ctop – measure container cpu utilization like htop

Developers and programmers are frequently (ok, almost always) asked to accomplish the impossible yesterday. So this post is for the Tendenci developers and anyone else who uses docker containers, cgroups, jailed name spaces or similar.

Situation: You have a server that is spiking when it previously did not.

Let’s just assume you already have something like OSSEC and the ElasticSearch Stack  (ELK Stack) installed and are using a WAF/IDS/IPS endpoint. You are on top of your game. You see the errors from writing to the file system in dockers using the overlayfs file system (please no aufs, just don’t.) How to diagnose it:

“htop” is very good at showing you the issue. It (htop) is also frequently replaced by malware so double check yourself with “ctop” which most variants of common malware omit. Regardless, in this case, we can clearly see we have a stuck process. Enter “ctop” (open source like Tendenci at https://ctop.sh/ and on github at https://github.com/bcicen/ctop .

Running ctop you can quickly identify the container that is using the resources and then enter that container for further trouble shooting. “ctop” look like this:

The solution to a container over utilizing its resources is up to you and your developers. ctop is however a great way to zero in on at least which container is the problem.

In our case, a quick stop/start of the container removed the load and allowed us to do more debugging to figure out the cause. Tendenci is a mature and large codebase for association management (AMS Software) so it’s an iterative process to zero in on issues. And it can be done with the right tools.

Happy Container Utilization

This is what one of the Tendenci Cloud docker servers looked like after  debugging and killing the process causing the problem. “Yes” of course there is no replacement for “grep”. But with containers the debugging is a new art even for experienced programmers.

Hopefully this is helpful for all of the open source self-hosted Tendenci – the Open Source AMS self install developers using an AMS with 75+ languages out there.

And if you are a Python/Django developer – fork Tendenci open ams on github!

#peace

What a DDoS attack to an Association Looks Like

The following graphs show what a Distributed Denial of Service (DDoS) attack on an association looks like. The names, rates and volume of the association have been blurred for security reasons. We are thankful to AWS for their own defenses in front of ours, which  help us mitigate these issues.

responding to ddos attacks as best we can
active response to mitigate attacks

Note: The  graphic above, is filtered for a 24 hour span for one client. The infrastructure is in place, and highly redundant, so we can monitor and keep our clients safe. For clients in the US or hosted in other countries (we have multiple Tendenci clouds as needed.)

Note 2: Make no mistake – If a bad-actor has the budget – they can and will purchase enough bots to take a site down. This is well documented. Even our resources at AWS are limited in what they can handle. Budget (yes BUDGET) accordingly. 

SSL Encrypting all Tendenci Hosted Sites

NOTE: This is a cross post. The original post is at: https://www.tendenci.com/news/ssl-encrypting-all-tendenci-hosted-sites/

Encrypt All The Things

To our clients. The above graph is a filtered subset of what is a *typical* day of network alerts. As the media has stated, the issue is quite real.

We greatly appreciate you and it is important to us that you remain safe. To further advance that objective in the current geopolitical environment, all hosted Tendenci sites will be encrypted going forward per our CEO.

Why? Because security. The Internet has changed and we must adapt.

Adapt? Remember when that Steve Jobs guy invented the iPhone and suddenly sites that were awesome the week before… well… they weren’t as awesome the next day? The. Next. Day. Technology is like that.

FAQs

Continue Reading: https://www.tendenci.com/news/ssl-encrypting-all-tendenci-hosted-sites/

 

SEO isn’t just about Google – Alternative Search Engines

If you believe in the long tail theory, adding up SERP results from all of the smaller search engine results can be just as important as trying to score well in the almighty google. So where do you focus your energy? I vote both. At least submit your site to a few of the relevant ones and of course check your keyword density for SEO primary keywords.

Rather than repeat the work of others – this site lists several alternative search engines you can start with:

http://www.hongkiat.com/blog/100-alternative-search-engines-you-should-know/ 

Yes, many of these search engines are small and hyper-regional, but that matters to the Tendenci community given the open source translation efforts going on at Transifex for Tendenci – the Open Source AMS. We thought it might help you too!

 

 

 

 

Equifax Breach via Apache Struts Framework

(This is a cross post from our CEOs personal blog. Note that Tendenci sites do NOT use Apache and the vulnerabilities in Equifax’s implementation of Apache Struts do NOT impact your Tendenci site. Still be aware that nothing is is 100% secure so stay vigilant and be prepared friends!)

As reported last Friday, the 2017 Equifax personal credit reporting agency had a data breach of 143 Million people’s identities. It started in May 2017 and is just now (August 2017) being disclosed. It is going to impact all of us. Sources:

  1. Equifax data leak could involve 143 million consumers
  2. PSA: no matter what, Equifax may tell you you’ve been impacted by the hack
  3. Did Lack of Visibility into Apache Struts Lead to the Equifax Breach?

From the second article on the Equifax breach linked above, this portion really galls me:

… not only are none of the last names tied to your Social Security number, but there’s no way to tell if you were really impacted.

It’s clear Equifax’s goal isn’t to protect the consumer or bring them vital information. It’s to get you to sign up for its revenue-generating product TrustID.

Earlier it was revealed executives had sold stock in the company before going public with the leak. We also found TrustID’s Terms of Service to be disturbing. The wording is such that anyone signing up for the product is barred from suing the company after.

The following phrase alone, if true, combined with Equifax literally trying to monetize their security errors, is what gives capitalism a bad name:

The wording is such that anyone signing up for the product is barred from suing the company after.

I have to believe the Equifax PR team is working for PharmaBro or Putin trying to make them look good in comparison.

Note: Equifax has changed the indemnification, but only under duress imho. Furthermore 30 days free credit monitoring by the company that released your data and then you will have to pay monthly still seems wrong. But to be fair, here is their update:

Questions continue to be raised about the arbitration clause and class action waiver language that was originally in the terms of use for the free credit file monitoring and identity theft protection products that we are offering called TrustedID Premier.
(Editor: well ya, duh!?)

We have removed that language from the TrustedID Premier Terms of Use and it will not apply to the free products offered in response to the cybersecurity incident or for claims related to the cybersecurity incident itself. The arbitration language will not apply to any consumer who signed up before the language was removed.
(Editor: but did you fire the person who did it in the first place?)

I get it. Nothing is secure. If the NSAs hacking tools get stolen and OPM loses all of the data on security clearance checks on our own people, then truly nothing is safe. I get it.

What I do not understand is a company as large as Equifax not being prepared for something like this. That Equifax did not announce it promptly. That Equifax executives sold stock before announcing it. That Equifax then attempted to indemnify themselves. That Equifax is using the crisis to sell a monitoring service that you have to pay for after 30 days. A service to monitor YOUR data that THEY lost control of!

This boggles the mind of a PR Professional.

The Internet was not built for e-commerce – it was built for knowledge sharing in a “walled garden”. Therefore keeping sites secure is not possible. Any security professional will tell you best practice is to white-list good guys (selective inclusion) as opposed to trying to find every attack and block it. Therefore the difficulty at a high level is primarily in identifying and blocking bad actors.

I hate to say it folks, but we are playing whack-a-mole with your identity and money.  It will always be an uphill battle to maintain security on the Internet and you will never ever be 100% safe.

As reported by Black Duck (awesome people btw), the specifics of the attack on Equifax are currently easily exploitable on similar sites. This is like Hurricane Harvey – it’s not even close to over.

The Incredible Growth of Python – StackOverflow

growth of python programming language

Python, the language used to program TendenciThe Open Source AMS, continues it’s meteoric rise in the world of developers. And where the developers go is where the rest of us go. Thus Python’s rise matters. And it benefits every Tendenci user, self hosted or hosted with our small company (same software either way).

IEEE Spectrum rates the languages by its readers as follows:

Python has continued its upward trajectory from last year and jumped two places to the No. 1 slot, though the top four—Python, CJava, and C++—all remain very close in popularity.

StackOverflow, a go-to site for pretty much every programmer and sysadmin out there, has a new blog post up on the incredible growth of the Python Programming Language. Python is of course the programming language used in Tendenci – The Open Source AMS. From the Stack Overflow post:

June 2017 was the first month that Python was the most visited tag on Stack Overflow within high-income nations. This included being the most visited tag within the US and the UK, and in the top 2 in almost all other high income nations (next to either Java or JavaScript). This is especially impressive because in 2012, it was less visited than any of the other 5 languages, and has grown by 2.5-fold in that time.

They have numerous charts to back up the data, but these two in particular paint a telling picture.

From Stack Overflow – the current tag questions viewed:

Growth of Python Programming Language
StackOverflow – The Incredible Growth of Python

Perhaps even more impressive is the projection on the continued growth of Python. Just WOW!

growth of python programming language
Python – Incredible growth with developers

The above graphs should give you confidence in your choice of using Tendenci as your AMS as the developers are not only there, but growing. Given Tendenci is fully open source (this is different from “free trial” AMS systems which are NOT actually FOSS (Free and Open Source Software). Wikipedia describes the difference as:

(FOSS means) anyone is freely licensed to use, copy, study, and change the software in any way, and the source code is openly shared so that people are encouraged to voluntarily improve the design of the software.[3] This is in contrast to proprietary software, where the software is under restrictive copyright and the source code is usually hidden from the users.

Many of our competitors who are NOT Open Source and not true FOSS which can sometimes confuse people. I’ll do a future post on examples of sometimes misleading representations by AMS systems that are not “actually” Free and Open Source (FOSS)  as defined on Wikipedia.

The good news is with the growth of Python, it only make sense that developers will look at and many will join in to help the community improve the software as they join associations themselves.

We’ve written about why we chose Python over PHP to develop Tendenci open source several times. Correctly choosing the open source stack gives us, and everyone in the community, confidence to see the trends predicted correctly. It wasn’t rocket science – we just listened to our team, we listened to younger developers, and most importantly we listened to our clients on what the future was/is going to be.

And associations are kind of a big deal and they can’t use minimum viable products.

Why are associations unwilling to accept apps that meet only minimal requirements? Um… because they started as Guilds and go back to Medieval times. From Britannica on Guilds and Trade Associations:

Guildalso spelled gild , an association of craftsmen or merchants formed for mutual aid and protection and for the furtherance of their professional interests. Guilds flourished in Europe between the 11th and 16th centuries and formed an important part of the economic and social fabric in that era.

and Britannica goes on….

… associations are known to have existed in ancient Rome, however, where they were called collegia. These craft guilds seem to have emerged in the later years of the Roman Republic. They were sanctioned by the central government and were subject to the authority of the magistrates.

This is a huge topic of course. Just know that Tendenci is the ONLY top ranked AMS system that is truly FOSS. Unlimited admins, users, contacts – you can self host or if hosted with us we only charge for processing power. Got 1M users and contacts and 50 admins? No problem. And the growth of Python assures your continued freedom from vendor lock-in no matter what.

#peace and happy (Python) programming y’all!

Hurricane Harvey Hits the Gulf Coast and Houston

Hurricane Harvey Update from Tendenci – Monday Sept 4, 2017

A large part of our small team lives in or near Houston TX where Hurricane Harvey hit us with more rain than any storm in US history.

For those near us, we all know it’s not over yet. The roads are still flooded. Power is going on and off. And we are the *lucky* ones as so many lost their homes and over 60 people lost their lives. It’s important to keep in perspective.

We have been pushing updates *as urgently needed only* on twitter and facebook regarding Hurricane Harvey. The quiet messaging is what I was taught in Crisis Communications – don’t muddy the waters.

Tendenci’s servers and our diverse multinational team maintained and all is well.  I do have some minor requests from us to the Tendenci community:

  1. The current policy of prioritizing client requests by the impact in the disaster area remains in place. Please be patient if you have a normal request that doesn’t get addressed as quickly as usual. I expect this to last another week. However don’t forget tendenci is open source and another developer can use the template interface to pretty much fix anything you need if we aren’t available immediately.
  2. Position 1 also obviously applies to the tragedy unfolding in India, Nepal, and Pakistan  as well, although I’m not sure if we have any clients impacted in those areas. I do know Tendenci has numerous open source users in Nepal and our thoughts and support are with you.
  3. If a particular hosted client is in a difficult situation regarding this disaster please contact us.
  4. For those of you not impacted by Hurricane Harvey – please consider a donation to the charity of your choice that you believe will benefit those suffering the most.

For more information on Hurricane Harvey in Houston please check:

  1. https://www.houstonemergency.org/
  2. https://www.fema.gov/hurricane-harvey

Thank you all for your understanding.

Ed Schipul
CEO, Founder

Hurricane Harvey Radar

Eye of the storm:

#hurricaneharvey #helicopters

But those are just a few from my camera. Check out the full story by looking at the AP photos at:

https://www.theatlantic.com/photo/2017/08/hurricane-harvey-leaves-houston-under-water/538215/

knowledge of how to combine is the mother of all other forms of knowledge

If you run an Association, volunteer, join in, help, learn and participate – well – at Tendenci we think you are kind of a BIG DEAL! It’s easy at times to lose sight of the bigger picture when you are on the board of directors and planning the details for a fundraiser.  Please remember – we need you, we appreciate you, and YOUR CAUSE IS WORTH IT.

Alexis de ToquevilleI get asked why Tendenci is Open Source. My reply is to point to the role of associations in society.  The role of associations, your association management system as well, are both too important to survive the conflict of interest with purely commercial solutions. To clarify why this is so important to me, and I believe you, I can only quote those far more educated and eloquent then myself.

Alexis du Tocqueville viewed civil society as the third leg of the stool that allows democracies to function.

Americans of all ages, all stations of life, and all types of disposition are forever forming associations… In democratic countries knowledge of how to combine is the mother of all other forms of knowledge; on its progress depends that of all the others.

and further

Americans combine to give fêtes, found seminaries, build churches, distribute books, and send missionaries to the antipodes. Hospitals, prisons, and schools take shape in that way. Finally, if they want to proclaim a truth or propagate some feeling by the encouragement of a great example, they form an association.

In every case, at the head of any new undertaking, where in France you would find the government or in England some territorial magnate, in the United States you are sure to find an association…. I have often admired the extreme skill they show in proposing a common object for the exertions of very many and in inducing them voluntarily to pursue it.

Alexis du Tocqueville, Democracy in America (source)

Back in 1995 Senator Bill Bradley wrote “Democracy’s Third Leg.” and he described it in a similar manner.

CIVIL society is the place where Americans make their home, sustain their marriages, raise their families, hang out with their friends, meet their neighbors, educate their children, worship their God.

It lies apart from the realms of the market and the government, and possesses a different ethic.

and

Civil society, on the other hand, is the sphere of our most basic humanity — the personal, everyday realm that is governed by values such as responsibility, trust, fraternity, solidarity, and love.

…. There must also be a healthy, robust civic sector — a space in which the bonds of community can flourish. Government and the market are similar to two legs on a three-legged stool. Without the third leg of civil society, the stool is not stable and cannot provide support for a vital America.

Maya Angelou wrote one of my favorite poems which I believe relates. It is “A Brave and Startling Truth.”

Maya Angelou is of course a giant not just of our time, but of all time. She speaks of greatness in the form of unity and love. That is what Civil Society does. Associations, churches, clubs, political movements … all of these things are simply too important to our planet to NOT be open source. And we will come to it. YOU and your AMS software are too important to be locked in or cut off if a proprietary vendor chooses.

Quoting Senator Bill Bradley’s piece again, he states:

The language of the marketplace says, ”Get as much as you can for yourself.” The language of government says, ”Legislate for others what is good for them.” But the language of community, family, and citizenship at its core is about receiving undeserved gifts.

Building the Tendenci AMS community Open Source – giving you control – is how I handle the brutal truth that “we must confess that we are the possible. we are the miraculous.”

#peace

 

Amazon Email Relay Service Outage Resolved Feb 28, 2017

To our clients and end users hosted on the AWS (Amazon Web Services) Cloud – the email outage and partial S3 (storage) outage have been resolved per the Amazon status notification site https://status.aws.amazon.com/

AWS SES Status Update

Visit the AWS status blog at https://status.aws.amazon.com/ and the AWS subreddit at https://www.reddit.com/r/aws/ . AWS’s email outage is described in detail in the reddit post at https://www.reddit.com/r/aws/comments/5wphqj/amazon_s3_and_amazon_ses_are_down/

And as always please keep an eye on this blog for Tendenci updates.

Edit: for more coverage visit: http://www.cbsnews.com/news/amazon-web-services-cloud-outage-internet-crashes/