Why is my blog called jelder'd? My normal username is jelder, and I recently discovered that jelder'd is an obsolete past-participle adjective meaning severely bruised.
I've taken that to mean that I am or will become either a time traveler or an immortal badass.
The nice folks at New Relic have added an under-hyped feature to RPM which allows for the tracking of the time a given request spent in the server's work queue before processing began. This information in crucial in determining when you need to add more workers. It only requires that your front-end add an X-Request-Start header containing the epoch time in microseconds when the request was received. They offer a patch for NginX and a one-line config change for Apache.
But what about the new hotness, Varnish?
That's what. Save this to /etc/varnish/newrelic.h and include it in your vcl_recv declaration.
At LocaModa, most of our APIs are eventually consumed by ActionScript 3 applications run on large outdoor screens or in users' web browsers. Flash's cross-domain request protection incurres some round-trip latency, which essentially means wasted screen time, which is money, and I'd like to share one way we optimize for this.
We use the excellent Varnish HTTP accelerator in front of our application servers. True, we could easily be serving crossdomain.xml from Tomcat, or Apache, or NginX, but Varnish is the only part of the infrastructure I'm really happy with for the long-term. This is why I decided to serve a static file from Varnish which, officially, doesn't do this.
"Error 843? What the hell is that?" vcl_recv is intercepting requests for crossdomain.xml and returning an illegal, non-standard, stupid error. 843 is meaningful to those familiar with Flash socket connections as the TCP port number for socket policy requests. (I wrote a server for this a while ago.)
In vcl_error, we catch 843's and synthesize a response. The response has a far-future expiration and a 200 response code. These requests are served even faster than Varnish's already blindingly fast cache hits.
I'm sure you love renewing SSL certificates almost as much as I do. Nothing beats the satisfaction of... slogging through a bunch of complicated commands you haven't typed in years just to maintain status quo. Right.
Having had an opportunity to take better notes on this process for my employer, I present to you a few brief commands to make renewing your SSL certificates almost painless.
Renewal time is an great opportunity to rotate your key. This is technically optional but it's good practice:
openssl genrsa -out example_com.key 1024
You'll need both the key and the about-to-expire certificate in the current directory for the next step. This will create a new CSR with all of the same parameters you used last time. Take this over to your preferred certificate authority and begin their renewal process.
If you only need the key and certificate pair for your application (eg, Apache, NginX, slapd... most applications), you're done. However, if you need to use this certificate with Java servers as well, keep reading (wildcard certificates for the win). This procedure is recommended for ActiveMQ but should be directly applicable to Tomcat et al.
The Java keytool command doesn't offer any way to import an x.509 key by itself. The workaround is to first merge the x.509 certificate and key to a new PKCS12.
That's it. Like I said, I highly recommend wildcard certificates if you can afford the initial expense. I hate having to justify the expense and effort buying a new certificate each time I bring up a new service. Keeping your certificates in a git repository also takes away some of the stress here: no fears of screwing something up and deleting a file that cost you hundreds of dollars to generate.
I've been wanting to use this trick forever. Here's how to quickly, effortlessly, and I should add, destructively, convert all tables in a given database to UTF8.
mysql --batch information_schema -e "select concat('ALTER TABLE ', TABLE_NAME,' ONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;') as '--' from TABLES where TABLE_SCHEMA='somedb' and TABLE_COLLATION not like '%utf8%'" | mysql somedb
The addition of INFORMATION_SCHEMA combined with CONCAT makes it possible to do arbitrarily cool things with MySQL. Love it.
I can't tell you how much time I've spent fantasizing about this concept. Battlestar Galactica presents us with a great way to discuss it.
This is the closest I've ever seen teledramas come to doing real, honest, hard science fiction. So very well done, and such a tragedy that there are only three episodes remaining for this singular series.
I was promised the future. By that I mean, yes, it went almost without question (statistically) that I would still be alive in 2009. The future was something more; something with a recognizable taste. As a child I knew without question that as I grew up, even more so could the world I may inherit. I mean something more than just years when I say the future.
Superman, The Jetsons, James Kirk and a black and white TV told me things, beautiful things. Adventure and possibility beyond imagination. Perfect worldwide peace without disease or poverty. Ubiquitous, effortless flight. Probably, a black president with a stage presence like Morgan Freeman. Above all, I expected to see the limitless reach of human exploration and expression. I want to talk about that last point for a second.
Imogen Heap confirms for me that the future has not only already arrived, but has delivered fully on one promise. Here we see a young woman controlling a fantastic array of electronic equipment. Any single component, if presented to NASA's best engineers in 1969, would have seemed impossibly sophisticated. She, alone on stage, uses this future artifact not to explore space or design pharmaceuticals, but to project without restraint her imagination onto our consciousness.
That's the highest quality recording I can find on YouTube. I strongly suggest you go support this artist in any way you can, and with that being said, here's my favorite rendition of Hide and Seek.
I've had a post on female vocalists brewing for a while and this isn't it. However, you really should take a listen to Nataly Dawn. She has that timeless, ethereal sort of sound which I find mesmerizing, and I won't lie; when she makes eye contact with the camera I fall apart a little.
On a somewhat related note, seeing Barack Obama's face on the new WhiteHouse.gov is like watching boobs bounce in slow motion.
