strace’ing a Clojure process under lein

August 16th, 2016

Today I wanted to strace a JVM process to see if it was making network calls, and I discovered a minor roadblock: It was a Clojure program being run using the Leiningen build tool. lein run spawns a JVM subprocess and then exits, and I only wanted to trace that subprocess.

Read full entry »

Fixing Prosody SSL after upgrade to Debian Jessie

April 15th, 2016

When I upgraded my home server from Debian 7 (wheezy) to 8 (jessie), my installation of the Prosody Jabber chat server broke. Specifically, my chat client would no longer connect, saying SSL was not supported on the server, and prosody complained about SSL support not being available whenever I ran prosodyctl. First I'll show the diagnostic information, then the fix and explanation (spoiler: downgrade lua-socket!), then the new diagnostic output.

Read full entry »

Fixing WordPress redirect loops and insecure links under HTTPS

March 9th, 2016

I tried to switch my blog over to HTTPS and encountered two problems:

  • My stylesheet broke because get_stylesheet_uri() (and other links) were yielding http:// links, which were blocked by the browser
  • Attempting to log in would produce a redirect loop

This was in spite of my database and config files *all* having https URLs, not http. Mysterious and upsetting.

The problem turned out to be that (as far as I can tell) my blog is run on a server behind an SSL-terminating proxy that speaks HTTP to the server. WordPress's is_ssl() function checks the value of $_SERVER['HTTPS'] to see if it is being accessed via HTTPS. WP then (apparently) writes URLs to match this instead of using the literal base URL (this seems stupid) and also generates redirects to try to match the base URL. Both of these cause the observed breakage.

My fix was to add $_SERVER['HTTPS'] = 'on' to my wp-config.

A suggestion to WIRED on the occasion of their adblock-blocking

February 16th, 2016

WIRED magazine recently started dropping an overlay on their articles whenever they detected an adblocker:

Here’s The Thing With Ad Blockers

We get it: Ads aren’t what you’re here for. But ads help us keep the lights on. So, add us to your ad blocker’s whitelist or pay $1 per week for an ad-free version of WIRED. Either way, you are supporting our journalism. We’d really appreciate it.

Ouch, it hurts to see such a good site take itself hostage like that -- and make exactly the same mistake as so many other sites in their approach and phrasing. I want WIRED to do well, so I sent in a letter to the editor. I present it here as well, adapted slightly for the web:

Dear WIRED,

I want you to succeed, but you're making a mistake in the messaging around adblockers that is being overlaid on every article.[1] I care about you, so I'm taking the time to write in with some advice:

Don't phrase it like you're holding your users' privacy and security ransom.

(I'll suggest some alternative phrasing, but first a bit of scene-setting.) I'm happy to give money to sites that provide value. I don't want to be a Free User and I have even written to sites asking them to please take my money. What I won't do is unblock third-party, targeted ads, no matter how tasteful and relevant; the malware risk is too high and the privacy damage is well understood. It's just not an option.

So when your page says "whitelist us or pay", what I hear is "pay up or we'll hurt you". I know that's not what you mean, so let me suggest a replacement. Instead of:

So, add us to your ad blocker’s whitelist or pay $1 per week for an ad-free version of WIRED. Either way, you are supporting our journalism.

I recommend something like:

So, add us to your ad blocker’s whitelist or pay $1 per week to support our journalism directly (and see an ad-free WIRED, of course.)

I'm never going to pay to get rid of the ads I never saw in the first place. I will happily pay to support journalism and other worthwhile endeavors. I think other users will as well.

Best of luck,

- Tim McCormack

A coding story: Dead reckoning vs. diffs

December 29th, 2015

Once upon a time, I wrote a photo gallery in PHP, accompanied by a set of PHP and SQL scripts to populate the site from a KimDaBa (now KPhotoAlbum) database. The code is *terrible*, and when it came time to adjust how I managed photo tags, I couldn't stomach editing the PHP. Slowly but surely, I've been rewriting my photo gallery software. The website is in Clojure, and mostly up to feature parity. The tricky part is the updater -- because of an odd quirk of KPhotoAlbum.

This is the story of trying to solve a problem, finding out a flaw, and then seeing the problem in another light. The intended audience is unclear. :-)

Read full entry »