A Just So Story by Richard Bowen

Long ago in Africa, the Lion, Oh my best Beloved, looked exactly the same as the Lioness. The same beautiful tawny coat. The same sharp teeth and claws. The same terrifying roar. They hunted together, and killed together, and were feared by every animal on the vast veldt, and were called the Tsovereigns of the Tsavo.

However, as is the way of the males of all species, the Lion was vain, and discontent. He went to his wife and said, “Oh my beloved, and oh my hunting partner, you are beautiful and the best hunter in the world. We are feared by all creatures, from the Hyrax to the Hippopotamus. But, my love, why is it that the menfolk of the birds of the air, and of the antelopes of the savannah, have beautiful ornaments, while their womenfolk are drab. I fear that they are secretly laughing at me behind my back.”

And his wife, who was wise, said “Shut up and hunt.”

Still discontent, the Lion went to visit Peacock. After assuring Peacock that he wasn’t going to eat him, today, Lion asked, “Beautiful bird, how is it that you are so adorned with gorgeous feathers, while your wife is brown and plain.”

“First of all,” said Peacock, “do not let my wife hear you say that. Secondly, I had nothing to do with it. We have been this way always, my people.” And he flew away, his rainbow fan tail behind him.

Lion returned to his wife, still sad.

“What is it, oh my hunting partner and equal in everything?” asked Lioness.

“Oh my Pride,” said Lion, “you know I love you, and that I think you beautiful, but though we are feared, from the Duiker to the Dromedary, why do I not have some distinguishing mark or feature or …”

“Oh, that. Shut up and hunt.” said his sagacious wife.

The next day Lion visited Impala, and, after assuring him that he was not on the menu, asked, “Noble Impala, how is it that you have those beautiful curved antlers, while your wife is plain and unadorned?”

“Don’t let my wife hear that, sir. And I had no choice in this. I carry them to protect my family from you, but I did not make them myself.” And he ran away, his twisted horns bouncing above the grass.

Returning to his wife, looking sadder than ever, he began to lament. “Oh my lovely bride, we are feared by all the creatures, from the Eland to the Elephant, but why do I not …”

But his wife, seeing what was coming, said “Shut up and hunt.”

The next day, the Lion visited Weaver Bird. Weaver was busy at work building his elaborate woven home, flashing back and forth from the grass to the nest, his beautiful yellow plumage dazzling in the African sun.

“Oh Weaver,” mourned the Lion, “how is it that you have these lovely bright feathers, while your wife is plain brown? I, too, want to be distinctive and beautiful.”

The Weaver, though small, was cunning and quick thinking, and said “Lion, oh great Tsovereign, I have heard what you have been asking the other Animals, and I think I can help you. As you see, I can craft great works of art from just grass, and I can craft you a great mane. Like Wildebeest, or Zebra, but of course much, much more grand.

“But there is a price, oh great hunter. If I do this thing, you must swear on your new mane that you will not hunt me, or my friends, as long as you wear it.”

The Lion, seeing only his coming glory, immediately agreed. So Weaver set to work.

He wove a great flowing golden mane, that completely encircled the face and head of the Lion, until he was fearsome, and beautiful. Lion’s pride grew and grew, and when the mane was complete, he swore, loudly and for all to hear, that he would never again hunt Weaver, or any of his friends.

Weaver hopped to the top branch of his tree, spread his wings wide, and indicated the entire vast savannah. “All of these animals, all the residents of the vast Veldt, oh great King of the Veldt, are my friends. And you have sworn.” And he flew away.

Lion saw how he had been tricked, but he was a beast of his word, and his pride would not let him take off his mane. So he started to walk home, trying to figure out how he would tell his wife.

“Oh my wife, and delight of my life, you are so … no, she will tell me to shut up and hunt …”

Just then one of the other Lions saw him and ran over to ask what he was wearing. Lion began to tell the story, but when he got to the part about the promise, his friend was already running away to find Weaver. And so the word spread.

Now, although the Lion was feared by all, from the Bushbaby to the Buffalo, there is one citizen of the Savannah who does not fear Lion, and that is the Maasai, whose warriors are called the Morani, and who, until that very day, also looked just like his wife. But as Lion approached home, one such warrior crouched in the grass, and seeing Lion’s new mane, determined that he would have it for his own. So he took it from Lion, and fashioned it into a headdress, leaving Lion for the vultures.

And that is why, oh my Best Beloved, from that day to this, Maasai Morani wear a lion mane headdress, and the lion’s wife does all of the hunting.

During the early years of the 2000’s, during a very hard time in my life, I relied on three things to keep me sane – Apache, Kites, and Geocaching. For three very different reasons. I find myself turning to them the last few weeks during another, very different, difficult time.

Apache – The Apache Software Foundation – is an organization that provides free software for the public good. It has, numerous times, defined new technologies, or revolutionized existing technologies. The original project – the Apache Web Server – created the web as we know it, in a very real way. By making a free alternative to the two commercial products that owned the early web (Netscape Server and Microsoft IIS) it made the web accessible to everyone. Contributing my time to that project was a way that I could make the world a better place. It was making life easier for real people solving real problems, and it was meaningful work. That was the main reason that I spent my time working on the Apache Web Server during those years, and why I have stuck with the project for 20 years.

Geocaching had a very different motivation. It was a way to get outdoors, while also playing with technology, and that was certainly part of it. But I think what was so great about it was that it was a task with a clear goal, and you could check it off when it was done. You find the thing. You sign the log book. And when you’re done, a friendly smiley face appears on the map.

Along the way I met some friends, and over the last two weeks when I’ve been ‘Caching, I’ve noticed a lot of those old names reappearing – Dee Whoa, and Moontwig – while seeing a bunch of new names. Skallywags have been just ahead of me on several of the ones I found this week.

And kites. I’ve always loved kites. I have memories of kites going back 40 years. I wrote a poem about kites, and the stability that the lend to life.

Kites are simplicity itself – tuppence for paper and string – But can also get as complicated, and expensive, as you like. Flying a kite takes all of your concentration – or you can just lay on your back and watch it – depending on the winds. I love love love my kites. I love flying. I’m very annoyed when the winds are not helpful. You can put up a kite – or six – and spend a whole afternoon doing nothing at all, and not feel that the time was wasted.

Yesterday I got some repair stuff for my kites, and now I have (I think) 8 functional kites, (3 shown in the above photo) if I can get a big enough field and the right wind.

I have been working at home, full time, for 9 years now. Before that, I had a home office, since I was engaged in a number of remote-work-ish activities, such as my writing, and my work in various open source communities.

As practically all of my friends and colleagues are now working from home – many of them suddenly and unexpectedly – I’ve been thinking about some of the most important tips that I might share with them. I know that a LOT of people are writing blog posts like this, and there’s going to be a lot of overlap.

I’ll start with the most important tip, and you can skip the rest: Set a clear boundary between work and not-work. This boundary is both physical and mental.

If possible (and not everyone has this flexibility in your home) put your work in a separate space from your home. This is automatic when you go to an office. It’s less obvious when your work is now in your home. If you *can* put it in a separate room, you should.

But more important than a physical space is that at the end of the work day, you leave work. If you can close a door, great. That’s best. But not all of us have that luxury. So, at the end of the day, *mentally* close the door. Turn off the computer. Put the papers out of sight. Disconnect. Do not answer email outside of work hours. Do not check your work phone messages. Do not sneak back to your laptop for one more thing. You are home. If you had driven home from the office, you wouldn’t be able to do that. Convince yourself that your 3-step commute is every bit as much of a divider as your 15 minute drive downtown.

The second tip is give yourself permission to be human. When I first started WFH, I felt like I was shirking if I stepped away from my desk to get a drink, or if I chatted with coworkers about non-work topics. But I would do that if I was at a “real” office, so there’s no reason to forbid myself now that I’m not.

And now, more than 10 years ago, there are so many chat platforms where you can connect with colleagues for a virtual water cooler.  Even if you’re an introvert like me, these social moments are critical to staying sane, as well as keeping perspective.

And … that it, really. The rest of it is covered by the many wonderful blog posts out there, but I’d be glad to answer questions.

Oh, and I’ll be giving a presentation tomorrow at work about this, and will post the video here later.

My friend Ruth gave me The Leavers, and I just finished it.

Wow.

I can tell you what it’s about, sort of, but telling you how it feels would be challenging. Unless you already know, in which case, it will feel like home.

The book is about a boy who grows up in New York City, but is not from there. It’s about never fitting. It’s about always feeling that home is somewhere else, just out of reach.

It’s also about how terribly unjust the US immigration system is, but told in terms of the experience of real people, rather than in a preachy, politicized way. Just how real people hurt, and try to live with that hurt.

I don’t know Lisa’s story. But I know that she understands what it is like to be always from somewhere else. Grasping at the moments of belonging, knowing that they won’t last.

This book was beautiful, and ugly, and happy and sad and heartbreaking and uplifting and everyone should read this. Especially if you know something about being always from somewhere else.

I wanted to write a fail2ban filter which watched my mod_security log file, and added repeat offenders to the firewall block list. I looked at several tutorials/howtos about writing filters, and they were all amazingly complicated, and most of them devoid of useful examples.

After some experimentation, I got something working, and it was remarkably simple. So here goes.

First, the mod_security rule itself.

# Block malicious bots
SecRule REQUEST_HEADERS:User-Agent "@pmFromFile /etc/httpd/modsecurity.d/badbots.txt" "id:5000025,rev:1,severity:2,log,msg:'BAD BOT - Detected and Blocked. '"

The line that starts with SecRule is all one line.

badbots.txt is a text file containing the names of annoying/malicious bots. Specifically I noticed that almost all of the traffic to one of my sites was from a bot named ahrefbot which was making very suspicious requests.

Now, I have entries in my error log that look like:

[Wed Feb 19 16:29:44.363193 2020] [:error] [pid 19321:tid 140221286971136] [client 46.229.168.131:47466] [client 46.229.168.131] ModSecurity: Access denied with code 406 (phase 2). Matched phrase "SemrushBot" at REQUEST_HEADERS:User-Agent. [file "/etc/httpd/conf.d/vhosts/drbacchus.conf"] [line "33"] [id "5000025"] [rev "1"] [msg "BAD BOT - Detected and Blocked. "] [severity "CRITICAL"] [hostname "drbacchus.com"] [uri "/"] [unique_id "Xk1ieF8Z-mVmfnUdi8jliwAAAEA"]

(SemrushBot is another frequent offender.)

The important bits in that line are the client address, and the fact that this triggered the particular rule that I care about. I’ll come back to that in a second.

Step two is to create a new “Jail” in fail2ban. I did this by adding a block to the end of my /etc/fail2ban/jail.local file that looks like:

[modsec]
enabled = true
filter = modsec
action = iptables-multiport[name=ModSec, port="http,https"]
logpath = /var/log/httpd/drbacchus-ssl.error_log
bantime = 10800
maxretry = 1

This creates a jail named modsec. It points to a filter named modsec. It references the log file that I want to watch, and it specifies a ban time of 3 hours.

It’s also very aggressive in that it bans them the first time. You might want to be more lenient with other filters.

Finally, I define the filter itself, by creating a file called modsec.conf in my filter.d directory, with the regex that I wish to match in the referenced log file.

[definition]
failregex = [client <HOST>] ModSecurity: Access denied with code 406.+BAD BOT
ignoreregex =

The line that begins with ‘failregex’ is all one line – it’s just wrapped on your screen here.

The magic bit is the <HOST> which says “the IP address that I want to block will be *here*. The rest of the line is standard regex syntax.

The docs say that you want the regex to be as specific as possible, so that it doesn’t match unexpected things. In this case, I want anything that has the ModSecurity access denied message, followed by some stuff (.+) and BAD BOT from my modsec rule. Many of the examples online appear to have been written by people who were perhaps not very familiar with how regexes work, and so go a bit nuts with the special characters and stuff. That’s really not necessary.

Now, restart fail2ban, and watch the results with fail2ban-client status modsec

The conversation about the death of former Kenyan President Daniel Toroitich arap Moi is complicated, from where I sit. His death is the end of an era, in many ways – the last of the colonial era African strongmen. But he’s also one of the very few powerful African presidents who stepped down at the end of his term, and let the new president peacefully take over. Yes, “he followed the law” seems like an awfully low bar, but at the time, it was a really big deal.

The conversation that’s happening on Twitter is, for the most part, focusing on the terrible parts of his legacy. The torture. The murder and incarceration of his enemies. And, truly, there’s no excuse for that. Only that he apologized, and stepped out of the public eye to let his successors carry on.

But, for me, there’s another layer. When I was a kid, you didn’t speak ill of Mzee. Heck, you didn’t *think* ill of him. You didn’t criticize him in the most private of private places, because you knew that the CID would come drag you away. BBC had a good article today about how Kenyans learned to laugh at Moi.

And I also remember when Amnesty International issued a statement condemning Daniel Moi, I was aghast, and refused to believe the things that they asserted about him, even though I now know them all to be not only true, but probably only a fraction of what he actually did.

When Moi became president, in 1978, upon the death of President Kenyatta, he had a lot of opposition from people who had someone else in mind. Over the years, he became more and more dictatorial, and his government more and more repressive, particularly after the failed coup attempt in 1982.

Meanwhile, in the USA, we are moving into an era where a senator is vilified, and threatened with removal from office, for voting his conscience against his Great Leader, and the days of us mocking third-world countries for this kind of reprehensible behavior seem a long time ago.

At his funeral yesterday, while dignitaries spoke glowingly about the Great Man from the podium, someone in the crowd dared to heckle, and was dragged away, just like in the old days. Some things don’t change so much.

Yesterday, the folks from Metronet came by and ran fiber into my office. I now have (theoretically) gigabit symmetric (ie, up is the same as down). In reality, as was explained to me in exhausting detail by the Spectrum guy this morning, as I was trying to cancel my Spectrum service, you seldom actually get the full gigabit. Down varies between about 700 and about 900. Up varies between about 400 and 600. Note that this is, respectively, twice and 40+ times, what I had with Spectrum, for about half the price, so I’m pleased.

If you are interested in switching, it would be awesome if you mention me as having referred you. I get a small kickback from that.

You can determine your availability, and sign up, at https://www.metronetinc.com/

 

I’m not much for “life hack” kinds of articles, but …

I come back from every conference I go to with a stack of business cards, and the question “why do I have these cards?”

I have tried so many ways to remember why I have particular cards, and ensure actual followup. Write a note on the card. (Invariably it gets smudged, or the available space isn’t enough to actually communicate what I’m supposed to do with the card.) Scan it into Evernote (Kinda sorta works, but somehow I never follow up n them.) Email myself a photo of the card with some notes. (This is pretty good, but involves actually doing it immediately after the conversation, so that I don’t forget, which seldom works at conferences.)

This week I tried something different.

This is a staple-less stapler. You can get one on Amazon HERE.

And I always carry a notebook.

So at FOSDEM I did this:

In case you can’t tell from the photo, I stapled the card to a page in my notebook, and wrote the notes right there. Since my book is always with me, I’m pretty sure I’m not going to forget, this time. And I have room for all of the notes that I need, right there with the contact information I need to follow up.

You can see how the back of the page looks, here.

If you’re curious how the stapler works, you can watch here:

You could, of course, use an actual stapler. It’s just messier and you end up with staples that can tear the page.

 

The CentOS project just tweeted an announcement :

We're updating the @CentOSProject visual identity. https://t.co/yWZkudvgru pic.twitter.com/2JGH0HzLg4

— CentOS Project (@CentOSProject) January 31, 2020

The feedback was mostly positive, but two negative responses caught my eye.

The first:

Feedback is specific and seems to indicate actual expertise.

The next:

Feedback is useless, and incorporates a personal attack (designer should be fired) which is just rude.

I’m left wondering if this person thought that this was in any way helpful or that this is in any way an appropriate way to engage with a stranger. Would they talk with a human in person like this? Do they have any friends?

And even without the rudeness, the response is completely worthless and unactionable. So, one deeply unpleasant person didn’t like it, while 100 others did. Why should I care?

I also wonder if there is a way to respond to this person without returning their vitriol.