"Profitability is a necessary condition for existence and a means to more important ends, but it is not the end in itself for many of the visionary companies. Profit is like oxygen, food, water, and blood for the body; they are not the point of life, but without them, there is no life."
--Built to Last: Successful Habits of Visionary Companies

I have two weapons I use when creating my webpages. I use these Firefox plugins primarily to make sure my pages load lightning fast.
Web Developer - I use it mostly as an easy way to inspect my pages (as well as pages of others.) It is also an easy way to tweak and test your css code.
Firebug - I love this one for a single feature it has. Install it and check out the "Net" tab. It will show you all of the items loaded when you visit a page. It will also tell you the load time for each item as well as for the entire page.

Take a moment and install them. You'll need them for my next post on how to tweak your webserver or php code to serve up your pages lightning fast.

This is kinda old news, but interesting anyway. According to this story, "A federal judge in Vermont has ruled that prosecutors can't force a criminal defendant accused of having illegal images on his hard drive to divulge his PGP (Pretty Good Privacy) passphrase."

For those of you that don't remember, this part of the 5th amendment says, "No person...shall be compelled in any criminal case to be a witness against himself..."

I guess I can change my encryption passphrase to something other than "I don't know." now.

I see no problem with running phpBB, but there are so many people that don't keep their software up to date. This is one reason why I hate to have 50 different types of software running on my servers. It's just more to keep track of and hard to stay up to date on everything.
Here's a link to the ComputerWorld article.

Oh that reminds me, I need to update my version of wordpress. BRB.

I recently had to alter(edit) a very large MySQL table on a production system to drop an unnecessary index. This particular table has over 15 million records in it and occupies over 6GB of space. Since this database runs the We're Related facebook app, I couldn't just bring it down for hours and make the change. This particular table stores data for a main part of the application.

Enter EC2. All of our production systems that power We're Related are running on Amazon's EC2 so this was an easy problem to work around. Using MySQL replication, I setup a system that would mirror this production database. The nice thing about replication is that it automatically keeps any mirrors up to date with the latest data.

Once I had the mirror up and running, I was able to run the command to alter the table on the mirror. This took over 6 hours to complete. Once done, it quickly caught up with those 6 hours worth of updates from the main system.

Tonight, I will be reconfiguring the webservers to connect to this new mirrored system instead of the original. This will result in less than five minutes of actual downtime.

End result:
downtime - < 5 minutes compared to 6+ hours
additional cost - $20 (for running an additional "beefy" server for 1 day)

That's one thing I just love about EC2, you pay for what you use. If you need a temporary server for hours or days, you just fire one up and pay minimally for it.

For us UNIX fans, Sun Microsystems is working with Amazon to offer OpenSolaris on EC2.
I'm not sure how I missed it, but they made the announcement last week.

I just signed up to be included in the beta. I'll post an update here when I get in and start tinkering. My main focus is going to be the performance of MySQL on EC2 comparing Linux with OpenSolaris.

I'm not sure what their long term plans are, but for now they aren't incurring any extra charges (beyond the standard EC2 charges.) I know that RedHat charges extra to run their Enterprise version on EC2.

Yes, it's true. You can get a guaranteed 5% increase of your ad campaign ROI.
While I'm not currently running any ad campaigns, I was reminded today that Yahoo! Search Marketing has teamed up with American Express (Open For Business) and is giving you 5% back on money you spend on ads. All you need to do is make your payments to Yahoo! with your American Express Business Card. What a deal!
(...time to queue up "Money for nothing"...)

Apparently, U.S. immigration officials incite more terror than the terrorists themselves.
Here's some interesting commentary by Bruce Schneier regarding the terrorism "tax" that honest people pay. I found this quote particularly interesting:
"More respondents were worried about U.S. immigration officials (70 percent) than about crime or terrorism (54 percent) when considering a trip to the [U.S.]."

To help you get the most out of (K)ubuntu, be sure to enable Medibuntu as a source for packages. This will allow you to easily play those wmv files and DVDs on Linux as well as most other multimedia that use proprietary formats.

The steps for setting it up involve running three commands (Details here)
For me, it was a matter of running:
sudo wget http://www.medibuntu.org/sources.list.d/hardy.list -O /etc/apt/sources.list.d/medibuntu.list
sudo apt-get update && sudo apt-get install medibuntu-keyring && sudo apt-get update
sudo sed -e 's/ non-free//' -i /etc/apt/sources.list.d/medibuntu.list

Good luck!

Here I am, peacefully working at my computer when I'm interrupted by a text message on my phone:

** PROBLEM alert - someserver.somewhere.com/SSH is CRITICAL **

That's not a good thing. Hoping it's a false alert, I try to ssh in. No luck. I try again. Still no luck. And a third time, Yes! I'm in. Let the troubleshooting begin.

I check to see what processes are running and sure enough, I find a culprit. There are a ton of sshd processes going. I take a look at auth.log and it's full of "Failed password for root from 218.145.160.100 port 55739 ssh2" messages (about 9,000 of them.) Here's what's going on: someone is trying to login to the server most likely by trying a bunch of passwords in a brute force attack. A brute force attack consists of trying every possible password until you find the right one. The attack doesn't really concern me since I don't allow password logins on most of the servers I manage. The excessive login attempts are a little annoying.

One command later and all traffic from that IP address drops into oblivion.

iptables -A INPUT -s 218.145.160.100 -j DROP

With that band-aid applied, it's time to get something better in place for the long term. A while back there was some discussion about preventing or slowing down such attacks on the SLLUG email list and some people posted scripts they use to deal with it. Here is my current version of one of those scripts:

#!/bin/bash
case "$1" in
start)
# Put IP addresses for allowed hosts into this, separated by spaces.
SSH_ALLOWED="123.45.67.89 98.76.54.32"

*)
echo "Usage: $0 {start|stop}" >&2
exit 1
;;
esac

This is an init script, so I put it in my /etc/init.d directory and set it up to run when the server boots up. What it does is only allows 5 SSH connection attempts per minute based on the source's IP address. From there, it blocks and logs any connection attempts. Two words of warning when working with IP tables; be careful. It's very easy to block yourself from accessing your own server. I've done this more times than I care to mention and had to take a drive to the datacenter or call their helpdesk to make things available again.