Hi Tim here! Just top let you know what you are reading is an archive copy of my Newsletter, Random Mutterings. I’m slowly adding the archives to the site and you can find them in the newsletter category. So enjoy and please don’t forget to subscribe if you like what you read.
Welcome back to another week. But wait, where was last week’s?
I wrote a Week 4 newsletter, Babs edited it, but by the time I went to publish it an awful lot had changed and so I held it back. So apologies for not sending it, and thank you the two folks who emailed to tell me they hadn’t received it!
This week is an amalgamation of both weeks’ newsletters!
This week is also coming out regardless!
As always, feedback is always appreciated and, just to avoid confusion, these emails are always written a few days before they are sent to give the amazing Babs Saul a chance to edit them.
It was Black Friday, did you notice?
For many of us Black Friday is the time to pick up a great deal, only to realise it was actually cheaper the month before. For me I have picked up the Raspberry Pi HD Camera module and a couple of adaptors for some old, but good quality, lenses I have. I’m not 100% sure what I have in mind but figured it was an early Christmas present.
Black Friday has, in the last few years, been a fairly stressful day, along with Cyber Monday, as sites inevitably struggle to cope with demands and all the “interestingly” coded plugins come out of the woodwork when sites come under load.
This year, of course, for me and my new walk of life, it was generally a quiet one. I did jump on a call to quickly help diagnose a caching issue where a site was struggling even with a full page cache. It turned out their product filter was appending into the query string and invalidating the cache. We didn’t have enough breathing room to fix it, so to help massively reduce the stress. I quickly grep’d the access logs to see what was the most filtered term, and we flipped the default view from Price High-Low to Low-High. This brought the load down enough that the server was serving the uncached pages in just about tolerable limits.
Could you recover from Ransomware?
Take my Ransomware challenge and let me know how you do!
Hack Hunting
Earlier in the week, I was asked to hunt down a persistent hack. The site had been professionally cleaned a couple of times by a well-known company, but the site was being re-hacked. This is the sort of challenge I like, though I will admit to being slightly disappointed when I realised what the cause was.
Having identified one of the backdoors, grep’ing the access logs for any IP that has accessed that file, then taking those IPs and seeing what other files they have accessed, this eventually led back to the originator IP, the original source of the hack. The very first entry in the access log for that IP, was the IP hitting `wp-login.php`, followed by it uploading a plugin. The site was hacked because of a compromised account. The client assured me that all passwords had been changed.
All passwords? Yep they were sure every member of staff’s password had been changed. They had overseen it themselves. Pulling down a list of users showed an odd account with the WordPress role “developer”. When queried about it, they explained it was the original developer’s account, but it no longer had the admin role.
Like most things, this is where WP-CLI comes into its own
wp user list-cap userID
A quick look at the account’s capabilities and yep, while it wasn’t the admin role that user still had all the admin capabilities. To be on the safe side we also conducted a full clean up rather than just removing the infected files the previous company had done. We also setup activity monitoring with Stream passing it to a file using a little utility plugin I wrote a while back.
Other interesting bits, hunting a weird networking issue with IPs that can only connect at certain times of days which we finally pinned down to a host using an off-the-shelf denial of service protection badly, and doing a site security audit.
New Site
On Monday (of this week) I launched my new site, so if you visit TimNash.co.uk you will see it in all its glory!
Is it finished?
No, not even close to the minimum viable site I was waiting to put out, it’s still very much a mess but it’s launched.
So why launch a mess?
Have you ever realised you just can’t stand something? The new site has been a long time coming, it’s been conceptually in my head for over a year, it’s been worked on and off for a long time. Throughout that time I have been using the old site; when I launched the old site I thought it was genuinely not “ugly” but as I was using, and becoming more attached to, the new site, I just started to hate the old site.
Finally I had enough, and decided I couldn’t stand the old site anymore and I launched.
The site is running WordPress (sort of) and is fully static, sitting on Netlify. I will be doing a full blog post on how it’s all working, hopefully out this week (though maybe next).
With the site launch a couple of other things have happened.
Switching to Cabin for Analytics
As the site is fully static I have had to drop Koko Analytics in the end I chose With Cabin over Fathom, having already discounted Plausible and I have been enjoying the lovely interface
For me the big benefits of Cabin was they are UK-based and were super responsive to a few questions I had.
Moved Mailing Providers
This will be the second move for the list this year, the first being TinyLetter to Mailchimp. But I migrated this list away from Mailchimp and over to Buttondown. So fingers crossed, you actually do get to read this email!
Why Buttondown?
I think I can sum up my Mailchimp experience as “WHY!”. Mailchimp used to be a great email sending platform. At some point there was an attempt to pivot to being a full “marketing automation platform” which roughly translates to how many barriers can we put in place for someone to send an email.
I just haven’t been getting on with it, so when looking for a new platform I ended up with 3 choices: self host, MailerLite and Buttondown. In the end I have split the difference and most of our mailing lists have gone to MailerLite but my personal email list is going to Buttondown.
Buttondown provides me with some of the privacy features I have been craving, a simple email interface and just the stuff I want. It’s not trying to make a website for me.
We shall see how the migration goes, but fingers crossed this week’s email comes from Buttondown and you won’t notice a thing.
Thoughts of the weeks
So what have we learnt this week? Basically my professional career can be summed up as a man who greps. It’s true for an awful lot of what I do; I search through files and while I prefer to use tools like Lnav on log files, time and circumstances don’t always allow. Grep is also a tool that often scares people (it scared me too).
So here a few great starting places for people interested in maximising their use of Grep (also don’t forget ‘man grep’ on most systems should bring up the help.
https://wizardzines.com/comics/grep/
The above image is used with permission, thank you Julia!
Something to leave you with, in a good news story with lots of technical detail on how one person recovered a live stream footage after they accidentally moved a file overwriting it undelete a FLV file, it’s a really interesting dive into Linux filesystems.
That’s it for this issue, as always feedback is appreciated. Feel free to hit reply; I read every email!
If you know someone who would find this sort of newsletter interesting, please forward the email and if you wanted to tell the world, they should subscribe; the url to do so is timnash.co.uk/newsletter/