In which LastPass gifts us a Sisyphean task
With recent news of LastPass having a significant security breach and also handling the public response poorly, there’s been calls to ditch LastPass.
From LastPass’ blog post:
The threat actor was also able to copy a backup of customer vault data from the encrypted storage container
This is encouragement to migrate. Bitwarden and 1Password seem like reasonable alternatives, at least for now, until fate comes for them as well.
Because the LastPass breach creates a threat that customer password vaults were copied, it means that any migration isn’t complete without changing passwords.
Instead of `npm install -g`...
We have some Sonos speakers at home, and I’d like my kids to be able to choose music when/where they like. The iOS Sonos app is somewhat labyrinthian, so I think, can I make a simple version of this? I figured a simple-ish web interface with buttons for their favorite albums and playlists. Could be fun?
I’ve been doing light web development since the late 90s, and I love learning new stuff, so I’ll pick something newer to use.
GitHub: Finding changes since last release
Time for release! It’s an exciting time. Or, it should be. I want to do a release of fpm! However, there’s some preparation I need to do before I can publish.
I need to make sure the changelog file is updated and accurate, and that means I need to know all of the changes made since the previous release. I don’t mean the code changes, though. I mean what behaviors were changed?
Moving from Flickr to SmugMug
[ This post is a work in progress as I work towards solutions ]
I received an email from Flickr on May 9.
Subject: Your Flickr account is in violation of our free account limits.
You have more than 50 non-public photos on your free account.
They gave me 8 days to resolve it – with the threat of deleting photos. It’s been a long time since I’ve used Flickr, but I don’t want to lose the content I had uploaded.
Genie GPS1200IC automation with ESP8266
My garage has two doors. I’d like to be able to say “Open the garage door” to Siri.
To get there, I’m going to try using Home Assistant and ESPHome. First, though, I need to know how to tell the garage door to operate.
Both door openers are Genie GPS1200IC. Based on some brief research, these appear to have been made between 1996-2000.
Hack a remote? My first attempt was to buy a remote and hook a microcontroller to it.
Home Office Automation
I built a little digital Rube-Goldberg device for my office. When I turn my desk power switch on, a little microcontroller brings my workstation and stereo online.
My desk has a keyboard and monitor, but no computer. The computer lives in the closet a few feet away. Also in this closet is my stereo which drives audio to for the office. This makes my desk cleaner and quieter, but makes it hard to hit the power buttons.
Growing logstash's value
I spent a while today thinking about nerdy stuff - logstash, etc. I want to grow logstash in terms of performance, use case, deployment instances, happy users, and community.
While musing about on my mental roadmap of logstash, I found most things boil down to costs and returns on investment, even with open source software. Money, time, energy, and patience are all costs. Just because something doesn’t cost any money doesn’t mean it won’t consume any time or energy.
Puppet "pure fact-driven" nodeless configuration
Truth should guide your configuration management tools.
Truth in this case is: what machines you have, properties of those machines, roles for those machines, etc. For example “foo-1.a.example.com is a webserver” is a piece of truth. Where and how you store truth is up to you and out of scope for this post.
My goal is to have truth steer everything about my infrastructure. Roles, jobs, and even long-term one-offs get put into the truth source (like a machine role, etc).
Debugging java threads with top(1) and jstack.
At work, we’re testing some new real-time bidding on ADX and are working through some performance issues.
Our server is jetty + our code, and we’re seeing performance problems at relatively low QPS.
The first profiling attempt used YJP, but when it was attached to our server, the system load went up quickly and looked like this:
load average: 2671.04, 1653.95, 771.93
Not good; the load average while running with the profiler attached jumps to a number roughly equal to the number of application threads (3000 jetty threads).
SSL handshake latency and HTTPS optimizations.
At work today, I started investigating the latency differences for similar requests between HTTP and HTTPS. Historically, I was running with the assumption that higher latency on HTTPS (SSL) traffic was to be expected since SSL handshakes are more CPU intensive. I didn’t really think about the network consequences of SSL until today.
It’s all in the handshake.
TCP handshake is a 3-packet event. The client sends 2 packets, the server sends 1.