Constructing a hyperlink to share content onto Twitter (Misc)

Nowadays, most sites will find that the majority of their traffic arrives as the result of someone else sharing or "likeing" the content on Social Media. As a result, it's desirable to make the act of sharing as easy as possible.

The various social networks often provide "share this" widgets that can be embedded into sites. However, these involve the user's browser requesting resources from the social network, and these requests are known to be data-mined in order to track users across the web and profile their browsing habits (to better sell ads).

However, most social media networks do make it possible to create a share button which works via a simply hyperlink.

This snippet details how to construct a link which shares a page onto Twitter. You can see an example of how to put this into practice as a share button inside a site's template here

Read more…

SHOW TAG VALUES WITH KEY in Flux (Flux)

When creating a filter variable in a Chronograf or Grafana dashboard, you'll sometimes want to dynamically select tag values to use as options in the dropdown.

In InfluxQL this is achieved with a SHOW TAG VALUES query like the following

SHOW TAG VALUES ON "telegraf" FROM "cpu" WITH KEY = "host"

This snippet shows how to use Flux to list the values of a specific tag that occur within the dashboard's timerange

Read more…

Reducing overhead of large S3 file syncs with s3cmd (Misc)

I make quite extensive use of s3cmd from s3tools, historically I found it much more usable than Amazon's own CLI (though that's since improved), so the habits set in.

The sync functionality in particular is useful and I've written in the past about reimplementing it for encrypted incremental backups.

The sync argument works much like rsync. It's utility for incremental backups is obvious, but it also means that you get the ability to resume a multi-file upload if it's interrupted (for whatever reason).

However, if you're syncing large files, there can be quite a startup time built in, as the tool first needs to calculate MD5s of all the files being synced (these are used to help verify that AWS has received an uncorrupted version). When you "resume" your upload, you'll incur this time again.

This snippet details how to use the --cache-file option to avoid that

Read more…

Re-using SSH connections with controlmaster (Misc)

Running multiple seperate commands via seperate SSH invocations can be very slow, so we sometimes want to multiplex SSH sessions over an existing connection (i.e. re-use the connection).

This can be particularly useful if you're shelling into a system which requires two-factor authentication as you'll only need to answer a challenge for the first connection.

It's also useful if you're using something like ansible, as it can massively improve runbook speed.

Read more…

Rewrite all target _blank links to use rel noopener (Javascript)

It's fairly common for sites to include in external link anchors, to indicate that the link should open in a new window/tab.

However, this practice is actually quite dangerous - the new site/window is able to access the original tab using Javascript (specifically window.opener, leading to techniques such as tabnapping. This can be prevented by including rel=noopener in link anchors.

I wrote this function some time ago to detect external links within the DOM on bentasker.co.uk and ensure they use noopener. Whilst it's better to have explicitly included it, it seems reasonably safe to rely on the presence of javascript, as javascript would be required for any exploit of the issue.

Read more…

Detect Tor2Web client side (Javascript)

Tor2Web (and Web2Tor) are reverse proxies giving access to Tor Onion Services (previously known as Hidden Services) via the public internet. The problem with this, is that they act as a trusted middleman, often putting unwitting user's privacy and security at risk.

Some Tor2Web operators do the right thing and include a request header to tell the Onion service that the request is from a Tor2web node. Those that do can be detected and blocked in Nginx.

However, many don't.

This snippet provides some Javascript to check if the page currently being viewed appears to be being loaded via a Tor2Web domain, if it seems that it is, it'll inject a warning banner into the top of the page - the basic idea being that the function should be called on every page load

Unlike the JS example provided on the Nginx snippet, this snippet is genericised - there's no need to update it with a list of authorised domains.

Read more…