Skip to content

Category: Erklärbär

The Sonos Rage Wave

Update in progress…

Sonos shipped an update – and it contained a revised privacy statement. The new privacy statement can also be found here (de, en). Go read it, it’s shockingly well written.

Even more so considering the really complex situation Sonos is in – as an independent platform for streaming music from dozens of services, and in the future as a platform for digital assistants, they have a bundle of multilateral legal and contractual obligations that they need to handle on top of maintaining a technologically demanding product.

A case of really bad journalism can be found at Heise (Article in German):

10 Comments

Community Management?

Today is a weird day. First thing is a friend asking about help with community management. And next thing is Fefe reiterating his longstanding fallacy (Rant in German) that programmers are able to do anything just because they are able to do one thing (here: Community Management).

The TL;DR is that he rants against non-programmers showing interest into programming projects, because the software is actually useful, ruining everything.

Dabei ist es so einfach, sich in einem Projekt Respekt zu erarbeiten. Leiste einfach was. Erwarte nichts als Gegenleistung. Problem: Jede Minute über dich oder deine Leistungen reden macht 10 Minuten tatsächliche Leistung kaputt.

But it is easy to get respect in a project: Just show something useful. Don’t expect a return. Problem: Every minute speaking about yourself or your results ruins ten minutes of actual useful work.

That is, of course, nonsense. It just shows, like his example about the closed umatrix bug tracker, a complete lack of understanding of the communication situation and a failure to organise the the communication efficiently.

6 Comments

PHP: Understanding unserialize()

The history of serialize() and unserialize() in PHP begins with Boris Erdmann and me, and we have to go 20 years back in time. This is the day of the prerelease versions of PHP 3, some time in 1998.

Boris and I were working on Code for a management system for employee education for German Telekom. The front side is a web shop that sells classes and courses, the back end is a complex structure that manages attendance, keeps track of a line manager approval hierarchy and provides alternative dates for overfull classes.

In order to manage authentication, shopping carts and other internal state, we needed something that allowed us to go from a stateless system to a stateful thing, securely. The result was PHPLIB, and especially the code in session.inc.

That code contained a function serialize(), which created a stringified representation of a PHP variable and appended it to a string. There was no unserialize() necessary, because serialize() generated PHP code. eval() would unserialize().

8 Comments

Monitoring – the data you have and the data you want

So you are running systems in production and you want to collect data from your systems. You need to build a monitoring system.

That won’t work and it won’t scale. So please stop for a moment, and think.

What kind of monitoring do you want do build? I know at least three different types of monitoring system, and they have very different objectives, and consequently designs.

Three types of Monitoring Systems

The first and most important system you want to have is checking for incidents. This Type 1 monitoring is basically a transactional monitoring system:

3 Comments

Scaling, automatically and manually

There is an interesting article by Brendan Gregg out there, about the actual data that goes into the Load Average metrics of Linux. The article has a few funnily contrasting lines. Brendan Gregg states

Load averages are an industry-critical metric – my company spends millions auto-scaling cloud instances based on them and other metrics […]

but in the article we find Matthias Urlichs saying

The point of “load average” is to arrive at a number relating how busy the system is from a human point of view.

and the article closes with Gregg quoting a comment by Peter Zijlstra in the kernel source:

This file contains the magic bits required to compute the global loadavg figure. Its a silly number but people think its important. We go through great pains to make it work on big machines and tickless kernels.

Let’s go back to the start. What’s the problem to solve here?

Leave a Comment

So you want to write a Shell script

So some people, companies even, have guidelines that describe how to write shell scripts, or even unit tests for shell scripts, as if “UNIX Shell” was a programming language. That’s wrong.

“Modern Shells” are based on a language that has been written without a formal language specification. The source looked like this, because somebody didn’t like C and wanted Algol, abusing the preprocessor. The original functionality and language rules had to be reverse engineered from that source, and original shell has a lot of weird rules and quirks:

  • You can use the caret, ‘^’, as replacement for the pipe symbol, ‘|’.
  • Check out the section »Consider a variable which has been picked up by the shell from the environment at startup. Modifying this variable creates a local copy.« in that document, especially the part where they explain this:
    If you call a script directly from a bourne shell (“./script” without shebang),  then the shell only forks off a subhell and reads in the script.
    The split between original and local copy of the variable is still present in the subshell.But if the script is a real executable with #! magic, or if another sh is called, then fork and exec is used and only the original unmodified variable will be visible.

And it gets better if you go down the entirety of that particular document.

If you think Unix Shell is a survivable programming environment, good luck, and please take your code with you while you leave.

10 Comments

Zero Factor Authentication

Dear Internet, Today I Learned that oath-toolkit exists in Homebrew.

So, this is a thing:

$ brew install oath-toolkit
$ alias totp='oathtool --totp -b YOURSECRET32BLA | pbcopy'

And so is this:

#! /usr/bin/env expect -f
 
set totp [ exec oathtool --totp -b MYSECRET7W22 ]
 
spawn ssh verysecure.doma.in
expect "Password:"
sleep 1
send "thisIsN0t1GoodPaszwort@\r"
expect "Two Factor Token:"
sleep 1
send "$totp\n"
interact

Yup, it’s totally possible to laugh and cry at the same time.

4 Comments

Using MySQL Partitions (a Python example)

Today somebody had a problem with expiring a large table (a Serendipity Blog table).

In MySQL InnoDB, tables are physically ordered by primary key (InnoDB data is a B+ tree, a balanced tree where the data pages are the leaves of the tree). If you are expiring old data from such a log table, you are deleting from the left hand side of the tree, and since it is a balanced tree, that triggers a lot of rebalancing – hence it is very slow.

If you rename the old table and INSERT … SELECT the data you want to keep back into the original table, that can be faster. But if the data you want to keep is larger than memory, the indexing of the data will still be slow.

A nice way to handle log tables are partitions. Here is an example. It’s not very cleaned up, but it works on my system.

Leave a Comment

New Technology vs Planned Obsolescence

based on an old Google plus article from 2015:

What you observe as Planned Obsolescence is often the natural outcome of fast product cycles that are necessary for any new technology.

When a new thing arrives in the market, it is often barely viable, a minimum viable product. We are remembering the iPhone 1 as revolutionary, but we chose to forget about is slowness, its clunkyness and the very limited feature set it had. And those of us having purchased a car with built-in satnav now have to deal with a car radio where you have to choose between listening to a CD or putting in the outdated CD-ROM with navigation data – and then wait for a minute until you get the route.

3 Comments