[Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)

A remote execution bug was reported in ProFTPd one month ago and it’s still unfixed in Debian 7 and Ubuntu 12.04 – scary.

Source: [Bug 1462311] Re: proftpd mod_copy issue (CVE-2015-3306)

Working with objects, in JavaScript

JavaScript is designed on a simple object-based paradigm. An object is a collection of properties, and a property is an association between a name and a value. A property’s value can be a function, in which case the property is known as a method. In addition to objects that are predefined in the browser, you can define your own objects. This chapter describes how to use objects, properties, functions, and methods, and how to create your own objects.

Source: Working with objects – JavaScript | MDN

Common mistakes: UNION vs. UNION ALL › Cybertec – The PostgreSQL Database Company

In my role as a PostgreSQL consultant and trainer there are a couple of issues, which pop up on a regular basis.

Source: Common mistakes: UNION vs. UNION ALL › Cybertec – The PostgreSQL Database Company

Little things you’d better remember.

Faces – a flickr gallery


A flickr gallery I like a lot. I’m not a photographer but if I were I’d love to short portraits like these.


Elon Musk Debuts the Tesla Powerwall – YouTube


Wireless keyboard on a phone

I’m writing this post by typing on wireless keyboard into my phone. It’s the first time I connect a wireless keyboard to my iPhone 5 and I have to say it’s a pretty interesting experience. 

I’m typing directly into the WordPress app’s input field. There’s some lag, which makes it feel odd. I don’t know if it’s the bluetooth connection, if it’s the input field itself that does not expect such a fast input sequence. 

I suppose this input field is somehow translating what I type into HTML, doing some extra work at each keystroke. In a previous test I did with the Notes app the input was pretty smooth with no lag at all.

On a quick search on Amazon I saw there are some interesting models, including one which is capable to swtich quickly among up to three devices. Very nice.

Why would one use such a keyboard to type into the phone? I don’t know but I suppose that when you are on a gig and you want to be free to draft a blog post without carrying your laptop with you, such setup may be a pretty good alternative. On a tablet it makes definitely much more sense. 

Anyway the experience is positive and I’m considering buying one for myself (this is the Apple keyboard I borrowed from a friend’s home computer).

Do you ever use a wireless keyboard on a phone/tablet device? I’m curious to know about your work/entertainment setup.

My favourite light-background colorschemes for VIM

I’m addicted to Vim colorschemes. I change them very frequenty, I’m unable to settle to a favourite one. Sometimes light backgrounds, sometimes dark ones. During the last few months I’ve come up with a list of the ones I switch more frequently.

Here is a list of the light background ones, unranked. Most of them you can find among the deafult Gvim installation.



This is pretty neat and probably one of my favourites.



The one thing I don’t like about this one is the cursive for strings.



Sometimes you are in the mood for background highlight.



Sometimes you need the world to be more on the pink shades.



Ice ice baby.



This is the one I turn on more frequently when I need  a light background which is not too bright.


I intentionally left out two important choices, which are Solarized and Dawn. I know they are popular, I gave them a try but they didn’t stick.

What about you? I’d like to read about your favourite ones.

Scaling Elasticsearch for Production at Verizon: 500 Billion Documents & Counting | Elastic

Elastic{ON} Video of the Week: Scaling Elasticsearch for Production at Verizon: 500 Billion Documents & Counting | Elastic.


Postgres essentials: window functions

Window functions in Postgres allow you to perform computations related to the set of rows being returned by your query. Imagine you can group your query by a certain column, and have computations be limited by the boundaries of that group (in other words, a window).

To better explain the concept, let’s look at a very simple example (data can be downloaded here).

Imagine we have a table with 100 records, with four columns:

  • id (primary key)
  • name
  • a performance score from 1 to 100
  • marital status field

Something like this:


Now let’s suppose you want to view the best performers in each marital status. First thing to do is to order the list by marital status and performance. From the following image you can see what a window is:


Now that we have clear what a window is, we can introduce the concept of window functions. Very easily, window functions are functions which operate on those windows of data, in other words on those sub-recordsets. We can add columns with the result of a function that takes into account only the values of other rows inside the boundaries of the window. 

We can use the rank() function to show the rank of each record in its own window. A rank is not like a row number. A ranks output an equal value for an equal input inside a given set. 
Let’s write this query: 
Which leads to the following result: 
As you can see ranking restarts when a new window starts
Now go back and take a look at the query. Right after the call to the rank() function we define a partition criteria and a sorting. Those two parameters are required to specify the scope, the field of action of the window function. 
Now let’s suppose we want to query for just the first ranked people in each marital status. It’s very easy now that we have rank column in place. Just wrap everything inside a subquery and add a where condition. 


Before window functions it was not that easy to get the same result. I don’t know precisely because I’m not that old. Anyway I suppose the same result was a matter of nested subqueries and similar sorcery.

There’s much more you can do with window functions. Have a look a the documentation page for the feature and for the available functions.

I hope you found this useful. Here you can download the data I used for this post, in case you want to try it yourself.



Backup files and paths to S3 with write-only keys

Lately I’ve been doing some maintenance to several servers, most of which had to be just turned off since legacy services had no longer any reason to exist.
I don’t know what about you, but for me, when it’s time to turn off a VPS, I always feel a bit anxious. Even though app repository and database are already backed up for archive, you sometimes stumble upon snowflake server configurations or application logs which are not backed up and that may be of interest in the future.

In such cases I used to backup those files locally on my laptop and then move them some where depending on the specific situation. Sometimes it was a CD or DVD, sometimes some other kind of medium. Sometimes I though it would have been tremendously useful to move those files from the server to S3 directly, in some kind of backup bucket.

Other times it was just the need to have a quick way to send a bunch of files to S3 directly, say for periodic backup of databases or filesystem snapshots.

Then I though about security issues related to keeping S3 keys on those servers. If for any reason a host was compromised, to lose control of a key that allows anyone to read everything from that bucket would be a mess. Bacukups very often hold all sorts of sensible information and the idea to have to deal with such security concern was just too much.

S3 and write only keys

I never really developed a standard procedure for that, until few days ago. In fact I though about the possibility to have write-only keys on several servers, and a kind of script to allow you to just send files to S3, with no possibility to read anything.

That sounded great to me. As part of a standard setup for every host I could configure the following:

  • a configuration file with S3 write only keys and bucket name
  • a script suitable to be used with S3 write only keys

In the beginning I considered to use a binary like s3cmd for this purpose, but I found it was not playing well with write-only keys. Then I decided to build my own script. It was actually very easy with few lines of Ruby to come up with a script which was doing just that: read a path from the command line and recursively push the tree to S3.


Sink3 is available here on github. It’s in such an early stage that I felt a little bit uncomfortable even to write this post. But then I thought “hey! it’s working after all.”

Here is what it does:

  • it uses the hostname to create a root folder on S3
  • it creates a folder from the current date inside the hostname folder
  • it copies files or paths it receives as arguments inside the date folder

Working this way it can even be used to perform periodical backups. Example usage:

assuming a host named tiana

What you get in the bucket is:

nice hum? You don’t have to worry about anything else other than to avoid conflicts in filenames. That would overwrite what you backed up previously.