I’ll post an update in a week or so with how it feels to work upright. Haven’t had the chance to wrap my head around the experience in such little time, but I feel that my typing speed and accuracy have increased a bit. And a sense of utter freedom of movement – I can now kick, punch (both the air and the wall around the desk) and stretch anytime and even jog in place while I wait for compilation, downloads/uploads, chat responses, etc. or simply pause to think.

Have you tried using a standing desk? What benefits did you discover?

I have written yet another Gravity Forms plugin/addon. This time the plugin was to generate bulk reports for form entries, digests of sorts. Based on a set schedule (which can be altered using the cron_schedules filter), this addon will aggregate all new form entries it hasn’t seen yet (including very old ones) and send them out to predefined e-mail addresses.

The whole thing works best with regular single-shot notifications turned off, probably.

Download it from github now.

So I was looking for a VPS provider with Arch images. Amazon AWS is quite expensive, although Arch Linux AMI images are available from Uplink Labs. But besides that, I’ve also been looking to switch to XEN virtualization, to have guaranteed memory, the power of swap and other advantages over OpenVZ and Virtuozzo offered by many companies.

After having tried out several alternatives on the low-end market, it’s been nothing but headaches, for the past month. So I decided to go for a safe, proven and mainstream provider – Linode. Fit my criteria of carrying Arch images (1.8% of deployments are Arch on Linode), XEN virtualization, quite low-end and budget-friendly, 2TB of data transfer, and promised effortless upgrades. The only downside was their lack of support for PayPal payments (very probably justified). So I had to get a prepaid virtual card.

So, as of a couple of days ago, the new home for my dozen of sites, and repositories is a blazingly fast XEN Arch Linux box at Linode. I’m quite sure I wont’ be disappointed.

What have you tried? What do you use now?

keytool -genkeypair -alias androiddebugkey -dname 'CN=Android Debug,O=Android,C=US' -keystore /tmp/debug.keystore -keyalg RSA -validity 10000 generate a valid Android debug keypair (Signing in Debug Mode) with password ‘android’ for both the keystore and the keys

rm -rf META-INF if such exists

zip -9 -r out-unaligned.apk . to zip things up

jarsigner -sigalg MD5withRSA -digestalg SHA1 -keystore /tmp/debug.keystore out-unaligned.apk androiddebugkey sign it

zipalign 4 out-unaligned.apk out.apk align it

keytool -printcert -jarfile out.apk check it

adb install -s out.apk install it (you may need to uninstall a previous version of the application in case of certificate errors

#!/bin/bash

tail -f $1 | while read line; do
    line=`echo -n "$line" | grep -i "$2"`
    if [ -n "$line" ]; then
        # mate-notify-send -t 0 "$2 has been logged"
        echo "$2 has been logged" | mail -s ...
    fi
done

Something I’ve been using quite a bit lately expecting keywords to show up in various local and remote logs (ssh ... "tail -f ..."). What log event monitoring tools do you use?

Also, since this is the second time I decided to share a bash snippet quickie and have received some improvement feedback on my first one I’ve created yet another “bash-utils” repository. Feel free to chime in.

#!/bin/bash

while true; do
    A=`find $1 -printf '%t' | md5sum`;
    sleep 1
    B=`find $1 -printf '%t' | md5sum`;
    if [ "$A" != "$B" ]; then
        echo "Detected change, doing: $2"
        eval $2
    fi
done

It’s very simple (a poor-man’s replacement for inotify) and doesn’t do anything complicated. Usage ./monitor.sh application "my-reload-services.sh". You can filter out unwanted stuff like maybe *.swp files by referring to the man find pages.

What do you use to monitor for changes? How can the above script be improved?

Before the if __name__ == '__main__': part of your application, i.e. at the very end, you have to wrap a werkzeug.debug.DebuggedApplication middleware around your app object.

if ( app.debug ):
    from werkzeug.debug import DebuggedApplication
    app.wsgi_app = DebuggedApplication( app.wsgi_app, True )

That’s it. Simple as that! Debug your Flask application from the browser, without using the built-in development server. Don’t forget to switch off debugging in production, as the console offers arbitrary code execution.

For everything else there’s Winpdb.

In any case, since my webserver of choice has long been nginx (built-in servers don’t impress me too much), having it serve Flask applications in a robust, reliable way was required. The instructions to marry nginx and Flask via uWSGI are quite clear. I compiled the uwsgi application container, read the docs and came up with the following startup command:

sudo uwsgi -s /tmp/uwsgi.application.sock --chdir /path/to/application -w application:app --uid "www-data" --gid "www-data" --touch-reload . --daemonize /var/log/uwsgi.log

The above is a development setting and will probably be very different in production. Since Flask doesn’t force any convention upon you, I picked the following project layout for now:

.
|-- application
|   |-- application.py
|   |-- models
|   |-- routes.py
|   `-- views
`-- static
    |-- favicon.ico
    |-- js
    |   `-- script.js
    `-- robots.txt

All Python code is in the application directory, where uwsgi runs it. Static files are a directory above that, and will be served as from there and not pollute the source tree. I could have kept the static directory under application just as well, but I’ll keep it outside for now. Here’s what I came up for my

server {

    listen 80;
    server_name application.lo www.application.lo;

    root /path/to/application.lo/application;

    try_files /../static/$uri @application;

    location @application {
        include uwsgi_params;
        uwsgi_pass unix:/tmp/uwsgi.application.sock;
    }

}

This is quite suitable for now. Any recommendations?

• -t show threads, comes up with threads in the list
• -x shows time, user time and system time in seconds
• -P show scheduling policy, either bg or fg are common, but also un and er for failures to get policy
• -p show priorities, niceness level
• -c show CPU (may not be available prior to Android 4.x) involved
• [pid] filter by PID if numeric, or...
• [name] ...filter by process name

Android's core toolbox (shell utilities) are more primitive than the ones you may be used to. Notice how each argument needs to be separated and you can't just -txPc it all, the command line argument parser is non-complex.

It's a pity how command line arguments are not shown. If you need something that's not available by the stock ps shell utility, try manually combing through the /proc directory. For the command line one would do cat /proc/<pid>/cmdline.

And some people actually think there’s nothing bad in posting parts of the card. Yet, the same people have no understanding of which parts are safe to display and which are not. General rule – don’t show your credit card at all, especially online for the general public to view. I have wiped out the critical information in my version of the image as to stop the propagation of this nonsense. The cardholder pasted the image in the clear. Size is taken from the original.

This was a recent image shared via Instagram and Twitter. The person’s peers left 20+ “aww”-type comments, and nobody pointed out that it might have been a bad idea. A sane person on Twitter did so, and the cardholder responded with confidence that it was not a problem since not all the information is available. Now, see, what you get when you don’t understand the technology you use every day?

The cardholder’s screenname contained her name, so the missing name on the left side is not missing any more. The first four digits are a BIN, a Bank Identification Number (or IIN, Issuer Identification Number). We know the issuer – Capital One, it’s a MasterCard Platinum. Quick search through the many BIN lists available online yielded the first 6 digits of the card – 517805, with the last two digits to confirm a match, plus upon closer inspection you can see digits two and three of the BIN in black under the silver numbers, a 7 and an 8 (look under the finger on the left).

After pointing out the bits of “concealed” information that I’ve managed to find out in under 5 minutes, the cardholder took down the image.

Quite excellent. Even if say the last 4 digits were somehow concealed, Luhn’s Algorithm would decrease the search space quite a bit, leaving a handful of valid numbers (probably, whoever does the math gets some kudos). We’re missing the CVV, but we have the rest – issue and expiry date, photo of the card, photo of the person, and a whole bunch of other photos of the person online (identity fraud anyone?). And the CVV part is not an issue in many CNP (card-not-present) points of sale.

Is posting images of your credit card online bad? Without doubt. And teach your children to be highly responsible when using modern technology, and think twice, no matter how confident they are.

Be safe.