considers
some apache performance issues
I had some problems with apache… the php was very very slow. The system has linux gentoo with hardened profile, so me and x0ff believed that this was the main reason of poor apache performance. But recompiling php without “-pic” flag does no effect.
after
# ab -c 100 -n 10000 http://localhost/test.php
Benchmarking localhost (be patient)
Completed 1000 requests
apr_socket_recv: Connection reset by peer (104)
Total of 1810 requests completed
and in apache log:
[Fri May 30 19:40:54 2008] [alert] (11)Resource temporarily unavailable: setuid: unable to change to uid: 81
[Fri May 30 19:40:54 2008] [alert] Child 16566 returned a Fatal error… Apache is exiting!
[Fri May 30 19:40:54 2008] [emerg] (22)Invalid argument: couldn’t grab the accept mutex
So… it is not - the performance problem, because only 1810 requests were done.
Because system is hardened, i have a lot of limits in /etc/security/limits.conf. I was not sure if apache uses these vaules (because they are connected with PAM!!!!), but apache did ;(
http://bugs.gentoo.org/show_bug.cgi?id=64700
so the way to make it work was adding to
/etc/init.d/apache2 a line:
ulimit -u unlimited
the whole start section looks now like this
start() {
checkconfig || return 1
ebegin “Starting apache2″
[ -f /var/log/apache2/ssl_scache ] && rm /var/log/apache2/ssl_scache
ulimit -u unlimited
${APACHE2} ${APACHE2_OPTS} -k start
eend $?
}
to be sure that everything works fine a did a ab test one more time (with pic enabled).
# ab -c 100 -n 10000 http://localhost/test.php
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright 2006 The Apache Software Foundation, http://www.apache.org/Benchmarking localhost (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
Completed 8000 requests
Completed 9000 requests
Finished 10000 requestsServer Software: Apache
Server Hostname: localhost
Server Port: 80Document Path: /test.php
Document Length: 45361 bytesConcurrency Level: 100
Time taken for tests: 48.260264 seconds
Complete requests: 10000
Failed requests: 100
(Connect: 0, Length: 100, Exceptions: 0)
Write errors: 0
Total transferred: 455159500 bytes
HTML transferred: 453609500 bytes
Requests per second: 207.21 [#/sec] (mean)
Time per request: 482.603 [ms] (mean)
Time per request: 4.826 [ms] (mean, across all concurrent requests)
Transfer rate: 9210.29 [Kbytes/sec] receivedConnection Times (ms)
min mean[+/-sd] median max
Connect: 0 13 46.3 0 361
Processing: 9 466 200.4 472 4058
Waiting: 1 422 101.7 458 756
Total: 20 479 194.3 475 4058Percentage of the requests served within a certain time (ms)
50% 475
66% 486
75% 498
80% 509
90% 546
95% 616
98% 708
99% 860
100% 4058 (longest request)
Without “pic” enabled i got:
Requests per second: 234.96 [#/sec] (mean)
so there is no big difference.
The test.php script consist of:
<?
phpinfo();
?>
niggle: note that there is no security problem with no limit - the apache has internal limiting functions
something about having job… [polish]
I found this text at goldenline.pl… it’s really interesting (but in polish 
(if sb would like to translate - do not hasitate ) )
ktos wczesniej napisal, ze w ogloszeniach kazda firma jest rozwojowa i kazda praca ekscytujaca. tez to zauwazylem i jest to wg mnie bardzo zabawne. troche juz w branzy jestem, pare firm zwiedzilem, z paroma rozmawialem i mam kupe znajomych w korporacjach typu sabre, motka czy ibm. no i zawsze jest tak, ze HRy (i nie tylko, managerowie tez maja do tego sklonnosci) to roztaczaja wizje po prostu niemal obcowania z absolutem. nowe projekty, przelomowe technologie, miedzynarodowy zespol, wyzwania, cuda niewidy… a potem czlowiek przychodzi i przez 8 godzin dziennie gapi sie w terabajtowe logi wyplute przez jakiegos tajemniczego molocha stojacego gdzies tam i robiacego nie bardzo wiadomo co. albo po raz setny sledzi sie wylot po krzywym kliknieciu. albo po raz n-ty debugujesz rysowanie kontrolki bo u klienta glupio wyglada…
tak naprawde gros pracy programisty to poprawianie bledow po innych albo po sobie samym. taka jest smutna prawda i nie ma co sciemniac ze ta firma jest super bo oni ciagle wymyslaja cos nowego. nawet jesli firma wypluwa z siebie nowe technologie z predkoscia karabinu maszynowego to zaloze sie ze max 2% obsady opracowuje te nowosci, a pozostale 98% lata dziury w teoriach.
Moim zdaniem w sektorze IT płac jeszcze przez jakiś czas nie będzie się podawać widełek płac.
Pracownicy IT szczebla średniego i niższego są z reguły postrzegani jako pracownicy od wiedzy tajemnej niemożliwej do zweryfikowania przez pracodawcę, gdyż używa on IT ale nie jest to jego źródłem przychodów.
Często na takie stanowiska aplikują lamy, które myślą, że jak się naczytały Komputer Świata to są specami z sektora IT.
Stąd na rozmowach spotykają się “zaprawieni” w bojach szeroko pojęci “informatycy” i informatyczni “gringo”.
Dla potencjalnego pracodawcy nie będącego informatykiem odróżnienie tych dwóch “gatunków” jest dosyć ciężkie, więc podejmuje decyzję w stylu “po co przepłacać…”.
Specjaliści wąskich tematów w IT są poza klasyfikacją gdyż są zatrudniani po szczegółowej weryfikacji w firmach IT.
Tu także jeszcze przez jakiś czas nie będą podawane zarobki.
Polskie firmy IT póki co są na dorobku lub są oddziałami światowych koncernów. Oddziały koncernów czasami jadą na stratach i dzięki redukcji kosztów zatrudnienia przez minimalizację płac wykazują zyski w EMEA ratując wizerunek firmy. Polskie firmy mają polską filozofię: ” po co przepłacać jak można mieć “to samo” za mniej”.
Stąd ta licytacja ujemna.
Jeszcze upłynie sporo czasu, zanim zrozumieją, że jeden dobrze opłacony, identyfikujący się z firmą pracownik, potrafi pracować za dwóch kiepsko wynagradzanych, którzy w tym samym czasie szukają nowej pracy.
hardlinks in linux - maybe a way to backup?
take a look:
marti@illusion ~/test_dir $ ls -al
total 8228
drwxr-xr-x 2 marti marti 4096 May 20 13:57 .
drwxr-x— 15 marti marti 4096 May 20 13:56 ..
-rw-r–r– 1 marti marti 8397824 May 20 13:58 pliczek
make some hardlinks:
ln pliczek plik1
ln pliczek plik2
ln pliczek plik3marti@illusion ~/test_dir $ ls -ila
total 32876
5144802 drwxr-xr-x 2 marti marti 4096 May 20 14:01 .
5029890 drwxr-x— 15 marti marti 4096 May 20 13:56 ..
5144803 -rw-r–r– 4 marti marti 8397824 May 20 13:58 pliczek
5144803 -rw-r–r– 4 marti marti 8397824 May 20 13:58 plik1
5144803 -rw-r–r– 4 marti marti 8397824 May 20 13:58 plik2
5144803 -rw-r–r– 4 marti marti 8397824 May 20 13:58 plik3
marti@illusion ~/test_dir $ du .
8220 .
it means that - links does not consume disk space, and… after rm of oryginal file:
marti@illusion ~/test_dir $ rm pliczek
marti@illusion ~/test_dir $ ls -ail
total 24660
5144802 drwxr-xr-x 2 marti marti 4096 May 20 15:20 .
5029890 drwxr-x— 15 marti marti 4096 May 20 13:56 ..
5144803 -rw-r–r– 3 marti marti 8397824 May 20 13:58 plik1
5144803 -rw-r–r– 3 marti marti 8397824 May 20 13:58 plik2
5144803 -rw-r–r– 3 marti marti 8397824 May 20 13:58 plik3
files still exist and they still have same size:
marti@illusion ~/test_dir $ du -s .
8220 .
one strange thing is as expected, “ls” reports 24660 blocks in use, seeing each of the new hard linked files as new data. But… notice what “du” reports, since it actually looks deeper into the file system
way of backup - make hardlink to every file or desired file in another place (note that hardlinks can be done only in one partition), if you wan’t to find files which has more then one hardlink just execute:
find / ! -links 1 -type f
OK - note2 (thx to xoff) - you can only be safe in way of deleting the file… not modification, and it is the chipest way of backup - that not occupy additional disk space.
KB949031 and Office 2007 with SP1
Hmm… today I was reviewing installed updates in my Windows Vista… and I noticed that I have both - SP1 to my Microsoft Office Enterprise 2007 and KB949031 update. The date of install sp1 was earlier that the critical security update that allow remote code execution in outlook, so… why microsoft distribute this patch even if Office 2007 SP1 is not affected by THIS critial vulnerability?
Maybe because it is Microsoft?
some funny stuff
Some time ago, when configuring HP switch i got sth like this
As far as i know, my keyboard has one “TAB” button, but maybe programmers has a little bit more ;)
new wave of BZWBK spam messages
Be careful! There is the next wave of bzwbk spam, it looks like this:
It is highly critical so be really carefull, delete or ignore this message.
This time the spammers were more strict and make a very good phishing this is the source of the message:
Received: from mail.ardenjewelry.com ([68.15.33.211]) by xxx_xxx for marti@xxx; Wed, 14 May 2008 01:15:26 +0200
Received: from bzwbk.pl [71.170.119.34] by mail.ardenjewelry.com with ESMTP (SMTPD-9.23) id A0DA0240; Tue, 13 May 2008 19:14:34 -0400
Reply-To: <bzwbk@bzwbk.plz>
From: <bzwbk@bzwbk.pl>
To: <marti@xxx>
Subject: Uaktywnij konto BZ WBK 24
Date: 13 May 2008 18:12:33 -0500
Message-ID: <20080513181233.B0D23EC1EA3FA793@bzwbk.pl>
MIME-Version: 1.0
Content-Type: text/html;
charset=”iso-8859-1″
Content-Transfer-Encoding: quoted-printable
take a look at spam score:
Return-Path: <bzwbk@bzwbk.pl>
X-Spam-Status: No, hits=1.7 required=2.5tests=SPF: 0.00,BAYES_05: -0.925,FORGED_RCVD_HELO: 0.135,HTML_IMAGE_ONLY_16: 0.497,HTML_MESSAGE: 0.001,HTML_MIME_NO_HTML_TAG: 1.082,MIME_HTML_ONLY: 0.001,NO_REAL_NAME: 0.961,TOTAL_SCORE: 1.752
X-Spam-Level: *
it get score just like the simple html message.
To be little more secure if you are not a highly technical computer user just folow this tips, they should help you safeguard your personal and account information when using online services:
- Install anti-virus software, a firewall and spyware-detection software on your PC and update this software on a regular basis, as recommended by the software providers. Remember, new viruses continue to be created. Always check to make sure the security software is running before accessing the Internet.
- Keep your PC and browser updated with current patches that are released by your system vendor. Be sure to download patches only from official vendors’ Web sites, and not from third-party Web sites.
- Do not respond to e-mails, Web pages or telephone inquiries requesting you to verify your account information. Bank never ask you to verify your account information, user name or password, via an e-mail using a non-secure Web site. Never provide personal or account information or respond to any attempt to collect this information. If you receive an unsolicited e-mail from your bank, or from any other source, requesting personal information or asking you to verify your accounts or security settings, I kindly suggest that you check with Your bank or the other entities to make sure these requests are legitimate.
- Don’t take the bait from any “phishing” schemes. Forward all suspicious e-mails to your Mail Service Provider or Bank Suppor. For more information on Identity Theft and Phishing, or when your bank may contact you via e-mail, please visit your bank website of contact support.
- Never share your password with anyone even someone you know. At your bank possibly, you can select your own online password and change it as often as you’d like. I suggest that you choose an alphanumeric password that contains a mix of numbers and letters. Do not use numbers or words that can be easily guessed (such as your phone or street number, or your child’s name
Edited by Marcin Rybak on 14 May 2008 at 15:20
my news has been added and my screenshot has been used at:
http://www.alert24.pl/alert24/1,84880,5210545.html
windows xp with sp3… waff
Hmmm… I have just installed sp3 for windows xp, (in PL and EN version)… because of test purposes, I made it at vmware virtual machine (at clean install)
so the thoughts:
- no visual changes (maybe just in properiences in “my computer” )
- no performance improvements (hard to test in virtual machine environment, but in a few days I’ll test it at some laptop or PC and make a comment)
- instalation is rather simple, and with no complications only one reboot is needed (it is a 3 times better than vista SP1
) - I’m going to test NAP, because it is the most interesting thing which was implemented in SP3…
so… see you in the future
gg servers status part 4
New version of GG server status has been published.
I’ve implemented a every day checking of whole GG class. It is done by another server (I do not want to get ban or sth from GG S.A. ) at about 2:00 AM (the time when there is no big traffic at GG servers, but they works ).
You can find the new version here (the same address at previous)
can I mix a chipkill and non-chipkill
Totday my client asked me about mixing memory with chipkill and non-chipkill in the IBM System X 3650. First, you have to know, what is chipkill:
In computer memory systems, Chipkill is IBM’s trademark for a form of advanced Error Checking and Correcting (ECC) computer memory technology that protects computer memory systems from any single memory chip failure as well as multi-bit errors from any portion of a single memory chip. It performs this function by scattering the bits of an ECC word across multiple memory chips, such that the failure of any one memory chip will affect only one ECC bit. This allows memory contents to be reconstructed despite the complete failure of one chip. The equivalent system from Sun Microsystems is called Extended ECC. The equivalent system from HP is called Chipspare.
Chipkill is frequently combined with dynamic bit-steering, so that if a chip fails (or has exceeded a threshold of bit errors), another, spare, memory chip is used to replace the failed chip. The concept is similar to that of RAID, which protects against disk failure, except that now the concept is applied to individual memory chips. The technology was developed by the IBM Corporation in the early and middle 1990s. An important RAS feature, Chipkill technology is deployed primarily on SSDs, mainframes and midrange Unix or Linux servers.
I looked up in IBM doc’s and the answer is (referfing to: IBM SystemX x3655 sales guide):
If Chipkill-enabled and non-Chipkill memory is used in the same system, Chipkill protection is disabled for all DIMMs.
gg servers status part 3
Thanks to kfas (the gg servers has changed) i upgraded the list of gadu-gadu servers. I scanned the whole class of Gadu-Gadu S.A. (91.197.12.0 - 91.197.15.255) and tried to find the messaging servers. And so it is… the new version of gg working machines. HERE