| GoDaddy Cert, Safari and the BigIP |
[25 May 2009|11:31am] |
|
 Ran into and issue after our deploy with Safari not thinking our secure cert for Gocomics.com was valid. It took some searching but I ran across a post on F5 DevCentral which show how to go to Verisign or the GoDaddy repository and download their intermediate certificate and add it to your chain. The steps are essentially import the certificate:
1. Log in to the Configuration utility.
2. Click Local Traffic.
3. Click SSL Certificates.
4. Click Import.
5. Select Certificate from the Import Type menu.
6. Click the Create New option.
7. Type intermediate for the Certificate Name.
8. Click Browse and navigate to select the intermediate certificate or chain certificate to import.
9. Click Open.
10. Click Import.
and then add it to that Client SSL Profile
1. Log in to the Configuration utility.
2. Click Local Traffic.
3. Click Profiles.
4. Select Client from the SSL menu.
5. Select the Client SSL profile to configure.
6. Select Advanced from the Configuration menu.
7. Select intermediate from the Chain menu.
8. Click Update.
Cake.. once you figure it out.
Originally published at Simply Internet Trash. You can comment here or there.
|
|
| BigIP pwn3d |
[07 Apr 2009|02:06pm] |
|
It took a whole lot of looking but I finally figured it out, SSL pass through on the BigIP LTM.
When passing through a connection from HTTPS to HTTP the Virtual Server needs to have SSL Profile (Client) pointed to a SSL profile you created using your certs, HTTP Profile set to “http”, Port Translation set to Enabled and then (the final thing that was kicking my ass) SNAT Pool set to Auto Map.
I have now defeated thee.
+500 exp
Originally published at Simply Internet Trash. You can comment here or there.
|
|
| Not so friendly stable Ruby |
[14 Mar 2009|08:56am] |
|
Went to install ruby on a RHEL4 machine and wanted to get the latest and greatest, becaue the 1.8.1 packed for RHEL4 wouldn’t cut it. So I went out to the ruby site and grabed that package marked latest stable release. I believe this ended up untaring to be 1.8.8.1, which I then installed. Upon trying to install gems and it wouldn’t go because it doesn’t like the version number of ruby. Had to back down and get an older version of ruby and everything works now.
I don’t spend my day doing ruby nor rails and don’t deeply study the release cycle. When you put out a release and tag it “stable” I think it would be good practice to make sure it at least works with the package manager for the product.
Originally published at Simply Internet Trash. You can comment here or there.
|
|
| mac hosts again |
[27 Oct 2008|02:13pm] |
|
they changed host flushing on osx, the latest way to do it is
dscacheutil -flushcache
so the post I made earlier is no longer valid
mac hosts
For future reference, I am not insane when when editing /etc/hosts and the changes don’t show up immediately on OSX. Mac uses lookupd so I need to send a /usr/sbin/lookupd -flushcache.
Originally published at Simply Internet Trash. You can comment here or there.
|
|
| Virtualization, Rails and CDNs |
[18 Oct 2008|10:43am] |
|
A few weeks ago we (not me, but my company) started work on our GoComics igoogle gadget for the release of igoogle v2. We weren’t really sure how well it was going to go over, it didn’t take long before we were suddenly at 150,000 users and we were listed along with the New York Times and Wall Street Journal on the front of igoogle as the gadgets to get. Load generated by the gadget itself is extremely minimal as google has a excellent caching and proxy system that keeps the load off of us. We started to run some numbers on what we might see for users coming through from the gadget to browse the actual gocomics site. Those numbers started to looks a little scary and we (this is me now as the servers are my deal) got a bit concerned. Quick math lead us to figures that could easily double the traffic to our site and the amount of traffic we handle now isn’t trivial.
Our servers are virtualized using Xen and I had thought ahead, with some extra resources in place replicating a few more servers out didn’t take long. One of the things on our roadmap was to add a CDN in the near future, that got moved up a couple notches. In the original plan of the site we’d talked about separate asset and application servers, but as thing worked working well at launch we tabled that additional complication for later knowing we could add it in if need be. Later came upon us quickly, as often seems to be the case. I believe it took the Rails Dev less than a day to get the ability into the codebase for a distinct asset address, do testing and get things rolled out to a live environment. Going from decision of implementing the CDN to having the site running and using it took less than a working day. The speed at which we can do things in my company amazes me, I think of the extended projects I hear about other places and realize how special that is. Working with the talented crew that I do makes handling the back end so much easier and I can’t thank them enough.
Monday will be our big day and it looks like we gone from 150k to nearly 250k gadgeteers just starting into the weekend, I can’t guess as to how many we’ll have come the first “official” work day of the week. There’s a lot more tuning that can be done but it’s my view that we need to learn to run on high octane gas before we switch over to the specialized pieces in order to run rocket fuel.
Originally published at Simply Internet Trash. You can comment here or there.
|
|
| Lost some boxcars |
[08 Oct 2008|08:30pm] |
|
Pushed a new site live today and I got a call this evening from my VP, she was getting a 500 error on the site. There is no way this site is getting to much traffic and it works just fine when I pull it up from home. I start log hunting and make my way to the Rails log:
/usr/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/mongrel_rails:281
/usr/bin/mongrel_rails:16:in `load’
/usr/bin/mongrel_rails:16
/!\ FAILSAFE /!\ Wed Oct 08 19:33:05 -0500 2008
Status: 500 Internal Server Error
IP spoofing attack?!
HTTP_CLIENT_IP=”1.2.3.4″
HTTP_X_FORWARDED_FOR=”1.2.3.4, 4.5.6.7, 10.168.1.81″
Awesome, so it’s Rails that’s tossing an error, at least we know what is up now. I send out an email to the code gurus and get a quick response back pointing out this site (because I’m in a company of freaks that likes to stay up late, read work email and figure out problems… it’s good kind of freak). The answer is that RoR is pissy in later versions and if your HTTP_CLIENT_IP header differs from your HTTP_X_FORWARDED_FOR header it going to put the breaks on for you and throw a 500 error. Unfortunately were working in an environment with a loadbalancer as well a Apache/mod_proxy in from of mongrel and this will happen to us a lot. The solution is to add
RequestHeader unset Client-IP
to you VirtualHost config and make sure you have mod_headers enabled. At this point it should clear your HTTP_CLIENT_IP and stop the error.
Now I can go back to eating my chili.
Originally published at Simply Internet Trash. You can comment here or there.
|
|
| In the Cloud |
[22 Aug 2008|11:33pm] |
|
 Today I got my first EC2 instance running. It took a total of about two hours from registering for the service to a point where I had a full CentOS 5 install up and going serving out a static web page. Responsiveness of my server was fast ( even at the cheapest level ) and my experience on the command line felt like I was running on my own hardware. I have to say I was pretty high on the whole thing, that was until I realized there is no way to get a static ip or host name. Not getting a static IP I can understand. The inability to have a static hostname I don’t understand, this kills most of the uses I would have for the service. Sure there are ways you can get around this with dynamic dns and I can hear the hacker side in it’s Darth Vader voice, “Put together an XMPP based service to update to a master and share server locations as they come up. Only then will you know the true power of that Dark Side”. While my sysadmin side manifests itself as ObiWan’s ethereal image and says “Don’t listen to the guy who’s life support system shot craps and let him die”.
Originally published at Simply Internet Trash. You can comment here or there.
|
|
| JWBs daughter? |
[24 Jul 2008|10:45am] |
Not sure where this originally came from:
|
|
| art scurry |
[28 Jun 2008|10:15am] |
|
Laura continues to amaze us with her art. She sat down this morning for about 15min and popped out a few things which are at the bottom of the post. I look forward to seeing what she'll do in a few years. What I find especially amazing is that when p View this post on my blog
|
|
| TKC |
[27 Jun 2008|06:04am] |
 I'd noticed a few weeks back that I had been given some props by Tony's Kansas City, which I enjoy reading. I'll admit I don't check in on a daily basis but every time I hit up the site there is alway something that is not only entertaining but also frightfully true. His spin on the news is what blogging should be about and how I feel someone who is going to be a "blogger" or part of the "blog-o-sphere" (whatever the term for someone who does that these days) should be portraying themselves. My blog I will admit is more for me to keep track of my things and relay a story here and there, Tony's on the other hand is the kind of blog that I think does a service to the community as a good editorial stream on news and events.
There is also something to be said for including pictures of hot women in your blog which I'm sure increases your viewership, I don't think I'm going to go there myself. It did come down the pipeline that Tony was looking to start video blogging in a Naked News sort of way, but thankfully he's decided to stick with the various pictures of women in his blog.View this post on my blog
|
|
| Andrew -3 |
[24 Jun 2008|03:50pm] |
|
We took Andrew in for surgery today. He had an undeveloped testicle that needed to be removed as well as a couple of skin tags that were near his ear. It was our first trip to Children's Mercy for any of our kids and I was impressed. The staff, doc View this post on my blog
|
|
| damn IE and pdfs |
[23 Jun 2008|02:12pm] |
 I was having some issues with pdfs mysteriously not downloading from our image server. Like all things that seem to be an extreme pain in the ass, this behavior seemed to also be an IE and Windows tied behavior.
After much searching I ran across the server.range-requests setting in lighttpd which seems to have fixed up the problem.
$HTTP["useragent"] =~ "\bMSIE" {
$HTTP["url"] =~ "\.pdf$" {
server.range-requests = "disable"
}
}
The pdfs that were previously locking up the browser are passing on perfectly now.
Baron Vladimir Puzzlekonnen: The Wonderwords must flow.View this post on my blog
|
|
|
[22 Jun 2008|12:22am] |
If I lived in town I think I'd be trying to convince Kate I need one of these
link
|
|
|
[18 Jun 2008|05:47pm] |
Looking at my profile page I noticed I was missing a kid so Andrew is on the list now. That led me to looking into the people that are associated with my highschool. After a little bit of looking I start to think I'm the oldest person listed from my highschool on LJ, how scary is that. I was a bit relieved when I remembered ![[info]](http://l-stat.livejournal.com/img/userinfo.gif) vanguardcdk is older than me.
|
|
| Differ |
[17 Jun 2008|06:06am] |
 In this article on Firefox3 there is this quote:
"IE is the browser of choice for more people on the Web than anything else," Hachamovitch said. "There's an all-around quality, whether in ease of use, reliability, the security we stand by, that makes it a better choice."
I beg to differ here. IE is not the "browser of choice" but the "browser by default" for a massive majority of people on the web. The idea that people go to the effort of installing a different browser on a system that already has one speaks volumes. If you consider that 85% of the client requests to the web are Windows machines and you can also see that 39% of the requests are from Firefox. This means that over 1 in 5 requests to the web are made by a person who has made a choice to install a new product and move away from a tool they were given for free.View this post on my blog
|
|
| navigation |
| [ |
viewing |
| |
most recent entries |
] |
| [ |
go |
| |
earlier |
] |
|
|
|
|
I was reading 
I got one of those emails that get's forwarded around to about everyone in the world. I liked it, but