SlideShare uma empresa Scribd logo

Just another bughunt

Charles Fulton
Charles Fulton

It's not the bugs you know that kill a website. It's the ones you can't see, lurking just out of sight, that get you. Learn how Lafayette College identified the Lovecraftian code horrors lurking beneath its feet with tools like Splunk (server log analysis), OSSEC (server-side bad behavior monitor) and SiteImprove (web page auditing tool) and then surgically eliminated the problems. Examples include PHP scripts spewing error notices into logs, undiscovered CAS authentication failures, and thumbnail generation scripts that choke on large files.

Tecnologia
1 de 57
Baixar para ler offline
Just another bughunt? Tools to improve your site without nuking it from orbit Ken Newquist (@knewquist) | Charles Fulton (@mackensen) #DPA11
Who we are Ken Newquist Director, Web Applications Development Lafayette College Charles Fulton Senior Web Applications Developer Lafayette College #DPA11
Rebuild or Fix? ● Your website’s problems may seem intractable ● The temptation to nuke the bugs and start fresh is strong ● We’ve found tools that identify the problems so we can surgically eliminate them ○ (and find a few issues we didn’t know about in the process) #DPA11
Tools #DPA11
Siteimprove ● Crawls web presence ● Reports broken links and common misspellings ● Shows changes over time ● Pretty graphs! #DPA11
Pretty graph! #DPA11
Splunk ● Log aggregation ● Real-time monitoring ● Rich analysis ● More pretty graphs! #DPA11
Another pretty graph! #DPA11
Nagios ● Real-time monitoring ● Defines a base-line of system performance ● Does not detect presence of dinosaurs #DPA11
Dinosaurs! #DPA11
OSSEC ● Log-based intrusion detection system ● Define states of acceptable behavior ● No pretty graphs #DPA11
Not a pretty graph :/ #DPA11
Discovering your web presence ● Define expected behavior with OSSEC & Nagios ● Test expectations with Siteimprove & Splunk ● Here be monsters #DPA11
Investigations #DPA11
The Lost Thumbnails ● Site: Moodle ● Tools: Splunk, OSSEC ● Outcome: Improved Apache configuration #DPA11
Sky falling! ● Splunk reported ~400 500 internal server errors within a few minutes ● Also showed concentrated bursts of 404 errors when viewing resources ● Concern within department that sky was falling #DPA11
Sky not falling! ● System ran out of memory generating thumbnails from massive images; threw 500s ● Preview of missing images generated the 404s #DPA11
Outcomes ● Memory limits were not reasonable ● Users do not report catastrophic errors #DPA11
Comments ● Site: WordPress ● Tools: Splunk, OSSEC ● Outcome: WordPress core fixes #DPA11
What Lies Beneath ● 500 errors are reserved for server issues ● WordPress has notions of its own ○ Double-submitted comment? 500 error ○ Missing a required field? 500 error ○ Blank comment? 500 error ● OSSEC would ban all of these for bad behavior #DPA11
https://github.com/bigcompany/know-your-http #DPA11
Outcomes ● Learned reasonable mistakes can yield unreasonable error codes ● Hacked core to return 200s and 400s instead ● Core is discussing what to do ○ https://core.trac.wordpress.org/ticket/11286 #DPA11
Revenge of the Base Theme ● Site: WordPress ● Tools: Siteimprove ● Outcome: WordPress theme fix; Apache configuration change #DPA11
March 10: the day the links broke #DPA11
Nothing to see here … oh wait-- ● Developer dismissed initial reports of login issues as user error ● Then Siteimprove said we had 1,800 new broken links ● A two-character change in RHEL defaults for httpd.conf broke WordPress #DPA11
Lessons ● Small changes have vast consequences ● Documentation is doubleplusgood #DPA11
The Incredible Shrinking Provost ● Site: Drupal ● Tools: Splunk ● Outcome: Cleaned data in ERP system #DPA11
Who’s the fairest of them all? ● The directory passes the search query via a GET parameter ● Splunk told us our associate provost, “Jane Doe”, was most-searched by an order of magnitude #DPA11
...we searched for “Jane Doe”... ...and the search returned... ...NOTHING! #DPA11
Lessons ● “Jane A. B. Doe !== Jane Doe” ● Data lies #DPA11
Dumpster fire #DPA11
The Virtual Tour ● Site: Custom app ● Tools: Splunk ● Outcome: Fixed PHP bugs #DPA11
Pretty graphs! ● 238,908 errors...in three days ● (We didn’t expect that) #DPA11
Fixed it! #DPA11
Outcomes ● No one cares that we fixed the Virtual Tour ○ (we feel better though) #DPA11
Mr. Foo and Mr. Bar ● Site: WordPress ● Tools: Splunk ● Outcome: Disproved long-standing alleged bug #DPA11
I swear I wasn’t there! ● Various reports over the years alleging that WordPress improperly reported another user was editing a post ● Much speculation and theorizing in absence of facts #DPA11
Outcomes ● People are wrong on the Internet #DPA11
The Cache That Wouldn’t Die ● Site: WordPress ● Tools: Nagios ● Outcome: Database size reduced by two-thirds #DPA11
Doom at 11…. ● Nagios had concerns ● MySQL ran out of disk space ● Size of WordPress DB tripled in two weeks #DPA11
SELECT option_name FROM wp_190_options WHERE option_name LIKE "displayed_gallery%"; ... | displayed_gallery_rendering_ffffb5e48845fbb7b3347244f8aa06d4 | | displayed_gallery_rendering_ffffd6d9f2ab40195295c70f775b0ee8 | | displayed_gallery_rendering_ffffe1416b8d969e25ec7a6094282bbe | | displayed_gallery_rendering_ffffe8e4a0c399605f434bd51be2d9d7 | +--------------------------------------------------------------+ 722141 rows in set (2.28 sec) Pretty terminal dumps? #DPA11
…Salvation at Noon ● The Google Mini found something terrible lurking in club websites ● NextGEN Gallery bug caused near-endless crawl by the mini ● Code bug meant the cache never expired #DPA11
Outcomes ● NextGEN Gallery has stability issues ● Listen to Nagios ● It’s turtles all the way down #DPA11
Attack of the Python Script ● Site: WordPress ● Tools: Nagios, Splunk ● Outcome: Quickly identified source of massive load event #DPA11
Traffic Jam! ● Load on a server spiked at 800% ● Seemed bad ● Nagios had more concerns #DPA11
Hello there! ● Splunk real-time monitoring revealed top client IPs ● We’re very popular with a misconfigured IIS Server in Oregon and its “Python-urllib/3.4” script #DPA11
Outcomes ● Banned the IP on the proxy ● Began developing rate-limiting rules for OSSEC #DPA11
Alternatives #DPA11
Bughunting on the cheap W3C Link Checker ● Reports on broken links to a specified depth ● http://validator.w3.org/checklink Google Webmaster Tools ● Details on broken links and server errors ● https://www.google.com/webmasters/tools/ #DPA11
More options ● Bureau of Internet Accessibility ○ Cheaper than Siteimprove ○ Broken link and accessibility reports ○ http://www.boia.org ● Google Analytics ○ Identify high-traffic broken pages ○ http://google.com/analytics ● vim | grep ○ Eyeballing your logs can’t hurt #DPA11
Conclusions #DPA11
Did we really fix all those errors? Or is logging broken? #DPA11
Takeaways ● Data are free ● Bugs are hard to find ● Reports are expensive ● Good reports make finding bugs easy ● You can improve your site without rebuilding it from scratch ● You will find more bugs than you can fix #DPA11
#DPA11
Anatomy of a Redirect ● Tool: Splunk ● Forthcoming from Lafayette College ● WordPress tries to be helpful! #DPA11
Join the discussion at https://core.trac.wordpress.org/ticket/16557! #DPA11
Questions? Ken Newquist ● newquisk@lafayette.edu ● @knewquist Charles Fulton ● fultonc@lafayette.edu ● @mackensen #DPA11

Recomendados

Contributing to Apache Spark 3
Contributing to Apache Spark 3Contributing to Apache Spark 3
Contributing to Apache Spark 3Holden Karau
 
Untangling - fall2017 - week 9
Untangling - fall2017 - week 9Untangling - fall2017 - week 9
Untangling - fall2017 - week 9Derek Jacoby
 
Validating Big Data Pipelines - Big Data Spain 2018
Validating Big Data Pipelines - Big Data Spain 2018Validating Big Data Pipelines - Big Data Spain 2018
Validating Big Data Pipelines - Big Data Spain 2018Holden Karau
 
Untangling11
Untangling11Untangling11
Untangling11Derek Jacoby
 
Build a production ready PWA - LINKIT & KLM Digital Studio Meetup
Build a production ready PWA - LINKIT & KLM Digital Studio MeetupBuild a production ready PWA - LINKIT & KLM Digital Studio Meetup
Build a production ready PWA - LINKIT & KLM Digital Studio MeetupÖnder Ceylan
 
Untangling fall2017 week2
Untangling fall2017 week2Untangling fall2017 week2
Untangling fall2017 week2Derek Jacoby
 
Untangling - fall2017 - week 10
Untangling - fall2017 - week 10Untangling - fall2017 - week 10
Untangling - fall2017 - week 10Derek Jacoby
 
Autoscaling, Chef and New Relic
Autoscaling, Chef and New RelicAutoscaling, Chef and New Relic
Autoscaling, Chef and New RelicFernando Honig
 

Recomendados

Contributing to Apache Spark 3
Contributing to Apache Spark 3Contributing to Apache Spark 3
Contributing to Apache Spark 3Holden Karau
 
Untangling - fall2017 - week 9
Untangling - fall2017 - week 9Untangling - fall2017 - week 9
Untangling - fall2017 - week 9Derek Jacoby
 
Validating Big Data Pipelines - Big Data Spain 2018
Validating Big Data Pipelines - Big Data Spain 2018Validating Big Data Pipelines - Big Data Spain 2018
Validating Big Data Pipelines - Big Data Spain 2018Holden Karau
 
Untangling11
Untangling11Untangling11
Untangling11Derek Jacoby
 
Build a production ready PWA - LINKIT & KLM Digital Studio Meetup
Build a production ready PWA - LINKIT & KLM Digital Studio MeetupBuild a production ready PWA - LINKIT & KLM Digital Studio Meetup
Build a production ready PWA - LINKIT & KLM Digital Studio MeetupÖnder Ceylan
 
Untangling fall2017 week2
Untangling fall2017 week2Untangling fall2017 week2
Untangling fall2017 week2Derek Jacoby
 
Untangling - fall2017 - week 10
Untangling - fall2017 - week 10Untangling - fall2017 - week 10
Untangling - fall2017 - week 10Derek Jacoby
 
Autoscaling, Chef and New Relic
Autoscaling, Chef and New RelicAutoscaling, Chef and New Relic
Autoscaling, Chef and New RelicFernando Honig
 
Untangling the web week 2 - SEO
Untangling the web week 2 - SEOUntangling the web week 2 - SEO
Untangling the web week 2 - SEODerek Jacoby
 
Untangling spring week12
Untangling spring week12Untangling spring week12
Untangling spring week12Derek Jacoby
 
Untangling spring week11
Untangling spring week11Untangling spring week11
Untangling spring week11Derek Jacoby
 
Panoramic view of web APIs
Panoramic view of web APIsPanoramic view of web APIs
Panoramic view of web APIsKaren Immanuel
 
PHP Continuous Data Processing
PHP Continuous Data ProcessingPHP Continuous Data Processing
PHP Continuous Data ProcessingMichael Peacock
 
Untangling fall2017 week1
Untangling fall2017 week1Untangling fall2017 week1
Untangling fall2017 week1Derek Jacoby
 
Untangling7
Untangling7Untangling7
Untangling7Derek Jacoby
 
Untangling spring week2
Untangling spring week2Untangling spring week2
Untangling spring week2Derek Jacoby
 
Laravel Dusk
Laravel DuskLaravel Dusk
Laravel Duskkingvish
 
Spring insight what just happened
Spring insight what just happenedSpring insight what just happened
Spring insight what just happenedBoulder Java User's Group
 
php[world] 2015 Training - Laravel from the Ground Up
php[world] 2015 Training - Laravel from the Ground Upphp[world] 2015 Training - Laravel from the Ground Up
php[world] 2015 Training - Laravel from the Ground UpJoe Ferguson
 
Jean Paul Ladage Managing Enterprise Content With Plone
Jean Paul Ladage Managing Enterprise Content With PloneJean Paul Ladage Managing Enterprise Content With Plone
Jean Paul Ladage Managing Enterprise Content With PloneVincenzo Barone
 
Untangling - fall2017 - week 8
Untangling - fall2017 - week 8Untangling - fall2017 - week 8
Untangling - fall2017 - week 8Derek Jacoby
 
Naked and afraid Offline Mobile
Naked and afraid Offline MobileNaked and afraid Offline Mobile
Naked and afraid Offline MobileColdFusionConference
 
Dev112 let's calendar that
Dev112 let's calendar thatDev112 let's calendar that
Dev112 let's calendar thatHoward Greenberg
 
php[world] 2015 Laravel 5.1: From Homestead to the Cloud
php[world] 2015 Laravel 5.1: From Homestead to the Cloudphp[world] 2015 Laravel 5.1: From Homestead to the Cloud
php[world] 2015 Laravel 5.1: From Homestead to the CloudJoe Ferguson
 
Pipe your script to slack
Pipe your script to slackPipe your script to slack
Pipe your script to slackChikashi Kato
 
WordPress - Whats going on in the server?
WordPress - Whats going on in the server? WordPress - Whats going on in the server?
WordPress - Whats going on in the server? Herb Miller
 
A Personal Journey
A Personal JourneyA Personal Journey
A Personal JourneyMichael Lihs
 
Project 1
Project 1Project 1
Project 1Adam Karmiński
 
Using big data tools to analyze log files, event logs and performance metrics
Using big data tools to analyze log files, event logs and performance metricsUsing big data tools to analyze log files, event logs and performance metrics
Using big data tools to analyze log files, event logs and performance metricsHal Rottenberg
 
CNC Engraving Machine
CNC Engraving MachineCNC Engraving Machine
CNC Engraving MachineFarouq Mousa
 

Mais conteúdo relacionado

Mais procurados

Untangling the web week 2 - SEO
Untangling the web week 2 - SEOUntangling the web week 2 - SEO
Untangling the web week 2 - SEODerek Jacoby
 
Untangling spring week12
Untangling spring week12Untangling spring week12
Untangling spring week12Derek Jacoby
 
Untangling spring week11
Untangling spring week11Untangling spring week11
Untangling spring week11Derek Jacoby
 
Panoramic view of web APIs
Panoramic view of web APIsPanoramic view of web APIs
Panoramic view of web APIsKaren Immanuel
 
PHP Continuous Data Processing
PHP Continuous Data ProcessingPHP Continuous Data Processing
PHP Continuous Data ProcessingMichael Peacock
 
Untangling fall2017 week1
Untangling fall2017 week1Untangling fall2017 week1
Untangling fall2017 week1Derek Jacoby
 
Untangling spring week2
Untangling spring week2Untangling spring week2
Untangling spring week2Derek Jacoby
 
Laravel Dusk
Laravel DuskLaravel Dusk
Laravel Duskkingvish
 
php[world] 2015 Training - Laravel from the Ground Up
php[world] 2015 Training - Laravel from the Ground Upphp[world] 2015 Training - Laravel from the Ground Up
php[world] 2015 Training - Laravel from the Ground UpJoe Ferguson
 
Jean Paul Ladage Managing Enterprise Content With Plone
Jean Paul Ladage Managing Enterprise Content With PloneJean Paul Ladage Managing Enterprise Content With Plone
Jean Paul Ladage Managing Enterprise Content With PloneVincenzo Barone
 
Untangling - fall2017 - week 8
Untangling - fall2017 - week 8Untangling - fall2017 - week 8
Untangling - fall2017 - week 8Derek Jacoby
 
Dev112 let's calendar that
Dev112 let's calendar thatDev112 let's calendar that
Dev112 let's calendar thatHoward Greenberg
 
php[world] 2015 Laravel 5.1: From Homestead to the Cloud
php[world] 2015 Laravel 5.1: From Homestead to the Cloudphp[world] 2015 Laravel 5.1: From Homestead to the Cloud
php[world] 2015 Laravel 5.1: From Homestead to the CloudJoe Ferguson
 
Pipe your script to slack
Pipe your script to slackPipe your script to slack
Pipe your script to slackChikashi Kato
 
WordPress - Whats going on in the server?
WordPress - Whats going on in the server? WordPress - Whats going on in the server?
WordPress - Whats going on in the server? Herb Miller
 
A Personal Journey
A Personal JourneyA Personal Journey
A Personal JourneyMichael Lihs
 

Mais procurados (20)

Untangling the web week 2 - SEO
Untangling the web week 2 - SEOUntangling the web week 2 - SEO
Untangling the web week 2 - SEO
 
Untangling spring week12
Untangling spring week12Untangling spring week12
Untangling spring week12
 
Untangling spring week11
Untangling spring week11Untangling spring week11
Untangling spring week11
 
Panoramic view of web APIs
Panoramic view of web APIsPanoramic view of web APIs
Panoramic view of web APIs
 
PHP Continuous Data Processing
PHP Continuous Data ProcessingPHP Continuous Data Processing
PHP Continuous Data Processing
 
Untangling fall2017 week1
Untangling fall2017 week1Untangling fall2017 week1
Untangling fall2017 week1
 
Untangling7
Untangling7Untangling7
Untangling7
 
Untangling spring week2
Untangling spring week2Untangling spring week2
Untangling spring week2
 
Laravel Dusk
Laravel DuskLaravel Dusk
Laravel Dusk
 
Spring insight what just happened
Spring insight what just happenedSpring insight what just happened
Spring insight what just happened
 
php[world] 2015 Training - Laravel from the Ground Up
php[world] 2015 Training - Laravel from the Ground Upphp[world] 2015 Training - Laravel from the Ground Up
php[world] 2015 Training - Laravel from the Ground Up
 
Jean Paul Ladage Managing Enterprise Content With Plone
Jean Paul Ladage Managing Enterprise Content With PloneJean Paul Ladage Managing Enterprise Content With Plone
Jean Paul Ladage Managing Enterprise Content With Plone
 
Untangling - fall2017 - week 8
Untangling - fall2017 - week 8Untangling - fall2017 - week 8
Untangling - fall2017 - week 8
 
Naked and afraid Offline Mobile
Naked and afraid Offline MobileNaked and afraid Offline Mobile
Naked and afraid Offline Mobile
 
Dev112 let's calendar that
Dev112 let's calendar thatDev112 let's calendar that
Dev112 let's calendar that
 
php[world] 2015 Laravel 5.1: From Homestead to the Cloud
php[world] 2015 Laravel 5.1: From Homestead to the Cloudphp[world] 2015 Laravel 5.1: From Homestead to the Cloud
php[world] 2015 Laravel 5.1: From Homestead to the Cloud
 
Pipe your script to slack
Pipe your script to slackPipe your script to slack
Pipe your script to slack
 
WordPress - Whats going on in the server?
WordPress - Whats going on in the server? WordPress - Whats going on in the server?
WordPress - Whats going on in the server?
 
A Personal Journey
A Personal JourneyA Personal Journey
A Personal Journey
 
Project 1
Project 1Project 1
Project 1
 

Destaque

Using big data tools to analyze log files, event logs and performance metrics
Using big data tools to analyze log files, event logs and performance metricsUsing big data tools to analyze log files, event logs and performance metrics
Using big data tools to analyze log files, event logs and performance metricsHal Rottenberg
 
CNC Engraving Machine
CNC Engraving MachineCNC Engraving Machine
CNC Engraving MachineFarouq Mousa
 
Summer internship report at hal lucknow (accessories division)
Summer internship report at hal lucknow (accessories division)Summer internship report at hal lucknow (accessories division)
Summer internship report at hal lucknow (accessories division)Rajat Singh
 
SUMMER TRAINING REPORT - HAL, LUCKNOW
SUMMER TRAINING REPORT - HAL, LUCKNOWSUMMER TRAINING REPORT - HAL, LUCKNOW
SUMMER TRAINING REPORT - HAL, LUCKNOWSaloni rastogi
 
INDUSTRIAL TRAINING AT HINDUSTAN AERONAUTICS LIMITED, LUCKNOW
INDUSTRIAL TRAINING AT HINDUSTAN AERONAUTICS LIMITED, LUCKNOWINDUSTRIAL TRAINING AT HINDUSTAN AERONAUTICS LIMITED, LUCKNOW
INDUSTRIAL TRAINING AT HINDUSTAN AERONAUTICS LIMITED, LUCKNOWAdrija Chowdhury
 
Introduction to cnc machines (1)
Introduction to cnc machines (1)Introduction to cnc machines (1)
Introduction to cnc machines (1)someshking
 
REPORT WRITING:TYPES, FORMAT, STRUCTURE AND RELEVANCE
REPORT WRITING:TYPES, FORMAT, STRUCTURE AND RELEVANCEREPORT WRITING:TYPES, FORMAT, STRUCTURE AND RELEVANCE
REPORT WRITING:TYPES, FORMAT, STRUCTURE AND RELEVANCETulika Paul
 
CNC Machines
CNC MachinesCNC Machines
CNC Machinespratik207
 

Destaque (13)

Using big data tools to analyze log files, event logs and performance metrics
Using big data tools to analyze log files, event logs and performance metricsUsing big data tools to analyze log files, event logs and performance metrics
Using big data tools to analyze log files, event logs and performance metrics
 
CNC Engraving Machine
CNC Engraving MachineCNC Engraving Machine
CNC Engraving Machine
 
hal
halhal
hal
 
HAL Report
HAL ReportHAL Report
HAL Report
 
Summer internship report at hal lucknow (accessories division)
Summer internship report at hal lucknow (accessories division)Summer internship report at hal lucknow (accessories division)
Summer internship report at hal lucknow (accessories division)
 
SUMMER TRAINING REPORT - HAL, LUCKNOW
SUMMER TRAINING REPORT - HAL, LUCKNOWSUMMER TRAINING REPORT - HAL, LUCKNOW
SUMMER TRAINING REPORT - HAL, LUCKNOW
 
INDUSTRIAL TRAINING AT HINDUSTAN AERONAUTICS LIMITED, LUCKNOW
INDUSTRIAL TRAINING AT HINDUSTAN AERONAUTICS LIMITED, LUCKNOWINDUSTRIAL TRAINING AT HINDUSTAN AERONAUTICS LIMITED, LUCKNOW
INDUSTRIAL TRAINING AT HINDUSTAN AERONAUTICS LIMITED, LUCKNOW
 
Hal ppt
Hal pptHal ppt
Hal ppt
 
Introduction to cnc machines (1)
Introduction to cnc machines (1)Introduction to cnc machines (1)
Introduction to cnc machines (1)
 
CNC MACHINE
CNC MACHINECNC MACHINE
CNC MACHINE
 
NC, CNC & DNC Machine
NC, CNC & DNC Machine NC, CNC & DNC Machine
NC, CNC & DNC Machine
 
REPORT WRITING:TYPES, FORMAT, STRUCTURE AND RELEVANCE
REPORT WRITING:TYPES, FORMAT, STRUCTURE AND RELEVANCEREPORT WRITING:TYPES, FORMAT, STRUCTURE AND RELEVANCE
REPORT WRITING:TYPES, FORMAT, STRUCTURE AND RELEVANCE
 
CNC Machines
CNC MachinesCNC Machines
CNC Machines
 

Semelhante a Just another bughunt

Single Page Applications in Drupal
Single Page Applications in DrupalSingle Page Applications in Drupal
Single Page Applications in DrupalChris Tankersley
 
Montée en version de 300 bases de données vers Oracle 12c en 300 jours. Quel...
Montée en version de 300 bases de données vers Oracle 12c en 300 jours. Quel...Montée en version de 300 bases de données vers Oracle 12c en 300 jours. Quel...
Montée en version de 300 bases de données vers Oracle 12c en 300 jours. Quel...Swiss Data Forum Swiss Data Forum
 
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...Demi Ben-Ari
 
Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...
Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...
Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...Codemotion
 
Tools and libraries for common problems (Early Draft)
Tools and libraries for common problems (Early Draft)Tools and libraries for common problems (Early Draft)
Tools and libraries for common problems (Early Draft)rc2209
 
Snowflake Automated Deployments / CI/CD Pipelines
Snowflake Automated Deployments / CI/CD PipelinesSnowflake Automated Deployments / CI/CD Pipelines
Snowflake Automated Deployments / CI/CD PipelinesDrew Hansen
 
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityHong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityAnn Lam
 
Hong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8thHong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8thWong Hoi Sing Edison
 
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityHong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityAnn Lam
 
An EyeWitness View into your Network
An EyeWitness View into your NetworkAn EyeWitness View into your Network
An EyeWitness View into your NetworkCTruncer
 
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017Demi Ben-Ari
 
20 tips for website performance
20 tips for website performance20 tips for website performance
20 tips for website performanceAndrew Siemer
 
Beyond unit tests: Deployment and testing for Hadoop/Spark workflows
Beyond unit tests: Deployment and testing for Hadoop/Spark workflowsBeyond unit tests: Deployment and testing for Hadoop/Spark workflows
Beyond unit tests: Deployment and testing for Hadoop/Spark workflowsDataWorks Summit
 
Website Speed :: Fox Valley Computing Professionals, September 2014
Website Speed :: Fox Valley Computing Professionals, September 2014Website Speed :: Fox Valley Computing Professionals, September 2014
Website Speed :: Fox Valley Computing Professionals, September 2014Straight North
 
The 5 most common reasons for a slow WordPress site and how to fix them – ext...
The 5 most common reasons for a slow WordPress site and how to fix them – ext...The 5 most common reasons for a slow WordPress site and how to fix them – ext...
The 5 most common reasons for a slow WordPress site and how to fix them – ext...Otto Kekäläinen
 
Scaling Magento
Scaling MagentoScaling Magento
Scaling MagentoCopious
 

Semelhante a Just another bughunt (20)

Single Page Applications in Drupal
Single Page Applications in DrupalSingle Page Applications in Drupal
Single Page Applications in Drupal
 
Montée en version de 300 bases de données vers Oracle 12c en 300 jours. Quel...
Montée en version de 300 bases de données vers Oracle 12c en 300 jours. Quel...Montée en version de 300 bases de données vers Oracle 12c en 300 jours. Quel...
Montée en version de 300 bases de données vers Oracle 12c en 300 jours. Quel...
 
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Milan 2017 - D...
 
Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...
Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...
Demi Ben-Ari - Monitoring Big Data Systems Done "The Simple Way" - Codemotion...
 
Tools and libraries for common problems (Early Draft)
Tools and libraries for common problems (Early Draft)Tools and libraries for common problems (Early Draft)
Tools and libraries for common problems (Early Draft)
 
Web Exploitation
Web ExploitationWeb Exploitation
Web Exploitation
 
Snowflake Automated Deployments / CI/CD Pipelines
Snowflake Automated Deployments / CI/CD PipelinesSnowflake Automated Deployments / CI/CD Pipelines
Snowflake Automated Deployments / CI/CD Pipelines
 
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityHong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
 
Hong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8thHong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8th
 
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityHong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
 
Workflow Engines + Luigi
Workflow Engines + LuigiWorkflow Engines + Luigi
Workflow Engines + Luigi
 
An EyeWitness View into your Network
An EyeWitness View into your NetworkAn EyeWitness View into your Network
An EyeWitness View into your Network
 
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017
Monitoring Big Data Systems Done "The Simple Way" - Codemotion Berlin 2017
 
20 tips for website performance
20 tips for website performance20 tips for website performance
20 tips for website performance
 
Beyond unit tests: Deployment and testing for Hadoop/Spark workflows
Beyond unit tests: Deployment and testing for Hadoop/Spark workflowsBeyond unit tests: Deployment and testing for Hadoop/Spark workflows
Beyond unit tests: Deployment and testing for Hadoop/Spark workflows
 
Website Speed :: Fox Valley Computing Professionals, September 2014
Website Speed :: Fox Valley Computing Professionals, September 2014Website Speed :: Fox Valley Computing Professionals, September 2014
Website Speed :: Fox Valley Computing Professionals, September 2014
 
Django Girls Tutorial
Django Girls TutorialDjango Girls Tutorial
Django Girls Tutorial
 
Open Day July 2019
Open Day July 2019Open Day July 2019
Open Day July 2019
 
The 5 most common reasons for a slow WordPress site and how to fix them – ext...
The 5 most common reasons for a slow WordPress site and how to fix them – ext...The 5 most common reasons for a slow WordPress site and how to fix them – ext...
The 5 most common reasons for a slow WordPress site and how to fix them – ext...
 
Scaling Magento
Scaling MagentoScaling Magento
Scaling Magento
 

Último

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Último (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Just another bughunt

  • 1. Just another bughunt? Tools to improve your site without nuking it from orbit Ken Newquist (@knewquist) | Charles Fulton (@mackensen) #DPA11
  • 2. Who we are Ken Newquist Director, Web Applications Development Lafayette College Charles Fulton Senior Web Applications Developer Lafayette College #DPA11
  • 3. Rebuild or Fix? ● Your website’s problems may seem intractable ● The temptation to nuke the bugs and start fresh is strong ● We’ve found tools that identify the problems so we can surgically eliminate them ○ (and find a few issues we didn’t know about in the process) #DPA11
  • 5. Siteimprove ● Crawls web presence ● Reports broken links and common misspellings ● Shows changes over time ● Pretty graphs! #DPA11
  • 7. Splunk ● Log aggregation ● Real-time monitoring ● Rich analysis ● More pretty graphs! #DPA11
  • 9. Nagios ● Real-time monitoring ● Defines a base-line of system performance ● Does not detect presence of dinosaurs #DPA11
  • 11. OSSEC ● Log-based intrusion detection system ● Define states of acceptable behavior ● No pretty graphs #DPA11
  • 12. Not a pretty graph :/ #DPA11
  • 13. Discovering your web presence ● Define expected behavior with OSSEC & Nagios ● Test expectations with Siteimprove & Splunk ● Here be monsters #DPA11
  • 15. The Lost Thumbnails ● Site: Moodle ● Tools: Splunk, OSSEC ● Outcome: Improved Apache configuration #DPA11
  • 16. Sky falling! ● Splunk reported ~400 500 internal server errors within a few minutes ● Also showed concentrated bursts of 404 errors when viewing resources ● Concern within department that sky was falling #DPA11
  • 17. Sky not falling! ● System ran out of memory generating thumbnails from massive images; threw 500s ● Preview of missing images generated the 404s #DPA11
  • 18. Outcomes ● Memory limits were not reasonable ● Users do not report catastrophic errors #DPA11
  • 19. Comments ● Site: WordPress ● Tools: Splunk, OSSEC ● Outcome: WordPress core fixes #DPA11
  • 20. What Lies Beneath ● 500 errors are reserved for server issues ● WordPress has notions of its own ○ Double-submitted comment? 500 error ○ Missing a required field? 500 error ○ Blank comment? 500 error ● OSSEC would ban all of these for bad behavior #DPA11
  • 22. Outcomes ● Learned reasonable mistakes can yield unreasonable error codes ● Hacked core to return 200s and 400s instead ● Core is discussing what to do ○ https://core.trac.wordpress.org/ticket/11286 #DPA11
  • 23. Revenge of the Base Theme ● Site: WordPress ● Tools: Siteimprove ● Outcome: WordPress theme fix; Apache configuration change #DPA11
  • 24. March 10: the day the links broke #DPA11
  • 25. Nothing to see here … oh wait-- ● Developer dismissed initial reports of login issues as user error ● Then Siteimprove said we had 1,800 new broken links ● A two-character change in RHEL defaults for httpd.conf broke WordPress #DPA11
  • 26. Lessons ● Small changes have vast consequences ● Documentation is doubleplusgood #DPA11
  • 27. The Incredible Shrinking Provost ● Site: Drupal ● Tools: Splunk ● Outcome: Cleaned data in ERP system #DPA11
  • 28. Who’s the fairest of them all? ● The directory passes the search query via a GET parameter ● Splunk told us our associate provost, “Jane Doe”, was most-searched by an order of magnitude #DPA11
  • 29. ...we searched for “Jane Doe”... ...and the search returned... ...NOTHING! #DPA11
  • 30. Lessons ● “Jane A. B. Doe !== Jane Doe” ● Data lies #DPA11
  • 32. The Virtual Tour ● Site: Custom app ● Tools: Splunk ● Outcome: Fixed PHP bugs #DPA11
  • 33. Pretty graphs! ● 238,908 errors...in three days ● (We didn’t expect that) #DPA11
  • 35. Outcomes ● No one cares that we fixed the Virtual Tour ○ (we feel better though) #DPA11
  • 36. Mr. Foo and Mr. Bar ● Site: WordPress ● Tools: Splunk ● Outcome: Disproved long-standing alleged bug #DPA11
  • 37. I swear I wasn’t there! ● Various reports over the years alleging that WordPress improperly reported another user was editing a post ● Much speculation and theorizing in absence of facts #DPA11
  • 38. Outcomes ● People are wrong on the Internet #DPA11
  • 39. The Cache That Wouldn’t Die ● Site: WordPress ● Tools: Nagios ● Outcome: Database size reduced by two-thirds #DPA11
  • 40. Doom at 11…. ● Nagios had concerns ● MySQL ran out of disk space ● Size of WordPress DB tripled in two weeks #DPA11
  • 41. SELECT option_name FROM wp_190_options WHERE option_name LIKE "displayed_gallery%"; ... | displayed_gallery_rendering_ffffb5e48845fbb7b3347244f8aa06d4 | | displayed_gallery_rendering_ffffd6d9f2ab40195295c70f775b0ee8 | | displayed_gallery_rendering_ffffe1416b8d969e25ec7a6094282bbe | | displayed_gallery_rendering_ffffe8e4a0c399605f434bd51be2d9d7 | +--------------------------------------------------------------+ 722141 rows in set (2.28 sec) Pretty terminal dumps? #DPA11
  • 42. …Salvation at Noon ● The Google Mini found something terrible lurking in club websites ● NextGEN Gallery bug caused near-endless crawl by the mini ● Code bug meant the cache never expired #DPA11
  • 43. Outcomes ● NextGEN Gallery has stability issues ● Listen to Nagios ● It’s turtles all the way down #DPA11
  • 44. Attack of the Python Script ● Site: WordPress ● Tools: Nagios, Splunk ● Outcome: Quickly identified source of massive load event #DPA11
  • 45. Traffic Jam! ● Load on a server spiked at 800% ● Seemed bad ● Nagios had more concerns #DPA11
  • 46. Hello there! ● Splunk real-time monitoring revealed top client IPs ● We’re very popular with a misconfigured IIS Server in Oregon and its “Python-urllib/3.4” script #DPA11
  • 47. Outcomes ● Banned the IP on the proxy ● Began developing rate-limiting rules for OSSEC #DPA11
  • 49. Bughunting on the cheap W3C Link Checker ● Reports on broken links to a specified depth ● http://validator.w3.org/checklink Google Webmaster Tools ● Details on broken links and server errors ● https://www.google.com/webmasters/tools/ #DPA11
  • 50. More options ● Bureau of Internet Accessibility ○ Cheaper than Siteimprove ○ Broken link and accessibility reports ○ http://www.boia.org ● Google Analytics ○ Identify high-traffic broken pages ○ http://google.com/analytics ● vim | grep ○ Eyeballing your logs can’t hurt #DPA11
  • 52. Did we really fix all those errors? Or is logging broken? #DPA11
  • 53. Takeaways ● Data are free ● Bugs are hard to find ● Reports are expensive ● Good reports make finding bugs easy ● You can improve your site without rebuilding it from scratch ● You will find more bugs than you can fix #DPA11
  • 55. Anatomy of a Redirect ● Tool: Splunk ● Forthcoming from Lafayette College ● WordPress tries to be helpful! #DPA11
  • 56. Join the discussion at https://core.trac.wordpress.org/ticket/16557! #DPA11
  • 57. Questions? Ken Newquist ● newquisk@lafayette.edu ● @knewquist Charles Fulton ● fultonc@lafayette.edu ● @mackensen #DPA11