I’m about to roll out an update for the wheniskeynote.com website, just in time for the WWDC 13 keynote. The changes include:

• Replaced the countdown with one that supports reflection
• Replaced Google Analytics with Piwik, which is awesome
• Removed support for the RSS feed and Google +1
• Dropped financial results calls from the list of supported events
• Support for Talk Like A Pirate day
• Redesigned the countdown images to include the same font as the rest of the site
• Feeding a cached HTML version of the site to web crawlers since they can’t handle the amount of AJAX I’m throwing at them
• Some bug fixes

Still on my todo list:

• A calendar icon with the proper date on it instead of “17″ (clicking the icon will download an .ics event file which you can import into your calendar)

Here’s what the site looks like once a keynote event has been confirmed by Apple:

Some behind the scenes information about wheniskeynote.com:

• The site is hosted on a $30/year virtual private server
• Is implemented in Java using Tomcat and a MySQL backend
• Contains less than 1000 lines of self-written code
• Gets around 1000 visits a day on average with peaks up to 50,000 visits in the days ahead of an event
• Gets visitors from around the globe except for North Korea, Chad, Mali and Tajikistan.

If you have some RAM to spare and want to speed up MySQL a little, you can create a RAM disk for MySQL’s temporary disk tables. In Ubuntu Server, the MySQL process is being watched by AppArmor which prevents us from using a custom tmpdir unless the AppArmor configuration is changed accordingly. This post shows how to to it. Read more »

Here’s a quick one. If HAProxy is used to SSL-offload the PhpMyAdmin web application, the following line has to be added to PhpMyAdmin’s config.inc.php:

$cfg['PmaAbsoluteUri'] = 'https://www.mydomain.net/phpmyadmin';

If you want to use that latest and greatest feature in HAProxy, you’ll probably end up having it to build it yourself. If you’re adventurous enough to run a potentially unstable development version on your server, here’s how to compile the binary.

Get the latest dev version from here: haproxy.1wt.eu/#down

Set up the build environment:

apt-get install build-essential zlib1g-dev libpcre3-dev libssl-dev

Build the binary (assuming your Linux kernel version is >= 2.6.28):

make TARGET=linux2628 CPU=native USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1

This will include OpenSSL and zlib compression support.

If you’re using a reverse proxy and want to see the client’s real IP addresses instead of the proxy’s localhost address in Apache2′s log file (or any Apache-based web application which reports the client’s IP address), you might want to have a look at the RPAF module.
The RPAF (Reverse Proxy Add Forward) module will enable Apache2 to report the client’s real IP address through a reverse proxy (like HAProxy). The module essentially replaces the proxy’s IP address with the X-Forwarded-For HTTP header set by the proxy. Read more »

In a world of diminishing IPv4 space and slow IPv6 adoption, SNI-based SSL is getting more and more important. Using the TLS extension SNI, only hardware limits the number of virtual SSL-hosts we can put on a single IP address. Most modern web browsers and web servers support SNI nowadays. Since September 2012, HAProxy supports native SSL as well which means the job of SSL-offloading can now be implemented with a simple HAProxy configuration:

frontend f_web_ssl
  bind 0.0.0.0:443 ssl crt /etc/haproxy/default.pem crt /etc/haproxy/certs.d ciphers ECDHE-RSA-AES256-SHA:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM

This line will instruct HAProxy to look for server (since this is only one-way SSL) certificate files in /etc/haproxy/certs.d and match them to the SNI-name passed by the client. If no match is found or no SNI handshake was taking place, the default.pem certificate is presented to the client. The ciphers are included to pass the BEAST attack test.
Read more »

One of my favourite low-end Linux virtual server provider these days is BuyVM/Frantech from Canada (, eh?). They offer 128MB OpenVZ VPS plans for as low as $15/yr and 128MB KVM plans for $25/yr in Buffalo NY or in San Jose on the west coast. These virtual servers come with 500GB traffic/month and 15 GB disk space. They have a very nicely crafted VPS management console and you can even get a free storage plan as well which will add another 5 GB of storage on their FTP server. Read more »

This is a first post in a series on how to use HAProxy in front of WordPress. I’m using HAProxy to offload SSL connections to a WordPress site. The site itself runs on an internal IP address on port 80 while HAProxy listens on incoming connections on *:80 and *:443. Connections to *:443 will be presented the correct certificate using HAProxy’s SNI-based certificate matching algorithm. I’ll write more about that SNI-based configuration in a future post. In this post I’m going to focus on the SSL redirect loop which is happening if you use Read more »

Tunlr is a web site that let’s you watch on-demand video streams from U.S.-based television networks outside the U.S. I’m able to watch ABC, CBS and MTV TV shows on my Mac. MTV even streams some shows in HD quality. Looks great! I can watch full Saturday Night Live episodes on Hulu, pretty cool. Tunlr unblocks watching Netflix on AppleTV and iPad on any location on this planet. It also removes the stupid 50 song limit on last.fm.

Probably the coolest thing about Tunlr is that it’s completely free. Check it out!

Iodine is a software that let’s you tunnel IPv4 data through a DNS server. If you’re wondering why on earth you’d ever need such a thing, read here. You basically need a client (in my case an Apple MacBook Air) and a Linux server (see here for some super cheap low end Linux VPS boxes) to start off. Please see one of the tutorials on how to setup the Iodine daemon (iodined) on the Linux server. In this post I’m focusing on the client setup for OS X.

Iodine can be easily compiled using Xcode but I’m providing the binaries in this site’s download area for your convenience. You also need to install a tunnel device on the OS X client. Check out the TunTap virtual interface device kernel extension. Read more »

I’m currently running an AdWords campaign for my new project wheniskeynote.com. Since that web site is strictly non-commercial and won’t ever generate any revenues I have to bear the costs for the ad myself. It’s more like a test to learn how Google AdWords works and how it could be useful to me in future projects.

The CPC (cost-per-click) for the keywords I use (permutations of something like “next apple keynote”) is around 50 cents, which is pretty high considering that my ad is the only ad ever showing up in searches (I’m not using the content network btw.) using these keywords. Google’s answer to this particular situation is rather cryptic and not really comprehensible for an AdWords client. Fortunately, the CPC for my campaign is still far off from keywords like “auto insurance price quotes”, “consolidate graduate student loans” which sell for a whopping $50 per click on average!

Interestingly, one of my keyword combinations which was already running successfully for a few days suddenly showed a 20% CPC increase. My ad wasn’t even shown in searches anymore for that combination because the CPC now was higher than my maximum default bid. The reason why I suspect a CPC manipulation is that there’s no other bidder for this combination. If I increase the CPC to the requested bid level, my ad is showing up again but still the only one showing up. Needless to say that I won’t be bullied into bidding for artificially increased CPC. Someone at Google should redesign this revenue-generating algorithm in a way that isn’t THAT obvious :-)