Varnish

Varnish rocks! For the yearly 24urenloop event we use a drupal website. Last year we used three servers to host the website and it still was slow. This year we use varnish as a reverse proxy in front of a single server serving Drupal, and this server is less performant the one used last year. We get a lot more request and the load on the server is less than 0.3 All static content is cached for 600s, all live updates are cached for 10s, all the rest is cache 60s. We have a hit ratio of about 90%.

eAccelerator 0.9.6 rc 1

Yesterday I released a first release candidate of 0.9.6. Some very big changes have been made to eAccelerator. Everyone has noticed that there is not much development. The main reason is that eAccelerator does pretty good what it needs to do. So new releases are only made to keep eAccelerator in sync with PHP releases. For this reason version 0.9.6 goes back to basics. I am only going to keep the script cache part of eAccelerator up to date with PHP, so all other functionality has been removed from eAccelerator. If you need the other functionality you have two choices:

  1. You do not upgrade PHP and keep using the working version of eA
  2. You port the removed parts to the current PHP version so I can merge them back in AND you make a commitment to keep on maintaining them.

Please test this release and provide us with feedback. The source is available from here.

Lisa paper accepted

My first research paper got accepted at the Lisa ’09 conference. I will present this paper on the conference in Baltimore this year. I am not really sure if I can share the paper before it is published so for now I will post the abstract here.

Title: Federated Access Control and Workflow Enforcement in Systems Configuration
Abstract: Every organization with more than a few system administrators has policies in place. These policies define who is allowed to change which aspects of the configuration of a computer infrastructure. Although a lot of system configuration tools exist to automate configuration changes in an infrastructure, very little work has been done to enforce the policies dealing with access control and workflow of configuration changes. In this paper, we present ACHEL. ACHEL allows to integrate fine-grained access control in existing configuration tools and enforces your organization’s configuration changes workflow. Furthermore, we prototyped ACHEL on a popular configuration tool and demonstrate its capabilities in two case studies.

Fighting webserver spam: part 1

I have posted a lot in the past about how I try to deal with spam, generated on webservers that I manage. Most of this spam is generated by PHP based websites that all run as the same www-data user. Until now I compiled a custom PHP with a patch that adds a header to each email with the hostname and the path of the script that sent the email, as explained in this post. This helps me tracking down the users that caused the spam.

I got tired of recompiling PHP, so I wrote an extension that does the same using some C black magic. The code for this extension can be found in my hg repository. Because hg is so cool, you can just click on the zip or bz2 links in the left menu to download a snapshot of the latest version.

The extension works by replacing the native mail function of PHP. It adds a new header to the arguments and calls the real mail function with this extra header. Doing this required some very ugly hacks to manipulate the zend call stack, but what else is C made for 🙂