State of Industrial Control Systems in Poland and Switzerland
State of Industrial Control Systems in Poland and Switzerland
Paris taking steps to crack down on electric scooter providers ▻https://www.theguardian.com/world/2019/jun/06/paris-taking-steps-to-crack-down-on-electric-scooter-providers #Paris #France #Transportpolicy #Europe #Travel #Worldnews
Why the UK cannot see that Brexit is utterly, utterly stupid.
How did Remain voters become effectively disenfranchised? Why is the lunacy of what this country is doing only apparent to foreigners? [...] What we have that foreigners do not is a public discourse shaped by a handful of newspaper proprietors who just happen to be intensely hostile to the EU. Partly through intimidation by that same press and their political allies, the BBC follows this discourse. This is where the “will of the people” came from. It was this press that puts rebel Conservative MPs on their front pages, and that uses language like saboteurs and traitors. It is intimidating MPs in order to influence the democratic process, but of course few in the media call it (...)
Starting from Apache 2.4.27, the Apache MPM (Multi-Processing Module) prefork no longer supports HTTP/2.To fix this, select a different MPM: event or worker. We highly recommend you to use the event prefork.
If you are using PHP, it is likely that PHP is integrated to Apache via the mod_php module, which requires the prefork MPM. If you switch out from preform MPM, you will need to use PHP as FastCGI. To switch to php-fpm, you can do as folllwing.
Sur debian stretch ça donne ça (si on avait activé mpm_prefork alors que mpm_event est bien celui proposé par défaut) :
apt install php-fpm
a2enmod proxy_fcgi setenvif
service apache2 restart
apt purge libapache2-mod-php
Dans la foulée, deux liens à propos de l’optimisation de #php-fpm :
Apache2 and php fpm performance optimization — Step-by-step guide
If you consistently see a large number of idle workers, you may want to lower your MinSpareServers (for the prefork MPM) or MinSpareThreads (for the worker and event MPMs) setting so that you are not sustaining a higher number of processes or threads than necessary to process your rate of traffic. Maintaining more processes or threads than you actually need will unncessarily exhaust system resources.
Toujours à propos de #php-fpm, et de l’intérêt de basculer le process manager de
dynamic (valeur par défaut) vers autre
Certaines personnes recommandent d’utiliser
ondemand pour ne pas avoir de process php en idle quand il n’y a pas de trafic :
Dans mon cas j’ai 10 processus qui tournent en permanence, même si aucun de mes sites n’est visité.
If you’re working on a high performance PHP setup, the ’ondemand’ PM may not be for you. In that case, it’s wise to pre-fork your PHP-FPM processes up to the maximum your server can handle. That way, all your processes are ready to serve your requests without needing to be spawned first. However, for 90% of the sites out there, the ondemand PHP-FPM configuration is better than either static or dynamic.
Mais comme indiqué ci-dessus, ça n’est pas forcément mieux car le process manager va devoir spawner des process alors que des process en idle permettent une réaction plus rapide en cas de pic de trafic :
Idle process stay online waiting for traffic spikes and responding immediately, rather than having to wait on the pm to spawn children and then kill them off after x pm.process_idle_timeout expires...
The common advice is to use pm ondemand, as is the advice in this same support thread. However, that’s even worse, because ondemand will shutdown idle processes right down to 0 when there’s little to no traffic and then you’ll end up with just as much overhead issues as traffic fluctuates.
PM dynamic and especially ondemand can be save you however, when you have multiple PHP-FPM pools. For example, hosting multiple cPanel accounts or multiple websites under different pools. I have a server for example with 100+ cpanel accounts and about 200+ domains and it would be impossible for pm.static or even dynamic to perform well. Only ondemand performs well since more than two third’s of the websites receive little to no traffic and with ondemand it means all children will be shutdown saving tons of server memory!
When it comes to PHP-FPM, once you start to serve serious traffic, ondemand and dynamic process managers for PHP-FPM can limit throughput because of the inherent overhead. Know your system and set your PHP-FPM processes to match your server’s max capacity. Start with pm.max_children set based on max usage of pm dynamic or ondemand and then increase to the point where memory and CPU can process without becoming overwhelmed. You will notice that with pm static, because you keep everything sitting in memory, traffic spikes over time cause less spikes to CPU and your server’s load and CPU averages will be smoother. The average size of your PHP-FPM process will vary per web server requiring manual tuning, thus why the more automated overhead process managers – dynamic and ondemand – are more popular recommendations.
Grosso merdo, il semble que
dynamic peut faire le job quand on ne veut pas trop se prendre la tête,
ondemand quand on sait à quoi s’attendre et qu’on est juste en mémoire (ou pour du dev), et
static quand on veut faire du tuning précis.
Un bon résumé :
In dynamic type, the number of child processes is set dynamically based on the PHP-FPM parameters in conf file. But it is a bit memory-intensive type.
In static type, the number of child processes is fixed by pm.max_children parameter, but this type is not flexible for a server with changing web traffic. It also consumes too much memory.
In ondemand type, the PHP-FPM processes are spawned only on demand, based on the traffic. This type helps to manage varying traffic in memory restrained servers. But the overhead increases when there is so much traffic fluctuation.
Bref, comme souvent il n’y a pas de recette unique/magique :p
Et vous les gens, vous utilisez quoi ?
merci pour la sélection :)
Sur la question ThreadPerChild vs ServerLimit : ▻https://www.liquidweb.com/kb/apache-performance-tuning-mpm-directives
La doc apache : ▻http://httpd.apache.org/docs/2.4/mod/mpm_common.html#threadsperchild et ▻http://httpd.apache.org/docs/current/mod/mpm_common.html#maxrequestworkers
(NB : ThreadPerChild ne peut être supérieur à ThreadLimit)
pour le calcul du max_children
Et si on obtient l’erreur
[proxy_fcgi:error] The timeout specified has expired ça n’est pas sur la conf PHP
max_execution_time qu’il faut jouer, mais sur
ProxyTimeout au niveau de la conf apache cf ▻http://wiki.centos-webpanel.com/apache-proxy-timeout-with-php-fpm & ▻https://www.theshell.guru/proxy_fcgierror-the-timeout-specified-has-expired-apache-2-4
Linear Algebra and Audio with Guy Davidson
Rob and Jason are joined by Guy Davidson to talk about his work with the ISO C++ committee including proposals for a linear algebra library and audio api. Guy Davidson is the Principal Coding Manager of Creative Assembly, makers of the Total War franchise, Alien: Isolation and Halo Wars 2, Guy has been writing games since the early 1980s. He is now also a contributor to SG14, the study group devoted to low latency, real time requirements, and performance/efficiency especially for Games, Financial/Banking, and Simulations, and to SG13, the HMI study group. He speaks at schools, colleges and universities about programming and likes to help good programmers become better programmers. News NFHTTP a cross platform C++ HTTP library Understanding C++ Modules part 2 Blend2D - 2D Vector (...)
How children lost the right to roam in four generations | Daily Mail Online
Even if he wanted to play outdoors, none of his friends strays from their home or garden unsupervised.
The contrast between Edward and George’s childhoods is highlighted in a report which warns that the mental health of 21st-century children is at risk because they are missing out on the exposure to the natural world enjoyed by past generations.
The report says the change in attitudes is reflected in four generations of the Thomas family in Sheffield.
The oldest member, George, was allowed to roam for six miles from home unaccompanied when he was eight.
His home was tiny and crowded and he spent most of his time outside, playing games and making dens.
Mr Thomas, who went on to become a carpenter, has never lost some of the habits picked up as a child and, aged 88, is still a keen walker.
His son-in-law, Jack Hattersley, 63, was also given freedom to roam.
He was aged eight in 1950, and was allowed to walk for about one mile on his own to the local woods. Again, he walked to school and never travelled by car.
article de 2007, déjà pointé (indirectement) ici en 2014, ►https://seenthis.net/messages/214723, mais je mets toujours des plombes à le retrouver (je l’ai cherché au moins 3 fois depuis la première parution ici…) car le lien n’est arrivé que très tardivement dans les commentaires. Il n’apparait même pas en cherchant sur la ville Sheffield.
et le triangle ne se noircit pas car à l’époque c’était du http et non du https.
Visualizing Cold Starts
I wrote a lot about cold starts of #serverless functions. The articles are full of charts and numbers which are hopefully useful but might be hard to internalize. I decided to come up with a way to represent colds starts visually.I created HTTP functions that serve geographic maps (map credit Open Street Map). The map is a combination of small square tiles; each tile is 256 by 256 pixels. My selected map view consists of 12 tiles, so 12 requests are made to the serverless function to load a single view.During each experiment, I load the map and then zoom-in three times. The very first view hits the function in a cold state. Subsequently, the zoomed views are loaded from the warm function. There is a timer next to the map which shows the total time elapsed since the beginning until the (...)
Top 5 réducteurs de liens pour raccourcir vos URLs
Guzzle is a PHP HTTP client that makes it easy to send HTTP requests and trivial to integrate with web services.
– Simple interface for building query strings, POST requests, streaming large uploads, streaming large downloads, using HTTP cookies, uploading JSON data, etc...
– Can send both synchronous and asynchronous requests using the same interface.
– Abstracts away the underlying HTTP transport, allowing you to write environment and transport agnostic code; i.e., no hard dependency on cURL, PHP streams, sockets, or non-blocking event loops.
Designing REST #api with Open API Specification (OAS) v2.0 & v3.0 using #swagger
Disclaimer: I presume we all have written one or multiple API at certain point in time in our career, otherwise you would not have bumped into this article. The article does not describe what REST API is, rather you should have some basic knowledge about REST API before going through the article.Introduction:Generally when we write REST API, we focus a lot on implementation & very little time on designing the proper request / response schema, API resource models. We jot down just all necessary request & response (in most of the cases HTTP Code 200 series response) parameters in a document, get it reviewed quickly, accordingly we create some resource models & jump into implementation. This strategy works in small to mid-size companies or startup companies. But once you start (...)
Authorized requests to #s3 bucket
Protected S3 buckets, protected filesThis notebook shows the finished product of adding basic permissioning to an S3 bucketWe use basic auth which is an HTTP protocol for simple auth on web-accessible files. ▻https://en.wikipedia.org/wiki/Basic_access_authenticationBasic auth isn’t very secure — however, we pair this with HTTPS and restrict access to the s3 bucket.Set up some python stuffIn :import requests; import jsonAccess secure endpoint without authfirst were gonna try to access this file without any credentialsIn :url = ’▻https://d17nii79zr8aom.cloudfront.net/success.json'resp = requests.get(url)resp.contentOut:’Unauthorized’Next we add basic auth paramsAccess secure endpoint with auth!In :user, password = ’user’, ’pass’resp = requests.get(url, (...)
Building RESTful APIs (Authentication & Error Handling)
▻https://medium.com/media/7a227f639a07519d5e744c1de06d2f11/hrefSubscribe to MobycastiTunes | Google Play | Soundcloud | Stitcher | SpotifyShow NotesJon Christensen and Chris Hickman of Kelsus and Rich Staats of Secret Stache continue their conversation on building RESTful APIs, specifically focusing on #authentication and error handling. REST stands for Representational State of Transfer.Some of the highlights of the show include:Importance of authentication with APIs to identify callers and their authorized permissionsStateless vs. stateful communication channels between entitiesSimplest authentication technique is to use basic HTTP metadata in headers; you must send it over an encrypted connectionExchanging short-lived tokens negotiated based upon user’s credentials is another (...)
Finding High-impact Performance Bottlenecks — #django Tips
Finding High-impact Performance Bottlenecks In DjangoPhoto from Pexels.comHow to find bottlenecks in Django which have a high impact on the application performance.Originally published at ▻https://avilpage.com/2018/12/django-bottleneck-performance-scaling.htmlIntroductionWhen optimizing the performance of web application, a common mistake is to start with optimizing the slowest page(or API). In addition to considering response time, we should also consider the traffic it is receiving to prioritize the order of optimization.In this article, we will profile a Django web app, find high-impact performance bottlenecks and then start optimizing them to yield better performance.Profilingdjango-silk is an open source profiling tool which intercepts and stores HTTP requests data. Install it with (...)
Standardizing HTTP API testing
This blog post is actually a draft for a standard operating procedure for my software development and consulting business. I’ve come across the task of writing tests for HTTP APIs for three or four times in the last couple of months. I’ve tried multiple ways of writing automated tests and this is the method I’ve converged on. #typescript, #jest, and supertest appear to work well together and are sufficient to implement concise tests.Background and the need for standardizationYears ago most of my programming for the web was limited to PHP. Tests on those project were done by using PHPUnit and Guzzle. Later we also used Behat for more readable tests. After Docker became popular the PHP monolith evolved into an application built with multiple programming languages. Some small services are now (...)
Intercept HTTPS Traffic On A #android Emulator
Sometimes we are in a situation where we want to see all the network traffic happening in a app. This can be quite troublesome and we therefor need a easy way of doing it.In this article I will cover how to intercept HTTP/HTTPS traffic from a Android emulator by using a #mitm (Man In The Middle) Proxy.For getting started we need two thingsMitmproxy (For creating our proxy server)Android emulator (For running the application on)We start by installing #mitmproxy, they have nice installation guides on their website. When using Mac with HomeBrew you can do brew install mitmproxy.After installing Mitmproxy, we need to setup a android emulator. The approach we are taking here requires us to use a Android version lower than 7. I use Android 6 (API 23).AVD example of setup with Android 6 (API (...)
Chaos test your Lambda functions with Thundra
Failures are inevitable. Just as we need to test our application to find bugs in our business logic before they affect our users. We need to test our application against infrastructure failures. And we need to do it before they happen in production. and cause irreparable damages.The discipline of Chaos Engineering shows us how to use controlled experiments to uncover these weaknesses.In this post, we will see how we can leverage Thundra’s span listeners to inject failures into our #serverless application. We will use these failures to expose weaknesses such as:Missing error handler for DynamoDB operations.Missing fallback when the primary data source is unavailable.Missing timeout on outbound HTTP requests.But first, here’s a quick primer on Thundra.Hello, Thundra!Consider an API with two (...)
How to Use Screenshots in Production
While looking at a WebPageTest waterfalls, I often come across surprising attributes. A few weeks back, I came across a page that had images with a familiar file naming convention:▻https://twitter.com/dougsillars/status/1086196363010949121This website is using the Mac screenshot tool to create images that they are using online!Image OptimizationI’ve written a lot about image optimization, on GIFs, Base64 encoding and more (read more at dougsillars.com). My gut feeling was that websites that use screenshots are not optimizing the content for the web. So I decided to find out.Are Screen Shot Images On The Web Optimized?The HTTP Archive dataset for January 2019 has data on the load characteristics of ~4M mobile websites. Searching the filenames of all requests made for those sites, I (...)
Lambda optimization tip — enable HTTP keep-alive
Lambda optimization tip — enable HTTP keep-aliveI recently watched an excellent talk by Matt Levin on optimization tips for Lambda and saw a slide on making DynamoDB use HTTP keep-alive. It reminded me of a conversation I had with Sebastian Cohnen, so I set out to test the effect this simple optimization has.What is it all about?As it turns out, Node.js’s default HTTP agent doesn’t use keep-alive and therefore every request would incur the cost of setting up a new TCP connection. This is clearly inefficient, as you need to perform a three-way handshake to establish a TCP connection. For operations that are short-lived (such as DynamoDB operations, which typically complete within a single digit ms) the latency overhead of establishing the TCP connection might be greater than the operation (...)
tl;dr I found a vulnerability in apt that allows a network man-in-the-middle (or a malicious package mirror) to execute arbitrary code as root on a machine installing any package. The bug has been fixed in the latest versions of apt. If you’re worried about being exploited during the update process, you can protect yourself by disabling HTTP redirects while you update. To do that, run:
$ sudo apt update -o Acquire::http::AllowRedirect=false
$ sudo apt upgrade -o Acquire::http::AllowRedirect=false
If your current package mirrors redirect by default (meaning you can’t update apt when using that flag) you’ll need to pick different mirrors or download the package directly. Specific instructions for upgrading on Debian can be found here. Ubuntu’s announcement can be found here.
State of the Web: Animated GIFs
Every few months, I like to take a deep dive into the HTTP Archive to understand how the web is using various technologies. In 2018, I wrote about Images, video and Base64 encoding. In today’s post, I want to take a look at how the web is using Animated GIFs. (and thats a hard G in #gif, BTW).In this post, I’ll walk through some of the inefficiencies of aGIFs (TL;DR: they are big and use lots of CPU), and then a look at how GIFs are being used on the mobile web (from the HTTP Archive).Who Doesn’t Love an Animated GIF?Well, if we go way back into ancient computer history (1990) and we read the GIF specifications, we find this gem:“The Graphics Interchange Format is not intended as a platform for animation, even though it can be done in a limited way.”Well…that was unexpected. But, doesn’t (...)
Strengthen #tls in React Native Through Certificate Pinning — iOS Edition
Manafort/Assange Drama Proves Media Buys Any Russia Conspiracy ▻https://thefederalist.com/2018/11/28/manafort-assange-drama-proves-media-will-buy-any-russia-conspiracy-st #guardian ultimately helped #trump here... with its libel
Redirects, and their Effect on #performance or How a (Seemingly Minor) Third Party Change Affected…
A simple python script that generates random HTTP/DNS traffic noise in the background while you go about your regular web browsing, to make your web traffic data less valuable for selling and for extra obscurity.
CppCon 2017: Web | C++—Lukas Bergdoll
Have you registered for CppCon 2018 in September? Late registration is open now.
While we wait for this year’s event, we’re featuring videos of some of the 100+ talks from CppCon 2017 for you to enjoy. Here is today’s feature:
Web | C++
by Lukas Bergdoll (watch on YouTube) (watch on Channel 9)
Summary of the talk:
Have you ever tried writing a web application with C++? Can opening a file and serving it via HTTP be as simple as writing 20 lines of python? With the undeniable importance of web development, C++ can not allow itself to ignore such an important field, especially with the rising competition in the field of system programming languages, coming from Rust, D and Go. Join us as we explore modern approaches to asynchronous IO, socket communication the (...)