Skip to main content

Posts

Showing posts from 2013

The outsourcing question

I run a web development business, and am always engaged in a question about how many of my supporting services should be contracted out or done myself. And for what I don't do myself, who I can trust to deliver that service reliably to my clients. And what to do when that service fails. This is not an academic debate this week for me. On Sunday, my server-hardware supplier failed me miserably. On Friday, I notified them of errors showing up in my log related to one of my disks (the one that held the database data and backup files). They diagnosed it as a controller issue and scheduled a replacement for Sunday early morning. So far so good. It took longer than they had expected, but it came back and seemed to check out on first report, so I thought we were done. It was Sunday morning and I wasn't going to dig too deep into what I thought was a responsible service providers' area of responsibility. On Sunday evening, Karin (my business associate at Blackfly) called me a...

Me and varnish win against a DDOS attack.

This past month one of my servers experienced her first DDOS  - a distributed denial of service attack. A denial of service  attack (or DOS) just means an attempt to shut down an internet-based service by overwhelming it with requests. A simple DOS attack is usually relatively easy to deal with using the standard linux firewall called iptables.  The way iptables works is by filtering the traffic based on the incoming request source (i.e., the IP of the attacking machine). The attacking machine's IP can be added into your custom ip tables 'blacklist' to block all traffic from it, and it's quite scalable so the only thing that can be overwhelmed is your actual internet connection, which is hard to do. The reason a distributed DOS is harder is because the attack is distributed from multiple machines. I first noticed an increase in my traffic about a day after it had started - it wasn't slowing down my machine, but it did show up as a spike in traffic. I quickly saw t...

Confused by online payment processing? You're not alone.

In the old days during "polite" conversation, it was considered rude to talk about sex, politics, religion and money. You might think we're done with taboos, we're not (and I'll leave Steven Pinker to make the general argument about that, as he does so well in The Better Angels of Our Nature). The taboo I'm wrestling with is about money - not how much you make, but about online payment processing, how it works, and what it costs. In this case, I think the taboo exists mainly because of the stakes at hand (i.e. lots of money) and the fact that most of those who are involved don't get much out of explaining how it really works - i.e. the more nuanced communications are overwhelmed by sales-driven messaging, and the nuanced stuff is either proprietary secrets or likely to get slapped down by the sales department. In other words, if you want to really understand about online payment processing because you want to decide between one system and another, you...

Drupal and file permissions challenges when using selinux

Twice now I've run into this class of problem and so I'm documenting it here for my future self and anyone else with a similar problem. Most recently, a server I manage was generating a rather baffling error, seemlingly randomly Warning: file_put_contents(temporary:///.htaccess) [function.file-put-contents]: failed to open stream: "DrupalTemporaryStreamWrapper::stream_open" call failed in file_create_htaccess() (line 498 of /[documentroot]/includes/file.inc). Baffling because apache (and pretty much any other process on a linux server) has access to read and write to the /tmp directory, and extra baffling because the file was there, created. It seemed to be mostly when editing, but not uniquely. After doing a stack trace, I discovered this about file management in Drupal: As a security measure, Drupal checks for an .htaccess file in all directories it writes to. That includes the temporary directory [which is good, because sometimes that directory is ins...

Blame or Responsibility? Point the finger!

Would you rather get blamed, or held responsible for something? When something bad happens, I notice that there often replies about the importance of taking responsibility and frequent rebuttals about not pointing the finger or blaming. But hold on, what exactly is the difference? According to Wikipedia (for example), blame can be defined as the act of holding responsible. Certainly, in usage, you'll see that blame is usually given, and responsibility is more often taken, but I'd say those are just tricks of language -- I can accept blame for myself and hold others responsible just as well. So I'd like to stop pretending that this is a real difference. You may have some clever way of distinguishing between them, but for the average person, the only difference is one of implicit value (responsible = good, blame = bad), and that really doesn't help us at all when it comes to public debate or private argument. Okay, so I'm not so naive as to think it's all ...

TD Canada Trust and Online Security

For the past few weeks I've been unable to access the TDEasyweb site. Today I discovered that it's because "TD made a corporate decision to only support Windows and Mac". I have a few problems with this. Personally, it's a hassle because I can no longer use their easyweb site unless I go borrow someone else's computer. This seems like an anti-security measure. It's extra insult because of the way it was not communicated responsibly. I have a bigger problem because the response I got when I talked to a manager was that the only way of dealing with it was to write to a customer feedback email address. And the reality is, if not enough people complain, then they won't do anything about it. Basically, treating my issue as one of personal preference, rather than one of technical choices and security. But on-line security is not at all a matter of personal preference. If a majority of users decided they didn't want as many security precautions as ...

Tax Havens

I've been working with Canadians for Tax Fairness  since they started a couple of years ago, and it was extremely satisfying to see them in action during the current media frenzy around the tax haven data leak. Last December we created an issue specific campaign site about tax havens , and although it hadn't taken off, I'm hoping it's going to get a little bump now. While I was waiting, I checked out google webmaster and noticed that the campaign site had been getting a search traffic increase over the past week or so, and I guessed that it was related to journalists searching who were in on the leak, preparing their stories. I was delighted to see our campaign site sitting at number 7 for the search term "tax havens". Then it occurred to me to check out google trends  to see what they had to say about the search term, and I offer you the following info graphics from them. I thought the geographic one might be especially illuminating, in particular showing...

The Real World of Website Requirements

Do you want to talk to me about developing a website? Here's what I need in a nutshell. A website is part of the Internet. The Internet is a tool for electronic communications. That's all it is. Really. Everything else is just about how it does that, which is also important. So before we talk about anything else, the most important things are: 1. What is the content you are communicating? i.e. what are you saying? 2. Who are you communicating with? i.e. who is the intended audience and are there privacy issues with this content? 3. Who is the author, authority, source, etc. of the content? i.e. who's responsible for the content, who's going to write it, who's going to change it. If you start the conversation about modules, how it looks, iframes, menus, or anything else, I will always get back to these questions, so do us both a favour and think about these first, write them down and email them to me. If you're wondering about the title of this post, ...

Responsive design and colour in web development

I'm not a web designer. If you've worked with me before, you're probably tired of me saying that. Funnily enough, in high school I took art, and always considered myself artsy by inclination, if not vocation or personality. On a recent project  I ended up doing more design work that I'd planned, which happens. I learned about two new things from this process: 1. Responsive web design using Zen grids . It's kind of funny to be back using grids like the old table layout world of pre-2000. But it's now sane and zen grids is one way to keep up with the cool kids doing 'responsive design', which just means your site looks good on all kinds of devices, (yeah, just like html was supposed to by original design, grumble, grumble). 2. Mac colour vs. PC colour . I've know about the different experience of PC users vs. Mac users for a while, but have tried to ignore it (claiming, truthfully, that I am in fact colour blind, though not very). On one project,...

Democratic activists: engage your representatives

For a long time, some kind of "postal code lookup" tool has been the holy grail of e-activism. I wrote such a tool that sent faxes to MPs back in the early 2000s [the aughties?]. But here in Canada we ran into a problem: postal code to riding databases are compiled by Stats Canada and licensed under restrictive use. So in spite of various attempts to come up with a sustainable solution, they've mostly been ad hoc and fail in the long run because of the cost and effort of keeping that database up to date. So I'd been deflecting new requests for such a tool for years, hoping someone else would solve it, until a year ago or more two of my clients said they really wanted such a tool, and it occurred to me that geo-coding had now evolved to the point where we could use a different strategy: instead of keeping a database of postal codes to ridings, we could do geocoding of addresses to latitude - longitude and then use the now freely available shape files of ridings to ...