuscated payload, using base64 encoded strings and the eval() function (which executes a string as PHP code[7]). These are easy to spot (malicious PHP code normally is) and easy to de-obfuscate, determining the purpose of the code. I recently went through that process on a newly acquired client’s site, discovering that the payload was a spammy backlink page designed to improve S.E.O. for target sites by injecting links whenever the Google bot requested the page.

Continue reading Encrypted Malware Payloads

Basics Of Scaling: Cache Everything

I do a lot of work on websites that needs to scale fairly well, but I tend to use that mentality for every project. Part of scaling is performance, and the better your app performs (e.g. the more requests per second it can handle) the cheaper it is.

One very easy way to improve your application’s performance is to add caching. If you don’t currently have caching, you’ll probably see a massive benefit, depending on your application architecture. There are many different types of caching, with varying degrees if difficulty to implement.

I’ve included some very surface level details on caching in this post. These posts aren’t meant to be comprehensive tutorials, but to make you aware of various techniques used to scale your applications better.

Continue reading Basics Of Scaling: Cache Everything

WIP: Circuit Sandbox

I’ve been working on an HTML5 Canvas game recently, designed to be an educational sandbox that allows people to create logic gates and build circuits. You’ll start with just transistors and wires, and have to build nand, nor, and, or, xor, not, etc logic gates, which you can then re-use to build more complex circuits like half-adders and full-adders.

So far I’ve just been working on the core mechanics, and don’t have a lot done, but I can correctly simulate AND gates now. Still got a lot of kinks to work out before moving to more complex features. I am having quite a bit of fun though, and learning a lot about canvas (such as improving performance).

Here’s a powered NAND gate with one high input (1) and one low input (0). Since only one input is on, the output is high (1):


Here is the NAND gate with two high inputs (1). Because both transistors are on, the circuit is grounded and the output is low (0):

grounded-circuitAs you can see, I’m worrying more about the elements important to people learning how circuits and logic gates work, not the electrical engineering aspect (e.g. no resistors). Here is a screenshot of the current UI:

full-screenshotIf I get to a point where all the base mechanics are working, I’ll probably make the GitHub repo public and put it online somewhere.

Understanding the PHP-FPM status page

PHP-FPM has a very useful feature that allows you to setup a status page to view that status of a PHP-FPM pool, configurable using the option pm.status_path. Most people who have worked with PHP-FPM have probably heard of this setting, and maybe even used it (some tools such as Munin require it for metrics). Here is a sample of the basic output:

$ curl http://localhost/server-status
pool: default
process manager: dynamic
start time: 11/Dec/2014:17:51:33 -0500
start since: 61383
accepted conn: 4682
listen queue: 0
max listen queue: 0
listen queue len: 0
idle processes: 11
active processes: 1
total processes: 12
max active processes: 2
max children reached: 0
slow requests: 3

There is also the very useful full view, which gives you per-process information for every currently running FPM process in the pool:

Continue reading Understanding the PHP-FPM status page