Writing

Atom feed icon Software, technology, sysadmin war stories, and more.

Saturday, August 10, 2024

Feedback on github, mangling code, and a feed reader

Before I launch into responding to some reader feedback, there's a strange meta-note that I'll mention in case it twigs any memories for other people who run web servers. There's some really strange set of web robots that seem to go crawling for URLs that end in something like "feedback" or "contact" or "support" and "help" and stuff like that. They'll pull an index page and then fetch *all of them* in one fell swoop. It's pretty clear that they don't give a damn about looking halfway plausible. Real people don't request pages like that.

What's really strange is that nothing else happens after that point. Maybe they're looking for pages that have feedback forms, or comment fields, or something like that?

Fortunately, I have no such things on my posts.

...

An anonymous reader asked for my Github URL. I actually used it with a paid account for a while, but then stopped using it a long time ago. I'm talking waaaaay back in 2012 when they were pulling all kinds of stupid "let's trust your data to this overly dynamic web shit" on a regular basis.

I moved out 12 years ago and haven't gone back. It turns out that it's rather simple to just set up a repo on an accessible box and point the participant boxes at it - the ones where I do dev work, the ones that run automatic builds for me these days, and so on.

They've done some dubious things with "public keys" that I disagreed with, too. Someone actually went and made a "ssh whoami" type thing where if you connect to it and present the public key that's on a github profile, it greets you by that profile's name. Cute.

(Aside: There's a DEF CON talk out this week which talks about how people *still* don't really know that sshd will totally tell a client whether a key pair is allowed in given just the *public key*. You should find the slides for "SSHamble". They're good.)

Since then, they had a bunch of crazy stuff involving the treatment of their employees and all of that kind of crap, but I was already gone. Then, hey, an old adversary from the 90s popped its head up and gobbled them up. Yep, Microsoft bought Github in 2018. That's the kind of devious move that is entirely consistent with their old ways of operating.

This is where a bunch of people who weren't even alive in the 90s pop up and tell me how they're different, and thus prove a point I was telling people about 10 years back: "you're not going to recognize them eventually, and younger folks will have no idea of the evil they've foisted upon the world over the years".

Basically, if I was an evil sort and wanted to keep my thumb on the scale of what the "dirty free software hippies" were doing, buying the thing that's practically become synonymous with "git" itself for many people would be a great place to start! So, when they went and did that, well, that's just cake.

That'd be like IBM buying Red Hat... but wait, that happened too!

It's ironic that a fully-distributed-capable system like git ended up with its own "network effect" that brought people into a single site to that degree. Sure, there are others, but you have to know something about the scene to even realize they exist in the first place.

I bet if that had happened in 1998 instead of 2018, it'd be "Microsoft ActiveGit" or some crap like that by now. They would have totally rebranded it to try to fit with the rest of their corporate hell.

When it finally does happen, try to act surprised.

So... TL;DR there's a github profile out there where you'd expect to find one for me, but it has no activity, and for good reason.

...

The previous reader also asked if I had ever taken someone else's code base and turned it into something that "bears little resemblance to the original creature". I'm pondering this one, and, well, I don't think I have? It's not like I turned a wolf into an eel or something like that.

Okay, there was this internal web service up at a place with WAY too much Python. It was (of course) written in Python as well, and I've mentioned it before. It was a tool which was intended to make it easier for people to collaborate on outages... you know, "SEVs", or whatever you might call them where you are.

It had been written by someone as a side project of sorts, and that particular company had no love for such pure engineering work. In fact, that person was on the verge of getting in trouble with their manager for hacking on it in the first place.

So, when I showed up and realized we needed some different behavior out of this tool, I reached out to the nominal owner, learned of the situation, and then got their blessing to go and hack on it, and hack I did.

I put in enough to get it to where other people could see where I was trying to go with it, and then a couple of solid developers showed up and started cranking on it. They fixed a bunch of stupid things I had inflicted upon the code base, and got it to where it was a joy to use.

Also, I had an intern come through who did an amazing job on all of the "followup" side of things - you know, getting a report together, bringing it to a review meeting, collecting follow up tasks, and making sure those actually happen. I had been doing it by hand, and it was awful. When he got done with it, it was a breeze.

Did it look like the original tool? I guess superficially it kind-of did. It still had a list of comments and a way to add a new comment. It picked up features for both the direct users and the reliability people behind the scenes, but it was still nominally an "incident manager", even though I had rebranded it "SEVPanel".

It effectively went from a young wolf to an adult wolf. No eels or other aquatic wildlife mangling was involved. That's all.

The better question is probably *why* I did what I did and set to work on an existing thing instead of trying to come up with something new. That's a long and messy answer. It has chunks of "because it was a right pain in the ass to start a new project there" along with "I was getting enough pushback just introducing the term 'SEV'", so changing the *host name* of the service from incidentassistant.${COMPANY}.${TLD} to something else was right out. I never would have heard the end of that one.

It was so hard to start a service there... ("how hard was it?") ... that one weekend, someone parked a critical piece of infra atop our "bookmark" shortcut service because it was needed to support a certain piece of legislation that had been passed by a city. It was a matter of "put it right there right then" or the company would have been in capital-T Trouble. Also, the company would have looked like giant assholes to the people who needed that level of service, but don't despair - they delivered on that sort of thing plenty of other times that year.

In the rush, the only real solution was to stack it atop something solely intended to support in-browser shortcuts for employees. Why there? It was simple, it was easy to hack on, and if they broke it for a few days, eh, it wasn't the end of the world. It was literally a thing that saved you typing out longer URLs when you wanted a shortcut to a particular internal web page.

As for why it was so urgent, apparently management sat on it as long as possible, THEN dropped it on the engineers. Typical crap for them.

And hey, now you know a bit more about the context of my "edit in prod" story from a few years back.

...

Another reader asked for my opinion of Tiny Tiny RSS because they are planning on self-hosting it. I pretty much covered the range of behaviors that are showing up to the feed test site in my summary post from the other day.

It's definitely doing a bunch of "double tap" polls all over the place, and I have no idea why. To be clear, I don't really care all that much WHY it happens, just that it does, and it happens a lot. It's not like a single user went and hacked something broken into the source. That doesn't fly when it shows up from multiple users who don't even know about each other.

Nope, whatever's going wrong is some weird stuff from upstream.