All posts by rbowen

WFH: Working from home

I have been working at home, full time, for 9 years now. Before that, I had a home office, since I was engaged in a number of remote-work-ish activities, such as my writing, and my work in various open source communities.

As practically all of my friends and colleagues are now working from home – many of them suddenly and unexpectedly – I’ve been thinking about some of the most important tips that I might share with them. I know that a LOT of people are writing blog posts like this, and there’s going to be a lot of overlap.

I’ll start with the most important tip, and you can skip the rest: Set a clear boundary between work and not-work. This boundary is both physical and mental.

If possible (and not everyone has this flexibility in your home) put your work in a separate space from your home. This is automatic when you go to an office. It’s less obvious when your work is now in your home. If you *can* put it in a separate room, you should.

But more important than a physical space is that at the end of the work day, you leave work. If you can close a door, great. That’s best. But not all of us have that luxury. So, at the end of the day, *mentally* close the door. Turn off the computer. Put the papers out of sight. Disconnect. Do not answer email outside of work hours. Do not check your work phone messages. Do not sneak back to your laptop for one more thing. You are home. If you had driven home from the office, you wouldn’t be able to do that. Convince yourself that your 3-step commute is every bit as much of a divider as your 15 minute drive downtown.

The second tip is give yourself permission to be human. When I first started WFH, I felt like I was shirking if I stepped away from my desk to get a drink, or if I chatted with coworkers about non-work topics. But I would do that if I was at a “real” office, so there’s no reason to forbid myself now that I’m not.

And now, more than 10 years ago, there are so many chat platforms where you can connect with colleagues for a virtual water cooler.  Even if you’re an introvert like me, these social moments are critical to staying sane, as well as keeping perspective.

And … that it, really. The rest of it is covered by the many wonderful blog posts out there, but I’d be glad to answer questions.

Oh, and I’ll be giving a presentation tomorrow at work about this, and will post the video here later.

The Leavers, by Lisa Ko

My friend Ruth gave me The Leavers, and I just finished it.

Wow.

I can tell you what it’s about, sort of, but telling you how it feels would be challenging. Unless you already know, in which case, it will feel like home.

The book is about a boy who grows up in New York City, but is not from there. It’s about never fitting. It’s about always feeling that home is somewhere else, just out of reach.

It’s also about how terribly unjust the US immigration system is, but told in terms of the experience of real people, rather than in a preachy, politicized way. Just how real people hurt, and try to live with that hurt.

I don’t know Lisa’s story. But I know that she understands what it is like to be always from somewhere else. Grasping at the moments of belonging, knowing that they won’t last.

This book was beautiful, and ugly, and happy and sad and heartbreaking and uplifting and everyone should read this. Especially if you know something about being always from somewhere else.

fail2ban filter: Block based on mod_security failures

I wanted to write a fail2ban filter which watched my mod_security log file, and added repeat offenders to the firewall block list. I looked at several tutorials/howtos about writing filters, and they were all amazingly complicated, and most of them devoid of useful examples.

After some experimentation, I got something working, and it was remarkably simple. So here goes.

First, the mod_security rule itself.

# Block malicious bots
SecRule REQUEST_HEADERS:User-Agent "@pmFromFile /etc/httpd/modsecurity.d/badbots.txt" "id:5000025,rev:1,severity:2,log,msg:'BAD BOT - Detected and Blocked. '"

The line that starts with SecRule is all one line.

badbots.txt is a text file containing the names of annoying/malicious bots. Specifically I noticed that almost all of the traffic to one of my sites was from a bot named ahrefbot which was making very suspicious requests.

Now, I have entries in my error log that look like:

[Wed Feb 19 16:29:44.363193 2020] [:error] [pid 19321:tid 140221286971136] [client 46.229.168.131:47466] [client 46.229.168.131] ModSecurity: Access denied with code 406 (phase 2). Matched phrase "SemrushBot" at REQUEST_HEADERS:User-Agent. [file "/etc/httpd/conf.d/vhosts/drbacchus.conf"] [line "33"] [id "5000025"] [rev "1"] [msg "BAD BOT - Detected and Blocked. "] [severity "CRITICAL"] [hostname "drbacchus.com"] [uri "/"] [unique_id "Xk1ieF8Z-mVmfnUdi8jliwAAAEA"]

(SemrushBot is another frequent offender.)

The important bits in that line are the client address, and the fact that this triggered the particular rule that I care about. I’ll come back to that in a second.

Step two is to create a new “Jail” in fail2ban. I did this by adding a block to the end of my /etc/fail2ban/jail.local file that looks like:

[modsec]
enabled = true
filter = modsec
action = iptables-multiport[name=ModSec, port="http,https"]
logpath = /var/log/httpd/drbacchus-ssl.error_log
bantime = 10800
maxretry = 1

This creates a jail named modsec. It points to a filter named modsec. It references the log file that I want to watch, and it specifies a ban time of 3 hours.

It’s also very aggressive in that it bans them the first time. You might want to be more lenient with other filters.

Finally, I define the filter itself, by creating a file called modsec.conf in my filter.d directory, with the regex that I wish to match in the referenced log file.

[definition]
failregex = [client <HOST>] ModSecurity: Access denied with code 406.+BAD BOT
ignoreregex =

The line that begins with ‘failregex’ is all one line – it’s just wrapped on your screen here.

The magic bit is the <HOST> which says “the IP address that I want to block will be *here*. The rest of the line is standard regex syntax.

The docs say that you want the regex to be as specific as possible, so that it doesn’t match unexpected things. In this case, I want anything that has the ModSecurity access denied message, followed by some stuff (.+) and BAD BOT from my modsec rule. Many of the examples online appear to have been written by people who were perhaps not very familiar with how regexes work, and so go a bit nuts with the special characters and stuff. That’s really not necessary.

Now, restart fail2ban, and watch the results with fail2ban-client status modsec

Daniel Moi

The conversation about the death of former Kenyan President Daniel Toroitich arap Moi is complicated, from where I sit. His death is the end of an era, in many ways – the last of the colonial era African strongmen. But he’s also one of the very few powerful African presidents who stepped down at the end of his term, and let the new president peacefully take over. Yes, “he followed the law” seems like an awfully low bar, but at the time, it was a really big deal.

The conversation that’s happening on Twitter is, for the most part, focusing on the terrible parts of his legacy. The torture. The murder and incarceration of his enemies. And, truly, there’s no excuse for that. Only that he apologized, and stepped out of the public eye to let his successors carry on.

But, for me, there’s another layer. When I was a kid, you didn’t speak ill of Mzee. Heck, you didn’t *think* ill of him. You didn’t criticize him in the most private of private places, because you knew that the CID would come drag you away. BBC had a good article today about how Kenyans learned to laugh at Moi.

And I also remember when Amnesty International issued a statement condemning Daniel Moi, I was aghast, and refused to believe the things that they asserted about him, even though I now know them all to be not only true, but probably only a fraction of what he actually did.

When Moi became president, in 1978, upon the death of President Kenyatta, he had a lot of opposition from people who had someone else in mind. Over the years, he became more and more dictatorial, and his government more and more repressive, particularly after the failed coup attempt in 1982.

Meanwhile, in the USA, we are moving into an era where a senator is vilified, and threatened with removal from office, for voting his conscience against his Great Leader, and the days of us mocking third-world countries for this kind of reprehensible behavior seem a long time ago.

At his funeral yesterday, while dignitaries spoke glowingly about the Great Man from the podium, someone in the crowd dared to heckle, and was dragged away, just like in the old days. Some things don’t change so much.

Switched to Metronet

Yesterday, the folks from Metronet came by and ran fiber into my office. I now have (theoretically) gigabit symmetric (ie, up is the same as down). In reality, as was explained to me in exhausting detail by the Spectrum guy this morning, as I was trying to cancel my Spectrum service, you seldom actually get the full gigabit. Down varies between about 700 and about 900. Up varies between about 400 and 600. Note that this is, respectively, twice and 40+ times, what I had with Spectrum, for about half the price, so I’m pleased.

If you are interested in switching, it would be awesome if you mention me as having referred you. I get a small kickback from that.

You can determine your availability, and sign up, at https://www.metronetinc.com/

 

Why do I have this business card?

I’m not much for “life hack” kinds of articles, but …

I come back from every conference I go to with a stack of business cards, and the question “why do I have these cards?”

I have tried so many ways to remember why I have particular cards, and ensure actual followup. Write a note on the card. (Invariably it gets smudged, or the available space isn’t enough to actually communicate what I’m supposed to do with the card.) Scan it into Evernote (Kinda sorta works, but somehow I never follow up n them.) Email myself a photo of the card with some notes. (This is pretty good, but involves actually doing it immediately after the conversation, so that I don’t forget, which seldom works at conferences.)

This week I tried something different.

This is a staple-less stapler. You can get one on Amazon HERE.

And I always carry a notebook.

So at FOSDEM I did this:

In case you can’t tell from the photo, I stapled the card to a page in my notebook, and wrote the notes right there. Since my book is always with me, I’m pretty sure I’m not going to forget, this time. And I have room for all of the notes that I need, right there with the contact information I need to follow up.

You can see how the back of the page looks, here.

If you’re curious how the stapler works, you can watch here:

You could, of course, use an actual stapler. It’s just messier and you end up with staples that can tear the page.

 

Unhelpful feedback

The CentOS project just tweeted an announcement :

The feedback was mostly positive, but two negative responses caught my eye.

The first:

Curved edges on this do not scale down well at small sizes. It's a very busy design for something which will likely be used a lot on screen/small sizes. A step in the right direction but needs more refinement IMO. Solved the colour repo headache, but potentially creating another.

Feedback is specific and seems to indicate actual expertise.

The next:

Feedback is useless, and incorporates a personal attack (designer should be fired) which is just rude.

I’m left wondering if this person thought that this was in any way helpful or that this is in any way an appropriate way to engage with a stranger. Would they talk with a human in person like this? Do they have any friends?

And even without the rudeness, the response is completely worthless and unactionable. So, one deeply unpleasant person didn’t like it, while 100 others did. Why should I care?

I also wonder if there is a way to respond to this person without returning their vitriol.

The email not sent

I frequently say (and write, and tweet) “there is honor in the email not sent.”

The corollary, of course, which is both obvious and perhaps people don’t think about, is that I often write those emails.

Several times a week I write an email, to work through my frustration, anger, whatever, and then delete it, because I recognize that sending it will do more damage.

Today I accidentally pressed send on one of those emails. I’m ashamed, and also not sorry. Because I meant every word of it. But I’m not sure that it will do more good than harm.

Writing these emails is very cathartic. It helps me understand why I’m angry. And more often than not it help me understand that there’s more than one side to the issue, and maybe I’m not all in the right after all. Thus, there’s honor in not sending it.

And, often, it’s just feeding the troll – giving the angry, irritating, poisonous person on the receiving end justification for their vitriol. In which case, it’s just making things worse.

But, sometimes, it’s important to stand up for yourself, too. Even when it doesn’t actually solve anything.

Ten Albums

There’s a thing on Facebook right now where you’re supposed to post ten albums that influenced your musical tastes. This got me thinking, not so much about what I like and listen to now, but the music that surrounded me growing up, and, I presume, influenced my tastes in some way. So here they are. (Not sure if there’s actually ten.)

  1. Barbershop

Barbershop. Not sure it was this one in particular, but Barbershop Quartet was a staple in our home when we were kids. Tapes, records, and a few 8-Tracks, and an entire box set of the SPEBSQSA (Society for the Preservation and Encouragement of Barber Shop Quartet Singing in America) champions.

2) Them Mushrooms

There were a lot of bands that played the standard Kenyan tourist tunes – Hakuna Matata (no, not the Lion King one), Lala Salama, and so on – but in my mind it’s always Them Mushrooms.

3) Dr. Hook

I don’t know that I could even name one of their songs at this point, but there was a Dr. Hook album, and dad played it a lot. Might have been this one. I don’t know.

4) Mlimani Park Orchestra

Many Americans, on hearing Mlimani Park Orchestra, say “that sounds like mariachi!” And I suppose there may be similar roots, if you go back far enough. This was mostly on the radio, and I don’t think I ever actually had it on tape or LP until after I moved to the USA and missed it so much.

5) Graceland

Someone (probably my sister?) brought Graceland back to Kenya with them. This was the first I had heard of this Paul Simon fellow, but he was playing music with Ladysmith Black Mambazo, so it seemed like he might be worth listening to. And I don’t think I had heard of Graceland, or Memphis, before, either. But “Homeless” and “Under African Skies” and the one about the angels in the architecture, opened new worlds of music to me.

6) Rush

Of course, I have to mention Rush. In 1985 (about?) Kristina Silva sent me a mix tape of this new band she had just discovered, and I’ve been listening to them ever since. I couldn’t find that original tape, but I know it’s around here somewhere.

7) Mix tapes

Growing up in the 80s, you cannot really ignore the influence of mix tapes, passed around between friends. This particular one was also from Kristina, and there’s pretty much nothing on this one that I even remember, much less still listen to. But a steady supply of mix tapes that she sent me (this one was apparently during college, but most were while I was in Kenya, and didn’t have a local radio station that played top 40 stuff) definitely shaped my tastes.

And of course kids these days swap Spotify playlists, which is even more amazing, because it leads to discovery of other tracks that neither you nor your friends had heard of. But, of course, mix tapes hold a strong nostalgic corner of the 80’s kids’ hearts.

8) The Joshua Tree

Yes, I’m one of the people who discovered U2 when The Joshua Tree came out, and I was hooked. But then I discovered their older stuff, and was even more hooked. This one gets two images:

I don’t remember where this particular mix tape came from. I probably recorded it off of LPs at Bobby’s house.

9) Watermark

Enya’s album Watermark was where I learned that, for some reason, the radio people always choose a middle-of-the-pack song from an album to give air time. Meanwhile, the rest of this album was really amazing, in a weird sort of way that was completely unlike everything else I listened to at the time.

10) The Other Side of the Mirror

Back in the 90s there were tape/record clubs where you got a dozen tapes for one penny (!!!!) and then there was the small print about buying a million other tapes at full price over the course of the year. This was one of my dozen.

Growing up outside of the top 40 radio scene, I hadn’t heard of Fleetwood Mac, and I didn’t know who Stevie Nicks was.

This was another album that strongly influenced my taste. Here was Stevie, who was beautiful, had this amazing smoky voice, and sang songs that actually meant something, and were poetic. Amazing.

This quickly led me to Fleetwood Mac, of course.

11 and beyond …)

And the rest … well, picking just 10 is always hard. I didn’t even mention Men at Work, and the “Willie Nelson, Waylon Jennings Outlaw Reunion” tape that was one of my first two album purchases *ever* (the other was the Ghostbusters movie sound track!) and Roger Whittaker and … well, so many others.

Draw what you want

I checked this book out from the library about sketching. It started with saying don’t let anybody tell you you’re doing it wrong. If they spent 40 pages telling me that I’m doing everything wrong.

There were a few good tips hiding in among that. But mostly it was just frustrating.