What is code? It’s not magic, just work

It’s very likely that you already know about or even read the latest issue of Bloomberg, entirely dedicated to answer What is Code? — if you haven’t, you definitely should go read it.

The entire piece is informative and fun to read, and there’s probably something new for everyone reading it. My favourite highlight is:

Computing treats human language as an arbitrary set of symbols in sequences. It treats music, imagery and film that way, too.

It’s a good and healthy exercise to ponder what your computer is doing right now […]

Thinking this way will teach you two think about computers: one, there’s no magic no matter how much it looks like there is. There’s just work to make things look like magic. And two, its crazy in there.

Which reminded me something I said to a fresh group of designers on a HTML+CSS+Javascript crash course.

Un-breaking lighttpd’s broken mod_access

A client let us know that the server where her company’s site was hosted had an unusually high load.

After checking the access log for the web server, it was clear that the cause was repeated access attempts at a single URL, which was not essential to the site. So I though this should be easy, I’ll just block the request in the web server config. Unfortunately, they were using a very outdated version of lighttpd, so it wasn’t that easy.

It seems that older lighttpd builds had several bugs with mod_access, but the worst in our case was that instead of blocking the request and send a 403 Forbidden, it passed the request on to the 404 error handler, and this loaded the entire app enviroment.

So here’s what I did. The lighttpd config looked like this:

$HTTP["url"] =~ "^/foobar.php" {
    url.access-deny = ("")
    server.error-handler-404 = "/403.php"
}

… so request to foobar.php would be handled by 403.php. And then, 403.php:

<?php header('HTTP/1.0 403 Forbidden'); ?>
<h1>Forbidden</h1>

Very silly, but effective. Just because status codes matter.

Horizontally scaling PHP applications

One of the most common worries of the enterprise IT world about WordPress and other Open Source apps it’s how you can scale it — which it’s kind of ironic when their enterprise-y web services response times are usually measured in the scale of tens of seconds…

DigitalOcean has published a high-level practical-overview on horizontally scaling PHP apps that’s a good starting point and I guess it could also apply to other kinds of apps as well.

Zero rating is bad for net neutrality

You’ve probably hear the saying that goes “the road to hell it’s paved with good intentions”… well, you might say something similar of zero-rating, the “new battleground for net neutrality“.

After just about everyone could agree that paying extra for premium access to some types of content it’s “A bad thing”, zero rating turns the situation on its feet: “here, have some Facebook and WhatsApp for free… but nothing else”, which it’s not only the immediate opposite of an Open Internet, but also a long-term threat to the kind of innovation and opportunities that we would like to see as an effect of a free and gratis Internet.

… of course, there might be some honorable exceptions and there should be a clear criteria for judging them (the linked article is in spanish).

Read more on Zero Rating and the Open Internet and Mozilla View on Zero-Rating.

Backups are simple

… or they should be, anyway.

I think that one of the more popular excuses around for not having backups it’s “I haven’t gotten to it”; usually because you don’t have the time to try that fantastic tutorial you found for encrypted-incremental-automatic-deduplicated-control-versioned-backups on Amazon S3.

The thing it’s… it’s ok if you don’t have time for it, because it means you’re doing your job… which very likely isn’t Chief Backups Officer. What it’s not ok it’s that you keep postponing your backups!

That’s why I think that when you’re first configuring your server you should immediately configure some sort of backup that:

  1. It’s very quick to setup, so you actually do it
  2. It’s easy to restore from, so it’s actually useful

And since I’m assuming you’re not an idiot, I know you’ll do your best to keep them safe; which doesn’t mean creating some new fancy encryption scheme but using existing tools to do the job (for instance, ssh and rsync are both encrypted, so they’re good enough for transmitting the data to another server).

I’m sure there are plenty cool alternatives to keep your data safe, but the truth it’s that if they don’t comply with these two basic requirements you should wonder if there’s a better, simpler way.