Drupal Camp Cape Town 2016 – Fast websites for all of us

fastwebsitesforallofus

I was invited to Drupal Camp Cape Town to present on a topic which is very dear to me: “Fast websites for everyone” I was covering  principles or issues which need to be addressed in order to get sites as quickly as possible to the user.

My personal thanks go to the Team behind Drupal Camp Cape Town. It was amazing to be part of it and I loved the relaxed location and the many discussions with the people I met throughout the day.

Resources:

Slides

Download

 

To CDN and beyond! Speed up websites beyond the US and Europe

2016-09-29_cachingandbeyond_bastianwidmer_drupalcondublin-002

I had the great opportunity to present my findings and stories at the DrupalCon in Dublin.
As always, I promised to put together the resources I used during my talk. Here they are:

If you attended my session, feel free to give feedback on the DrupalCon Website or here on my Blog. Any feedback is well appreciated.

Recording

Slides:


Download

TIL: Metatag – Referrer Policies

Today one of our Developers walked up to me and mentioned that Web fonts are loaded properly, just not on one of the subsites. As usual, this is a “Server Issue” and I’m happy to dive into those things.

One thing  I saw pretty quickly is following (open your eyes) and look for the Referrer Header:

The site which is working sends the Headers out:

referer-set

And on the other hand, the site which is not working (which happens just to be a subsite of the first one)

noreferer

Weird, isn’t it? After some back and forth I learned about the Referrer Policies Metatag

<meta name=”referrer” content=”no-referrer” />

This instructs the browser to omit the referrer when sending out requests, which is nice from a privacy standpoint, but totally breaks if you use a web-service which checks on the domain which an asset is used on (to prevent hotlinking of web-fonts for example). The Referrer Policy is adopted by quite a few browsers by now.

By setting the Metatag to “origin-when-cross-origin” you can get the functionality back without handing over all information of the site you’re visiting.

<meta name=”referrer” content=”origin-when-cross-origin” />

This also makes the web-fonts happy again and will  be served as intended.

New Relic : Remove all not reporting Servers

Some infrastructure which I run spins up new Instances for Jobs and removes them afterwards. Because I still want to have some insights on what happened on the machine I installed NewRelic Server monitoring on the boxes.

As those instances fade away after each run i had quite a few servers listed (around 300-400) in there and New Relic still does not support Bulk removal of servers.

Thanks to Matt Weg,  who posted following Fix in the Discussion Groups of NewRelic which features a pretty easy one-liner for solivng this issue.

curl -X GET ‘https://api.newrelic.com/v2/servers.json’ \ -H “X-Api-Key:${NR_API_KEY} \ | jq -r ‘.servers | .[] | select(.reporting!=true) | .id’ \ | xargs -I % curl -X DELETE https://api.newrelic.com/v2/servers/%.json \ -H “X-Api-Key:${NR_API_KEY}

To get this running on OSX i need to install jq (via Homebrew)

brew install jq

Angelesen #19

Good_Morning_World

Also auf 1770 Meter über Meer war es am vergangenen Samstagmorgen relativ frisch, sodass ich mir ein Jäggli anziehen musste während ich den Sonnenaufgang genoss. Mit ein bisschen Kreativität findet man kühlere Plätzchen. Am Wasser oder in den Bergen. Deshalb machte ich mich am Freitagabend auf zum Nässli im Simmental und wanderte danach noch ein bisschen weiter nach oben um da mein Nachtlager aufzuschlagen, mich erwartete eine Wolkenlose nacht mit Mondschein und ein entfernt vorbeiziehendes Gewitter.

Aber genug der Outdoorfreude auf zu den Artikeln der Woche:
[v6ops] Apple and IPv6 – Happy Eyeballs (ietf.org)

While our previous implementation from four years ago was designed to select the connection with lowest latency
no matter what, we agree that the Internet has changed since then and reports indicate that biasing towards IPv6 is now
beneficial for our customers: IPv6 is now mainstream instead of being an exception, there are less broken IPv6 tunnels,
IPv4 carrier-grade NATs are increasing in numbers, and throughput may even be better on average over IPv6.

IPv6 : Apple passt mit IOS9 und El Capitan die Happy Eyeballs Implementation an und übernimmt so eine kleine Vorreiterrolle bezüglich IPv6 Unterstützung. Nebenbei werden Apps im AppStore bald dazu gezwungen IPv6 zu Unterstützen.

Wenn dich die Polizei filzt, muss sie dir eine Quittung ausstellen – fordern Politikerinnen (tsri.ch)

«Das Ausstellen von Quittungen bei Personenkontrollen soll dazu führen, dass Personenkontrollen bewusster und nur bei Vorliegen hinreichender Gründe durchgeführt werden, und dass die Kontrollierten klar über den Grund der Kontrolle informiert werden»

Nicht das ich sonderlich oft von der Polizei angehalten werde, jedoch finde ich das Konzept einer Quittung eine gute Idee.

Kaspersky Finds New Nation-State Attack—In Its Own Network (wired.com)

The wipe occurred just four hours before Kaspersky identified the employee’s machine as “patient zero,” suggesting the intruders knew they’d been caught and were racing to eliminate evidence before Kaspersky could find it. Raiu suspects they may have been tipped off when Kaspersky disconnected many of its critical systems from the Internet after discovering the breach.

Kaspersky hat sich ja schon einige Male einen Namen gemacht. Das sie selbst jetzt aber einen erfolgreichen Angriff auf Ihre Infrastruktur offenlegen ist stark.

Turmzoll von Fry’s Gnaden (blog.tagesanzeiger.ch)

Zwei Franken werden  Zürcherinnen und Zürcher, auch Kinder, ab heute zahlen müssen, wenn sie auf ihrem Hausberg den Aussichtsturm besteigen wollen.

Züricontent: Tja schade. Viel Spass mit dem Drehkreuz Herr Fry!

Microsoft quietly pushes 17 new trusted root certificates (hexatomium.github.io)

Earlier this month, Microsoft has quietly started pushing a bunch of new root certificates to all supported Windows systems. What is concerning is that they did not announce this change in any KB article or advisory

Interessant… Ach… CA’s sind doch einfach irgendwie broken!

Steve Wozniak: In the future, robots will keep humans as pets (mashable.com)

I want the Internet of Things. It does things for me. I don’t have to think…. If it turned on us, it would surprise us. But we want to be the family pet and be taken care of all the time,” he said.

Der Woz über die Zukunft und AI’s

Can you trust Tor’s exit nodes? (nakedsecurity.sophos.com)

Dan Egerstad proved then that exit nodes were a fine place to spy on people and his research convinced him in 2007, long before Snowden, that governments were funding expensive, high bandwidth exit nodes for exactly that purpose.

Lesenswert! Darum ist es eigentlich wichtig, möglichst viele Exit Nodes zu betreiben (wäre das nur nicht so mühsam).

Stadtschützen wehren sich gegen Verbannung aus dem Ferienpass (bernerzeitung.ch)

In einem Postulat hat der grüne Stadtrat Luzius Theiler (GPB-DA) letztes Jahr verlangt, diese beiden Schiesskurse zu streichen. Denn es sei gefährlich, wenn sich Jugendliche für den Schiesssport begeisterten: «Bis zu einem Missbrauch in einem unkontrollierten Affekt ist es dann nur noch ein kleiner Schritt», heisst es in Theilers Postulat.

Nach Theilers logik müssten wir ja unglaublich viele Schiesswütige haben in der Schweiz.

Docker, CoreOS, Google, Microsoft, Amazon And Others Come Together To Develop Common Container Standard (techcrunch.com)

“Today Docker is the de facto image format for containers, and therefore it is a great place to start as a standard. We still feel that there are many technical issues in the existing Docker format, but having a neutral seat at the table will help address these for the industry overall.”

Spannend zu sehen wie schnell Docker das Synonym für container-basierte Virtualisierung wurde (obwohl es Container ja schon länger gibt).

«Die Reitschule funktioniert viel besser als der Stadtrat» (derbund.ch)

Interessantes Interview mit zwei Reitschülern. Chrigu kenne ich noch aus der Lehre.

Flame Graphs (brendangregg.com)

Flame graphs are a visualization of profiled software, allowing the most frequent code-paths to be identified quickly and accurately. They can be generated using my open source programs on github.com/brendangregg/FlameGraph, which create interactive SVGs. See the Updates section for other implementations.

Flame Graphs <3 Damit will ich demnächst mal rumspielen.