Backend control in Varnish
Recently I’ve been working on shortening the path between web clients and the app servers. One of the steps was to remove the common combination of Apache httpd and JK, sitting between Varnish and...
View ArticleKVM or Xen?
Short answer: KVM Long answer: this question is actually easier to answer than you may think, particularly nowadays. I’ve been working with KVM and Xen in three types of environments: small, with one...
View ArticleUDP Fragmentation Offload bug in 2.6.32.x
There’s a nasty bug in 2.6.32.x: when UFO (UDP Fragmentation Offload) is enabled on an interface and datagrams follow the software fallback path, NFS sessions get corrupted. It’s easy to reproduce –...
View ArticleThe folly of process existence checking
One of the most common mistakes when setting up service monitoring (besides defining lots of unnecessary probes with low thresholds, constantly giving false positives) is checking if a process exists....
View ArticleIncreasing TCP’s initial congestion window
It’s been a while since TCP’s initial congestion window was last increased. Recently ICWND10 – increasing the window further to 10 – has been proposed as an IETF draft by Google. But how does it work...
View ArticlePure VCL cookie-based sticky sessions in Varnish 2.1
Some time ago I decided to drop Apache httpd from one of my setups. The httpd was no longer used for anything but mod_jk, which only did load balancing (with sticky sessions) between multiple clusters...
View ArticleLinux filesystems – small file performance on HDDs
A handy chart for quick reference. The benchmark is quite workload-specific; I measured sequential operations on large sets of small files (rather than random reads/writes on a single large file) – an...
View ArticleContent authorization with Varnish
I’ve been asked about this so many times that I thought I should just post it here. It’s actually very simple to do using restarts. The problem: you need to check if a user is authorized for an object...
View ArticleCloud computing
This is hilarious. Todd Hoff on the Amazon outage: “Be a really big customer so Amazon* will help you specifically with your problems. This seemed to help Heroku a lot. I noticed in the Amazon...
View ArticleThe systemd fallacy
(…) So, get yourself a copy of The Linux Programming Interface, ignore everything it says about POSIX compatibility and hack away your amazing Linux software. It’s quite relieving! – Lennart Poettering...
View ArticleBarriers, Caches, Filesystems
With the recent proliferation of ext4 as the new “default” Linux filesystem there’s been much talk of write barrier support. The flurry of post-2.6.18 barrier related development in most storage...
View ArticleMy favorite books on hackers
Just a personal top list. I’m not a security expert, but some of the guys featured in these books were more proficient than some white hats are today. And yes, the word hacker is used in a pejorative...
View ArticleFlow control flaw in Broadcom BCM5709 NICs and BCM56xxx switches
There is a design flaw in Broadcom’s “bnx2″ NetXtreme II BCM5709 PCI Express NICs (not to be confused with the older PCI-X version, BCM5708) and the BCM56314 and BCM56820 switch-on-a-chip OEM Ethernet...
View ArticleHi-end audio for nerds – part 1
Audiophiles and hi-end audio equipment are the subject of much controversy. Everyone seems to have an opinion, ranging from utter disbelief in anything audiophile to complete trust in whatever the...
View ArticleThe fairy tale of paid hardware support
Yes, you heard me right. Run-of-the-mill hardware support contracts are getting less and less useful. We’ve seen severe cost cuts throughout tech support departments at several major server hardware...
View ArticleBackend control in Varnish
Recently I’ve been working on shortening the path between web clients and the app servers. One of the steps was to remove the common combination of Apache httpd and JK, sitting between Varnish and...
View ArticleKVM or Xen?
Short answer: KVM Long answer: this question is actually easier to answer than you may think, particularly nowadays. I’ve been working with KVM and Xen in three types of environments: small, with one...
View ArticleUDP Fragmentation Offload bug in 2.6.32.x
There’s a nasty bug in 2.6.32.x: when UFO (UDP Fragmentation Offload) is enabled on an interface and datagrams follow the software fallback path, NFS sessions get corrupted. It’s easy to reproduce –...
View ArticleThe folly of process existence checking
One of the most common mistakes when setting up service monitoring (besides defining lots of unnecessary probes with low thresholds, constantly giving false positives) is checking if a process exists....
View ArticleIncreasing TCP’s initial congestion window
It’s been a while since TCP’s initial congestion window was last increased. Recently ICWND10 – increasing the window further to 10 – has been proposed as an IETF draft by Google. But how does it work...
View Article
