To make this year's review cooler than last year, I wrote a python script to generate a tag cloud and fed it only the list of tags mentioned in posts I've made this year.

This year was pretty sweet.

Basic life summary: Still loving it at Google. Got a house. Getting married soon.

This year started off me using EC2 for a side project. Along with EC2, I had to think about scaling mysql and tomcat . This same side project made me rant about mysql's query cache.

I also spent many hours putting crazy features into grok. Unsatisfied with the original predicate implementation, I came up with this hack to run arbitrary pattern-matching code within a regular expression to affect the outcome of the match, and then implemented it in grok. A few months after that, I checked off another todo item by implementing pattern discovery.

I also started working on monitoring. I mentioned this idea in some detail last year, and had a really crappy prototype. This year, I experimented with Berkeley DB and Python to get simple key-value pair storage. All of the work so far is still very primitive, but I did have a working prototype

I've put thousands of miles of travel in this year: Shmoocon (Washington, DC), MashupCamp Dublin (Dublin, Ireland), Defcon 15 (Las Vegas), Barcamp Block (Palo Alto, CA), SuperHappyDevHouse 18 (Hillsborough, CA).

As expected, a few projects stayed on the backburner. One of these is my FreeBSD work redoing the mouse driver system. Given that I've had commit access to FreeBSD for a year now and haven't done much with it, I'm hoping I can spend more time working on that project; as it is my favorite platform. The code has been ready to commit for a long time, and I just haven't gotten around to it :\

New projects: fex, firefox-tabsearch, firefox-urledit, liboverride, xdotool. and xpathtool,

Some of my favorite hacks this past year included pulling album covers from amazon, muting music when your screen is locked, fast log splitting, a mini-freebsd script, and shell shortcuts

With that I bid farewell to 2007, and continue to eagerly look forward to the future. The only plans I have set this year are helping again run Hack or Halo at Shmoocon in addition to putting serious time into FreeBSD.

I've only gotten a few hits on my honey pot, and none of the bots seem to be doing much. I think it might be because the shell I have setup doesn't behave correctly. Here's the new one:

#!/bin/bash
d="$(date "+%Y%m%d-%H%M%S")"
logfile="/var/log/traps/$d"
env > $logfile
echo "Args: $*" >> $logfile
export SHELL=/bin/bash
script -c "$SHELL $*" -q -a $logfile

This will log the env vars in addition to the arguments passed to the shell. Thus far, I've see 2 patterns of environment variables.

This new version supports arguments, so that things like 'ssh user@host somecommand' works. The next step is probably to have a setuid program chown the logfile to root shortly after script(1) starts, so that you can't remove your own log. I'll only bother with that if it's necessary.

In addition to the shell change, I started looking into the audit facility in Linux. I want to log all command execution, in case my script(1) idea fails. To do this, I added these rules with auditctl:

auditctl -a exit,always -F uid=60000 -S open
auditctl -a exit,always -F uid=60000 -S execve
auditctl -a exit,always -F uid=60000 -S vfork
auditctl -a exit,always -F uid=60000 -S fork
auditctl -a exit,always -F uid=60000 -S clone

I'm not entirely sure if this will specifically catch the execs I'm looking for, but it does seem to work:

% ausearch -sc execve | grep EXECVE
type=EXECVE msg=audit(1199138086.041:3293): a0="/bin/bash" a1="-c" a2="uptime"-
type=EXECVE msg=audit(1199138086.056:3300): a0="uptime"-

More than a year ago, I expressed some frustration about cindent in vim. My main complaints about it were that it made bad decisions about indentation on some languages that were not strictly C-syntax (perl, python, javascript).

Tonight I decided that I wanted to automate indenting to the closest '(' as in:

if (foo() and bar()
    and baz):
    ^ Want to indent to here, somehow, on command.

The 'cindent' feature of vim lets you configure this to happen automatically, but in some cases it won't indent properly: ie; a comment with a ( at the end of the line, for example, will screw it up.

I got tired of dealing with it, so I went back to autoindent, and I've been happier ever after. Fooling around tonight, I started working on a vim function to basically do exactly what I needed. An hour later, it was done. In the process, I wanted to confirm the default actions of ctrl+f in insert mode, which lead me to the cinkeys docs, which clued me that 'cindent' only autoindents on certain occaisions.

All of my time was wasted, it seems, after I figured out setting this option:

set cinkeys=!^F

Now cindent only activates when I hit ctrl+f. If I have both autoindent and cindent enabled, with this cinkeys setting, the default indentation behavior is exactly autoindent, and I can invoke cindent at will.

The following is now set in my .vimrc:

set autoindent
set cindent                     " Use c-style indentation
set cinkeys=!^F                 " Only indent when requested
set cinoptions=(0t0c1           " :help cinoptions-values

If you're interested in the vim script I wrote, which I no longer need, you can download it here: paren_indent.vim