Random Notes

Viewing posts for tag meta.

Mebe 2: Elixir Boogaloo

After quite some time in development, I’ve now deployed Mebe 2 on this site, to replace the aging Mebe codebase. The earlier blog engine was written with Phoenix, which while being a great framework, was a bit heavy handed for the engine’s minimal needs. Mebe 2 has the old engine’s Markdown parsing and DB logic, but the web side is totally rewritten. The framework I chose is Raxx, because it’s quite minimal but also mainly because I just wanted to learn it. Alternatives are good.

The new blog engine has proper Distillery releases, so keeping it running and making new fixes and features is a lot easier. It’s still in very early development, though, as it’s missing tests and proper docs et cetera, but I figured I’d start dogfooding it already, as this remake process has kept me from writing new posts. So hopefully in the near future I’ll come out with some new stuff! See you till then!

More Mebe Benchmarks

You may remember that earlier this fall I found out just how much faster a 2048-bit HTTPS certificate is for the server to handle. Now that I got one from Let’s Encrypt, I decided to redo the performance tests with the new certificate all set up. Since I ran out of credits on my blitz.io free account, I did the new tests with loader.io’s free tier instead. That’s why the graphs are a bit different this time.

Before I go into the HTTPS results, I will bring some context. You might remember that last time I got about 730 requests per second served over HTTPS with a 2048-bit key, and about 1380 requests per second for plain HTTP. Quoting myself from that time: “So fast… 🚀”. Turns out I spoke too soon. By disabling some extraneous console logging, I was able to more than double the performance. Let’s see the latest results.

For reference: The server is an online.net Dedibox XC with an 8-core Intel Atom C2750 processor and 8 GB of DDR3 RAM.

Read more…

Let's Encrypt!

The identity of this website has been verified by Let’s Encrypt Authority X1.

That’s right! Let’s Encrypt, the new free, automated and open certificate authority, has moved to public beta and their client has improved enough that I was able to request a certificate for this blog! In the end it was criminally easy, basically a matter of running one command (after fiddling around a bit to find the correct command…):

letsencrypt-auto certonly --webroot -w /path/to/blog -d blog.nytsoi.net

This uses the Let’s Encrypt program to automatically validate my domain and request a certificate for it (with the default value being a 2048-bit one). The way it does the validation is by adding some files to the path I specified and then making an HTTP request for the domain, checking that the files are accessible. When the domain has been validated, it requests the certificate and saves it. The cool thing about it is that it creates a directory /etc/letsencrypt/live/blog.nytsoi.net/ that contains symlinks to the files required for using the certificate, such as the full chained certificate file and the private key. When I want to renew the certificate, I can run the Let’s Encrypt program with the same arguments again and it will update the symlinks. That means automating it is very easy (and indeed required since their certificates currently only last for 90 days). The program also contains plugins for Apache and nginx, but the nginx plugin is very experimental so I settled for the webroot method.

I’m really excited for Let’s Encrypt’s launch. I hope this will encourage more and more people to adopt HTTPS for their websites, especially those that deal with user logins or other sensitive data. There’s really no reason to not do it anymore. Encryption for everyone!

HTTPS Performance, 2048-bit vs 4096-bit

UPDATE: I wrote a new post with newer and faster benchmarks.

After the Snowden revelations, I personally started looking more into encrypting my online activities and making sure sites that ran on my server were (relatively) secure. Eventually I put this blog behind HTTPS as well, not really for any security benefit, since I’m not talking government secrets and the blog has no admin panel, but rather for learning about TLS and how to set it up properly. Problem was, it seems I did not read about things properly. This blog post describes one result of that ignorance.

Read more…

New Server!

So I went and ordered myself a new server. My old one was a VPS from Linode with 1 core, 1 GB of RAM and a 24 GB disk. The new one is a dedicated server from online.net with 8 cores, 8 GB of RAM and 1 TB of hard disk space. At the same time it is only slightly more expensive so I jumped at the opportunity. How reliable it actually is will only be shown with time, but I like living on the bleeding edge. So I thought I would write a blog post about all the stuff I run into when setting up the new server. Note: This post is meant for reference only, not as a guide. Be sure look for recommendations from people wiser than myself regarding any security settings.

Read more…

Mebe Updated with RSS Feeds

Last night, when I was supposed to go to bed early, I instead decided “I’ll just quickly code that one thing”. Way too many hours later it was ready: Mebe now has RSS feed support. There are two types of feeds, one for all posts in general and another for tag feeds.

This means you can now follow this blog with your RSS reader too. Just subscribe to /feed. Or, if you want to follow a certain tag, subscribe to /tag/tagname/feed.

PS.: RFC 822 dates are stupid. Just look at this abomination I came up with.

Mebe and the Remote Shell

What better way to spend a slow weekend than by writing another blog engine? Plenty, actually, but that’s what I did anyway. The result of this work: Mebe! This blog is now powered by a wonderful mix of Elixir and Phoenix. It has all the features that Laine had, with the addition of an actually working Disqus comment system. It’s also search engine indexable, which I thought I didn’t care about, until I didn’t have it anymore. Not that I’m aiming for tons of visitors, but writing about some tech problem I have fixed is kind of pointless if no one can find the post by googling for it.

Read more…

nicd.nytsoi.net In Memoriam

I removed my old blog at nicd.nytsoi.net today and pointed Nginx to serve a permanent redirect to this site instead. The old blog served me from my days on the once free webhost 3rror.com, to my first webhotel and from there through three different VPS installations to where we are now. When I started, WordPress wasn’t the household name it now is and the web was very different. I wrote for years about stuff I saw, did and felt…

And I’m glad the blog is gone. Because that shit was embarrassing. Funny how your opinion of your own cleverness changes when time passes. Also I got fed up with updating WP every two weeks and fearing that the next time I visited, it would’ve been replaced with greetings from my friendly neighborhood hacker group. Aaand I had stopped posting somewhere in 2011.

RIP in pieces.

nicd.nytsoi.net

Vtigercrm

I just literally opened this site about an hour ago and I’m already getting scanned for vulnerabilities.

blog: 62.210.248.36 - - [01/Feb/2015:20:25:10 +0200] "GET /vtigercrm/test/upload/vtigercrm.txt HTTP/1.1" 404 162 "-" "curl/7.29.0"

Isn’t the Internet amazing?

Hello, world!

Slow sunday. Wife is at work. Dog is happily sleeping behind me. The best time to set up that pesky blog I’ve been thinking about for ages. Though, calling it a blog is a bit too much. More like a place to put all my random thoughts and snippets (usually about technology and programming).

So, this site is going to be the replacement for nicd.nytsoi.net, which has served me well over the years. Nowadays the content is too embarrassing to display publicly and Wordpress is getting too annoying to keep updating every week. Since I have no use for any advanced features, I’m moving everything over to this ultra simple Laine-powered site. Google+ was another option, but I’m really getting wary of the amount of data they have on me, so I’ve set a long term goal to ditch Google services. This will be a good first step, though G+ was pretty nice for what it did.

My intention is not to start actual blogging or post in any scheduled way, but more just dump all my small thoughts and observations so I can link to them easily in case I wish to display my ignorance for others. This will also serve as a good test site for Laine.

Well, go and explore!