monkinetic weblog

Steve Ivy's weblog, XI Ed.

Short To Middling

Gina Tripani, Short-form blogging:

"With the obvious caveat that rules are made to be broken (with reason), my new rules for blogging are:"

  • If it's a paragraph, it's a post.
  • Traffic is irrelevant
  • Simplify, simplify
  • Ask for trusted collaborator feedback
  • Have fun

The kinds of rules I want to get back to.

Fair to Middling

Another post on mid-length (I call them old-school) blog entries:

So I think I'll try doing the same thing here. In the early days of, before I launched the linkblog, I used to blog short posts constantly. Multiple times a day. Twitter and Waxy Links cannibalized all the smaller posts, and as my reach grew, I started reserving blogging for more "serious" stuff - mostly longer-form research and investigative writing.

...I miss the casual spontaneity of it all, and since I'm pretty sure hardly anybody's reading my site again after the death of Google Reader, the pressure's off.

Andy Baio, Middling

Unintentional Sexism

Ways Men in Tech are Unintentionally Sexist. I'm in the process of re-educating myself on these issues. If it isn't your thing, it should be. If you've been on the receiving end of this and want to talk about it, feel free to get in touch. If you've been on the receiving end of this kind of this and I was the oaf dishing it out, even more so.

boxpub: The circle is complete

My new blog software - boxpub, which runs this site - got a new feature last night. Fairly recently, Dropbox implemented webhooks for applications, so I added two simple webhook handlers (for the verification step and the data step). How am I using this?

I run this site behind Fastly, a great caching proxy service / CDN based on Varnish. I use it because it basically gets me an insanely fast front end to my little gunicorn app running on a fairly meager Linode. Fastly caches all my HTML permanently (the way I have it configured) unless explicitly invalidated. How do I invalidate? Fastly supports a great Varnish setup that allows me to send a PURGE request (curl -X PURGE <url>) to my home page and Fastly invalidates the cache for that page, and it is re-fetched and generated on next request. Think of it as a just-in-time in-memory static site generator (buzzword bomb).

So, in the current naïve implementation:

@boxpub.route('/webhooks/dropbox', methods=['POST'])
def dropbox_webhook_handle():
    url = CONFIG.SITE_DATA['url']
    try:'PURGING site index')
        purge_resp = requests.request('PURGE', url)
        resp = make_response(purge_resp.text)
    except Exception, e:
        resp = make_response("ERR: " + e.message)
    return resp

Still to do is determining what post or page changed, and purging those particular URLs.

My brother is a badass

My brother designs and creates graphics for trade show booths and TV backdrops. On a recent project for the US Army, his backdrop mural (all CG) triggered an interesting legal reaction:

the Army's PR department feels they have to disclaimer it in the booth that it's "a depiction, not a real photo."


2 weeks after Markbox went down, this site is now running on Markbox "lite" - boxpub.

Boxpub is a simplified, waaaaay stripped down (it's like 2 files, and could be one), reimplementation of parts of Markbox -- the parts that really solve the problem -- write a post on Dropbox, it gets published. It doesn't have to be harder than that.

Docker, Openstack, testing followup

Last week I wrote about an issue I was having with Docker and running mysql (among other things):

The issue I'm on right now is that mysql-server won't start. I tried starting (and restarting) it manually in my Dockerfile with RUN service mysql start after mysql is installed but always get a policy-rc.d error.

What I finally learned (after some research and some helpful folks in the #docker IRC) is that Docker is really designed to run a single process in a limited jail-like environment. It's not a virtual machine, which is why containers are smaller and way faster to start.

If you need to run an app with access to a variety of processes, it seems that current best practice is to boot multiple docker containers running the various services, and use docker container linking to have the services talk to each other.

As for my particular use case, I decided that I did not need a complete Openstack install in order to run my unit tests. I stripped back my provisioning script to only install the base debian packages and the Openstack Dashboard packages, which installs the dashboard unit testing frameworks and mock data that my tests depend on. I can thenn run my tests and pull out the results for processing.

Docker, Openstack, policy-rc.d, mysqld

I'm working on building a Docker image that I can use with Jenkins to run tests on some code. That code interacts with an Openstack install in the container to run the tests.

I'm using a variation of this cloudgear install script to install Openstack, an approach that seems to work well on Vagrant VMs, but it's failing wildly in a Docker container.

The issue I'm on right now is that mysql-server won't start. I tried starting (and restarting) it manually in my Dockerfile with RUN service mysql start after mysql is installed but always get a policy-rc.d error.

invoke-rc.d: policy-rc.d denied execution of start.

I dug in and found that Docker's ubuntu includes a policy-rc.d file that simply returns 101 (not allowed) for any service that tries to start/restart after installation.

exit 101

So... not sure why this is set up this way but I'll go with it. I changed my Dockerfile to rewrite the policy-rc.d file:

RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d

The 0 return code is basically a heard-coded "yes" for installed services to run. I tried re-building my image with this new file, and while I am no longer getting the "denied execution" errors mysql still is not starting (confirmed with a couple of test operations that run after the install):

RUN apt-get install mysql-server python-mysqldb mysql-client-5.5 -y
RUN ps aux | grep mysql
RUN mysql -uroot -p<pwd> -e "show databases;"

Which return:

Step 10 : RUN ps aux | grep mysql
---> Running in c68790f9b090
root        10  0.0  0.0   4408   320 ?        R    18:56   0:00 /bin/sh -c ps aux | grep mysql
 ---> 884cb443fb98
Removing intermediate container c68790f9b090
Step 11 : RUN mysql -uroot -p<pwd> -e "show databases;"
 ---> Running in 1631e5c2edee
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
2014/07/25 18:56:28 The command [/bin/sh -c mysql -uroot -p<pwd> -e "show databases;"] returned a non-zero code: 1

I'm pretty much out of ideas now. If you've got any, please ping me at or on Twitter @steveivy.

Another View of Privilege

(See the disclaimer)

Leslie Hawthorn's recent keynote at OSCON on privilege is unassuming and powerful.

Please watch it and pay attention to this tidbit: privilege can be viewed as operating in a system where all the default settings work for you. This stuck with me, even more than John Scalzi's (also excellent) gaming metaphor (I'm not a huge gamer).

Watch and think: