This is a first post in a series on how to use HAProxy in front of WordPress. I’m using HAProxy to offload SSL connections to a WordPress site. The site itself runs on an internal IP address on port 80 while HAProxy listens on incoming connections on *:80 and *:443. Connections to *:443 will be presented the correct certificate using HAProxy’s SNI-based certificate matching algorithm. I’ll write more about that SNI-based configuration in a future post. In this post I’m going to focus on the SSL redirect loop which is happening if you use Read more »
Even though I’m a Mac person, I decided to give Windows 8 a try. I was able get a promo code (using an old but genuine Windows 7 serial and this loophole) and the price dropped to $14.99. I wanted to get rid of all the junk from my Windows 7 installation so I decided to wipe the drive and did a clean install. I entered my new Windows 8 license key at the beginning of the installation process and the rest of the installation went on smoothly. However, after playing around with Windows 8 I found out that it had not been activated. Trying to activate it always resulted in error code 0xC004F061. Read more »
I mentioned in an earlier post that I’m planning to host this website on a colocated Raspberry Pi. Meanwhile, my RPi has arrived at EDIS’ data center in Graz, Austria. I transferred all relevant files and database tables from this WordPress installation to the new home on the RPi. I had to tweak my LAMP installation to reduce the memory footprint because the default settings for Apache and MySQL tend to eat quite a bit of RAM. When I started testing the WordPress installation, something interesting happened: it took more than 10 seconds to serve a page. Read more »
Here’s the UnixBench v5.1.3 result of my Raspberry Pi (model B). I’m using a SanDisk Extreme Pro UHS-1 card (up to 95MB/s) in the RPi’s SD card slot and the RPi is running Debian “Squeeze”. Read more »
I just finished installing OS X Mountain Lion (latest preview) on my new Intel 520 SSD. The 520 is one of the fastest consumer SSD’s on the market today. Even though my 3 year old ASUS P6T mainboard doesn’t support SATA-3, the 520 still performs ridiculously fast. It takes a mere 6 seconds from the Apple logo to the desktop. The spinning Apple circle doesn’t even show up.
Installation went pretty smoothly using Tonymacx86′s UniBeast and MultiBeast.
Will somebody please teach the guys in Redmond about how to speed up an operating system boot?
After weeks of waiting I finally received my first (but certainly not last) Raspberry Pi last week. This one is going to be colocated in a data center in Austria and I’m planning to run this website on it. I sent it off today and it’s due to arrive at the data center later this week so I’d expect to move trick77.com to the Raspberry Pi (or short RPi) either this weekend or the weekend after.
I went for Debian because of all available images for the RPi, Debian “Squeeze” seemed to be most stable version for a production server. I should have gone with the basic Squeeze ARM-Netinstall image but I didn’t have the nerve to compile a kernel for the RPi. However, the provided Squeeze image is not really suited for a production environment and needs to be heavily apt-get purged. For instance, I threw out all X-related software and using the netstat command, I made sure no unwanted ports were left in the open (even though I’m additionally firewalling it). To free up more RAM for Linux I set the CPU/GPU split to 224/32 because the default 50:50 split doesn’t leave enough RAM to run a LAMP installation. After upgrading to the latest RPi firmware even my 8GB Sandisk Extreme Pro UHS-I SD card started working properly. The rpi-update updater comes in handy!
Now, colocating a bunch of Raspberry Pi’s is certainly not a service every data center is providing (at least not yet :). I saw this offer from EDIS.at over at Lowendtalk and they’re even colo’ing the RPi for free. Yeah, for free! This includes power, an IPv4, multiple IPv6′s and 100GB/mo traffic on a 100mbit port.
AFAIK the offer is still up, check this link: https://manage.edis.at/whmcs. Nope, looks like the offer has expired. Re-nope, here’s the sign-up link: https://manage.edis.at/whmcs/cart.php?gid=6
I expect that quite a few RPi’s are on their way to Austria right now and I’m really looking forward to see some photos of them once they’re installed in EDIS’s data center. It would be pretty cool to have the RPi’s lined up vertically in a 1U slot just like small blade servers. But since no such thing exists they probably just throw ‘em on a table or something.
Please leave a comment if you’re going to colo your RPi too and what you’ll be using it for!
My ASUS P6T motherboard features a gigabit-capable Realtek 8111C onboard NIC. There’s an official but old OS X driver for this network adapter available from Realtek, but it crashes my Hackintosh whenever I try to use an OpenVPN connection to a remote server. Luckily, there’s an alternate RTL 81xx driver from Lnx2Mac which doesn’t suffer from this limitation. However, when I did some network benchmarking using a remote Linux server, I wasn’t getting consistent results regarding throughput. It seemed that the further a remote server was away, the less consistent was the throughput I got. It even got worse when using a VPN. It took me quite a while until I found out that the culprit was the Lnx2Mac driver for my onboard network adapter. Don’t get me wrong, the Lnx2Mac driver is perfect if you just need some sort if Internet connection and I appreciate the efforts that have been put into it. But since I was looking for a high performance driver, it didn’t seem to be a good choice. Read more »
One day last week my Amazon Kindle Fire shut itself down because its battery was empty. I forgot about it for a few days but eventually I hooked it up to a USB charger and left it charging overnight. Next morning I found the Kindle Fire in a reboot loop. When connected to the USB charger, it would reboot itself every 5-10 seconds. When not connected to the USB charger it wouldn’t even turn on. It looked like the battery was so badly discharged that the Fire couldn’t even get to the point where it would start recharging the battery – even with the USB charger cable plugged in. I tried all suggestions I could find, including holding the power button for at least 20 seconds but the Fire still wouldn’t exit the reboot loop.
Sending it in for a replacement was no option since it displayed the yellow boot loader triangle for a few seconds while booting. A pretty obvious sign that this device had been rooted :-/
My plan B is to buy a so called factory cable on eBay in order to find out what’s going wrong with my Fire. Since it takes some time for the cable to arrive from Hongkong, I once again tried to get the Fire out of this cumbersome reboot loop. And guess what, this time it worked! Here’s what I did:
- Unplug the Kindle Fire from the USB charger cable
- Press and hold the power button (it should not turn on because the battery has run dry)
- While still holding the power button, plug the USB charger cable in (it should not turn on yet)
- Wait for at least 40 seconds while still holding the power button
- Once the kindle powers on, immediately let go of the power button and pray
For the first time ever, an OS X update breaks compatibility with the X58 chipset. After applying the 10.7.4 update most X58-based Hackintoshs will see (if booted with the -v option) an ACPI related kernel panic or the kernel will just hang early in the boot process with a message like
IOAPIC: Version 0×20 Vectors 64:87
IOAPIC: Version 0×20 Vectors 88:111
Reverting back to an older AppleACPIPlatform.kext will most likely bring the Hackintosh back from the dead. In order to get access to the disk you’ll need some sort of OS X boot/recovery drive. Make sure you rebuild the kext-cache or temporarily disable support for kernelcache in Chimera/Chameleon.
See this thread on insanelymac.com for a working AppleACPIPlatform.kext. Hopefully, someone finds out what changes need to be made in the boot loader and/or DSDT.
Tunlr is a web site that let’s you watch on-demand video streams from U.S.-based television networks outside the U.S. I’m able to watch ABC, CBS and MTV TV shows on my Mac. MTV even streams some shows in HD quality. Looks great! I can watch full Saturday Night Live episodes on Hulu, pretty cool. Tunlr unblocks watching Netflix on AppleTV and iPad on any location on this planet. It also removes the stupid 50 song limit on last.fm.
Probably the coolest thing about Tunlr is that it’s completely free. Check it out!
“wget” is a very handy Unix command line utility to download files over http. It not only shows details about the connection but also tracks current and overall download speed in KB/s or MB/s. Unfortunately, it’s not part of Mac OS X. If you already own Apple’s Xcode development environment you could easily compile your own wget binary or just download it from this site’s download area.
wget http://cachefly.cachefly.net/10mb.test --19:59:11-- http://cachefly.cachefly.net/10mb.test => `10mb.test' Resolving cachefly.cachefly.net... 18.104.22.168 Connecting to cachefly.cachefly.net[22.214.171.124]:80... connected. HTTP request sent, awaiting response... 200 OK Length: 10,485,760 [application/octet-stream] 100%[================================================================================================>] 10,485,760 1.86M/s ETA 00:00 19:59:17 (1.63 MB/s) - `10mb.test' saved [10485760/10485760]
You could do something similar with curl (which is included in OS X by default) but I prefer wget’s output over curl’s.
curl -o test.bin cachefly.cachefly.net/10mb.test % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 10.0M 100 10.0M 0 0 1739k 0 0:00:05 0:00:05 --:--:-- 2119k
One thing most folks do with their newly rented low end Linux VPS (virtual private server) is to run some benchmarks. Wildly popular are the “Cachefly test” for network performance, dd for disk IO and UnixBench for overall system performance analysis including the CPU. The results are then posted in threads on web hosting communities like webhostingtalk or lowendtalk just to name a few. What most enthusiasts miss when comparing VPS’, and in particular low end VPS’, is that it’s just a snapshot. There are dozens of virtual servers cramped into one physical server and anything that goes on in those other virtual servers automatically has an impact on a performance test. That’s why the results should be taken with a grain of salt – unless they’re consistent over time. Time in the sense of weeks and months.
The most popular benchmark for network connectivity seems to be the Cachefly test. Cachefly is a content delivery network (CDN) and is well interconnected in the western hemisphere. To show off their capability to deliver content they’ve set up a test file which can be downloaded using wget:
wget -O /dev/null http://cachefly.cachefly.net/100mb.test
The download speed shown from wget basically indicates two things: how good is the routing/peering to Cachfly’s CDN network from your VPS providers’ data center. And as a by-product it may show what speed the Ethernet port had been capped at.
Here’s a sample result of a capped Ethernet port:
wget -O /dev/null http://cachefly.cachefly.net/100mb.test --2012-02-20 22:15:08-- http://cachefly.cachefly.net/100mb.test Resolving cachefly.cachefly.net... 126.96.36.199 Connecting to cachefly.cachefly.net|188.8.131.52|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 104857600 (100M) [application/octet-stream] Saving to: `/dev/null' 100%[==================================================================================================>] 104,857,600 10.7M/s in 8.9s 2012-02-20 22:15:17 (11.2 MB/s) - `/dev/null' saved [104857600/104857600]
You can’t see this in the static output shown above but while downloading, the rate shoots up straight to 11-12M/s from the beginning and stays there. Obviously, this provider has capped the port speed to 100Mbps.
The next sample shows the wget result of a different low end VPS with excellent routing to Cachefly’s CDN:
wget -O /dev/null http://cachefly.cachefly.net/100mb.test --2012-02-20 22:21:55-- http://cachefly.cachefly.net/100mb.test Resolving cachefly.cachefly.net... 184.108.40.206 Connecting to cachefly.cachefly.net|220.127.116.11|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 104857600 (100M) [application/octet-stream] Saving to: `/dev/null' 100%[==================================================================================================>] 104,857,600 43.6M/s in 2.3s 2012-02-20 22:21:58 (43.6 MB/s) - `/dev/null' saved [104857600/104857600]
Even though the second server is able to download from Cachefly at a much higher rate, that doesn’t indicate that network connectivity is superior to the first server in general. Downloading from Cachefly doesn’t say one thing about general network connectivity from your VPS to the rest of the internet – which usually is more important than just a fast route to Cachefly’s CDN. It even gets more complex: Cachefly is using directional (Anycast) DNS. Depending on your server’s geographic location, it may be routed to a completely different CDN server (as you can see in the samples above).
If you really want to get a picture of a VPS’ network connectivity, the Cachefly test should be just one indicator. You will have to include a whole range of test files from other hosts. One way to find test file URLs is to google for +VPS +test +files. You also find test URLs on low end VPS review sites, blogs, forums and data center web sites.
I’m deliberately not coming up with a list since I don’t want to cause bandwidth issues to anyone.
Iodine is a software that let’s you tunnel IPv4 data through a DNS server. If you’re wondering why on earth you’d ever need such a thing, read here. You basically need a client (in my case an Apple MacBook Air) and a Linux server (see here for some super cheap low end Linux VPS boxes) to start off. Please see one of the tutorials on how to setup the Iodine daemon (iodined) on the Linux server. In this post I’m focusing on the client setup for OS X.
Iodine can be easily compiled using Xcode but I’m providing the binaries in this site’s download area for your convenience. You also need to install a tunnel device on the OS X client. Check out the TunTap virtual interface device kernel extension. Read more »
There are certain situations on the internet when you need to pretend to be someone you’re not. For instance, if you want to listen to Pandora. If Pandora detects that your IP address is not originating from the U.S., you will politely be told that licensing agreements prevent them from making their internet radio station available to you. Same with Netflix, Google voice, Hulu, parts of Youtube, just to name a few. To access these services from outside the U.S. all you need is a U.S. based VPN. The easiest way to get a U.S. based IP address is to subscribe to a U.S. based VPN service (like HideMyAss‘ Pro VPN) and route all your computer’s network traffic through a VPN tunnel as long as you need it. This wasn’t flexible enough for me. I wanted to go the extra mile and build my own VPN service, and set up a centralized network routing on my DSL router (a Fritz!Box 7390). That way, all traffic from my internal home network (be it from an Apple TV, iPhone, iPad, a Mac, or even a Windows PC) that I want to originate from an foreign IP address will automatically use the VPN, and all other traffic will use my usual WAN IP address from my DSL service provider. Read more »
Here’s a quick one. The route command won’t show you the full routing table in Mac OS X. You have to use the netstat command:
This will print the numeric view. If you prefer host names, omit the n parameter: