Angelesen #37

Kurz mal die wöchentliche* Linkschleuder :)

LG threatens to put Wi-Fi in every appliance it releases in 2017 (

Now that phenomenon is reaching its logical endpoint: during the company’s CES press conference today, LG marketing VP David VanderWaal says that “starting this year” all of LG’s home appliances will feature “advanced Wi-Fi connectivity.”

Looking forward to the time when your toaster is DDOSing your fridge ;)

A wide-angle camera mounted inside the fridge lets you look inside your fridge remotely just in case you think you left something off your grocery list.

Seriously? ¯_(ツ)_/¯

C3TV – Gone in 60 Milliseconds (

More and more businesses are moving away from monolithic servers and turning to event-driven microservices powered by cloud function providers like AWS Lambda. So, how do we hack in to a server that only exists for 60 milliseconds?

Sehenswerter CCC Talk über die Sicherheit von “serverloser” Infrastruktur.

C3TV – Software Defined Emissions (

A technical talk on how to reverse-engineer electronic control units in order to document what was left apparently intentionally undocumented by the vendor – including how Volkswagen tweaked their cycle detection code while already being investigated by the EPA, how different the Volkswagen approach is really to the rest of the industry, and of course some trivia on how the „acoustic function“ got its name.

Zum Thema Dieselgate ein genialer Vortrag zum Thema Software Defined Emissions

How I Built This : Yvon Chouinard built @patagonia (

Podcast mit dem Firmendgründer von Patagonia

Great Talks and Presentations at 33C3 (

The Chaos Computer Congress is Europe’s leading hacker and tech community conference, taking place annualy in Hamburg, Germany between Christmas and New Year. This year was the 33rd time (hence 33C3), and as usual featured a large number of amazing talks and presentations.

Gute Auflistung von 33C3 Talks :)

Open-Sourcing Our Incident Response Documentation (

Our internal incident response documentation is something we’ve built up over the last few years as we’ve learned and watched our customers learn. It details the best practices of our process, from how to prepare new employees for on-call responsibilities, to how to handle major incidents, both in preparation and after-work. Few companies seem to talk about their internal processes for dealing with major incidents. It’s sometimes considered taboo to even mention the word “incident” in any sort of communication. We would like to change that, making it possible to learn and be better.

Äusserst Lesenswerte Dokumentation von Pagerduty für alle die öfters mal On-Call sind.

Does Google execute JavaScript? (

My conclusion is: Google may or may not decide to run your JavaScript, and you don’t want your business to depend on its particular inclination of the day. Do server-side/universal/isomorphic rendering just to be safe.

Ob google Javascript beim crawlen ausführt oder nicht ;)

  • hoffentlich ab jetzt wieder öfters

Drupal Camp Cape Town 2016 – Fast websites for all of us


I was invited to Drupal Camp Cape Town to present on a topic which is very dear to me: “Fast websites for everyone” I was covering  principles or issues which need to be addressed in order to get sites as quickly as possible to the user.

My personal thanks go to the Team behind Drupal Camp Cape Town. It was amazing to be part of it and I loved the relaxed location and the many discussions with the people I met throughout the day.





To CDN and beyond! Speed up websites beyond the US and Europe


I had the great opportunity to present my findings and stories at the DrupalCon in Dublin.
As always, I promised to put together the resources I used during my talk. Here they are:

If you attended my session, feel free to give feedback on the DrupalCon Website or here on my Blog. Any feedback is well appreciated.




TIL: Metatag – Referrer Policies

Today one of our Developers walked up to me and mentioned that Web fonts are loaded properly, just not on one of the subsites. As usual, this is a “Server Issue” and I’m happy to dive into those things.

One thing  I saw pretty quickly is following (open your eyes) and look for the Referrer Header:

The site which is working sends the Headers out:


And on the other hand, the site which is not working (which happens just to be a subsite of the first one)


Weird, isn’t it? After some back and forth I learned about the Referrer Policies Metatag

<meta name=”referrer” content=”no-referrer” />

This instructs the browser to omit the referrer when sending out requests, which is nice from a privacy standpoint, but totally breaks if you use a web-service which checks on the domain which an asset is used on (to prevent hotlinking of web-fonts for example). The Referrer Policy is adopted by quite a few browsers by now.

By setting the Metatag to “origin-when-cross-origin” you can get the functionality back without handing over all information of the site you’re visiting.

<meta name=”referrer” content=”origin-when-cross-origin” />

This also makes the web-fonts happy again and will  be served as intended.

New Relic : Remove all not reporting Servers

Some infrastructure which I run spins up new Instances for Jobs and removes them afterwards. Because I still want to have some insights on what happened on the machine I installed NewRelic Server monitoring on the boxes.

As those instances fade away after each run i had quite a few servers listed (around 300-400) in there and New Relic still does not support Bulk removal of servers.

Thanks to Matt Weg,  who posted following Fix in the Discussion Groups of NewRelic which features a pretty easy one-liner for solivng this issue.

curl -X GET ‘’ \ -H “X-Api-Key:${NR_API_KEY} \ | jq -r ‘.servers | .[] | select(.reporting!=true) | .id’ \ | xargs -I % curl -X DELETE \ -H “X-Api-Key:${NR_API_KEY}

To get this running on OSX i need to install jq (via Homebrew)

brew install jq