Upgrading to Debian 7 (Wheezy)

I run Debian (pure Debian, not Ubuntu) on my server, and a week or so ago, Debian 7 (Wheezy) was released. I figured it would be worth the effort to upgrade, so I took about an hour of my Sunday to go through the process. Just in case I ever need to do it again, here’s how I did it. (I started from these upgrade steps.)

First, Backups

I take pretty regular backups. I run just a couple of sites on my server, and I use Panic’s Transmit to do a basic rsync of the files for my sites to my local machine (and then store those on Dropbox) to make sure I always have a copy of my sites. I made sure to also grab a few other things I backup (apache configs, mysql configs, vim configs, databases) so that I would have the freshest backups.

I also used my host’s snapshot feature to take a snapshot backup of my server. In a worst-case scenario, I would just go back to that state and pretend I never tried this whole thing. The backups cost me about $3/mo, which is well worth it to ensure I can always get my server back up and running.

Prepare for the upgrade

Debian still hasn’t quite figured out the seamless upgrade, so you have to do work some mojo. You need to edit your /etc/apt/sources.list file (likely as root or, the way I do it, via sudo) to replace everywhere it says “squeeze” with “wheezy” thats’s a debian repo. I didn’t replace the nginx repos, not knowing if they are updated yet.

Now, let’s start getting things upgraded. Anywhere I’m executing stuff, assume I’m running “sudo” before it. You might do it as root, or have your system setup differently.

apt-get update
apt-get upgrade

Now wait a while. Every so often, you may get asked if you want to keep your changed version of a conf file. I’ve found that’s safer.

When that’s all done, let’s do a little house keeping.

apt-get autoclean
apt-get autoremove

Those commands will clear out any old packages and free up some disk space. Depending on how much disk space you have free, that may be necessary for the upgrade to Debian Wheezy. (Then again, if you’re running things that close to the edge, you may not want to upgrade anyway.)

Now, the big one

Time to actually upgrade our version of Debian.

apt-get dist-upgrade

And now we wait. And wait. And wait a bit more.

And then, yikes. Some errors followed by this line:

NB: root's PATH should usually contain /usr/local/sbin, /usr/sbin and /sbin.

Turns out that sudo’s environment didn’t have those paths in it. I added those paths to my environment and then ran the upgrade like this:

sudo -E apt-get dist-upgrade

but a smarter way would be to add this line to your /etc/sudoers file

Defaults  secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

So, let’s try this again:

sudo -E apt-get dist-upgrade

And, once again, we wait and wait and wait. And, hey, we’re done! Except, mysql isn’t starting. Huh. Nor is apache2. Well, that’s not good for a web server.

Some reading of logs shows that I’ve got two settings in my /etc/my.cnf that mysql 5.5 doesn’t like. Commenting out these lines:

language = /usr/share/mysql/english
skip-innodb

got mysql up and running.

Now, apache2 is complaining about a non-existent httpd.conf file. That file used to be there, but apparently the apache2 upgrade got rid of the empty file. I just commented out the line referencing it in my apache2.conf. And wouldn’t you know, apache2 starts up just fine.

I tested my sites, they all seem to work. I sent myself a test email, that seems to work too. I test a few other things (logging in via ssh, using git, checking the crontab) and everything looks to be working.

And, the denouement …

cat /etc/debian_version
7.0

The Courage to Say Horrible Things →

"'In the current culture, it takes more courage for someone like Chris Broussard to speak out than for someone like Jason Collins to come out,' says Sprigg, a former pastor. 'The media will hail someone who comes out of the closet as gay, but someone who simply expresses their personal religious views about homosexual conduct is attacked.'"

I'm not quite sure I've ever read something that so clearly lacked recognition of the world that we live in.

Jason Collins did something reasonably courageous. He came out of the closet, while still an active athlete in a major professional sport. It will, unquestionably, make his life more difficult next season. There will be players and coaches who will be uncomfortable with him, players and coaches who will say things on the court, and undoubtedly fans who will say horrific things.

Hell, fans say horrifically offensive things to players who aren't gay. It's going to be a few seasons (and likely when another, higher profile athlete comes out) before it's normal.

I suppose it may take more courage to espouse views that are so far out of the mainstream, views that represent a world view that is 20 years out of date. If I was to espouse misogynistic or racist views, yes, I would be attacked by the media (and most good people). This isn't people fighting for racial or gender equality or the 40 hour work week.

It takes courage to say things that are unpopular. The difference is that you should not expect to be viewed as a martyr for being a horrible person. Speaking out against homosexuality is your right, but you should expect to be attacked (rightfully) for being an idiot.

(Via CNN.)

A Few WordPress Warnings

WordPress (which powers this here blog you're reading) has been in the news a good bit lately, but not for positive reasons. There was a massive, widespread attack on almost any site running WordPress that aimed to exploit sites to use them to attack more sites and make the botnet even larger. A week or so later, an exploit was announced in two of the most common caching utilities (including one I've recommended) that would allow an attacker to potentially get access to your web server.

At work, we spent a few days fighting the first attack, which was seriously massive. The attack simply hammers your WordPress login, looping through different passwords trying to login with the user "admin". The easiest way to ensure that you're safely protected from this attack (and many future attacks) is to do two very simple things:

1. Don't use admin as your username
2. Don't use an easy password

Simple, right? WordPress, these days, doesn't default to the admin user. But in the old days, it did. If you login to your WordPress with admin, go into your WordPress Dashboard, go to Users, add a new user, make it an admin. Then delete your "admin" user, which will prompt WordPress to say "do you want to move the posts for 'admin' to another user?". Yes, you want to do that. Move the posts, and now you've got a new user who can do what your old "admin" user could do, but you've minorly increased your security.

And don't use a stupid simple password. The safest thing would be to use a series of words, like "super ugly car fart". Easy to remember, hard to crack. At a minimum, use a non-dictionary string with some numbers and punctuation.

If you want to take it a step further, you could install a plugin like Simple Login Lockdown, which will block IPs that try to brute force your login. It's not a great solution (a distributed attack would never get blocked), but it'll block the simple stuff.

The solution to the exploited caching plugins is pretty easy: keep your plugins up-to-date! If you have WordPress and you don't login weekly to see if there are plugins in need of being updated, you should turn off your WordPress site. If you're not updating more than a couple of times a month, you would likely be served better with a static site, or at least with a site hosted by someone else (Wordpress.com, Weebly, Wix, etc.) where they can worry about your security.

Or, even simpler: just don't use plugins. Use the default WordPress setup, and turn on "auto upgrade" if your host offers that option. There are few plugins worth the hassle. (I use Jetpack -- which is built by the folks who make WordPress, a Google Analytics plugin, the aforementioned W3TC and Simple Login Lockdown, and a Quick Login plugin.)

I know enough about WordPress to help out if you get in a pinch. If you're one of the 40 people who will read this far down, and you have questions, feel free to comment, tweet, or email me, and I'll try to help.

Stunned.

I've held off writing about the tragedy in Boston, mostly because I'm still processing my thoughts. It hit close to home both literally (Boston, friends and family in the marathon) and figuratively (one day before the anniversary of the Virginia Tech tragedy). I'll have some thoughts to share at some point.

But, in the interim, here I am, glued to Twitter and reddit at 4am in the morning (with the television on as background noise) watching one of the most insane things I have ever seen unfold. I had fallen asleep on the couch watching TV, got up to head to bed, checked twitter, saw the MIT shooting, and thought "wow, that's close to home and such unbelievably bad timing."

And I stayed up just long enough to watch it develop into a manhunt and potential capture of the marathon bombers.

The Boston Globe/Boston.com are doing unbelievably great coverage. As are all sorts of folks on Twitter. TV news lags far behind.

We live in a new media world.

Emotionally, psychologically, I'm vacillating between being numb to the immense and disproportionate amount of damage these assholes have perpetrated; to being angry/excited to see them brought to justice; to being nervous that this is all happening just a couple of miles from my house, literally in an area I go nearly once a week.

It's now 4:03am. I've been watching this for nearly 6 hours. There's a good chance I may have to watch it for a while longer to see it brought to whatever conclusion it will reach. I'll process what I've seen later, but it has been a remarkable (not necessarily in a good way, but still remarkable) week.

Solve the Problem You Have, Not the Problem You Think You Have

One of the things that I've been struggling at work is helping get projects and people aligned around solving for the right thing. Sometimes (possibly often …), a request will come in that reads something like:

I want you to build a hovercraft, because people have a need for travel, and a hovercraft satisfies that need.

And that's fine, right?

Except, in this scenario, building a hovercraft doesn't really solve the problem of travel. It is a possible solution, but it's a really complicated solution that maybe can't get delivered for years (we have to invent hovercraft technology). Maybe a bike would solve the problem? That would be easier. Maybe we don't need a vehicle at all—maybe we just need shoes.

This is a ridiculous example, but hopefully the point is clear. It can be hard to convince people that they're trying to solve the problem they want to solve (or worse yet, that they're simply solving the problem they think they have).

I've found this is common in tech organizations where you've got folks all around who are somewhat technical, and they get stuck on an idea, and that idea becomes the solution to every possible problem.

Man, it takes us too long to build stuff. We should setup some really complicated technological process that allows us to more easily build stuff.

The problem there is well stated. It takes too long to build stuff. The solution, however, is solving the problem that the person believes exists: that the lack of some technological process is the real cause of the "taking too long" problem.

That is, more often than not, a fallacy. Everyone gets hung up on the solution. The challenge is to help people get hung up on the problem: what is the issue, how does it manifest itself, what is the pain, etc.

I'm as bad as anyone at this. My brain starts making connections and rapidly gets to the point that I believe I understand the problem and that I've figured out the optimal solution (the biggest bang for the buck solution, in my mind). In thinking about this, I came across this quote:

If I were given one hour to save the planet, I would spend 59 minutes defining the problem and one minute resolving it

Albert Einstein was pretty clever.

Bowmore 25 Review

Thanks to a couple of wonderful people, I had an opportunity to buy a nice bottle of Scotch for less than normal. I took the opportunity to order a bottle of Bowmore 25. Bowmore 12 was my first bottle of scotch, and I loved it. I've loved most of the Bowmores I've tried—they're Islays, full of peat and smoke, but have a nice sweetness to them.

This bottle, however, tops them all. It's easily one of the best whiskies I've ever had.

It's very dark, like most Bowmores, as it's aged in bourbon and sherry casks. It's got a great peaty, smokey smell, but not as overwhelming as some Islays. There's a ton of sweetness in the scent. Some reviews say they can pick up toffee and fruits. I'm not nearly sophisticated enough to discern the details, but man, it's a great smelling scotch.

Sipping it is wonderful. It is just a perfectly balanced whisky, with smoke and peat, which can be overwhelming, but here just add a nice undertone to the sweet flavors that make up the bulk of the taste. There's an interesting texture as well—it's not watery; it has some real body to it, some viscosity.

The Bowmore 25 is great.

And, it turns out, that part of that might be due to it having some Bowmore 30 mixed in. Bowmore decided to stop carrying their Bowmore 30 and start mixing it into their Bowmore 25. Just another reason this is now one of my favorite scotches.

Technology Still Amazes

Every now and again, I'm mesmerized by the age we live in. I'm old enough to remember using a 9600 baud modem to connect to a BBS to play Legend of the Red Dragon. I would tie up our family phone line (or, eventually, our second phone line) connecting to many of these BBSes or, later, to AOL, eventually spending a bunch of time on USENET.

It's a big reason I'm an "internet professional" today.

I've spent a bunch of time on the internet, learning technology, and playing with computers.

So, it's fair to say, I'm somewhat jaded by technology these days. I see the newest XBox 360 or PS3 game and realize it's the same crappy game with new graphics. It's why I still gravitate towards some of the old school games (I'm a big fan of the Nintendo Virtual Console) over buying every new first person shooter with great graphics.

But, every now and again, technology still amazes me. On Friday, as the Celtics game finished up (after beating the Hawks), the Kansas/Michigan game was heading into its final couple of minutes of regulation. Thanks to the magic of the internet/iPhone/March Madness app, I was able to watch the game while walking down the stairs of the Boston Garden.

Walking down the stairs after watching an NBA game, I was watching the television broadcast of an NCAA game on my phone.

5 years ago, I would be watching the equivalent of an animated gif.
10 years ago, I would have been trying to refresh an infrequently updated, poorly formatted webpage on my feature phone.
15 years ago, I would have been rushing out to find a bar showing the game. If that game happened to be showing in your area.

I think about people today, even co-workers, who may have never experienced the world without the internet. Now I can watch a basketball game live on my phone while at another basketball game.

What Will Google Kill Next?

So Google killed Google Reader. That's been pretty well covered at this point.

I've used Google Reader since pretty early on -- not because it was the best feed reader, but because it was the glue between apps. Originally, I used it as the backend to keep the feed reader I used at work with the feed reader I used at home (for a while that was RSS Bandit, then maybe NetNewsWire.)

Once the iPhone came out, it was core to keeping feeds on your phone in sync with feeds on your desktop. And while I know developers had issues with its idiosyncrasies, it worked for me. Eventually, I moved to using Google Reader itself (and it's magic j-k keys) when I was on a computer, and a variety of apps on the iPhone/iPad.

Google Reader had this nice trends feature where it would tell you how much you read, and when, and which feeds were inactive (super handy for pruning dead feeds or finding those that had moved). It claims I've read 300k+ entries since October of 2010, almost 11k in the last 30 days.

I'm probably not a top 1% Google Reader user, but I bet I'm a top 10% Google Reader user.

And even still, I don't begrudge them their right to kill the product. All they get out of it (at least with me) is me using their ecosystem. I use Gmail (well, sort of -- my mail is there, I read it in other apps), I use search, I use Google Reader. Gmail and search are far more monetizable than Google Reader (i.e. it's much easier to put ad inventory next to what I'm looking at). Reader doesn't easily fit into the Google+ social play (though, really, does anything really fit into Google+).

So it's dead, and I'll move onto other options like Feedly. Or eventually to a paid service where someone will give me a nice tool for a couple of bucks a month. No big deal.

The real interesting question is "what will Google kill next?"

The most obvious answer to me would be Blogger/Blogspot. They don't monetize it (to my knowledge); it reproduces technology that is now in Google+; and it has to require a lot of care and feeding to keep it up and running happily. It's a mini-social network with webhosting. They likely have support folk hanging around to answer questions and make sure stuff is working.

Don't get comfy, Blogger users. You might want to see about importing your site into wordpress.com (or moving to your own hosted site!) in the short-term, just in case.

Actually, the thing Google is most likely to kill next is the goodwill of their brand. But hopefully it'll take them a few years to do that, as I've got a bet going about the size of Google ten years from now.

Alfred 2 Programs Your Desktop

Alfred 1 was pretty awesome. Even just as an app launcher, it was handy. You hit your hotkey, type a couple of characters, and that was all you needed. No mousing around, no trying to find the app in your crowded Applications folder. Just a couple of keystrokes.

Alfred got even better when you'd use other features like custom searches. We have some internal systems that can be driven by search; pretty soon, rather than having to open up a browser window, navigate to the right place, and search, I just type a few characters and search. Alfred takes care of the rest. You could easily extend it to search any search engine, the App Store, almost anything.

This was just scratching the surface of Alfred. I didn't really use features like the Clipboard/Snippet manager (which I'm trying to use more of) -- have stuff you always type or cut and paste? Add a snippet and you can quickly paste it into any app. There's a really nice file navigator, quick file mover, all sorts of powerful features.

But, again, even if you just used it as a quick app launcher, it was pretty handy.

Alfred 2 just came out.

It added a few features, but none more powerful than Workflows.

Workflows are sort of a "change the way you use your computer" feature.

Basically, you can wire up a keyword or key command, to applications, or scripts, or almost anything you can automate on your computer. And, these bits can pass data back and forth. It sounds mundane. Then you download a workflow from the Alfred Forum that sounds interesting, and your eyes get big and you think "huh, I bet there's lots of things I can do with this."

A great example is the Weather workflow. You type "forecast", and right inline, you see what the weather forecast is. No web browser, no need to open anything else, you just get what you want. I've got workflows to manage Spotify (start/stop/find an artist), show my current IP address, add stuff into OmniFocus, turn on a secure proxy (can't be too safe when you're web browsing out in public), automatically upload files to common place.

Anything you can think of, someone can probably put together a workflow to automate it.

It's a fantastic, game changing feature.

Alfred 2, the free version, is worth downloading. But do yourself a favor and buy the PowerPack. It's something like $25 and is completely worth it.

SXSW Discoveries

I got the opportunity this year to go to SXSW for the first time. Through my company, I got access to an Interactive badge (meaning I get to go to the technology sessions, the tradeshow part, and many other cool things). Here are a few of the things I've stumbled upon:

1. Don't wait in line
   Never wait in line for anything, ever. There are lines all over the place. Sessions, parties, food. You know what? There's literally hundreds of other things to go to. Go find one without a line. You'll have a better time, and you won't waste half your day waiting around. Some of the best stuff I've done over the past few days was serendipitously walking into a place because it wasn't busy (best example: catching The Tontons at Stubbs).
2. Evernote can be your best friend
   The newer versions of Evernote for the iPhone and Mac have been really nice, and fixed a handful of things that have always added a bit of friction to me using Evernote full time. As the app has gotten nicer, I've been determined to use it as my (organized) digital junk drawer. The best discovery though was Evernote's "document scan" mode, for lack of a better term. I have these receipts for expensing that I don't want to have to carry. I have a phone with a camera. And I have Evernote. Evernote has a mode where you tell it you're scanning a document, and it automatically adjusts the contrast and crops the document and dumps it in your Evernote. I've used it on every receipt I've gotten here and it's worked perfectly. Now I'm not worried about hanging on to random scraps of paper.
3. Even if it sounds too good to be true, give it a shot
   One of our friends mentioned Ra Ra Riot was playing a concert on the other side of the conference. We finished dinner and headed over there, fully expecting to find a huge crowd. We walked in as the band was finishing up their first song and ended up about 20 feet from the stage on a cool Texas night. No huge crowds pushed together, no bros at the show just trying to pick up chicks. Just a few hundred people hanging out checking out a band.
   
   
   
   

   Just remember #1 above. If something sounds fun, go try it. Just don't wait in line for it.

← Older Newer →