One simple way to block most web server attacks
As I wrote in my previous blog post I recently switched from Apache+Wordpress to Caddy+Hugo. But looking at the Caddy access log I was perplexed to see almost no attacks being logged. So I looked at the caddy.log. Bingo! It contains lots of warnings like this:
2018/11/14 16:32:26 [INFO] 22.214.171.124 - No such site at :80 (Remote: 126.96.36.199, Referer: ) 2018/11/14 17:45:02 [INFO] skepticism.us - No such site at :80 (Remote: 181.
Moving from WordPress to Hugo plus Caddy
I have never been very happy about using WordPress for my blog. Granted, that is mostly because I’ve been running it on my home server. Which means keeping Apache, WordPress and PHP up to date. Not to mention configuring that stack of software. Especially doing things like adding rewrite rules to Apache to minimize the risk that I would be hacked by someone trying to exploit WordPress/PHP vulnerabilities. And over the years I’ve had several breakages when I’ve updated my OS or any of the aforementioned packages.
I am a lying moron, by Rev. Jerry Carter
Mr. Carter seems to think he is running for office in the Republic of Gilead (see “The Handmaid’s Tale”) rather than the USA. He is either lying or too stupid to hold public office if he thinks “one nation under God” was in the original version of the pledge of allegiance. He also claims to be for “common sense in government” which is ironic since religious leaders tend to have very little common sense.
The difficulty in getting fixes accepted to open source projects
Two and a half years ago I noticed the Apache mod_dumpio module does not include null bytes (or the data which follows those null bytes) in its output. So I searched the Apache Bugzilla database and found bz#57045 which someone had opened a year earlier. So I wrote a patch and attached it to the bugzilla issue. When I noticed the issue I was using the then current 2.4.16 release. There have been 13 bug fix releases since then (it’s now at 2.
Working with git file names modified in the workspace or most recent commit
I frequently find myself wanting to perform an operation on all the files modified in the workspace or staging error. For example, run edit all the files or run them through a tool like clang-format or oclint. If there are no uncommitted changes I want to work with all the files in the most recent commit in the branch. To do this I wrote a gitfiles fish shell function (transforming this to bash should be trivial):
Retractable dog leashes I do and don’t recommend
TL;DR: Flexi retractable leashes are superior to the Alcott or Wigzi brands.
I’ve been using Flexi brand retractable leashes for two decades. But after a few years either the internal spring breaks or the tape or cord is frayed to the point it breaks. So with anywhere from two to four dogs in my house during that time I’ve had to buy quite a few leashes during those two decades.
Three new podcasts you should be listening to
When I started this blog I wrote a post describing a few of the podcasts I was listening to that I felt were worth recommending to others. It’s time to augment that list. There are three I recently started listening to that I think everyone should make time to do likewise:
1) “The Breach” by Rewire News and Lindsay E. Beyerstein.
2) “Stay Tuned with Preet” by WNYC Radio and Preet Bharara.
Why do food products like “Pancakes & Sausage Bites” exist?
Recently I started shopping at Grocery Outlet. I love popping in and finding that they have acquired a batch of goat or other interesting cheese and are offering it for less than half the price at the other grocery stores in the area. So when I saw them selling Jimmy Dean “Pancakes & Sausage Bites” for $2.99, compared to the $9.98 it purportedly sells for at typical stores, I decided to buy a box.
Scheduling backups on macOS Sierra and High Sierra
MacOS Sierra (OS X 10.12) modified the behavior of Time Machine from doing hourly backups to using a heuristic that decides whether to do a backup based on recent activity. For most users that’s a better approach since it makes it less likely the user will notice the performance impact of backups and will increase how far back in time backups are available. However, if you’re a software developer the new behavior is problematic.
I am surprised that an ISP (serversaustralia.com.au) is ethical
I received an email a few days ago telling me about an opportunity for me, as a customer, to obtain a discount on other services an ISP provided. Since I wasn’t a customer I told them shove it where the sun doesn’t shine. I was surprised to receive a response from someone in the organization telling me this:
Please accept our sincere apologies for the Marketing communication you received. This was an inadvertent error.