Disinformation, Ciphers, WiFi, Web, DB, Configuration

  • Once again, world is so full of disinformation. I did read tons of documentation and stuff and couldn't get routing to work correctly. But when I really thought about it, how I would configure this stuff, if I just would simply do it and ignore all the vendors documentation. Then one early morning when office was empty, I decided to try it. Backed up old configuration, deleted routing tables, entered my own configuration and bam, it worked. - Use intuition, ignore documentation? Good hint / tip? Ok, not always, but in this case the documentation was just misleading and confusing me. Thank you ZyXEL!
  • Updated a few legacy web-servers and to add newer protocol & cipher suites support, inserted NginX as reverse front proxy handling encryption and h2 (http/2). Everything worked wonderfully.
  • Also almost doubled performance of one server which CPU doesn't support AES-NI by replacing AES-GCM with chacha20-poly130.
  • WiFi 6 marketing name for 802.11ax and WPA3. Ok, clear version numbers, maybe good for people who don't want to know the actual details.
  • 12 factor cli apps - Nice list of basic features for cli apps. Yet, it usually won't help that users are absolutely and totally noobs with cli apps and usually claim that those aren't working at all. Because, you know, they don't undestand CLI interface at all. Claim about scripting languages being slow is misinformation. Many of the Python 3.7 CLI tools I've written run in less than 7 milliseconds when you're requesting help text. They claimed that scripting languages take more than 100 ms to start. False claims, even with very lousy and old Atom servers.
  • Modern Microprocessors - Good time to remind yourself about lower level stuff, even if most of today's programmers usually don't have any clue what's happening under the hood. Very nice read, even if the article itself is old. Therefore there's nothing new in it.
  • Installed FastCGI - CGI bridge to get some legacy stuff to run with NginX. Absolutely horrible solution, but it works and it wasn't worth of converting such task to real FastCGI even if it would have been possible.
  • Not related to the previous bullet point, but had performance discussion about one software, and I were like awww... How about reading that Modern Microprocessors. Sure, it's about CPUs but exactly similar solutions can be also used to improve software performance. - Yet this is something which is way way above understanding of most of programmers.
  • Scripted automated updating of DANE / TLSA / DNSSEC data with our own DNS servers. Phew, it required some tuning, but after all it works great.
  • Played a little with NginX HTTP/2 module and it's push features. Verified with Firefox and nghttp tool that the HTTP/2 Server Push is working as desired. Some configuration documentation on Nginx site. Using FastCGI it's possible to push stuff using Link: headers with rel=preload when http2_push_preload is enabled.
  • Also configured one system with H2O web server just for fun. Mostly because it supports CASPer (cache-aware server-push). As I stated earlier, H2 server push leaves world open to tons of different optimizations with H2O is implementing.
  • How not to structure your database-backed web applications: a study of performance bugs in the wild - Which lead me reading this article. It has been in my backlog for quite a while. Spring and Hibernate, good old Java times, yep, we had interesting performance issues. Excellent article, I were naturally aware about all of the issues mentioned, and I'm also pretty sure that many applications fail in all of the categories mentioned. Yet they didn't yet cover locking and parallelism, which are huge problems in addition to the problems they mentioned. But I guess that' just out of scope of this article, because it covered single thread performance issues.

2020-03-01