Skip to content

some git links

[EDIT added tig]
[EDIT added github email below]

Git is a tool I’ve used, but never really invested in heavily or committed to learning deeply. I decided to put together a link roundup to help with learning at least in part because a coworker mentioned starting a project using subversion today, and this was the second coworker in under a month to have said something that made it clear that git has not begun to dislodge subversion as the default. Two was enough encouragement. Here go the links….

Thanks to the various folks on twitter and IRC who helped me put this together.

Following up on the github security issues, I just got the following email from them:

A security vulnerability was recently discovered that made it possible for an attacker to add new SSH keys to arbitrary GitHub user accounts. This would have provided an attacker with clone/pull access to repositories with read permissions, and clone/pull/push access to repositories with write permissions. As of 5:53 PM UTC on Sunday, March 4th the vulnerability no longer exists.

While no known malicious activity has been reported, we are taking additional precautions by forcing an audit of all existing SSH keys.

# Required Action

Since you have one or more SSH keys associated with your GitHub account you must visit to approve each valid SSH key.

Until you have approved your SSH keys, you will be unable to clone/pull/push your repositories over SSH.

# Status

We take security seriously and recognize this never should have happened. In addition to a full code audit, we have taken the following measures to enhance the security of your account:

– We are forcing an audit of all existing SSH keys
– Adding a new SSH key will now prompt for your password
– We will now email you any time a new SSH key is added to your account
– You now have access to a log of account changes in your Account Settings page
Sincerely, The GitHub Team


my WordPress backups strategy

As mentioned previously, I had a major backups fail with this blog. I’ve now implemented a backups strategy that meets my needs, so I thought I would put together a post documenting what I did.

Step one (1) is local backups of the WordPress database. There are any number of ways to do this, including some well-reviewed plugins like this one. Given that I have shell access to the machine running this blog and full control over things like cron, I figured I would use this as an exercise and write my own little shell script to do the work.

Step two (2) is what I ignored last time, and that’s getting both the database and the wordpress directory (wordpress itself, templates, uploads, etc.) off site. For that I’ve used rsnapshot, which I installed via apt-get on a machine that is NOT the blog host. I decided to put the hourly/daily/weekly/monthly crontab lines in my own personal crontab on the rsnapshot host. One of the reasons for this is that I might decide to make more extensive use of rsnapshot later, and I’d like to keep the WordPress backups separate. The one caveat with doing this is that it assumes access to an SSH key and the SSH_AUTH_SOCK from my tmux session, so if my session dies, backups stop working. Given that I use this machine on a daily basis, that is not a major concern. Still, a better way to do this would be to create a dedicated, unprivileged backups user that would run rsnapshot from its crontab. Then on the blog host, I’d have a matching unprivileged user with access to the target directory for the database backups. I decided against doing that work because both of these machines are fairly restricted to begin with (nobody else has shell login, reasonable update schedule, etc.) and it seemed like overkill for blog backups.

Tagged ,

March 8 TriLUG meeting: Device Mapper Multipath

I’m on the Steering Committee of the Triangle Linux Users Group (TriLUG), so you’ll forgive me if I promote them a bit here:

Topic: Device Mapper Multipath
Presenter: Adam Drew
When: Thursday, March 8, 7pm
Where: Red Hat HQ, NCSU Centennial Campus, 1801 Varsity Dr, Raleigh, NC
Map: Google

This presentation explains Device Mapper Multipath starting at theory of operation, to deployment, and finally through troubleshooting. The goal of the presentation is to provide a clear and complete description of how to deploy, understand, and resolve issues with Device Mapper Multipath on Linux systems.

Read the full meeting announcement at

How the backups were lost

Once upon a time, this blog was hosted on a thinkstation that sat at my desk at ibiblio. Like any reasonable WordPress user, I backed up my blog regularly, in my case with a cron job that both dumped the database and made a tarball with that dump and the WordPress directory. Crucially, these backups landed elsewhere on the same thinkstation. Had I bothered to put my sysadmin hat on for a moment while looking at this backup strategy, I would have declared it a Very Bad Idea.

At some point I stopped working at the ibiblio office and got a full time job (that some point was January of 2011, for the curious). John at ibiblio was very kind and gracious, leaving that thinkstation alone for many months, and gently reminding me that I should clear things off it before it got repurposed. At some point I got halfway through migrating the blog. I moved the files on disk, but I did not move the database. Now here’s where caching worked some unfortunate magic. Because I used rsync to ship the files over, the cache files came, too. So when I came back a few days later, I saw what looked like a perfectly and completely migrated blog. Had I bothered to click a few pages back in the archives, I would have remembered/realized that the database had not been moved.

Flash forward a few months, and John asks me if I’m done with the thinkstation. Sure! I say. Wipe it!


I’ve talked to several people about my failures (migration fail, backups fail) and I’m assured that there are plenty of other people who fail to put their sysadmin hat back on when dealing with their dinky little personal blogs. Still, I’d like to avoid making those same mistakes again. Wish me luck.



We had a backup oops; possibly permanent. We will see what happens with this space.

This work by tarheelcoxn is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.