All posts by rbowen

Bigger fish

This is something that both irritates and perplexes me – people who, when faced with a proposal for a positive change, respond with “aren’t there bigger problems to solve?”

Almost nobody has the power and influence to solve the big problems. Those that do, for the most part, are using that power to enrich themselves, not to solve those big problems.

All big changes are comprised of hundreds or thousands of small changes. Most of us only have the power to make those small changes. To discourage people wishing to make small changes, because there are bigger problems which they cannot solve, is defeatist nonsense.

Solve the problem that’s in front of you. Ignore the people who tell you you should be using your time and energy to solve other things. Be who you are. Use the tools you have, not those that you don’t.

Tyranny grows on live TV

Two days ago the President of the United States, angered that the media had reported that he was hiding in his basement, ordered peaceful protesters in front of the White House to be dispersed, using tear gas and rubber bullets, so that he could cross the street to stand in front of St. John’s Church and have his photo taken holding a Bible. This was both a flagrant violation of the First Amendment, and a shameless use of the Church and the Bible – neither of which he has anything to do with – to support his personal image.

I provide that paragraph because I’m sure, looking back on this in 10 years, the context will be blurry, and it will be hard to believe that this really happened. When my sister told me, Monday night, that it had just happened, I thought it was the setup for a joke.

And, yet, the narrative has gone exactly the way we could have predicted. They were violent rioters. (The video footage proves this to be false.) They attacked the police. (Again, not true.) It wasn’t actually tear gas. (Hundreds of people that were there say that it was.) The incident was simply coincidental to the President’s little walk, and not done specifically so he could get his photo op. The President didn’t order it himself. The entire thing was faked with videos from elsewhere and put together in a studio.

A few Republican Senators have made vague disapproving noises. Alexandria Ocasio-Cortez has made her expected snarky remark. Elizabeth Warren and Nancy Pelosi have made strongly worded statements.

And in the midst of it all, the President has managed to make the narrative about him, rather than about the protest themselves, and the gross injustices that they are are calling out.

Each time, the President’s actions are less defensible. And each time, his supporters’ defenses are easier and easier lies. They’re barely even trying any more, because they know that nothing will be done. They know that the Senate is firmly under his thumb, because of their insatiable greed for power and reelection.

This is only going to get worse, as long as Donald Trump occupies the White House.

TaskWarrior

I’ve been using ToDo.txt for several years now. I wrote about it HERE. It allows me to manage my task list from the command line, which is where I spend a lot of my time already.

Yesterday, Vipul introduced me to Taskwarrior, and I’m switching.

Everything I said about ToDo.txt is still the case with Taskwarrior, but it offers so much more with exactly the same ease of use.

The only thing missing from Taskwarrior that ToDo.txt has is the ability to sync the task data to an Android device. But it turns out that I almost never use that feature anyway, so no great loss.

In addition to what I was already doing (t add to add a task, t done to mark it done) I get reporting, recurring events, and task interdependence, three things that I always felt were missing from Todo.txt.

I recommend you have a look at Taskwarrior if you, like me, use the command line a lot, and are looking for a full-featured task manager.

How the Lion (And the Maasai) Got His Mane

A Just So Story by Richard Bowen

Long ago in Africa, the Lion, Oh my best Beloved, looked exactly the same as the Lioness. The same beautiful tawny coat. The same sharp teeth and claws. The same terrifying roar. They hunted together, and killed together, and were feared by every animal on the vast veldt, and were called the Tsovereigns of the Tsavo.

However, as is the way of the males of all species, the Lion was vain, and discontent. He went to his wife and said, “Oh my beloved, and oh my hunting partner, you are beautiful and the best hunter in the world. We are feared by all creatures, from the Hyrax to the Hippopotamus. But, my love, why is it that the menfolk of the birds of the air, and of the antelopes of the savannah, have beautiful ornaments, while their womenfolk are drab. I fear that they are secretly laughing at me behind my back.”

And his wife, who was wise, said “Shut up and hunt.”

Still discontent, the Lion went to visit Peacock. After assuring Peacock that he wasn’t going to eat him, today, Lion asked, “Beautiful bird, how is it that you are so adorned with gorgeous feathers, while your wife is brown and plain.”

“First of all,” said Peacock, “do not let my wife hear you say that. Secondly, I had nothing to do with it. We have been this way always, my people.” And he flew away, his rainbow fan tail behind him.

Lion returned to his wife, still sad.

“What is it, oh my hunting partner and equal in everything?” asked Lioness.

“Oh my Pride,” said Lion, “you know I love you, and that I think you beautiful, but though we are feared, from the Duiker to the Dromedary, why do I not have some distinguishing mark or feature or …”

“Oh, that. Shut up and hunt.” said his sagacious wife.

The next day Lion visited Impala, and, after assuring him that he was not on the menu, asked, “Noble Impala, how is it that you have those beautiful curved antlers, while your wife is plain and unadorned?”

“Don’t let my wife hear that, sir. And I had no choice in this. I carry them to protect my family from you, but I did not make them myself.” And he ran away, his twisted horns bouncing above the grass.

Returning to his wife, looking sadder than ever, he began to lament. “Oh my lovely bride, we are feared by all the creatures, from the Eland to the Elephant, but why do I not …”

But his wife, seeing what was coming, said “Shut up and hunt.”

The next day, the Lion visited Weaver Bird. Weaver was busy at work building his elaborate woven home, flashing back and forth from the grass to the nest, his beautiful yellow plumage dazzling in the African sun.

“Oh Weaver,” mourned the Lion, “how is it that you have these lovely bright feathers, while your wife is plain brown? I, too, want to be distinctive and beautiful.”

The Weaver, though small, was cunning and quick thinking, and said “Lion, oh great Tsovereign, I have heard what you have been asking the other Animals, and I think I can help you. As you see, I can craft great works of art from just grass, and I can craft you a great mane. Like Wildebeest, or Zebra, but of course much, much more grand.

“But there is a price, oh great hunter. If I do this thing, you must swear on your new mane that you will not hunt me, or my friends, as long as you wear it.”

The Lion, seeing only his coming glory, immediately agreed. So Weaver set to work.

He wove a great flowing golden mane, that completely encircled the face and head of the Lion, until he was fearsome, and beautiful. Lion’s pride grew and grew, and when the mane was complete, he swore, loudly and for all to hear, that he would never again hunt Weaver, or any of his friends.

Weaver hopped to the top branch of his tree, spread his wings wide, and indicated the entire vast savannah. “All of these animals, all the residents of the vast Veldt, oh great King of the Veldt, are my friends. And you have sworn.” And he flew away.

Lion saw how he had been tricked, but he was a beast of his word, and his pride would not let him take off his mane. So he started to walk home, trying to figure out how he would tell his wife.

“Oh my wife, and delight of my life, you are so … no, she will tell me to shut up and hunt …”

Just then one of the other Lions saw him and ran over to ask what he was wearing. Lion began to tell the story, but when he got to the part about the promise, his friend was already running away to find Weaver. And so the word spread.

Now, although the Lion was feared by all, from the Bushbaby to the Buffalo, there is one citizen of the Savannah who does not fear Lion, and that is the Maasai, whose warriors are called the Morani, and who, until that very day, also looked just like his wife. But as Lion approached home, one such warrior crouched in the grass, and seeing Lion’s new mane, determined that he would have it for his own. So he took it from Lion, and fashioned it into a headdress, leaving Lion for the vultures.

And that is why, oh my Best Beloved, from that day to this, Maasai Morani wear a lion mane headdress, and the lion’s wife does all of the hunting.

Measuring conferences

In a normal year, I go to a lot of conferences. 10-14, typically. These events are, presumably, picked because they are in some way useful to my company, or my project.

That’s really hard to measure.

We kind of just know which events are good ones – a gut feeling – but we kind of stink at actual metrics.

One of my goals this year was to be more rigorous about measuring what benefits I got from a conference, so that my budget is spent as effectively as possible, in ways that actually produce long-term benefit. This then informs the events that we’ll do the following year.

Caveat: I am a community manager. As such I care about community metrics. Not sales. Not business cards. Not dollars or contracts. That makes these things that much trickier to track.

Here’s some of the things that I try to measure when I do a conference.

Meaningful Conversations. Most of the people that come to a conference booth are there to get the free stuff. But a precious small number are there to learn, to connect, to solve, to contribute. In past years I have kept a bit of an impression as to how many that was, as a fuzzy metric of whether a particular event was the right audience. This year, it was my goal to actually count, and keep that data from year to year.

New Community Members. This is hard, and, frankly, I don’t know how to track this. But it’s really the most important thing that I would like to track. I know, anecdotally, that lots of people, over the years, have joined, and stayed with, Apache projects because of an experience at ApacheCon. But that’s not the only factor, and it’s certainly hard to track because it requires years of events, and years of conversations, and people willing to tell those stories. I would like a better way to track this, and would love to hear your ideas.

Content. This one is easy to track. A lot of the events I run are all about content creation. When I run a CentOS Dojo, maybe 100 people attend, but then 1000 people see the videos that I record at the event, And maybe 1000 more read the blog posts that come out of those presentations. This is trickier when I am not running the event, and so don’t have control over that. At those events, I try to be very intentional about collecting stories. Stories can be interviews (video, audio, written notes), or they can be a promise of a later story, either delivered in writing, or via a video call that we schedule after the event. Here, obviously, followup is critical, and so it was my goal to be much more intentional about collecting contact info, and detailed notes about why I had that contact info. I wrote a blog post about that after FOSDEM.

As we try to be more intentional about what events we attend, sponsor, and speak at, it would be great to hear from some of you about what you measure, and how, to figure out if a conference (or other event) is a worthwhile investment of your team’s time and money.

Apache, Kites, Geocaching

During the early years of the 2000’s, during a very hard time in my life, I relied on three things to keep me sane – Apache, Kites, and Geocaching. For three very different reasons. I find myself turning to them the last few weeks during another, very different, difficult time.

Apache – The Apache Software Foundation – is an organization that provides free software for the public good. It has, numerous times, defined new technologies, or revolutionized existing technologies. The original project – the Apache Web Server – created the web as we know it, in a very real way. By making a free alternative to the two commercial products that owned the early web (Netscape Server and Microsoft IIS) it made the web accessible to everyone. Contributing my time to that project was a way that I could make the world a better place. It was making life easier for real people solving real problems, and it was meaningful work. That was the main reason that I spent my time working on the Apache Web Server during those years, and why I have stuck with the project for 20 years.

Geocaching had a very different motivation. It was a way to get outdoors, while also playing with technology, and that was certainly part of it. But I think what was so great about it was that it was a task with a clear goal, and you could check it off when it was done. You find the thing. You sign the log book. And when you’re done, a friendly smiley face appears on the map.

Along the way I met some friends, and over the last two weeks when I’ve been ‘Caching, I’ve noticed a lot of those old names reappearing – Dee Whoa, and Moontwig – while seeing a bunch of new names. Skallywags have been just ahead of me on several of the ones I found this week.

And kites. I’ve always loved kites. I have memories of kites going back 40 years. I wrote a poem about kites, and the stability that the lend to life.

Kites are simplicity itself – tuppence for paper and string – But can also get as complicated, and expensive, as you like. Flying a kite takes all of your concentration – or you can just lay on your back and watch it – depending on the winds. I love love love my kites. I love flying. I’m very annoyed when the winds are not helpful. You can put up a kite – or six – and spend a whole afternoon doing nothing at all, and not feel that the time was wasted.

Yesterday I got some repair stuff for my kites, and now I have (I think) 8 functional kites, (3 shown in the above photo) if I can get a big enough field and the right wind.

WFH: Working from home

I have been working at home, full time, for 9 years now. Before that, I had a home office, since I was engaged in a number of remote-work-ish activities, such as my writing, and my work in various open source communities.

As practically all of my friends and colleagues are now working from home – many of them suddenly and unexpectedly – I’ve been thinking about some of the most important tips that I might share with them. I know that a LOT of people are writing blog posts like this, and there’s going to be a lot of overlap.

I’ll start with the most important tip, and you can skip the rest: Set a clear boundary between work and not-work. This boundary is both physical and mental.

If possible (and not everyone has this flexibility in your home) put your work in a separate space from your home. This is automatic when you go to an office. It’s less obvious when your work is now in your home. If you *can* put it in a separate room, you should.

But more important than a physical space is that at the end of the work day, you leave work. If you can close a door, great. That’s best. But not all of us have that luxury. So, at the end of the day, *mentally* close the door. Turn off the computer. Put the papers out of sight. Disconnect. Do not answer email outside of work hours. Do not check your work phone messages. Do not sneak back to your laptop for one more thing. You are home. If you had driven home from the office, you wouldn’t be able to do that. Convince yourself that your 3-step commute is every bit as much of a divider as your 15 minute drive downtown.

The second tip is give yourself permission to be human. When I first started WFH, I felt like I was shirking if I stepped away from my desk to get a drink, or if I chatted with coworkers about non-work topics. But I would do that if I was at a “real” office, so there’s no reason to forbid myself now that I’m not.

And now, more than 10 years ago, there are so many chat platforms where you can connect with colleagues for a virtual water cooler.  Even if you’re an introvert like me, these social moments are critical to staying sane, as well as keeping perspective.

And … that it, really. The rest of it is covered by the many wonderful blog posts out there, but I’d be glad to answer questions.

Oh, and I’ll be giving a presentation tomorrow at work about this, and will post the video here later.

The Leavers, by Lisa Ko

My friend Ruth gave me The Leavers, and I just finished it.

Wow.

I can tell you what it’s about, sort of, but telling you how it feels would be challenging. Unless you already know, in which case, it will feel like home.

The book is about a boy who grows up in New York City, but is not from there. It’s about never fitting. It’s about always feeling that home is somewhere else, just out of reach.

It’s also about how terribly unjust the US immigration system is, but told in terms of the experience of real people, rather than in a preachy, politicized way. Just how real people hurt, and try to live with that hurt.

I don’t know Lisa’s story. But I know that she understands what it is like to be always from somewhere else. Grasping at the moments of belonging, knowing that they won’t last.

This book was beautiful, and ugly, and happy and sad and heartbreaking and uplifting and everyone should read this. Especially if you know something about being always from somewhere else.

fail2ban filter: Block based on mod_security failures

I wanted to write a fail2ban filter which watched my mod_security log file, and added repeat offenders to the firewall block list. I looked at several tutorials/howtos about writing filters, and they were all amazingly complicated, and most of them devoid of useful examples.

After some experimentation, I got something working, and it was remarkably simple. So here goes.

First, the mod_security rule itself.

# Block malicious bots
SecRule REQUEST_HEADERS:User-Agent "@pmFromFile /etc/httpd/modsecurity.d/badbots.txt" "id:5000025,rev:1,severity:2,log,msg:'BAD BOT - Detected and Blocked. '"

The line that starts with SecRule is all one line.

badbots.txt is a text file containing the names of annoying/malicious bots. Specifically I noticed that almost all of the traffic to one of my sites was from a bot named ahrefbot which was making very suspicious requests.

Now, I have entries in my error log that look like:

[Wed Feb 19 16:29:44.363193 2020] [:error] [pid 19321:tid 140221286971136] [client 46.229.168.131:47466] [client 46.229.168.131] ModSecurity: Access denied with code 406 (phase 2). Matched phrase "SemrushBot" at REQUEST_HEADERS:User-Agent. [file "/etc/httpd/conf.d/vhosts/drbacchus.conf"] [line "33"] [id "5000025"] [rev "1"] [msg "BAD BOT - Detected and Blocked. "] [severity "CRITICAL"] [hostname "drbacchus.com"] [uri "/"] [unique_id "Xk1ieF8Z-mVmfnUdi8jliwAAAEA"]

(SemrushBot is another frequent offender.)

The important bits in that line are the client address, and the fact that this triggered the particular rule that I care about. I’ll come back to that in a second.

Step two is to create a new “Jail” in fail2ban. I did this by adding a block to the end of my /etc/fail2ban/jail.local file that looks like:

[modsec]
enabled = true
filter = modsec
action = iptables-multiport[name=ModSec, port="http,https"]
logpath = /var/log/httpd/drbacchus-ssl.error_log
bantime = 10800
maxretry = 1

This creates a jail named modsec. It points to a filter named modsec. It references the log file that I want to watch, and it specifies a ban time of 3 hours.

It’s also very aggressive in that it bans them the first time. You might want to be more lenient with other filters.

Finally, I define the filter itself, by creating a file called modsec.conf in my filter.d directory, with the regex that I wish to match in the referenced log file.

[definition]
failregex = [client <HOST>] ModSecurity: Access denied with code 406.+BAD BOT
ignoreregex =

The line that begins with ‘failregex’ is all one line – it’s just wrapped on your screen here.

The magic bit is the <HOST> which says “the IP address that I want to block will be *here*. The rest of the line is standard regex syntax.

The docs say that you want the regex to be as specific as possible, so that it doesn’t match unexpected things. In this case, I want anything that has the ModSecurity access denied message, followed by some stuff (.+) and BAD BOT from my modsec rule. Many of the examples online appear to have been written by people who were perhaps not very familiar with how regexes work, and so go a bit nuts with the special characters and stuff. That’s really not necessary.

Now, restart fail2ban, and watch the results with fail2ban-client status modsec