Reading recommendations (2016-08-24)

Posted on Wed 24 August 2016 in reading recommendations

This time I had to dump quite a lot of links into the sidenotes since it's been longer since the last post. But that's how it is given that I really want to adhere to my self-imposed 7 big links rule.

  • On Cybersecurity and Being Targeted by Kenneth Reitz (via Twitter)
    Reitz describes an attack on his person via GitHub and his DNS provider. The short lesson here is to use common e-mail provider when registering with services instead of a small one or your own. Two factor authentication helps.
  • Behind the Scenes of iOS Security by Ivan Krstic (via macrumors.com feed and others, presentation video)
    It's been a long time since Apple presented at a hacker congress. Krstic discusses iOS encryption, encryption for iCloud Keychain and introduces Apple's invite-only bug bounty program.
  • Sunday Conversation: Games That Made You Cry by Mark Delaney (trueachievements.com feed)
    While this article is focused on Xbox games I have fond memories of playing Grandia where I cried at the sweet and peaceful conclusion of its epic journey.
  • Germany to tell people to stockpile food and water in case of attacks: FAS by Caroline Copley, Andrew Bolton (reuters.com World News feed)
    I don't really know what to say here. I'm shocked. The post makes it sound as if Germany is preparing for war. Not that it is. I mean, probably not. Hopefully. It might be a precaution in case a city is in a state of emergency again as it was during the Munich shooting.
  • EquationGroup Tool Leak – ExtraBacon Demo by ~XORcat (via Twitter)
    Experiment with the leaked NSA tools. Technical read.
  • Twitter timeline about inciting hatred against the press at one of Trump's rallies by Jared Yates Saxton (curated by @EndTrumpsHate, via blog.fefe.de feed)
    Yes, another Trump link. This one shows the disgusting inciting of hatred towards press.
  • Notes from a lecture about C by Nick P (via blog.fefe.de feed)
    Haven't seen the presentation itself yet, but the notes about the design process of C are both enlightening and amusing.

Despite the self-restraint stated above, I've elected to include one gem from my archives which I'd like to add to these posts slowly until the archive is drained and I've fully switched to the Reading Recommendation posts.

"On Nerd Entitlement" by Laurie Penny is a fascinating read about how nerds who were shunned can in turn be no better than their tormentors by shunning women who don't adhere to the typical pretty woman stereotypes. I really can't stress how important it is for one to have a moment of introspection from time to time.


Sidenotes.


Sensu widget for Übersicht

Posted on Thu 18 August 2016 in work

Initially I was on the look for an alternative to Geektool for macOS that would not crash if I was to run an interactive script like iftop. When I saw that StatusCake report widget by Colin O'Brien for an HTML based Geektool alternative called Übersicht and saw that it was just processing some JSON I felt the urge to build something like that widget for our Sensu monitoring.

A few hours of research, cursing and reconfiguring systems I had a working solution even though my Javascript is still awful and I still don't know what's so great about CoffeeScript.

I've based my widget on O'Brien's and also provide my copy under the MIT License. I've commented functions and parameters for readability's sake. Yes, the changed colors might seem unnecessary but I took them straight from the Uchiwa interface for Sensu for consistency.

You can easily toggle on or off:

  • Sorting the events by hostname (default: true - I can't see why you wouldn't do that)
  • Display of the command run by Sensu that triggered this event (default: false)
  • Display of the output run of the failed check (default: true)
  • Blinking of certain indicators by warning level (default: [] - I hate the blinking but since it was already in the base I chose to support it anyway)

Screenshots

minimal version

no extra features enabled

only output

Only output enabled

only command

Only command enabled

everything enabled

All features enabled

Script

SENSU_PASSWORD = "password"
SENSU_USERNAME = "username"
SENSU_URL = "https://sensu.domain.example:port"

# display options
SORT_BY_HOSTNAME = true
SHOW_COMMAND = false
SHOW_OUTPUT = true

# blink indicators - possible values: "warn", "error", "unknown"
# e.g. BLINKING_INDICATORS = ["warn", "error"]
BLINKING_INDICATORS = []

command: "curl -sS --user #{SENSU_USERNAME}:#{SENSU_PASSWORD} #{SENSU_URL}/events"
refreshFrequency: 60000  # Milliseconds between calls


render: -> """
<div>
  <table></table>
  <style>
    @-webkit-keyframes blink {
       from { opacity: 1; }
       to { opacity: 0.2; }
    }
  </style>

</div>
"""

update: (output, domEl) ->
  # Redraw the widget
  events = JSON.parse(output)
  table = $(domEl).find('table')

  table.html('')

  translateStatus = (code) ->
    # translate between text and Sensu/Nagios status codes
    if code == 0
      return "ok"
    if code == 1
      return "warn"
    if code == 2
      return "error"
    else
      return "unknown"

  showCommand = (check) ->
    # display the check command if enabled
    if check.command? and SHOW_COMMAND == true
      return "<= " + check.command
    else
      return ""

  showOutput = (check) ->
    # display the check output if enabled
    if check.output? and SHOW_OUTPUT == true
      return "=> " + check.output
    else
      return ""

  showBlinking = (status) ->
    # blink indicators if enabled
    if "warn" in BLINKING_INDICATORS and status == 1
      return "blink"
    if "error" in BLINKING_INDICATORS and status == 2
      return "blink"
    if "unknown" in BLINKING_INDICATORS and status != 0
      return "blink"
    else
      return ""

  insertNewline = () ->
    # dynamically insert a newline between check command and check output if both are enabled
    if SHOW_OUTPUT == true and SHOW_COMMAND == true
      return "<br>"
    else
      return ""

  sortByHostname = (a, b) ->
    # sort the results by hostname if enabled
    return a.client.name.localeCompare(b.client.name)

  renderEvent = (event) ->
    # render one event
    """
    <tr>
      <td class="status #{translateStatus(event.check.status)} #{showBlinking(event.check.status)}"><div class="disc"></div></td>
      <td class="sitename">#{event.client.name}</td>
      <td class="check">#{event.check.name} </td>
      <td class="impact">#{showCommand(event.check)}#{insertNewline()}#{showOutput(event.check)}\</td>
    </tr>
    """

  if SORT_BY_HOSTNAME == true
    results = events.sort(sortByHostname)

  for event in events
    table.append renderEvent(event)


style: """
top: 20px
left: 80px
right: 80px
color: #ffffff
margin: 0 auto
font-family: Helvetica Neue, Sans-serif
font-smoothing: antialias
font-weight: 300
font-size: 16px
line-height: 27px

td
  vertical-align:top

.status
  padding: 8px 9px 0 0

.sitename, .check
  padding: 0 20px 0 0

.disc
  width: 12px
  height: 12px
  border-radius: 50%

.warn .disc
  background-color: rgba(249,186,70,0.6)

.error .disc
  background-color: rgba(234,84,67,1)

.unknown .disc
  background-color: rgba(77,77,77,1)

.blink
  animation: blink 2s cubic-bezier(0.950, 0.050, 0.795, 0.035) infinite alternate
"""

notes

  • I recommend using an additional layer of protection in front of your Sensu API (e.g. Apache/Nginx Basic Auth + Fail2ban)
  • I have not tested this with a Sensu which has no currently failing checks.
  • Please excuse me protecting the privacy of our servers in the screenshots :)

Reading recommendations (2016-08-07)

Posted on Sun 07 August 2016 in reading recommendations

Haven't had the time to work on the new thing for this category yet, so here's another round of links without the bonus feature I'm working on.


Sidenotes.


Reading recommendations (2016-07-30)

Posted on Sat 30 July 2016 in reading recommendations

Here's another round of reading recommendations. The nice addition to these links I mentioned last time is progressing nicely with what I think is probably a third of the work already completed.


Sidenotes.


Reading recommendations (2016-07-18)

Posted on Mon 18 July 2016 in reading recommendations

It's kind of amazing that there's still some time left between work, playing Black Desert Online and doing household chores. I have a little idea about these link posts in the back of my head but don't know yet how much coding effort is required to make that work, so I'll not go into specifics just yet. Let's get to it.

  • DroidJack Uses Side-Load…It's Super Effective! Backdoored Pokemon GO Android App Found by Proofpoint Staff (via Polygon.com RSS)
    In the craze that is Pokémon GO and its staggered release over the world, it is not suprising to see criminals jumping to exploit the people's impatience. Personally, I've seen more than a few players last week in Graz even though the game was released in most of Europa on Saturday. A DDOS immediately followed the release and prevented my girlfriend and me from trying ourselves.

  • The UX Secret That Will Ruin Apps For You by Mark Wilson (via mjtsai.com RSS)
    While I can imagine that checks that take - relatively speaking - too little time have the potential to make people feel insecure I think that's just the assumption that we have been grown accustomed to by using slower internet connections and systems (e.g. without Solid State Drives) for years. Now, if things are done in an instant, it 'seems wrong'. As someone working in tech, it's a different thing because there's a lot more understanding for how fast computers have become and how much you can optimize a problem.

  • STARCRAFT: GHOST: WHAT WENT WRONG by Patrick Stafford (RSS, Polygon)
    I really wanted Starcraft: Ghost to become a real thing. The Starcraft lore is overall very good and would've provided ample room for such a stealth based game with its distinct Ghost units. It's saddening to read about the multiple failures of a project of such potential.

  • The Psychological Benefits of Writing Regularly by Gregory Ciotti (RSS, Lifehacker)
    I can attest to that. While I do love writing in general, there's writing which feels nice and writing that is a drag. Writing technical documentation is a kind of let down - you have to be precise, think hard whether what you write is understandable to your target audience. Prose on the other hand feels like what I imagine painting would be for an artist. I'll just grab the (virtual) pen and let loose.

  • Answer to 'In a nutshell, why do a lot of developers dislike Agile?' by Miles English (via Fefes Blog RSS)
    Have you ever wondered why such a lot of things seem to go wrong when developing software and planning is not done before, but during the project?

  • I'm a black ex-cop, and this is the real truth about race and policing by Redditt Hudson (via Fefes Blog RSS)
    Horrifying read. These problems in America's police force are of nightmarish dimensions. Abuse of power in many, many forms. Reminds me of a tweet I read recently which discussed new gun regulations for officers in another country. A commenter added 'that they act like they were ashamed of gun use'. Well, yes. In countries other than the US, guns are not glorified. They are to be used with caution and preferably not at all by police force.

  • TA Top Five: Main Menu Themes by Marc Hollinshead (RSS, TrueAchievements)
    TA's nice feature on video game menu music has some gems. Didn't know the Dark Souls III one before and was surprised. Oblivion's theme and Mass Effect's theme were immediately recognizable to me; having played many hours of either.

I picked 7 links for some additional commentary. Further links which were candidates can be found below for archival purposes.


Sidenotes.