I’m about to roll out an update for the wheniskeynote.com website, just in time for the WWDC 13 keynote. The changes include:

• Replaced the countdown with one that supports reflection
• Replaced Google Analytics with Piwik, which is awesome
• Removed support for the RSS feed and Google +1
• Dropped financial results calls from the list of supported events
• Support for Talk Like A Pirate day
• Redesigned the countdown images to include the same font as the rest of the site
• Feeding a cached HTML version of the site to web crawlers since they can’t handle the amount of AJAX I’m throwing at them
• Some bug fixes

Still on my todo list:

• A calendar icon with the proper date on it instead of “17″ (clicking the icon will download an .ics event file which you can import into your calendar)

Here’s what the site looks like once a keynote event has been confirmed by Apple:

Some behind the scenes information about wheniskeynote.com:

• The site is hosted on a $30/year virtual private server
• Is implemented in Java using Tomcat and a MySQL backend
• Contains less than 1000 lines of self-written code
• Gets around 1000 visits a day on average with peaks up to 50,000 visits in the days ahead of an event
• Gets visitors from around the globe except for North Korea, Chad, Mali and Tajikistan.

My rather dated ASUS P6T based Hackintosh lacked USB 3.0, a feature I really wanted because I already own an external USB 3 SSD drive which I’m using on my notebook. Quite a while ago, I bought this dirt cheap PCI-express 4 port USB card for $11 on eBay. However, the controller didn’t work on OS X no matter what (MultiBeast-)driver I tried. The connected SSD drive finally showed up once I applied some obscure XHCI compatibility settings to the .plist of the Apple USB driver but transferring files from/to the drive was beyond slow.

Last week, I noticed an USB 3 related entry in the MultiBeast release notes:

Added USB 3.0 – Universal which is RehabMan’s branch of Zenith432′s GenericUSBXHCI.kext

Once I installed this new driver using the latest MultiBeast and rebooted my Hackintosh, my external SSD started working like a treat! While I have no idea if this $11 controller is the best Hackintosh USB 3.0 controller (that was just a bait to lure you in) it’s still a good bang for your buck. This controller/driver combo might even work on a Mac Pro, which to this date still don’t have USB 3 support.

Kudos go out to everyone involved in creating this universal USB 3 driver. You’re awesome!

If you have some RAM to spare and want to speed up MySQL a little, you can create a RAM disk for MySQL’s temporary disk tables. In Ubuntu Server, the MySQL process is being watched by AppArmor which prevents us from using a custom tmpdir unless the AppArmor configuration is changed accordingly. This post shows how to to it. Read more »

Here’s a quick one. If HAProxy is used to SSL-offload the PhpMyAdmin web application, the following line has to be added to PhpMyAdmin’s config.inc.php:

$cfg['PmaAbsoluteUri'] = 'https://www.mydomain.net/phpmyadmin';

I’m still kind of an Asterisk/FreePBX noob so I took me a while to figure out how to configure OVH’s SIP trunk for inbound and outbound calls. I chose OVH since they offer a SIP trunk for €1/mo (depending on your country the price may be higher) which includes free landline calling to 40 countries: Argentina, Australia, Austria, Belgium, Brazil, Canada, Chile, China, Colombia, Cyprus, Denmark, France, Germany, Greece, Hong Kong, Hungary, Ireland, Israel, Italy, Kazakhstan, Luxembourg, Malaysia , Mexico, Norway, Netherlands, New Zealand, Panama, Peru, Poland, Portugal, Russia, Singapore, Slovakia, Spain, Sweden, Switzerland, Taiwan, Thailand, United Kingdom, USA and Venezuela to a maximum of 99 different numbers per month.
You can choose a phone number from various countries and for some countries, OVH even offers free number portability for your existing landline number. Read more »

If you want to use that latest and greatest feature in HAProxy, you’ll probably end up having it to build it yourself. If you’re adventurous enough to run a potentially unstable development version on your server, here’s how to compile the binary.

Get the latest dev version from here: haproxy.1wt.eu/#down

Set up the build environment:

apt-get install build-essential zlib1g-dev libpcre3-dev libssl-dev

Build the binary (assuming your Linux kernel version is >= 2.6.28):

make TARGET=linux2628 CPU=native USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1

This will include OpenSSL and zlib compression support.

If you’re using a reverse proxy and want to see the client’s real IP addresses instead of the proxy’s localhost address in Apache2′s log file (or any Apache-based web application which reports the client’s IP address), you might want to have a look at the RPAF module.
The RPAF (Reverse Proxy Add Forward) module will enable Apache2 to report the client’s real IP address through a reverse proxy (like HAProxy). The module essentially replaces the proxy’s IP address with the X-Forwarded-For HTTP header set by the proxy. Read more »

In a world of diminishing IPv4 space and slow IPv6 adoption, SNI-based SSL is getting more and more important. Using the TLS extension SNI, only hardware limits the number of virtual SSL-hosts we can put on a single IP address. Most modern web browsers and web servers support SNI nowadays. Since September 2012, HAProxy supports native SSL as well which means the job of SSL-offloading can now be implemented with a simple HAProxy configuration:

frontend f_web_ssl
  bind 0.0.0.0:443 ssl crt /etc/haproxy/default.pem crt /etc/haproxy/certs.d ciphers ECDHE-RSA-AES256-SHA:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM

This line will instruct HAProxy to look for server (since this is only one-way SSL) certificate files in /etc/haproxy/certs.d and match them to the SNI-name passed by the client. If no match is found or no SNI handshake was taking place, the default.pem certificate is presented to the client. The ciphers are included to pass the BEAST attack test.
Read more »

One of my favourite low-end Linux virtual server provider these days is BuyVM/Frantech from Canada (, eh?). They offer 128MB OpenVZ VPS plans for as low as $15/yr and 128MB KVM plans for $25/yr in Buffalo NY or in San Jose on the west coast. These virtual servers come with 500GB traffic/month and 15 GB disk space. They have a very nicely crafted VPS management console and you can even get a free storage plan as well which will add another 5 GB of storage on their FTP server. Read more »

Here’s a simple shell script sample on how to import a list of phone numbers into FreePBX’s blacklist module. The blacklist module is available for download in the FreePBX “Module Admin” menu. Unless you’re based in Switzerland, the call-center blacklist I’m using in the script below is probably not relevant to you – you’ll have to find one for your country. Read more »

Aus aktuellem Anlass wieder mal ein Post in Deutsch. Und zwar geht es dieses Mal um Belästigungen. Genauer gesagt um Meinungsforscher, Werbeanrufer und sonstige, gewerbliche Telefonterroristen, welche sich ungeniert über den *-Eintrag im Telefonbuch hinwegsetzen. Der Plan: Mittels einer Sperrliste bekannte Störenfriede automatisch abweisen. Was braucht man dazu:

1. Eine Telefonanlage, welche mit einer Rufnummern-Sperrliste umgehen kann
2. Eine maschinenlesbare Sperrliste mit Call-Center Nummern
3. Irgendwelche Update-Skripts zwecks Automatisierung

Read more »

This is a first post in a series on how to use HAProxy in front of WordPress. I’m using HAProxy to offload SSL connections to a WordPress site. The site itself runs on an internal IP address on port 80 while HAProxy listens on incoming connections on *:80 and *:443. Connections to *:443 will be presented the correct certificate using HAProxy’s SNI-based certificate matching algorithm. I’ll write more about that SNI-based configuration in a future post. In this post I’m going to focus on the SSL redirect loop which is happening if you use Read more »

Even though I’m a Mac person, I decided to give Windows 8 a try. I was able get a promo code (using an old but genuine Windows 7 serial and this loophole) and the price dropped to $14.99. I wanted to get rid of all the junk from my Windows 7 installation so I decided to wipe the drive and did a clean install. I entered my new Windows 8 license key at the beginning of the installation process and the rest of the installation went on smoothly. However, after playing around with Windows 8 I found out that it had not been activated. Trying to activate it always resulted in  error code 0xC004F061. Read more »

I mentioned in an earlier post that I’m planning to host this website on a colocated Raspberry Pi. Meanwhile, my RPi has arrived at EDIS’ data center in Graz, Austria. I transferred all relevant files and database tables from this WordPress installation to the new home on the RPi. I had to tweak my LAMP installation to reduce the memory footprint because the default settings for Apache and MySQL tend to eat quite a bit of RAM. When I started testing the WordPress installation, something interesting happened: it took more than 10 seconds to serve a page. Read more »

Here’s the UnixBench v5.1.3 result of my Raspberry Pi (model B). I’m using a SanDisk Extreme Pro UHS-1 card (up to 95MB/s) in the RPi’s SD card slot and the RPi is running Debian “Squeeze”. Read more »