git: shallow clone and sparse checkout of submodule

If you have a huge repository (in size and in history) and want to add a subfolder to your project as a submodule you can follow the code in this example to save time and space using git’s shallow clone and sparse checkout feature. It is a bit more complicated in this example because I assume that you want your submodule to track a non-default branch, called `mybranch`, instead of the `master` branch. Also I assume you already have a checkout of  our huge repository somewhere, so it can be used as an argument to the --reference option of git clone. Things could probably get a lot simpler when using the default branch and just using a normal clone (with no reference  repo). After following the commands in these examples you can use `git submodule update` and `git submodule update –remote` as normal.

tmux: synchronize in all windows (not really)

A neat feature in tmux(1) is the :setw synchronize-panes option, which causes tmux to repeat in all panes the keys typed in the window. But if you’re not using panes and have a bunch of windows which you want to send the same keystrokes to you’re out of luck. Fortunately it’s easy to simulate a synchronize-windows option:

Quick’n’dirty ELB healthcheck

Sometimes you have a service you are running on multiple instances in an AWS autoscaling group, and you want to monitor the application health with ELB so that if an instance become unhealthy your autoscaling group will launch a new instance. But if the service doesn’t expose any ports, such as a web server would, ELB health-checks cannot work because they rely on connecting via TCP or HTTP to monitor the health of it’s instances. So? If you can check the health of your service with some local command or script then all you need is the files in this gist and you’re off!

The idea is to use (or abuse) systemd‘s socket activation feature to run a script whenever ELB asks for a certain URL on a certain port. Ideally this port should not be accessible from the public internet or really anywhere else than where ELB will be connecting from. But this is outside the scope of this document (you are running your instances in a VPC right?).

So, assuming /path/to/somecommand is a an executable that will succeed or fail depending on the health of your service, you need the following script to respond to ELB health checks:

Then you configure the status.socket and status@.service unit files (usually in /usr/lib/systemd/system/). And then prof.. ehm test it first!.

This is perhaps just a hack, but it works OK in many cases.

keeping your shell connected to an agent

One of the most annoying things about using an ssh-agent type process is making sure that the environment in your shell (either from an xterm, from an ssh session or embedded in another application) is always properly setup to connect to that process. Since I use gnupg’s gpg-agent, I wrote the following shell script (sourced in my ~/.shrc) to try and always do the right thing™:

send Graphite output to Slack

Just a quick recipe to send rendered graphs from Graphite to Slack, using your crontab(5) and Incoming Webhooks:

0  5  *  *  * /path/to/script.sh >/dev/null

This will send a message to your webhook’s default channel every day at 5am, and Slack show you a preview of the graph in the channel. For completeness’ sake (!) here’s the contents of `/path/to/script.sh`:

#!/bin/sh
METRIC="stats.gauges.somemetric"
OPTS="from=-2hours&until=now&width=400&height=250"
BASE="https://graph.host.com/render"
GRAPH="${BASE}?${OPTS}&target=${METRIC}&title=${METRIC}"
PAYLOAD="payload={\"text\": \"<$GRAPH|daily metric graph>\"}"
curl -s --dump-header - -X POST --data-urlencode "$PAYLOAD" \
 'https://my.slack.com/services/hooks/incoming-webhook?token=XXXXXXXXXXXXX'

UPDATE: the initial version had a bug with single quotes which ought to have been double quotes. Thanks to GregTheRules for catching that.

target a specific host with an ansible playbook

Sometime you have a playbook that’s all like:

---
- hosts: all
...

and in your inventory you’ve got a long list of hosts that all would expand to. What if you want to just run the playbook for one or two hosts? Then tip by Tybstar is valuable, because you can apparently just add a comma separated list of host names instead of an inventory file name. If you only want one host just add a comma after the name:

ansible-playbook -i "localhost," playbook.yml

As you can see this comes in handy if you just want to run a playbook against localhost.

debugging python objects and fields with gdb

Sometimes your python code crashes or runs into a deadlock. For this the Python Extension for GDB 7 are very handy. On one mainstream Linux distribution this was automatically available when the devel/debug package for python was installed. But this extension has certain limitations, and one that I found quite important was the ability to print individual fields of objects. The “py-print” command truncates it’s output so for a relatively complex object you can’t really see the member attributes.

After looking at the source for this extension I saw it would be relatively easy to fix this. I wrote another command that actually goes through the object’s dictionary and prints out the requested field only. Here’s the gist:

ψευδωνυμία στα κοινωνικά δίκτυα

Πρώτον, προφανώς πιστεύω ότι όλοι έχουμε δικαίωμα να τηρούμε ψευδώνυμους λογαριασμούς, να εκφραζόμαστε ελεύθερα και να μην γινόμαστε στόχος επιθέσεων για αυτά που λέμε.

Επίσης πιστεύω ότι ότι η αποκάλυψη της ταυτότητας ενός ψευδώνυμου αρθρογράφου, ειδικά εάν απειλείται η ζωή και η περιουσία του, μπορεί να είναι ένα μεγάλο φάουλ, όμως αυτό κρίνεται κατά περίπτωση και δεν αποτελεί παραβίαση κάποιου θεμελιώδους δικαιώματος.

Αυτό που θέλω να πω όμως είναι ότι όταν ένα πρόσωπο γράφει ψευδώνυμα, και  υπάρχουν άτομα που γνωρίζουν την ταυτότητα του, πρέπει να αντιλαμβάνεται ότι όχι μόνο δεν έχει πια τον έλεγχο της μυστικότητας της ταυτότητας του αλλά ότι δημιουργεί και μια υποχρέωση σε αυτούς που την γνωρίζουν να κρίνουν την σημασία του συνδυασμού λόγου και ταυτότητας. Συνεπώς ο ψευδώνυμος αρθρογράφος που δεν λαμβάνει υπόψη του ότι συνέπεια της ψευδωνυμίας του είναι η δημιουργία μιας υποχρεώσης σε όσους γνωρίζουν την ταυτότητα του να αξιολογούν τον λόγο του, πράττει μάλλον απερίσκεπτα και θα έλεγα και ανεύθυνα. Άρα η ευθύνη λοιπόν δεν είναι μόνο όσων γνωρίζουν την ταυτότητα, να μην γίνουν “ρουφιάνοι” και “χαφιέδες”, αλλά και αυτού που γράφει ψευδώνυμα. Είναι και αυτός υπεύθυνος εάν οι γνωρίζοντες εξαναγκαστούν σε διλλήματα που αυτός δημιούργησε.

Σε μια συγκεκριμένη περίπτωση που γνωρίζω, μέλη μιας συλλογικότητας γράφουν ψευδώνυμα στο Facebook ή στο twitter και λένε πράγματα που, ταυτιζόμενα με την πραγματική τους ιδιότητα, θα δημιουργούσαν εντυπώσεις για την συλλογικότητα εκείνη τότε είναι προφανές ότι παίρνουν ένα ρίσκο για όλα τα μέλη, όχι μόνο για τους εαυτούς τους. Να το κάνουν, εφόσον πιστεύουν ότι είναι αναγκαίο, αλλά να μην περιμένουν κιόλας ότι υποχρεωτικά όλοι θα είναι σύμφωνοι και ότι θα κρίνουν την προστασία της ψευδωνυμίας ως την σημαντικότερη πλευρά των αναπόφευκτων διλλημάτων που εκείνοι δημιούργησαν.

Τέλος, αν θέλει κανείς να γράφει ψευδώνυμα και μάλιστα περιμένει να προστατεύεται η ταυτότητα του από τα υπόλοιπα μέλη της συλλογικότητας, τότε να φροντίζει να την προστατεύει και ο ίδιος, αποφεύγοντας να εκθέσει ταυτοποιητικά στοιχεία όπως τμήματα του ονόματος του, φωτογραφίες, ή πληροφορίες που μόνο εκείνος μπορεί να γνωρίζει. Διαφορετικά φέρεται ανεύθυνα έναντι τους, εκθέτοντας τους αναίτια σε διλλήματα που ο ίδιος δημιούργησε. Δικαίωμα του θα μου πείτε, και θα συμφωνήσω. Αλλά έτσι είναι η ζωή, κάποια δικαιώματα έχουν και παρενέργειες, π.χ. η ψευδωνυμία μπορεί να σε οδηγήσει σε μια ψεύτικη αίσθηση προστασίας και να πεις πράγματα που θα μετανιώσεις αργότερα. Οπότε ελπίζω απλά να γίνουν τα παθήματα μαθήματα.

 

journal entry for Monday the 6th of January

journal entry for Monday the 6th of January by kouk

Hello 2014. Let’s see, will I succeed in keeping a journal like I’ve promised myself many times before? “This time it’s different”, right? Well is it? Yes, at least in two ways:

  • I will publicize publish at least two entries a week on my blog. At least, while in between I may keep private entries or not.
  • The handwritten paper should also be published alongside the text. Yes it’s a bit of extra work but maybe it will help me with my handwriting, and also appeal to some readers who are hipsters like me :-)

But why keep a journal in the first place? Well I think that the struggle to find the right words to say something is fruitfull in many ways. Writing is  a Great technology, capital G. But in the process you learn a lot about what you know and what you are. An extra reason to keep a journal is as an exercise in discipline. Kind of like getting up in the morning and going running, you win just by exiting the house. So I could stop right here I suppose and chalk one up.

The empty page however beckons.

My thoughts on the new year are a bit unclear. All through the previous year I had been planning that it would be great in a a particular way. Now, the particulars are wiped away and I have to improvise. Lesson #1 don’t dream about particulars, have broader dreams. The major particular that I was dreaming of was my girlfriend moving in with me, and our relationship progressing to new heights. Instead, under the fog of this all important goal, reality brought a sudden and painfull breakup between Christmas and New Years. Don’t ignore reality, it’ll bite you like a feral dog.

The upshot is I can focus more easily on the new job, which I’m excited about and have (broad) hopes about :-D

Here’s to an exciting and productive new year for all of you!

My Linux OS history

Following Nikos and Vagelis here’s a (possibly incomplete) timeline of my personal OS usage:

  • MS-DOS (~1990) , on a 486dx-based tower (even had “turbo“!), mostly for games
  • System 6 (early ’90s) , on a Classic, for games, paint and word processing
  • Red Hat 6 (1999), brought over by a friend to try Linux for the first time.
  • SUSE Linux (2000?), flirting with graphical configuration tools like YaST. Bought an original CD along with an original copy of CodeWarrior IDE! This was the first time I bought original software. Previously I had only used “friendly” copies (either for free or through the shops around Stournara street). SUSE was the last Linux I have used on Desktops or workstations.
  • Tried NetBSD (2002) but after a while I tried OpenBSD and ended up ordering a copy of OpenBSD 3.2. Still have that home firewall box lying around somewhere. Used OpenBSD until 2008.
  • In the era of unsupported laptop hardware (2003+) I have used the following Linux distros (in no special order):
  • In 2008 most colleagues ran Debian GNU/Linux so I attempted a compromise with Debian GNU/kFreeBSD. Used it as a personal workstation at work for about a year, great project! However the effort required in configuring, tweaking and bug reporting eventually got the best of me so I switched to…
  • FreeBSD! (2009-currently) The features in CURRENT at the time (VIMAGE, DTrace, ZFS with GPT) were just too great to ignore (especially ZFS not being experimental anymore). Currently run FreeBSD 9 on a workstation and on a Thinkpad X series laptop. If  my other hardware wasn’t broken or unsupported in some way I would run it everywhere.