michael schurter

My Linode has been experiencing a huge number of brute force login attempts in the past week. I don’t keep detailed statistics, but I would guess there have been 300 attempts in the past week as opposed to the usual rate of about 500 attempts over 200 days (2-3 attempts per day).

Denyhosts has been doing its job perfectly. It should be illegal to run a Internet exposed SSH server without it or a similar tool.*

Thanks to HoopyCat in #linode for pointing me to a SANS Internet Storm Center article explaining the Summer of Hacks phenomenon.

* Unless of course you only accept key based logins.

Right after I graduated from college, I taught 2 low level CS courses over a couple of semesters. Two of my students created some sort of chat program where you could punch your friends in the face if I remember correctly. It was awesome.

Now they’ve graduated and brought something even more amazing into this world: ManBabies.com

I could try to describe it, or respond to it, but I really think you just need to see it for yourself.

I’m so proud.

While lots of people wiser than I have already commented on Tim Bray’s excellent Multi-Inflection-Point Alert post, I’m eager to avoid housework today.

…we’re simultaneously at inflection points in programming languages and databases and network programming and processor architectures and Web development and IT business models and desktop environments. Did I miss anything?

Ugh, I feel like I’m drowning in all of these areas. I’ve basically given up on keeping up with networking administration and technology (just give me HTTP and I’m happy).

I’m happy with my vanilla Gnome desktop environment, but I still have to be proficient with Microsoft Windows in order to survive. I’d love to be proficient with OSX, but I don’t have the money for Apple hardware (or the desire to learn yet-another-desktop-environment for that matter).

This is why documentation is so important and should often assume nothing about its reader’s knowledge. I’m sure there of lots of people jumping directly into TurboGears and Django development without knowing the basics of Python development like the interactive console and easy_setup.

CORBA is dead. DCOM is dead. WS-* is coughing its way down the slope to dusty death. REST, they say, is the way to go.

Thank God! As a web developer I find myself preaching the gospel of REST+HTTP+JSON over XML based technologies like SOAP and XMLRPC. Tim Bray actually had a great post about JSON vs. XML a couple of years ago to which I’d only add: “Use XML only if you absolutely have to.”

…I think that SQL’s brain-lock on the development community for the past couple of decades has been actively harmful, and I’m glad that it’s now OK to look at alternatives.

I’ve been doing a very poor job of evangelizing this very point to a couple of my friends who develop primarily on PHP and MySQL. SQL is really really great for certain use cases, but forcing yourself to always have to think of object persistence in terms of SQL tables is just masochistic.

…it’s increasingly starting to look like threading is a bad idea; don’t go there.

As a pro-GIL Python developer, I obviously couldn’t agree more! The venerable Donald Knuth recently chastised hardware manufacturers as well for pushing software developers toward ubiquitous parallelism.

That being said, I think threads definitely have good uses. I just disagree with some people’s Code Parallel or Die mentality.

I think someone at PyCon this year basically summed up my feelings on threading for server applications: “If it needs to scale to multiple cores, it probably needs to scale to multiple machines which threading doesn’t help with at all.”

(I haven’t written a non-trivial desktop app in years, so perhaps threading is more useful there.)

Now all of a sudden it’s PHP and then Rails and a bunch of other frameworks…

No mention of Python… ouch. I think once Django hits 1.0 that will change though.

Go read the Business Models and Desktops sections for yourself. They’re fantastic.

For some reason I find this meme interesting… I don’t know why I find it interesting, but at least its brief.

Home Office Computer (Debian Unstable)

$ history|awk '{a[$2]++} END{for(i in a){printf "%5d\t%s\n",a[i],i}}'|sort -rn|head
   99	sudo
   80	cd
   59	ssh
   52	vi
   47	ls
   19	cat
   17	ipython2.5
   12	svn
   12	man
    8	host

Server I do most of my work on these days… (Ubuntu 6.10)

$ history|awk '{a[$2]++} END{for(i in a){printf "%5d\t%s\n",a[i],i}}'|sort -rn|head
  288	vi
  108	svn
   59	cd
   15	ls
    8	screen
    4	grep
    2	sudo
    2	mv
    2	make
    2	cat

I haven’t seen ipython on anyone else’s yet. I’m constantly hopping in & out of ipython to test things.

On the GUI side of things I use Gnome, Firefox, Epiphany, Gnome-Terminal, Banshee, Pidgin, and NetworkManager every day.

Rsync is an excellent file transfer utility thats especially well suited for backing up files over the Internet because it only transfers the data that has changed. A friend asked me how to set it up, so I thought I’d post what I sent him here.

Goal: Backup a directory from computer Zim to computer Ark

Details:

• Both Zim and Ark are subdomains of example.com
• The user on Ark which receives the backup files is named backupuser
• The user on Zim with access to the files you want to backup is named steve

Prerequisites:

• ssh installed on both hosts
• rsync installed on both hosts

1. Login to Zim via ssh:

   ssh steve@zim.example.com

2. Generate a ssh key pair using:

   ssh-keygen -t rsa
   <press enter when prompted where to save the key>
   <press enter twice when asked for a passphrase>

3. To use the key to login to Ark remotely without manually entering a password you need to copy the public key from Zim to Ark using:

   ssh-copy-id -i .ssh/id_rsa.pub backupuser@ark.example.com

   If you don’t have ssh-copy-id on your system, get a new system. If thats not possible you can download the script with:

   wget -O ssh-copy-id http://cvsweb.mindrot.org/index.cgi/~checkout~/openssh/contrib/ssh-copy-id?rev=1.6;content-type=text%2Fplain && chmod +x ssh-copy-id

   Then retry the above command only you’ll need to prepend a “./”:

   ./ssh-copy-id -i .ssh/id_rsa.pub backupuser@ark.example.com

4. Verify the key copied properly by attempting to login to Ark. You should not be prompted for a password:

   ssh backupuser@ark.example.com

5. Logout of Ark. The key is setup, so you’re now ready to rsync files without having to manually enter a password.
6. Test rsync by choosing a small file to backup and using:

   rsync -tP /some/small/testfile backupuser@ark.example.com:/tmp

   A nice little progress bar should be displayed as the file is transferred. Confirm that “testfile” is now in /tmp on Ark.

7. You’re finally ready to do a real rsync like:

   rsync -t /directory/to/backup/* backupuser@ark.example.com:/existing/backup/directory

   Note: There are several useful options for rsync. Check man rsync to find out more.

   • -p — preserve permissions (useful for backups, use -E if you only care about the executable bit)
   • -r — recursively backup directories.
   • -z — compressed uncompressed files
   • And just FYI: -t tells rsync to use the last modified timestamp to determine whether or not to transfer files. It makes rsync a lot faster at determining whether or not files have changed.
8. To schedule the backup to take place nightly at 1:13 AM edit your crontab using crontab -e and insert the following line:

   13 1 * * * rsync -qt /directory/to/backup/* backupuser@ark.example.com:/existing/backup/directory

Caveats:

• These instructions will push files from Zim to Ark. There’s no reason why Ark couldn’t pull files from Zim. In fact, this is often more secure if Zim is a web server with a larger attack surface than Ark. Mea culpa.
• If the IP address of Ark is dynamic, use a service like dyndns.com. Otherwise SSH will give you errors.
• Major security warning: If someone breaks into Zim, they can also delete all of your backups on Ark. Never ever ever use the root user for backups on Ark. You can use the root user on Zim to send the backups, but its best to have a special backup user setup on Ark to receive the backup.

At the CherryPy BOF[1] at Pycon in Chicago we discussed how people are using CherryPy in lots of different ways. We’re afraid people aren’t grokking how flexible CherryPy is just by briefly glancing at the web site and thought having some interesting case studies would be useful.

The wiki has a good start. However, its a bit out of date, and it’d be nice to have some great Case Studies as well as a separate list of Projects using CherryPy.

If your company deploys CherryPy or you’ve used CherryPy for a client, I’d love to hear the story. Here’s a basic format you could follow:

1. Who is using CherryPy: (your name)
2. Where are you using Cherrypy?
   (Company or client name. You can of course remain anonymous)
3. What do you do with CherryPy?
   (What’s your project: a traditional public web site? internal web services?)
4. How is CherryPy deployed?
   (Behind modproxy/modpython/modwsgi, on a cluster behind a load balancer, or is it your frontend HTTP server?)
5. How long have you used CherryPy?
   (The “when” question)
6. Why did you choose CherryPy?
   (While “because its the best” is obviously the answer, a little more detail would be nice. )

Feel free to include screenshots, links, code snippets, diagrams, etc, and e-mail me!

With 3.1 nearing release, it’d be nice if we could launch an updated version of the web site at the same time, so your help is greatly appreciated!

I also posted this over at the cherrypy-user mailing list.

[1]

if excuse not in ['at funeral', 'giving birth', 'saving planet']:
	raise Exception('%s is no reason to miss the CherryPy BOF' % excuse)