ArghWebWorks

One of my clients has an extremely busy website. And it’s a popular place for people to show his images and offer a cracked version of his product for sale. We can see them in the apache logs- the referrer shows their domain name. One thing I like to do in order to keep an eye on this is to tail his apache logs and pull out the refer data. I’m using this:

[code]
tail -f access.log | cut -d\ -f9,11 | grep -v (domain name)
[/code]

That’s two spaces after the -d\; the backslash is escaping the space used as the delimiter. You may need different field numbers (9 and 11 are the ones for his combined logs that show the HTTP status code and the referrer). And of course I need to grep out the domain name of his site because it’s all over those lines.

Hope that helps ya.

I know, it’s a Heinlein quote.

A few years ago, I was in the same sort of position I’m in now. That is, looking for a full time gig to support the family. Need a PHP Programmer / System Administrator?

Then, I split my resume into two parts- a “programmer” resume where I tried to speak more to people who wanted programmers, and an “administrator” resume where I did the same with more of an admin slant. This time around, I didn’t bother with that. I figured I’d put my cards on the table and play my strongest suits together- I’m good at both.

I’ve started asking “Why Me? Why did you pull my resume out of that stack of six thousand resumes to ask me to come in?” Because, let’s face it; the openings have a lot of applicants, and the hiring people have to choose on something.

The two people of whom I’ve asked this question have said the same thing; “your combination of PHP skills and your System Admin chops.” Well, not in those exact words, but pretty close.

So if you’re following the instructions of some resume writers, and focusing on one skill set for your job search, don’t be afraid to change it up a bit and lay your cards out too.

Seth Godin could not have posted this at a more appropriate time for me.

Not that I was doing 4% less, but it did totally suck. Here’s the situation. I have a site I’ve built for a client. I do regular maintenance on the site and I keep it in a subversion repository. I also do development for this site. I have a development site set up for it where only I can see the results.

Early last month, I was asked to develop a feature for it. It was actually similar to many other parts of the site but to implement it right, I needed to rewrite a fairly major portion of the navigation pages. Then I had to duplicate it for a different category of navigation, and since it’s either working one way through a standard link (product.php?id=4) and through a javascript update of elements, I had to do a lot of testing.

I did a lot, a lot of testing of it and was really proud of how it worked. I developed it in Linux / Firefox and tested it with Windows Firefox 3 and IE 7. I don’t really have to support IE6 at the moment. I tested all of the static link possibilities and then I tested all of the javascript possibilities. It was set, and I committed it to the repository. The client wasn’t ready for it yet, and since we’ve had problems where I’ve made something live where either he or I weren’t around to make sure it was right (thus the emphasis on testing ), I was waiting for him to say to make it live.

Before he did, however, he had some smaller things to change. So I changed them and made those changes live. I had typos, however, on the copies I committed to the repository. I changed his code live for these smaller things, so these weren’t tested. This was a problem- I wasn’t ready to roll out the bigger changes to “live” but I did need to roll out some later newer changes.

So when he was ready for these bigger changes, I rolled them out. And then this happened over IM:

client: dont you test this shit before you go live
client: just forget it
client: i'll do it differently
client: less chance of you destroying my site that way
client: revert back to before you broke it
me: i'll brb. off to shoot myself.
client: how about before you do that you get my frikking page to load in IE?
client: you're making us look bad
... ( client asks if I can handle the other way without taking down his site) ...
me: If I can't handle it, I'll subcontract some eight year old in india to do it for me.
client: or a 3 year old in china
client: do you practice being inept in front of a mirror or is it just a natural state
client: does it just come naturally?
client: a gift?

I had to take over 200 dollars off the invoice from last month ( for the changes that didn’t work ) and my entire day was put into a blender and frappiccinnoed. Nice, huh? And all because I made his smaller, newer changes live and didn’t properly test them with the revisions that I had tested

Here’s a couple of things I should have done. First, made the changes to my development area and tested them before I did them to the live site. Second, made use of the “branch” and “tagging” features and branched the code when he needed the smaller changes made, then merged it afterwards (and tested). Really, it’s the testing that’s the problem. Even in my “full time gig,” my testing could use some work.

Most of us have, when we go to design a new website, a way we configure the working environment. For example, I like to have a “setenv.inc” file to set up a database connection and create a smarty object, I like to have Smarty templating and the Pear/DB class in my /libs directory.

It’s kind of a pain to copy over the last website’s configuration, clean out the cruft I don’t need for the new one, and restructure it for a new website. So here’s what I did.

First, I copied over the last website’s configuration and cleaned out the cruft, at first without any other tools; just my stuff ( no database, no smarty, et cetera ). I created a subversion repository and imported this, then checked it out, giving myself a working directory.


svnadmin create /home/svn/repos/rgh_libs/
svn import . /home/svn/repos/rgh_libs/
cd ..
rm -rf blankdir
svn co /home/svn/repos/rgh_libs blankdir/


Then, because Smarty makes available a subversion repository (and look, it’s unstable for the trunk branch. Don’t panic if it breaks ), I went into the blank directory and set up an externals definition:


cd blankdir
svn propedit svn:externals . (note that it's applying to the blank dir, which I'm in; there's a period on the end of the line. )
(edit file to look like:)
libs/smarty http://smarty-php.googlecode.com/svn/trunk/
(save and exit )
svn up

That last svn up will bring in the smarty libraries to your libs/smarty directory. And look, it’s the entire package. We don’t need the entire branch, we just need the libs. Remove the libs/smarty dir, edit the svn properties, and reupdate

rm -rf libs/smarty

(edit file to look like)
libs/smarty http://smarty-php.googlecode.com/svn/trunk/libs/
svn propedit svn:externals .
(save an exit )
svn up


I also like using the blueprint CSS(link) (Cascading Style Sheets), the pear DB package, magpierss and simplepie. Unfortunately, those packages don’t currently have a subversion repo, so I have to download them and add them to the repository. On the plus side, they’re smaller than the smarty package.
I add them, and then commit my changes with a tag.

When I start a new website, I can do a “svn export /home/svn/repos/rgh_libs newsite/” and I’ll get the current version of smarty (and whatever other packages I saved ). But I didn’t have to update the smarty version and I didn’t have to store multiple copies of smarty in my repository.

The hyperdesk site is finally live. It’s been a long road of about eight months of nightly work. Once the client was satisfied that the html(link)/css he wanted was out of my league ( way out of my league ) he had another company set up the html(link) and CSS(link) (Cascading Style Sheets) and start up the javascript.

Their work with mootools was a lot smoother than my work with prototype.

The site owes a lot to mootools.net, PEAR and smarty. I went with using the Pear libraries for database access, the Smarty tools for templating and the mootools for javascript. I’ve built a secondary site at hyperdesk themes that’s using the same stuff and also the blueprint css(link) libraries. Once nice thing about building a site for myself ( or to my own standards ) is that while I can say “this is ugly” ( the animation is currently ugly ), I can also say “make this better via the blueprint grid.” and not “move this over 2 pixels, no too far!”

How does one “become more competitive?”

Competetiveness is a virtue of companies. Basically, people who believe in it consider that there’s a limited amount of income available ( or public attention or whatever ) and they’re driven to get “their fair share” or “most of what’s out there.”

Here’s a list of values a client poses for his company. It’s not my list, but I think it’s an interesting one to look through:

• Creative in approach to solving problems
• dedicated to his own ideas
• high value on time
• competitive
• thinks big
• forward thinking/future oriented
• innovative

I like to think t hat I’m dedicated to my own ideas, innovative and creative with regards to problem-solving. However, I’m not sure I place a high enough value on time, or that I think big enough. As far as “competitive,” don’t make me laugh.

How does one groom oneself to become more competitive?

I thought that Fail2Ban would work well with the spammers we’ve been getting through one of the mail servers. Basically, I wanted to keep track of who had connected to the server and was from one of the spam sources listed at spamhaus.org. I wanted to configure a firewall rule so we didn’t even have to listen to their message.

I configured it to watch the mail log and when a connection was rejected because of spamhaus.org, it would trigger. It would remember the IP for an hour and then let the spammer try again. Why an hour? Our list is currently averaging around 2500 ips, and I didn’t want it bigger than that.

This is the jail.conf entry:

[spamhaus]
enabled = true
filter = spamhaus
action = iptables[name=SPAMHAUS, port=smtp, protocol=tcp]
logpath = /var/log/maillog
findtime = 60
bantime = 3600
maxretry = 1


And the filter entry:

[Definition]
failregex = [[](?P\S*)[]] (?:did not issue|[(]may be forged[)])
failregex = (?P\S*) listed at sbl-xbl.spamhaus.org


However, here’s an intriguing question: at some point fail2ban just “stopped working.” It was like the regex didn’t match any more. Nothing obvious in the logs, et cetera. But when it stopped working, we were hammered by inbound spam. In fact, I originally thought the problem was a DOS attack. But maybe when the iptables rules expired, the spam mail servers carried on their normal mail sending ( when a mail server comes back online, send any waiting mail to it ). Maybe I’m not helping the problem and I should go back to a plain 5.7.1 reject?

I don’t recommend it yet. Of course, it’s in beta, so cavet programmeur and all that. However, I had to comment out an include for the PEAR.php file ( for some reason site5 is automatically including it ) and then the response from Amazon, when I finally got one of their example scripts running was “410,” which means “gone, left with no forwarding address.”

So I’m imagining that it’s not really being maintained at the moment. Feel free to argue with me For now, I guess, I’m rolling my own class. And that’s ok too.

Every morning, I had a client calling me and asking “Is our server abnormally unresponsive?” They were browsing their website and it seemed to them that the pages were taking longer than usual to render. Once I figured out why they were asking and what they were measuring with, I realized I could graph this amount of time, the important thing was figuring out how to get this information.

Here’s what I came up with: I was already running mrtg-rrd to do much of their graphing, so I wanted to create a MRTG Target line to correspond to “how long does our page take to render.” I wrote a script to run “/path/towget –delete-after -pq (page) -O /tmp/garbage” and display the amount of time it took. I wrote it in php because it was easiest.


$wget="/usr/bin/wget -pq --delete-after -O /tmp/garbage";
$toget = "$site";
$start=microtime(true);
exec( "$wget $toget", $out, $e );
$end=microtime(true);
$dur=round( $end-$start, 3 );
print "$dur\n";


The problem with this is that I was running it on their gateway; their gateway is also the monitor and grapher. It was taking less than a second to render the page ( because of local network speeds ). Instead, I wanted it to more closely correspond to what the client would be seeing. Their development server is at their office; so I put the script there and wrote the MRTG target to point at a local ( on the gateway ) script that got the value from the development server, printed it twice, printed the date and the name of the site. It looks like this:

$user='foo';
$password='bar';
$sitename='example.com';
exec("/usr/bin/lynx -auth=$user:$password --dump http://developmentserver.com/scriptname.php ", $out, $e );
$time=0;
while ( ($time==0) && (count( $out ) > 0 ) ) {
$time=(float) array_shift( $out );
}
print "$time\n";
print "$time\n";
print date("r\n");
print "$sitename\n";


A couple of important caveats. The day after I started running this ( it averages around 4.6 seconds, btw, much too long imho ), the displayed time doubled. It could have been a change to the page we’re looking for, but it turned out to be a DNS issue on the development server. So DNS is important. This doesn’t take into account the amount of time a browser takes to render a page; it’s just the time to download all the pieces. So processor intensive stuff, like super heavy javascript or super heavy tables, won’t show up here. However, if you keep in mind what the value is- how long to resolve and download all the pieces of a web page, this is a useful metric.