During the early years of the 2000’s, during a very hard time in my life, I relied on three things to keep me sane – Apache, Kites, and Geocaching. For three very different reasons. I find myself turning to them the last few weeks during another, very different, difficult time.

Apache – The Apache Software Foundation – is an organization that provides free software for the public good. It has, numerous times, defined new technologies, or revolutionized existing technologies. The original project – the Apache Web Server – created the web as we know it, in a very real way. By making a free alternative to the two commercial products that owned the early web (Netscape Server and Microsoft IIS) it made the web accessible to everyone. Contributing my time to that project was a way that I could make the world a better place. It was making life easier for real people solving real problems, and it was meaningful work. That was the main reason that I spent my time working on the Apache Web Server during those years, and why I have stuck with the project for 20 years.

Geocaching had a very different motivation. It was a way to get outdoors, while also playing with technology, and that was certainly part of it. But I think what was so great about it was that it was a task with a clear goal, and you could check it off when it was done. You find the thing. You sign the log book. And when you’re done, a friendly smiley face appears on the map.

Along the way I met some friends, and over the last two weeks when I’ve been ‘Caching, I’ve noticed a lot of those old names reappearing – Dee Whoa, and Moontwig – while seeing a bunch of new names. Skallywags have been just ahead of me on several of the ones I found this week.

And kites. I’ve always loved kites. I have memories of kites going back 40 years. I wrote a poem about kites, and the stability that the lend to life.

Kites are simplicity itself – tuppence for paper and string – But can also get as complicated, and expensive, as you like. Flying a kite takes all of your concentration – or you can just lay on your back and watch it – depending on the winds. I love love love my kites. I love flying. I’m very annoyed when the winds are not helpful. You can put up a kite – or six – and spend a whole afternoon doing nothing at all, and not feel that the time was wasted.

Yesterday I got some repair stuff for my kites, and now I have (I think) 8 functional kites, (3 shown in the above photo) if I can get a big enough field and the right wind.

I have been working at home, full time, for 9 years now. Before that, I had a home office, since I was engaged in a number of remote-work-ish activities, such as my writing, and my work in various open source communities.

As practically all of my friends and colleagues are now working from home – many of them suddenly and unexpectedly – I’ve been thinking about some of the most important tips that I might share with them. I know that a LOT of people are writing blog posts like this, and there’s going to be a lot of overlap.

I’ll start with the most important tip, and you can skip the rest: Set a clear boundary between work and not-work. This boundary is both physical and mental.

If possible (and not everyone has this flexibility in your home) put your work in a separate space from your home. This is automatic when you go to an office. It’s less obvious when your work is now in your home. If you *can* put it in a separate room, you should.

But more important than a physical space is that at the end of the work day, you leave work. If you can close a door, great. That’s best. But not all of us have that luxury. So, at the end of the day, *mentally* close the door. Turn off the computer. Put the papers out of sight. Disconnect. Do not answer email outside of work hours. Do not check your work phone messages. Do not sneak back to your laptop for one more thing. You are home. If you had driven home from the office, you wouldn’t be able to do that. Convince yourself that your 3-step commute is every bit as much of a divider as your 15 minute drive downtown.

The second tip is give yourself permission to be human. When I first started WFH, I felt like I was shirking if I stepped away from my desk to get a drink, or if I chatted with coworkers about non-work topics. But I would do that if I was at a “real” office, so there’s no reason to forbid myself now that I’m not.

And now, more than 10 years ago, there are so many chat platforms where you can connect with colleagues for a virtual water cooler.  Even if you’re an introvert like me, these social moments are critical to staying sane, as well as keeping perspective.

And … that it, really. The rest of it is covered by the many wonderful blog posts out there, but I’d be glad to answer questions.

Oh, and I’ll be giving a presentation tomorrow at work about this, and will post the video here later.

My friend Ruth gave me The Leavers, and I just finished it.

Wow.

I can tell you what it’s about, sort of, but telling you how it feels would be challenging. Unless you already know, in which case, it will feel like home.

The book is about a boy who grows up in New York City, but is not from there. It’s about never fitting. It’s about always feeling that home is somewhere else, just out of reach.

It’s also about how terribly unjust the US immigration system is, but told in terms of the experience of real people, rather than in a preachy, politicized way. Just how real people hurt, and try to live with that hurt.

I don’t know Lisa’s story. But I know that she understands what it is like to be always from somewhere else. Grasping at the moments of belonging, knowing that they won’t last.

This book was beautiful, and ugly, and happy and sad and heartbreaking and uplifting and everyone should read this. Especially if you know something about being always from somewhere else.

I wanted to write a fail2ban filter which watched my mod_security log file, and added repeat offenders to the firewall block list. I looked at several tutorials/howtos about writing filters, and they were all amazingly complicated, and most of them devoid of useful examples.

After some experimentation, I got something working, and it was remarkably simple. So here goes.

First, the mod_security rule itself.

# Block malicious bots
SecRule REQUEST_HEADERS:User-Agent "@pmFromFile /etc/httpd/modsecurity.d/badbots.txt" "id:5000025,rev:1,severity:2,log,msg:'BAD BOT - Detected and Blocked. '"

The line that starts with SecRule is all one line.

badbots.txt is a text file containing the names of annoying/malicious bots. Specifically I noticed that almost all of the traffic to one of my sites was from a bot named ahrefbot which was making very suspicious requests.

Now, I have entries in my error log that look like:

[Wed Feb 19 16:29:44.363193 2020] [:error] [pid 19321:tid 140221286971136] [client 46.229.168.131:47466] [client 46.229.168.131] ModSecurity: Access denied with code 406 (phase 2). Matched phrase "SemrushBot" at REQUEST_HEADERS:User-Agent. [file "/etc/httpd/conf.d/vhosts/drbacchus.conf"] [line "33"] [id "5000025"] [rev "1"] [msg "BAD BOT - Detected and Blocked. "] [severity "CRITICAL"] [hostname "drbacchus.com"] [uri "/"] [unique_id "Xk1ieF8Z-mVmfnUdi8jliwAAAEA"]

(SemrushBot is another frequent offender.)

The important bits in that line are the client address, and the fact that this triggered the particular rule that I care about. I’ll come back to that in a second.

Step two is to create a new “Jail” in fail2ban. I did this by adding a block to the end of my /etc/fail2ban/jail.local file that looks like:

[modsec]
enabled = true
filter = modsec
action = iptables-multiport[name=ModSec, port="http,https"]
logpath = /var/log/httpd/drbacchus-ssl.error_log
bantime = 10800
maxretry = 1

This creates a jail named modsec. It points to a filter named modsec. It references the log file that I want to watch, and it specifies a ban time of 3 hours.

It’s also very aggressive in that it bans them the first time. You might want to be more lenient with other filters.

Finally, I define the filter itself, by creating a file called modsec.conf in my filter.d directory, with the regex that I wish to match in the referenced log file.

[definition]
failregex = [client <HOST>] ModSecurity: Access denied with code 406.+BAD BOT
ignoreregex =

The line that begins with ‘failregex’ is all one line – it’s just wrapped on your screen here.

The magic bit is the <HOST> which says “the IP address that I want to block will be *here*. The rest of the line is standard regex syntax.

The docs say that you want the regex to be as specific as possible, so that it doesn’t match unexpected things. In this case, I want anything that has the ModSecurity access denied message, followed by some stuff (.+) and BAD BOT from my modsec rule. Many of the examples online appear to have been written by people who were perhaps not very familiar with how regexes work, and so go a bit nuts with the special characters and stuff. That’s really not necessary.

Now, restart fail2ban, and watch the results with fail2ban-client status modsec

The conversation about the death of former Kenyan President Daniel Toroitich arap Moi is complicated, from where I sit. His death is the end of an era, in many ways – the last of the colonial era African strongmen. But he’s also one of the very few powerful African presidents who stepped down at the end of his term, and let the new president peacefully take over. Yes, “he followed the law” seems like an awfully low bar, but at the time, it was a really big deal.

The conversation that’s happening on Twitter is, for the most part, focusing on the terrible parts of his legacy. The torture. The murder and incarceration of his enemies. And, truly, there’s no excuse for that. Only that he apologized, and stepped out of the public eye to let his successors carry on.

But, for me, there’s another layer. When I was a kid, you didn’t speak ill of Mzee. Heck, you didn’t *think* ill of him. You didn’t criticize him in the most private of private places, because you knew that the CID would come drag you away. BBC had a good article today about how Kenyans learned to laugh at Moi.

And I also remember when Amnesty International issued a statement condemning Daniel Moi, I was aghast, and refused to believe the things that they asserted about him, even though I now know them all to be not only true, but probably only a fraction of what he actually did.

When Moi became president, in 1978, upon the death of President Kenyatta, he had a lot of opposition from people who had someone else in mind. Over the years, he became more and more dictatorial, and his government more and more repressive, particularly after the failed coup attempt in 1982.

Meanwhile, in the USA, we are moving into an era where a senator is vilified, and threatened with removal from office, for voting his conscience against his Great Leader, and the days of us mocking third-world countries for this kind of reprehensible behavior seem a long time ago.

At his funeral yesterday, while dignitaries spoke glowingly about the Great Man from the podium, someone in the crowd dared to heckle, and was dragged away, just like in the old days. Some things don’t change so much.

Yesterday, the folks from Metronet came by and ran fiber into my office. I now have (theoretically) gigabit symmetric (ie, up is the same as down). In reality, as was explained to me in exhausting detail by the Spectrum guy this morning, as I was trying to cancel my Spectrum service, you seldom actually get the full gigabit. Down varies between about 700 and about 900. Up varies between about 400 and 600. Note that this is, respectively, twice and 40+ times, what I had with Spectrum, for about half the price, so I’m pleased.

If you are interested in switching, it would be awesome if you mention me as having referred you. I get a small kickback from that.

You can determine your availability, and sign up, at https://www.metronetinc.com/

 

I’m not much for “life hack” kinds of articles, but …

I come back from every conference I go to with a stack of business cards, and the question “why do I have these cards?”

I have tried so many ways to remember why I have particular cards, and ensure actual followup. Write a note on the card. (Invariably it gets smudged, or the available space isn’t enough to actually communicate what I’m supposed to do with the card.) Scan it into Evernote (Kinda sorta works, but somehow I never follow up n them.) Email myself a photo of the card with some notes. (This is pretty good, but involves actually doing it immediately after the conversation, so that I don’t forget, which seldom works at conferences.)

This week I tried something different.

This is a staple-less stapler. You can get one on Amazon HERE.

And I always carry a notebook.

So at FOSDEM I did this:

In case you can’t tell from the photo, I stapled the card to a page in my notebook, and wrote the notes right there. Since my book is always with me, I’m pretty sure I’m not going to forget, this time. And I have room for all of the notes that I need, right there with the contact information I need to follow up.

You can see how the back of the page looks, here.

If you’re curious how the stapler works, you can watch here:

You could, of course, use an actual stapler. It’s just messier and you end up with staples that can tear the page.

 

The CentOS project just tweeted an announcement :

We're updating the @CentOSProject visual identity. https://t.co/yWZkudvgru pic.twitter.com/2JGH0HzLg4

— CentOS Project (@CentOS) January 31, 2020

The feedback was mostly positive, but two negative responses caught my eye.

The first:

Feedback is specific and seems to indicate actual expertise.

The next:

Feedback is useless, and incorporates a personal attack (designer should be fired) which is just rude.

I’m left wondering if this person thought that this was in any way helpful or that this is in any way an appropriate way to engage with a stranger. Would they talk with a human in person like this? Do they have any friends?

And even without the rudeness, the response is completely worthless and unactionable. So, one deeply unpleasant person didn’t like it, while 100 others did. Why should I care?

I also wonder if there is a way to respond to this person without returning their vitriol.

I frequently say (and write, and tweet) “there is honor in the email not sent.”

The corollary, of course, which is both obvious and perhaps people don’t think about, is that I often write those emails.

Several times a week I write an email, to work through my frustration, anger, whatever, and then delete it, because I recognize that sending it will do more damage.

Today I accidentally pressed send on one of those emails. I’m ashamed, and also not sorry. Because I meant every word of it. But I’m not sure that it will do more good than harm.

Writing these emails is very cathartic. It helps me understand why I’m angry. And more often than not it help me understand that there’s more than one side to the issue, and maybe I’m not all in the right after all. Thus, there’s honor in not sending it.

And, often, it’s just feeding the troll – giving the angry, irritating, poisonous person on the receiving end justification for their vitriol. In which case, it’s just making things worse.

But, sometimes, it’s important to stand up for yourself, too. Even when it doesn’t actually solve anything.