jr conlin's ink stained banana

Anyone who knows me knows that i’m not a huge advocate of Agile.

There’s lots of reasons for that, from the fact that it prevents folk from defining actual requirements in favor of vague stories (which makes testing and documentation harder), to using arbitrary points without accounting (ironically, those points are VERY attractive to accountants who see them as a measure of productivity, even though they’re never meant to be that), to the fact that the SCRUM master is inevitably a manager who has a strong stake in productivity and not someone like a lead engineer who understands complexity (which makes it harder for engineers to push back against features). Agile also works for well defined tasks or simple work where engineers are interchangeable. This almost never matches reality.

Still, tracking and reporting work is valuable, and there are tools that can help with that.

So, how does a modern team do that?

Hell if i know. i’m not a productivity specialist or some sort of efficiency expert. i’m just a guy that builds and supports back end systems, and has done so for a very long time.

i can tell you the way that our team currently does things, or at least, what works for me. It might work for you as well? Who knows. The fact is that trying to use a single system as a universal solution is like trying to build a log cabin using only Swiss army knives. It might theoretically be possible, but there’s going to be a lot of sadness and used bandages before you’re done.

Each team is usually made of a bunch of folks with specific skills. Some might be really good at solving odd problems. Others might be fantastic at finding hidden bugs. A few might be top notch at optimizations. They’re not cartoon assembly line workers (and even there, you’re going to need training before you’re told to go add wiring harnesses this week and installing dashboards next week). So folk tend to do a lot of the same sort of tasks, partly because it’s comfortable, and partly because the inverse Peter Principle means that nobody else wants to do that job.

i kind of view it as Air Traffic Controllers (mind you, my knowledge of ATC folk comes from watching movies like Pushing Tin so it’s probably hilariously wrong, but it’s what i know). Each controller has purview over a set number of flights managed as a stack. As a flight leaves their area, it’s removed from the stack. As flights leave their area of control, they’re removed from the stack.

Developers tend to work the same way. There might be multiple tasks they’re working on. As they complete tasks, they get pulled from their stack, as they get time, they might add more. Since developers are a lot like async functions, there can be times they’re blocked, so having a bunch of tasks on hand can keep them from surfing . The downside is context switching, but some folk are better than others.

We use Jira (or really, any bug tracker system) for how we say “we’re working on this” and “this is done/blocked”. It’s how we communicate to ourselves and up the chain. Tasks are associated into groups, which are collected into Key Results, which are assigned to Objectives so that execs get pretty dashboards with blinky lights they can put into slides that result in us getting paid.

Senior Devs are kinda responsible for breaking apart the Key Result into groups and tasks, again, so that the work gets properly tracked. If another group has a requirement that demands some feature, that group gets prioritized appropriately. (We also don’t do crap like “Planning Poker” or whatever. Look, the person who’s doing the work absolutely knows what the effort is, unless they’re brand new to development. Getting a bunch of other people who may have zero context to make SWAGs ain’t gonna help. If y’all did auditing of tickets and points you might realize that, but i’ve never read about that in any article or done that in any retro, so yeah, chances are you’re not doing it either.)

Is it a fantastic solution that will solve all you problems?
No, What? Were you paying attention? It’s just how we do things. You will have a different solution because of reasons. Still, this works for us and generally persists longer than whatever Agile system gets inflicted on us.

i’m a curious soul.

i was curious what bots were scraping my sites, so i figured i’d do a quick survey.

i’m also super lazy, so i used a simple bash script to get the list of whoever has been pulling my robots.txt file, because no one else would.

so a quick

zgrep robots.txt access.log* | cut -d\" -f 6 | sort |uniq > agents.lst

on soc.jrconlin.com got me:

 
-
AwarioSmartBot/1.0 (+https://awario.com/bots.html; bots@awario.com)                                                       
FediCrawl/1.0                                                                                                             
Googlebot/2.1 (+http://www.google.com/bot.html)                                                                           
IonCrawl (https://www.ionos.de/terms-gtc/faq-crawler-en/)                                                                 
Mastodon server indexer                                                                                                   
Minoru's Fediverse Crawler (+https://nodes.fediverse.party)                                                               
Mozilla/4.0 (compatible; fluid/0.0; +http://www.leak.info/bot.html)                                                       
Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; https://zhanzhang.toutiao.com/)                                                                                               
Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)                                                                                                
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:49.0) Gecko/20100101 Firefox/49.0 (FlipboardProxy/1.2; +http://flipboard.com/browserproxy)                                                                                                         
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:98.0) Gecko/20100101 Firefox/98.0                                        
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Safari/605.1.15 (Applebot/0.1; +http://www.apple.com/go/applebot)                                                                           
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36     
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36     
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11    
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36      
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36           
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0                                          
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0                                            
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE
Mozilla/5.0 (Windows NT 9_1; Win64; x64) AppleWebKit/547.47 (KHTML, like Gecko) Chrome/61.0.1793 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4 240.111 Safari/537.36
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/543.47 (KHTML, like Gecko) Chrome/54.0.2644 Safari/537.36
Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)
Mozilla/5.0 (compatible; AwarioBot/1.0; +https://awario.com/bots.html)
Mozilla/5.0 (compatible; BLEXBot/1.0; +http://webmeup-crawler.com/)
Mozilla/5.0 (compatible; Barkrowler/0.9; +https://babbar.tech/crawler)
Mozilla/5.0 (compatible; DataForSeoBot/1.0; +https://dataforseo.com/dataforseo-bot)
Mozilla/5.0 (compatible; DotBot/1.2; +https://opensiteexplorer.org/dotbot; help@moz.com)
Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Mozilla/5.0 (compatible; Linespider/1.1; +https://lin.ee/4dwXkTH)
Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/)
Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)
Mozilla/5.0 (compatible; SemrushBot/7~bl; +http://www.semrush.com/bot.html)
Mozilla/5.0 (compatible; SeznamBot/4.0; +http://napoveda.seznam.cz/seznambot-intro/)
Mozilla/5.0 (compatible; WellKnownBot/0.1; +https://well-known.dev/about/#bot)
Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)
Mozilla/5.0 (compatible; Yeti/1.1; +https://naver.me/spd)
Mozilla/5.0 (compatible;PetalBot;+https://webmaster.petalsearch.com/site/petalbot)
Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/103.0.5060.134 Safari/537.36
Poduptime/Development/Testing
Poduptime/Production from https://fediverse.observer
Scrapy/2.7.1 (+https://scrapy.org)
SerendeputyBot/0.8.6 (http://serendeputy.com/about/serendeputy-bot)
caveman-hunter/0.0.0 (+https://fedi.buzz/)
curl/7.54.0
ws-bot-v1

Which is a lot.

i’m also kinda curious about how many bots pretend really hard not to be a bot. (Looking at you Applebot). i know Google has (at least) two different flavors of crawlers (one fast, the other slow, so no huge surprise there.)

Now, compare this with my close to 20 year old blog:

Buck/2.3.2; (+https://app.hypefactors.com/media-monitoring/about.html)
Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/8.0.2 Safari/600.2.5 (Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot)
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Safari/605.1.15 (Applebot/0.1; +http://www.apple.com/go/applebot)
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko; compatible; Yeti/1.1; +https://naver.me/spd) Chrome/113.0.0.0 Safari/537.36
Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)
Mozilla/5.0 (compatible; BLEXBot/1.0; +http://webmeup-crawler.com/)
Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/)
Mozilla/5.0 (compatible; MojeekBot/0.11; +https://www.mojeek.com/bot.html)
Mozilla/5.0 (compatible; ScooperBot/3.0; +http://www.carma.com)
Mozilla/5.0 (compatible; SemrushBot/7~bl; +http://www.semrush.com/bot.html)
Mozilla/5.0 (compatible; SeznamBot/4.0; +http://napoveda.seznam.cz/seznambot-intro/)
Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)
Mozilla/5.0 (compatible;PetalBot;+https://webmaster.petalsearch.com/site/petalbot)
Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/103.0.5060.134 Safari/537.36
Scrapy/2.6.3 (+https://scrapy.org)
Twitterbot/1.0

That’s a whole lot less. As in 58% less.

Also kinda interesting to see the different bots that look for things. Clearly, the Federation attracts more bots.

It’s also kinda hilarious to me that some of my domains (like EvilOnAStick.com get FAR less crawlers. Apparently, these sites are part of the Dark Web.

So, stemming from my departure from Twitter, i decided to go for the third phase of being on Mastodon, and set up my own server. Mastodon is interesting because it’s pretty much like email. This may become a problem in the future, but i also tend to post a lot and have a fair bit of media in my posts, so paying for a server instead of just dropping a few coins in someone else’s bucket seemed like a fairer option.

(Even though i said i would never set up a server because “who wants to deal with that nightmare”?)

## The failed attempt

The first try was… not successful. i still don’t quite know why. i got an instance, and tried doing a docker-compose style install. Everything mostly went correctly, except that i could never properly federate. Requests would go out, and remote hosts would sometimes get them, but no approval responses would return. There were many rabbit holes to be fallen into, and i’ve seem to have found most of them.

Realizing that my life should be more than debugging this one, particular instance, i decided to try again on a different service.

## The successful attempt.

DigitalOcean offers a “1-click” setup for Mastodon. It’s more than one click.

i won’t go into to the same detail as many of the step-by-step guides, but here are some bits of guidance for the things not covered in the tutorials. (These are also here for my benefit, if i need to do this again.)

• i probably over provisioned. My “free”-ish failed attempt was going to cost me about $20 a month to run. Using that as a guideline, i picked a config that has 2vCPUs, 2GB of memory and 60GB of drive space, which should run me about $18 a month. (i’ll update this later to show actual cost.) Rather nicely, DigitalOcean appears to automatically update packages on initial install, but looks like i’ll need to rig up an automatic package updater, or just add it to my list of machines to manually update.
• Since my image has 60GB of storage, i didn’t get any additional block storage. (Block storage is added as a disk to the image, so you’d need to do some work to wire it into your mastodon configuration.)
• i also made sure to load up my dev public SSH key so that no root password login was possible.
• i followed the getting started steps for the app. i was a bit surprised about you SSH in as “root”, but i’m sure they have their reasons.
• Once i verified that things are working, i copied the ~mastodon/.env.production file to my local machine for archiving purposes.
• After that, i set about updating the droplet’s Mastodon 3 version to Mastodon 4 using this very well written guide.
• That done and proofed, i set about looking at pre-banning the nazis. This page lists a number of bad actors as well as some moderation automation tooling. i’m currently looking at integrating the Hackyderm Admin Blocklist tool, but i just sorta cheated and added the initial batch by hand.

Hopefully things work. FWIW, i don’t really have any plans on letting folk join my instance, mostly because of the HUGE increase in work being an admin entails. Right now, it’s a toy for me to amuse myself with, and i might go back to using a proper server in the future (that’s why i generally maintain older accounts).

Right, just so this is official and trackable.

i’m no longer on Twitter.

i closed my account tonight and will have nothing more to do with that site.

i’m on Mastodon, currently. You can check my network page for how to reach me, or just go to https://jrconlin.com/mastodon

Hey Elon, i’d tell you to turn the lights off before you leave, but that might require you getting someone to tell you how they work.

One of the most interesting aspects of the whole Blockchain thing is how it fails at one of it’s core concepts.

Consider, Blockchain requires that all transactions are made public using zero knowledge encryption to assure that both parties are valid and that no party can double spend. It is built off of the core principle that You Can Not Trust. Heck, advocates practically scream that Blockchain is superior to “fiat” currencies because they don’t trust the banks or government to manage them.

And yet, almost every sad case you read about on Web3IsGoingJustGreat is fundamentally due to someone’s misplaced trust.

Folks are trusting that various NFTs are legit, or not stolen, or will be valuable.
Folks trust that storage and management systems are secure and reliable.
Folks trust that the code for their smart contract is bug free and that the developers tested against all possible cases.
Folks trust that the exchanges are secure against attack and that their funds or holdings will not be stolen.
Folks trust that their fellow coin holders will not cash out and that their investment will continue to grow.

For a system built off of the concept of “Trust No One”, there’s an awful lot of trust at play.

It’s almost as if having a trust free system is infeasible. Unless you have unlimited time and resources, you can’t verify and validate every aspect of the system you’re partaking in. You can’t presume that the various exchanges aren’t favoring other exchanges over your transactions. You’re not always going to audit the code in whatever smart contract that’s tied to your Ether transaction, nor will you validate that the language implementation that runs your code is error free. You not going to independently audit and validate every system and interaction point that is required for your transaction to be recorded, validated, and authorized. Ultimately, you have to trust that someone, at some level is acting in your benefit for some reason.

And that’s where the Trust No-One thing kinda/sorta breaks down.

The problem is that once you trust someone, you immediately have to accept all the parties that they trust, regardless of whether or not they disclose those trusts. You can safeguard against those relationships to a degree, but it’s not going to be perfect because no trust relationship is. In that case, you have to start asking “so, what really differentiates this system with any other one?”

Well, for one, traditional “fiat” based systems have various regulations, monitoring and established law based on the fact that they’ve been “a thing” since the dawn of civilization, where as CryptoCurrencies have been around for less than 20 years and very proudly don’t have any of those. So, basically, you have a system of finance that is based off of centuries of preventing damage from bad actors trying literally everything possible to a group of dudes pushing a “Zero Trust” system by saying “Trust me.”

i guess, maybe, the big reason i’m cynical about blockchain and web3 and all the other crap is that i’ve been in tech long enough to know that you don’t trust tech.