Haproxy Charset

A common problem we encounter is for things like ñ not showing up correctly. This actually caused some issues in the recent Philippine elections, but this isn’t about hash codes or anything like that.

By default, we use UTF-8 for text storage and rendering. A problem is that browsers don’t assume UTF-8 as the default and you need to have either a <meta charset="utf-8" /> in the HTML or Content-Type: text/html; charset=utf-8 in the headers. A few of our services don’t set the Content-Type with the charset=utf-8 part so you’d get piñata instead of piñata.

Being lazy, we usually just correct this at the reverse proxy side. It’s trivial to do in nginx. You just need to add charset utf-8; to your configuration and you’re good. For haproxy though, I couldn’t readily find a solution for it and had to go through the docs to see what I could do.

After a bit of experimenting, I had success with this:

# set content-type to utf-8 if not already
acl has_charset hdr_sub(content-type) -i charset=
rspirep (Content-Type.*) \1;\ charset=utf-8 unless has_charset

This is probably not the best way to do it. Arguably, we should just fix our services to have the correct Content-Type in the first place, but I can do that some other time.

| Comments

Cloudflare Shenanigans

An old client of ours managed to convince a telco to zero-rate the data for their app. In order to whitelist it though, we needed to use plain HTTP for domain whitelisting. For HTTPS, they can only whitelist by IP address. Like any good developer, we were using HTTPS. Also, like any good developer, we put our server behind Cloudflare.

Now the problem is that Cloudflare can put you behind any IP they own, which is a huge range. There’s no guarantee that the IP we have now is going to be the same later on. So we did the reasonable thing and asked them to whitelist all of the Cloudflare IPs. And the telco agreed! We were in total disbelief when that happened. But hey, if life gives you free internet, you take it.

We never actually empirically tested whether other sites hosted on Cloudflare were also actually zero-rated. But I like to think that we saved a lot of people on their data costs from browsing Reddit and 4chan. But alas, good things must come to an end.

A few months after we started beta testing the app, Cloudflare added more IPs to their range. Unfortunately, our server got moved to those new IPs which were not whitelisted yet. Apparently, the telco whitelisting process was incredibly convoluted and time consuming. Our client didn’t want to bother asking them to whitelist more IPs. We also tried asking Cloudflare to move us back to the original IP range, but they could only do that if we were in their enterprise tier. We couldn’t really afford that, so we looked for other options.

Since Cloudflare was essentially just a giant reverse proxy, theoretically there should be no distinction between one IP address from another. The specific IP we get is probably just for load balancing. So we tried accessing the IPs in the range directly and just setting the Host header and it worked! But we get SSL errors because the IP itself doesn’t have its own certificate.

After more testing, we figured out that you could actually use any Cloudflare backed domain so long as we properly set the Host header. We just needed to find one still in the old range. Coincidentally, 4chan.org was. Which led to this wonderful commit

commit 123456789abcdef
Author: ~~~~~~
Date:   ~~~~~~

    4chan hack

diff --git a/src/com/client/common/Util.java b/src/com/client/common/Util.java
--- a/src/com/client/common/Util.java
+++ b/src/com/client/common/Util.java
@@ -210,7 +210,8 @@ public class Util {
        }

        public static String getServerAddress(Context context) {
-               String address = "https://backend.client.com";
+               // String address = "https://backend.client.com";
+               String address = "https://4chan.org";
                if(!isDebug(context)) return address;
                try {
diff --git a/src/com/client/common/logging/APIClient.java b/src/com/client/common/logging/APIClient.java
--- a/src/com/client/common/logging/APIClient.java
+++ b/src/com/client/common/logging/APIClient.java
@@ -101,6 +101,7 @@ public class APIClient {
        private HttpResponse postInternal(String url, List<NameValuePair> data, boolean forRegistration) throws ClientProtocolException, IOException {
                HttpPost request = new HttpPost(Util.getServerAddress(mContext)+"/api/"+url);
                request.setHeader("X-API-VERSION", apiVersion);
+               request.setHeader("Host", "backend.client.com");

                if(data == null) {
                        data = new ArrayList<NameValuePair>();

Eventually, we did decide to just abandon Cloudflare for the server. We probably weren’t going to be the target of a DDOS or anything. This also allowed us to do more secure things like pinning the server certificate in the application itself. Clearly, this is what we should have just done in the first place, but at the time we just wanted a stopgap solution.

I just still find it funny we were making people’s phones go to 4chan.org everyday for more than a year.

| Comments

TiddlyWiki in the Sky (or TiddlyWeb for TW5)

I’ve always liked TiddlyWiki. Back when it first came out, it was really amazing. A wiki all in one file, that worked in the browser. It didn’t need a backend, it would just save itself as an all new HTML file with all your posts inside. I’ve used it a lot over the years, as a personal wiki/journal and a class notebook. I even had a blog with it at one point using one of the server-side forks.

Now, there’s TiddlyWiki5 which is a rewrite of the original TiddlyWiki that looks a whole lot snazzier, and I assume has better architecture overall. It also has experimental support for all the server-side platforms (particularly TiddlyWeb) that have cropped up.

If you’re just looking for a simple server setup for TiddlyWiki5, it has native support for that on its own. There’s plenty of documentation on the site. But if you’re looking for more advanced features (like storing your posts in git or a database), then you’ll need to use it with TiddlyWeb. The problem is that most of the documentation for TiddlyWeb still refers to the old TiddlyWiki.

To support TiddlyWiki5, we’ll need a version of the wiki which has the TiddlyWeb plugin already installed and configured. After that, some tweaking is necessary to get TiddlyWeb to provide what the wiki requires.

Setting Up TiddlyWiki

TiddlyWiki5 provides a command line tool via npm that allows building custom versions of the wiki. In fact, it comes with templates, called “editions”, that we can use for our setup. Assuming you already have it installed, create the wiki using

tiddlywiki mywiki --init tw5tank          # create wiki from template

This creates a wiki intended for use with Tank, which is built on top of TiddlyWeb. From here, you should look in mywiki/tiddlers/system which contain the entries for SiteTitle, SiteSubtitle, DefaultTiddlers, and tiddlyweb-host. The first 3 should be configured however you want. These are necessary because they’re needed before the wiki can load them from the server. tiddlyweb-host contains the location of the TiddlyWeb server, this should be http://localhost:8080/ if you’re just testing locally. With everything configured, you can build the new wiki by running

tiddlywiki mywiki --build

This will output the wiki to mywiki/output/tw5tank.html. You can now serve it using your favorite local webserver, like python -m http.server.

Setting Up TiddlyWeb

The TiddlyWeb tutorial recommends using tiddlywebwiki which has all the plugins setup for a nice wiki instance for the old TiddlyWiki. It has a lot of features that aren’t really needed, so we won’t go with that. So first, we’ll need to install TiddlyWeb and any plugins we might want to use.

pip install tiddlyweb tiddlywebplugins.status tiddlywebplugins.cherrypy tiddlywebplugins.cors

Next, we’ll need the tiddlyweb configuration in tiddlywebconfig.py

# A basic configuration.
# `pydoc tiddlyweb.config` for details on configuration items.

import tiddlywebplugins.status

config = {
    'system_plugins': ['tiddlywebplugins.status', 'tiddlywebplugins.cors'],
    'secret': '36c98d6d14618c79f0ed2d49cd1b9e272d8d4bd0',
    'wsgi_server': 'tiddlywebplugins.cherrypy',
    'cors.enable_non_simple': True
}

original_gather_data = tiddlywebplugins.status._gather_data

def _status_gather_data(environ):
    data = original_gather_data(environ)
    data['space'] = {'recipe': 'default'}
    return data

tiddlywebplugins.status._gather_data = _status_gather_data

The tweaks involved are:

  • using the status plugin which the wiki requires
  • monkeypatching the status plugin for the wiki to use the correct “recipe”
  • using cherrypy server instead of the buggy default one
  • using cors since we’re not hosting the wiki itself on the same server

With that, we just need to create the store that will hold our data

twanager recipe default <<EOF
desc: standard TiddlyWebWiki environment
policy: {"read": [], "create": [], "manage": ["R:ADMIN"], "accept": [], "write": ["R:ADMIN"], "owner": "administrator", "delete": ["R:ADMIN"]}

/bags/default/tiddlers
EOF

twanager bag default <<EOF
{"policy": {"read": [], "create": [], "manage": ["R:ADMIN"], "accept": [], "write": [], "owner": "administrator", "delete": []}}
EOF

Finally, we can start the TiddlyWeb server

twanager server

Putting it all together

Once you have the TiddlyWeb server running, you can just go to wherever you’re hosting the wiki html and it should work. You can try creating some posts, and the check mark on the sidebar should be red for a while and then turn black. Once that’s done it’s saved. You can refresh your browser and your posts should still be there.

At this point, you can start customizing your TiddlyWeb instance, by changing your store to something like a database, or adding authorization. You can also tweak the server setup so you won’t need CORS anymore.

TiddlyWiki5 is still relatively new. I hope that eventually, support for server-side and the plugin ecosystem grows to be as great as the old TiddlyWiki.

| Comments

Is My Terminal Window Active?

I’ve been working in OSX for almost 3 years now, but I recently switched back to Linux because of all the problems people encountered with Yosemite. There are some things I missed from OSX though. One of which is zsh-notify. It’s a zsh plugin that alerts you if your long-running task is complete, and whether it failed or not.

It’s pretty convenient when you’re compiling something and then go on to browse reddit while waiting. Usually, I spend too much time just reading and forget about the compilation entirely. With the plugin, I get the notification and maybe go back to work.

One nice feature it has is that if you’re currently looking at the terminal window of the job that just finished, it won’t notify you. It only notifies on windows that aren’t currently in focus. To do this, it has to actually talk to Terminal.app or iTerm2 to see if the window and tab are active.

This is alright in OSX since those 2 are the generally most used terminal emulators. On Linux though, everyone has their own favorite terminal. Given that, I figured I could probably rely on talking to X to see if the window is active instead of each single terminal emulator. X can’t tell if the tab is active though, but I don’t use tabs in my current setup so it should still be good.

xdotool

Preliminary research reveals that we can easily get what the active window is with xdotool. xdotool getactivewindow gives us the X window id of the active one. Now all we need is a way to get the window id of the terminal we’re in.

First Attempt: $WINDOWID

Apparently, xterm and similar terminal emulators define an environment variable called $WINDOWID with the window id of the terminal. Obviously, this is too good to be true. In xterm and konsole the $WINDOWID was correct, but in VTE-based terminal emulators, $WINDOWID had the wrong value. In terminology, it didn’t define $WINDOWID altogether. So $WINDOWID wasn’t going to work.

Second Attempt: xdotool search $MAGIC

My second idea was that you can use zsh to change the window title to a magic number and then just check if the active window is the same one as the window with the magic number. This sort of worked for most terminals, except konsole which does whatever it wants with the window title. There’s also the problem of some zsh configs automatically settings the window title to the current command.

In hindsight, I could probably have just done xdotool search --name xdotool since in most cases, when you run the search, zsh or konsole will set the window name to the current command. Maybe that’s another option I can explore some day.

Third Attempt: $PPID

My third idea was another environment variable called $PPID, which is the process id of the parent of the shell. As it happens, the parent is the window containing the zsh instance. This is actually pretty consistent across most terminals. The only problem was if you launched zsh from another shell since your new zsh’s parent will now be another zsh instance instead of an X window.

At first glance, launching zsh within zsh doesn’t seem like something most people would do, but this is what happens when you run screen or tmux. To work around this, we can actually just save the original $PPID in a different variable and use that instead.

Now that we have the PID of the window from zsh, we can once again use xdotool to get the PID of the current active window with xdotool getactivewindow getwindowpid. We just simply compare that with our $PPID and we can tell if we’re in an active window or not. Overall, this approach worked surprisingly well so that’s the final solution I went with.

| Comments

Removing PLDTMyDSLBiz from the ZyXEL P-2612HNU

I’ve always thought that people were just too lazy to change their SSIDs when I see “PLDTMyDSLBizCafeJapan”. It became apparent when we got our own PLDT line that it was because the bundled router/modem does not allow you to remove the prefix.

This is not the kind of thing you expect as a business customer. Even for home customers, I feel it’s still a bit dishonest. I’d be fine if it was just the default SSID, but forcing people to have it as part of their SSID is like advertising that your company (I mean PLDT) is a douche.

Of course, we couldn’t just leave the SSID prefix there, so we tried a number of things to get rid of it. There are articles for removing it from the Prolink H5004N or the ZyXEL P-660HN-T1A but not for the one we got which was the ZyXEL P-2612HNU-F1F.

We did still try the firebug/inspector tricks, but it seems that there is a server-side check that adds in the “PLDTMyDSLBiz”. We tried a number of things, but the one that ultimately worked (and we had a good laugh about) was to backup the configuration, edit the dumped file and restore it.

The backup is actually just an XML file. You can search for SSID and change the parameter there. It’s a bit annoying because the router has to restart after restoring the configuration, but it works!

A minor note, the router doesn’t seem to support SSIDs with a comma (,) well. It just gets everything before the comma as the SSID for some reason.

| Comments