Amazon Linux vs. RedHat Enterprise

Your JoeDog has moved … again.

We were on a t.small instance on Amazon Web Services running RedHat Enterprise Linux. That instance cost us $0.086 / hour — that’s 8.6¢ an hour. The monthly billing total was around $65.00. A t.small instance includes 1 CPU, 8GB of disk and 2GB of RAM. Two gigs was a lot of memory in 2004, but contemporary software goes Oliver Twist on that shit. “Please, sir, may I have some more?”

Your JoeDog wanted more. We had trouble managing our application stack within the confines of two gigs of RAM. Your JoeDog checked its options on the Amazon pricing chart and found something interesting: Amazon Linux is priced far below RedHat Enterprise. A t.small server running that OS was only $0.026 per month. With prices that low, it offered room for a server upgrade. For $0.052 / hour, we could get a t.medium server which has 2 CPU and 4GB of RAM. That was more acceptable.

Yes, more memory is more awesome but there’s an ever better reason to switch from RHEL7. That OS uses systemd as its startup mechanism. Amazon uses SYSVINIT. (Earlier version of RHEL used SYSVINIT. Systemd is new to RHEL7)

We cutover to the new server a few hours ago. It was a simple move since Your JoeDog was using an Amazon RDS database. We just copied content and configs to the new server and we were off and running.

Is Amazon Linux right for you? Probably. For starters, it’s similar. It has the look and feel of a RedHat variant. It uses RPM for package management and it’s directory hierarchy is similar. As mentioned above, it’s startup mechanism is SYSVINIT rather than systemd. In this sense, it’s closer to RHEL6 than RHEL7.

For the most part, the “enterprise” premium provides enterprise support. Some software vendors won’t provide any support unless you run their product on a “certified” Linux. If you don’t have that particular requirement, then Amazon’s flavor should serve you as well (at a fraction of the cost).

Siege 3.1.3

Siege is available through most major Linux distributors. That makes us feel like important uppity-ups. It also cuts down on the time we spend walking n00bs through the compile process. Unfortunately, it comes with a downside. Because most people use distributed versions, it takes a while for news of buggie bugs to reach us.

We applied a patch to version 3.1.1 that introduced one such bug. Versions 3.1.1 and 3.1.2 incorrectly handle HTTP POST. Instead of following protocol, those versions make this request:

POST /test POST ha=1&ho=2 HTTP/1.0

Well, that’s embarrassing! Version 3.1.3 fixes that mess. Your JoeDog regrets the SNAFU.

This latest version does another thing! It may look like a bug, but it’s a feature. Beginning with siege-3.1.3 you will no longer be able to run siege with more than 1000 users without changing your configuration. This allows us to Dog-splain in the rc file why you’re probably doing something foolish.

The siegerc file now contains a limit directive which caps the number of users at 1000 by default. Frankly, that’s probably still too high. If the limit directive is not present in that file, then siege defaults to a hardcoded limit. If you want to run siege with more than 1000 users, you’ll have to set that ceiling in the rc file yourself:

limit = 1001

Please understand, if you jack that up and make a mess, we’re not going to be very sympathetic.

[SIEGE: 3.1.3]

Americans, Guns and Londoners

A few years ago, Your JoeDog was with Mrs. JoeDog in McSorley’s Old Ale House.  For those who’ve never been to McSorley’s it’s an interesting place. The East Village pub is well-known for its very large beer selection. The choices are overwhelming. Since 1854 they’ve been serving McSorley’s light and McSorley’s dark. Truth be known, the “dark” is just light with added syrup. But here’s the cool part: a “beer” is actually two beers. If you and a companion order a couple, the bartender brings you four.

McSorley’s etiquette holds that tables should be shared. You shouldn’t sit at an empty table unless all the others are full. On that late Saturday afternoon a few years ago, Mr. and Mrs. JoeDog sat beside a man from Frankfurt, Germany. We engaged him in a conversation about German cars and German beer. Finally he said, “All you Americans want to talk to Germans about is cars and beer.” Basking in the warm caress of a second round Your JoeDog said, “And after a few more of these, we’ll probably ask about you-know-who.”

It turns out there’s more to Germany that cars, beer and Hitler. Who knew?

Recently Your JoeDogs found the tables turned when they went to London to watch their beloved New York Jets defeat the hated Miami Dolphins. The game was part of the NFL’s international series. London pub culture is a lot like McSorleys. Table sharing isn’t mandatory, but it’s pretty common. It didn’t take long before we noticed a trend similar to what that German man discovered in America. There’s one thing Londoners seem to want to discuss with Americans. That one thing is guns.

Why do you have so much gun violence? Why do you have so many guns? The answer is: I don’t fscking know. Now if Your JoeDog had a modicum of interest in guns these inquiries may have been amusing. He may have enjoyed the engagement. But like that German in McSorley’s Old Ale House, Your JoeDog grew tired fast. Yes, America is armed to the teeth. Yes, America loves its guns. Your JoeDog is not part of that culture. The most lethal weapon he’s ever fired was a toy water gun.

Can we talk about German beer and German cars instead?

Siege 3.1.2

With next to no fanfare you’re JoeDog released siege-3.1.2.

Awesome! What’s new? We moved an include directive from one file to another. Exciting! Wait – what?

Basically this means siege-3.1.2 should compile in more environments than siege-3.1.1.

Oh, well that’s something … I guess.

[SIEGE: 3.1.2]

Pope Snow

When it snows, the snow is everywhere. It’s on the roads, it’s on the sidewalks but it’s also on the media. Local news covers it. National news covers it. Cable news and newspapers cover it. If you want to know about non-snow issues at the height of a snow storm, you’re fscked. Everybody’s covering snow.

Reporter in snow

They report it because people are interested and it’s easy to do. Send a reporter into the street. See that white shit falling on his head? That’s Goddamn snow! How much is going to fall? We don’t know, between one and a million inches.

The pope is in the US right now and he’s on all the channels. There’s probably newsworthy events also taking place — you know, things that affect our lives — but we don’t know about them. Why? Because everyone’s covering the Goddamn pope. The pope is basically snow.

Last night, NBC News covered a bus accident in Seattle and devoted the rest of the broadcast to the pope. Did he cure a leper? No, he got in his stupid Popemobile and cruised down Fifth Avenue to St. Patrick’s Cathedral. What did he do when he arrived there? He went inside.

Is this newsworthy? Your JoeDog’s not a religious sort but he’s pretty certain the pope’s been to church before yesterday. He pretty much lives in one.

It’s cool that the pope recognizes climate change and irritates the moralizing wing of the Republican party but Your JoeDog can’t wait until he gets back on that plane to Leipzig or wherever the hell he’s from…

Whatever Happened To German-America?

Von Steuben paradeThe Times posed this question a few days ago but Your JoeDog is catching up: “Whatever happened to German-America?” The short answer is this: two Goddamn global wars. After those bitter conflicts they didn’t feel like being German any more.

In the late 80s, Your JoeDog moved into an Upper East Side apartment in Yorkville. That’s a Manhattan neighborhood also known as Germantown. It stretches from the East River to Lexington Avenue. It was there that he witnessed first hand the dying of the German-American light.

Back then, it was filled with German stores, delis, bakeries and bars. The Viennese were there, too. Their pastries could brighten any morning. With two exceptions, these businesses were in their dying throes. The owners were old and the help was even older.

On Third Avenue, there were yellow pre-war tenement buildings. On top of those buildings you could find swastikas formed with brown bricks against a yellow background. They remained on those buildings until the early 21st Century. When they were laid by German-American construction crews, Hitler was not yet revealed as evil. Yet they remained on display long after the world knew he was a monster. The brown emblem was eventually blasted away but you can still see the Nazi symbol thanks to its brick outline.

Now almost nothing is left of Germantown except the venerable Heidelberg Restaurant on 86th and Second. Your JoeDog still visits that bar several times a year. A little while back we met an old Czech woman at the bar. She nursed a Jaegermeister with a beer and finished both drinks at the same time.

She was an ethnic German from the Sudetenland. In 1945, she hid under a bridge as the Red Army marched over it. She was there with her sisters and a cousin. The Red Army was raping its way across Eastern Europe then. We weren’t sure if she was unscathed but they didn’t find her on that particular day.

She emigrated to New York in 1948 and never lived more than a few blocks from her original apartment. I told her Barack Obama — a German-American — lived in this neighborhood, about a block from my old apartment. This greatly excited her and she announced it to everyone at the bar. Then I reminisced about the Old Neighborhood and that made her even more excited. Finally she met someone who still remembered it.

Siege Socket Timeouts Redux

Your JoeDog plans to put the brakes on you people.

The number one we email message we receive goes something like this: “When we hit the server with 60 billion users we get socket timeouts. How do we correct that?” Short answer: configure your web server with a pool of 60 billion threads.

If you run more siege users than you have web handlers, requests start to queue up and sockets start to timeout. Out of the box, apache has a pool of 256 handlers. So if you run siege with 1024 users, 768 of them are waiting for a thread to handle their request.

So this is where the brakes come in. Your JoeDog plans to add a 255 thread limit in the siegerc file. If you configure more users than that, it will warn you and reduce the pool to 255. You can override the limit inside the file but in the comments you’ll find this lecture splaining why you shouldn’t do that without configuring your site for high capacity.

[drops mic]

Siege 3.1.1

Your JoeDog is about to violate the RFC.

It won’t be the first time. Beginning with siege-3.0.6, we normalized URLs inside a Location header even though the RFC is clear: IT MUST BE AN ABSOLUTE URI, people. Just about ever browser does this so who are we to buck the trend?

With siege-3.1.1, we will add URI fragments to the request and send them to the server. Under nearly all conditions, a client is not supposed to do this. But if you want to send fragments to the server, then who are we to turn down the volume on your Ramones?

Now as far as we can tell, most servers strip the URL fragment from the request. Yet a couple people have requested this feature and Facebook uses it ways we don’t understand so maybe it’s a Thing. Most browsers don’t send the fragment but javascript can.

It if proves problematic, we’ll make it an option. To avoid sending fragements, omit them from your URLs.

Starting with version 3.1.1, siege supports Server Name Indication. During the SSL handshake, it will send the name of the server with which it wants to connect. This means it supports virtual hosting of HTTPS servers.

Siege 3.1.1 also includes several minor bug fixes. See the ChangeLog for details.

Ashley-Madison Usernames Were Created By 7th Grade Boys

Ashley-MadisonThe Ashley-Madison story just keeps giving and giving.

Gizmodo unearthed more evidence that most users cheated with bots. As a result of the hack, a minister who spent nearly $3000.00 by the time Your JoeDog grew bored tabulating his transactions killed himself. And finally TechCrunch shows us that not only did Ashley-Madison users make poor life decisions, they also used shitty passwords.

From the TechCrunch story, we learn the most popular password was ‘123456’ and number two was ‘password’.

TechCrunch cracked the file with a decryption utility. It didn’t take them long to unearth more than 25,000 matches thanks to poor passwordsmithing. While that’s interesting, Your JoeDog was much more fascinated by their usernames.

They look like they were created by 7th grade boys. Let’s examine them after the jump!

Continue reading Ashley-Madison Usernames Were Created By 7th Grade Boys

Searching For Email Addresses In Ashley-Madison Data

Your JoeDog was recently asked about the Ashley-Madison email list. Could he use his nerd-powers to find a particular email address?

“Yeah, sure, but that data dump is huge, I’ll need some time.”

Before he could act, Your JoeDog’s IM was filled with curse words. His contact found the address she was looking for in a website that lets you to search the Ashley-Madison data.

“Okay, but let’s see what’s in the actual data.”

Getting your hands on that data is no easy task. As soon as it’s posted, it’s deleted because no hosting company wants it on its severs. Pastebin is Your JoeDog’s first stop for this sort of thing. An “ashley-madison” search returns many links that point to deleted data. Strike one.

Unable to find it on pastebin, he turned to the gray web, specifically Kickass Torrents. There he found the data available for download … all 23 gigs of it. Can you imagine trying to download 23 gigs over torrent? That’s not going to happen.

Fortunately, Torrent allows you to look at the contents within the zip file. Your JoeDog found a list of files with names like member_email.dump.gz If he could pull down just the parts he wanted, then the download would be quite manageable.

He searched for ‘member_email.dump.gz’ and hit pay dirt. A site had the files listed on Torrent along with their PGP signatures for verification. The hackers posted the verification so you could ensure the files came from them.

As it turns out, the email address she found on that website was NOT in the actual Ashley-Madison data. It was a scam.

Be careful out there. The internets are a scam machine. Sites like the one she used are filled with spammer’s email lists in the hope of extracting payment for scrubbing addresses from the database. People are also using the data to extort money. “Hey, I found your email address in the Ashley-Madison dump. Be a shame if your wife found out.”

In order to determine with certainty if an email address is in the Ashley-Madison database, you will need a quality nerd. But before you find that nerd, ask yourself this: do you really want to know?

NOTE: Even if an email address and a credit card is in the database, there’s still no guarantee the person used that site. Accounts could be opened with stolen cards. Again, Your JoeDog urges caution. Do you really want to confront your significant other only to learn they were the victim of theft? Be careful out there.