Reminder — Zeta isn’t the last letter in the Greek alphabet. Alpha, Beta, Gamma, Delta, Epsilon, Zeta, Eta, Theta, Iota, Kappa … so don’t think you missed a dozen tropical storms when you see Zeta in the news.
The Greek Alphabet
Bypassing Civil Service
Great – a new classification of federal employee that doesn’t go through the civil service process *and* don’t terminate with the end of an administration.To advice on policy issues?!
List Extensions Within Folder
It didn’t occur to me that Apache serves everything under a folder and the .git folder may well be under a folder (you can have your project up a level so there’s a single folder at the root of the project & that folder is DocumentRoot for the web site). Without knowing specific file names, you cannot get anything since directory browsing is disabled. But git has a well-known structure so browsing to /.git/index or really scary for someone who stuffs their password in the repo URL /.git/config is there and Apache happily serves it unless you’ve provided instructions otherwise.
A coworker brought up the intriguing idea of, instead of blocking the .git folder so things subordinate to .git are never served, having a specific list of known good extensions the web server was willing to serve. Which … ironically was one of the things I really didn’t like about IIS. Kind of like the extra frustration of driving behind someone who is going the speed limit. Frustrating because I want to go faster, extra frustrating because they aren’t actually wrong.
But configuring a list of good-to-serve extensions means you’ve got to get a handle on what extensions are on your server in the first place. This command provides a list of extensions and a count per extension (so you can easily identify one-offs that may not be needed):
find /path/to/search/ -type f | perl -ne 'print $1 if m/\.([^.\/]+)$/' | sort | uniq -c
Dueling Town Halls
It struck me, while watching the dueling town hall events, how normalized it has become that the national news talks about the president every.single.day. I get that it’s news because he’s the president … but, for most of American history, the president did his thing. Some people didn’t agree with his choices, some did. But it wasn’t so outrageous as to warrant being broadcast to the entire country on the national news. I don’t mean the cable-news plenty-of-time-to-fill stations — I mean the half hour daily news on the national networks.
Chicken Coop Down
Success! We removed the plywood around the playhouse base and tried pulling the playhouse down. Nothing. It’s an odd combination of flimsy and sturdy, but sturdy won out. Scott wrapped a chain around the front 4×4’s and cut through them. For safety, he tacked in two non-cut 4x4s to act as braces while he cut the structure. Pulled again and nothing — those two braces held the entire building.
Then the took other dimensional lumbar and threw it like a javelin at the two braces. A single brace still held the whole building, but after the second brace was removed … we finally have success. It came down in one piece — there are a few dings and the front porch was damaged. But we’ve got a little building at ground level. Now to flip it, clean it up, and get the chickens moved in.
On Patriotic History
History is written by the victor. They can tell us how nice they were (or at least how necessary their not-niceness was). But the fact those who win get to write history in their favor doesn’t negate the value of ensuring people have a more robust view of what actually transpired. The good and the bad. Which makes Trump’s idea of a more patriotic history quite frightening.
In software development, we have “retrospectives” — a meeting where everyone chats about how the last project went. What worked well. What didn’t work well. It’s not meant to be subversive, negative, or blamey — it’s meant to get people thinking about how we could improve the things that didn’t work well. And to feel proud about the things that did go well. I’d love to see this approach taken to teaching history.
By focusing only on the good aspects, you lose important information. A tangentially related example: my daughter’s social studies book attempts to cover the concept of savings and loans. They talked about saving money to buy something bigger later and about the bank giving you money to buy something bigger *now* and you you give the money back later. And omitted the entire concept of interest. Elementary schools are telling kids that the bank will give you a couple hundred k to buy a house, you pay them back over time, and it’s all beautiful. I pulled up my credit card statement and showed her how the grand we spent last month could be paid back immediately — the bank gave me a grand, I paid them a grand back, and they gave me 30$ in bonus cash back for using their service — but that’s not a sustainable business model. How does the bank pay for the building downtown? The people who work there? The advertising? The computer systems? I showed her the “if you pay the minimum” and “if you pay more than the minimum, look how much you ‘save'” box where that grand could cost me three grand. Or I could ‘save’ 1500 by paying more than the minimum due.
Tar Excluding Git Folders
You can, of course, use –exclude and avoid adding the .git folders to your tar archive, but I discovered a really cool option that excludes the folders created by a whole host of version control systems:
--exclude-vcsWhich, as of version 1.32, means excluding CVS, RCS, SCCS, git, SVN, Arch, Bazaar, Mercurial, and Darcs as follows:
- CVS/ — recursive
- RCS/ — recursive
- SCCS/ — recursive
- .git/ — recursive
- .gitignore
- .gitmodules
- .gitattributes
- .cvsignore
- .svn/ — recursive
- .arch-ids/ — recursive
- {arch}/ — recursive
- =RELEASE-ID
- =meta-update
- =update
- .bzr
- .bzrignore
- .bzrtags
- .hg
- .hgignore
- .hgrags
- _darcs
Chicken Coop
There’s a playhouse that came with our house that we’re going to repurpose into a chicken coop — we just need to sort out some safe way of getting it off of the base.
Cyberark — Error Listing Accounts
I was getting an odd error from my attempt to list accounts in Cyberark — “Object reference not set to an instance of an object”. Searching the Internet yielded a lot of issues that weren’t my problem (ampersands in account names in an older version, issues with SSL {and, seriously, someone says disable SSL on the connection they use to retrieve passwords!?! And not just random someone, but RAND?!?}). My issue turned out to be that I was copy/pasting code and used requests.post instead of requests.get — attempting to POST to a GET URL generates this error too.
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): cyberark.example.com:443
DEBUG:urllib3.connectionpool:https://cyberark.example.com:443 “POST /PasswordVault/API/auth/Cyberark/Logon HTTP/1.1” 200 182
Before request, header is {‘Content-Type’: ‘application/json’, ‘Authorization’: ‘5TQz5WVjYm5tMjBh5C00M5YyLT50MjYt5Tc2Y5I2ZDI5…AwMDA5MDA7’}
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): cyberark.example.com:443
DEBUG:urllib3.connectionpool:https://cyberark.example.com:443 “POST /PasswordVault/api/Accounts?search=sample_account&searchType=contains HTTP/1.1” 500 97
{“ErrorCode”:”CAWS00001E”,”ErrorMessage”:”Object reference not set to an instance of an object.”} 500 Internal Server Error
DigiMash Unboxing
Our beer-brewing equipment arrived today! The packaging was not robust — every box had some fairly substantial damage. There’s a dent inside the kettle and one of the fermenters has a pushed in section (supposedly this will pop right out when we fill it). My first surprise was that we got a DigiBoil in a box and the mash upgrade kit in another box. The kettle is even branded as DigiBoil. Which … from a manufacturing / material standpoint makes sense. Why would they have two different sets of packaging and product labels? And three different SKU’s — DigiBoil, DigiMash kit, DigiBoil Mash Upgrade. It was a better deal buying the DigiBoil package — the DigiMash 65L was $259.99 and the mash upgrade $89.99, so we saved ten bucks ordering
