• HTTP headers checker

    • Translation
    For any site, it is important to properly configure the HTTP headers. A lot of articles have been written on the subject of headings. Here we have summarized the lessons learned, the RFC documentation. Some of the headings are mandatory, some are obsolete, some can be confusing and contradictory. We did a parsing to automatically check the HTTP headers of the web server.

    Correct HTTP headers increase security and trust in the site, including from search engines, can affect the site’s position in Yandex and Google, save server resources, reduce server load, thereby increasing the server response speed, which again affects the ranking of the site in the search, save money on payment powerful hosting, which may not be required for the site when configured correctly.
    Read more →
  • Bcache against Flashcache for Ceph Object Storage


      Fast SSDs are getting cheaper every year, but they are still smaller and more expensive than traditional HDD drives. But HDDs have much higher latency and are easily saturated. However, we want to achieve low latency for the storage system, and a high capacity too. There’s a well-known practice of optimizing performance for big and slow devices — caching. As most of the data on a disk is not accessed most of the time but some percentage of it is accessed frequently, we can achieve a higher quality of service by using a small cache.

      Server hardware and operating systems have a lot of caches working on different levels. Linux has a page cache for block devices, a dirent cache and an inode cache on the filesystem layer. Disks have their own cache inside. CPUs have caches. So, why not add one more persistent cache layer for a slow disk?
      Read more →
    • Ansible: CoreOS to CentOS, 18 months long journey


        There was a custom configuration management solution.


        I would like to share the story about a project. The project used to use a custom configuration management solution. Migration lasted 18 months. You can ask me 'Why?'. There are some answers below about changing processes, agreements and workflows.

        Read more →
      • Safe-enough linux server, a quick security tuning

        The case: You fire up a professionally prepared Linux image at a cloud platform provider (Amazon, DO, Google, Azure, etc.) and it will run a kind of production level service moderately exposed to hacking attacks (non-targeted, non-advanced threats).

        What would be the standard quick security related tuning to configure before you install the meat?


        release: 2005, Ubuntu + CentOS (supposed to work with Amazon Linux, Fedora, Debian, RHEL as well)


        image

        Read more →
      • Connect to Windows via SSH like in Linux

        • Tutorial
        The most depressing thing for me is to connect to Windows hosts. I'm not an opponent or a fan of Microsoft and their's products. Every product has its own purpose. But it is really painful for me to connect to Windows servers, because of 2 points: it is hard to configure (Hi WinRM with HTTPS), and it is really unstable (Hello RDP to VMs across the ocean).

        Fortunately, I found the project Win32-OpenSSH. I realized that I want to share my experience with it. I believe it will help somebody and save a lot of nerves.


        Read more →
      • From High Ceph Latency to Kernel Patch with eBPF/BCC



          There are a lot of tools for debugging kernel and userspace programs in Linux. Most of them have performance impact and cannot easily be run in production environments. A few years ago, eBPF was developed, which provides the ability to trace the kernel and userspace with low overhead, without needing to recompile programs or load kernel modules.

          There are now plenty of tools that use eBPF and in this article, we’ll explain how to write your own profiling tool using the PythonBCC library. This article is based on a real issue from the production environment. We’ll walk you through solving the problem and show how existing bcc tools could be used in some cases.
          Read more →
        • AdBlock has stolen the banner, but banners are not teeth — they will be back

          More
          Ads
        • Docker container for HP servers management with ILO

          • Tutorial
          Origin in Russian

          Well, you can wonder — why would I use docker container for such a purpose? What's the problem to enter web-interface of ILO and manage server as usual?

          The same thought I had when I've got a few old servers that required a reprovision. The servers are located in different continent and the only interface I had it was just a web interface of ILO. And when I had to enter a few manual commands via Virtual Console I discovered that it's hardly possible.

          For various sorts of Virtual Console of servers (both HP and Dells) usually Java web applets are used. But Firefox and Chrome don't support them anymore and the newest IcedTea doesn't work with those old system anyway. So I had a few options:
          Read more →
        • How Many Developers Need to Create Service Like Airbnb

            Back in 2007, Brian Chesky and Joe Gebbia shared a room in San Francisco and were unable to pay rent on time. As a way out, they decided to turn their living space into a simple bed-and-breakfast hotel to get some money from travelers. If you love traveling i can advice you Travel news site. A year later, the venturers launched a website which evolved into the most famous peer-to-peer renting technology service called Airbnb.

             Now, the company has 3,100 employees and generates insane revenues for its founders. The statistics say that Airbnb has 150 million registered users, 3 million hosts, and 4 million listed offers. The service covers 80,000 cities in 190 countries, and, interestingly, 50% of traffic comes from mobile applications.

              These figures are so impressive that you may also want to create your own Airbnb clone and become successful. But slow down. This story is already written; do you really need to create a marketplace similar to Airbnb?
            Read more →
          • How Protonmail is getting censored by FSB in Russia

            • Translation

            A completely routine tech support ticket has uncovered unexpected bans of IP addresses of Protonmail — a very useful service for people valuing their Internet freedoms — in several regions of Russia. I seriously didn’t want to sensationalize the headline, but the story is so strange and inexplicable I couldn’t resist.


            TL;DR


            Disclaimer: the situation is still developing. There might not be anything malicious, but most likely there is. I will update the post once new information comes through.


            MTS and Rostelecom — two of the biggest Russian ISPs — started to block traffic to SMTP servers of the encrypted email service Protonmail according to an FSB request, with no regard for the official government registry of restricted websites. It seems like it’s been happening for a while, but no one paid special attention to it. Until now.


            All involved parties have received relevant requests for information which they’re obligated to reply.


            UPD: MTS has provided a scan of the FSB letter, which is the basis for restricting the access. Justification: the ongoing Universiade in Krasnoyarsk and “phone terrorism”. It’s supposed to prevent ProtonMail emails from going to emergency addresses of security services and schools.


            UPD: Protonmail was surprised by “these strange Russians” and their methods for battling fraud abuse, as well as suggested a more effective way to do it — via abuse mailbox.


            UPD: FSB’s justification doesn’t appear to be true: the bans broke ProtonMail’s incoming mail, rather than outgoing.


            UPD: Protonmail shrugged and changed the IP addresses of their MXs taking them out of the blocking after that particular FSB letter. What will happen next is open ended question.


            UPD: Apparently, such letter was not the only one and there is still a set of IP addresses of VOIP-services which are blocked without appropriate records in the official registry of restricted websites.

            Read more →
          • Writing yet another Kubernetes templating tool


              If you are working with Kubernetes environment then you probably make use of several existing templating tools, some of them being a part of package managers such as Helm or Ksonnet, or just templating languages (Jinja2, Go template etc.). All of them have their own drawbacks as well as advantages and we are going to go through them and write our own tool that will try to combine the best features.

              Read more →