Blue Screen Of Duds

Where the alter ego of codelust plays

Archive for the ‘Web Servers’ Category

PHP on Windows tip

leave a comment »

I have not seen much about this anywhere, but if you are wondering why you enabled extensions (in PHP.ini) don’t work in PHP on Windows, it is probably because your "extension_dir" path is wrong. This does not show up as an error anywhere other than in Apache’s error log, which is the last place where most would look for an error. To get rid of this error, do not use a relative path for the directory and use the absolute path. It is as simple as that.

Technorati Tags: , , ,

Written by shyam

November 1, 2007 at 1:24 pm

Posted in Apache, Web Servers

Password idiocy at Jet Airways website

with 2 comments

Whoever made changes to the code on the Jet Airways website should be in the least made to stand in a corner for the whole day. The line of code that’s responsible for a considerable bit of frustration for me on a Sunday is the following:

<input class=”formobject” id=”usrUserLogin_txtPassword” type=”password” maxlength=”8” name=”usrUserLogin:txtPassword”>

What it has done is to limit the password length to 8 characters, which, being longer than that in my case, is not letting me log in to the website to update my details. Basically, anyone with a password longer than eight characters won’t be able to log in to their account till someone fixes this. Ugh!

And what the magic of an industrial strength framework has done (Microsoft Commerce Server 2002, in this case) is to inherit the value of all the login boxes across the website from the same model, truncating it to eight characters before it is posted back for validation, which would fail for all passwords longer than eight characters.

I could find a loophole somewhere, with a mix of the Web Developer and Tamper Data extensions, to log in to my account. But the page that I wanted, to claim missing miles, checks back with the same model again, throwing me back to the log in page. I can only hope that this is an error on the logic front than someone having messed up the database itself.

Written by shyam

April 8, 2007 at 10:53 am

Akamai gobbles up Netli

leave a comment »

Netli, the application accelerator provider (who also powers WordPress.com) was acquired by Akamai in a merger transaction. The acquisition fits snugly into Akamai’s portfolio of services that was sorely lacking in the application acceleration segment. That said, Akamai has been largely eclipsed by Limelight Networks in the business of serving multimedia. Limelight already serves the Flash video content of Youtube and the content of Muvee and Metacafe. While there is a fair bit of cash in doing application acceleration and text-based content delivery, the volumes involved in transferring multimedia files is where the really big bucks are, where Akamai still has not made any significant plays.

Written by shyam

February 6, 2007 at 3:25 pm

Posted in Technology, Web Servers

Ibibo Pliggs it

with 2 comments

Ibibo Labs has a link to one of their new products under testing, a Digg-clone running on Pligg, called Newscola. Strangely, for all of Nasper’s technology muscle, MIH had to use a freely available software to push the product out. Now, I don’t have any problems using open source or free software, but the mistake that most companies make is in rushing to the market just to launch the product, without any thought given to how it would integrate with their existing systems. Ibibo’s other services run on .Net and IIS, while Pligg is a LAMP product and there is no common login. I can forsee that at some point a poor developer will end up having to write hacks into Pligg’s authentication module to integrate the regular Ibibo login into the system or migrate the system wholesale to .Net, which is such a ridiculous waste of time.

Technorati tags: , , ,

Written by shyam

February 2, 2007 at 6:43 am

A Mint with many holes?

with 5 comments

Alongside the print version, HT and WSJ’s new baby (if anyone remembers a strange phenomenon called go4i.com, they would have fairly bad memories about doing a JV with HT) — Mint — also had the online version of the paper switched on today at livemint.com.

The good news is that the site, thankfully, seems to not run on HT’s or WSJ’s platform, of which the former is rumored to be going for a redesign and re-launch soon. The bad news is that, after a 10 minute browsing session of the website, I found more than a handful of problems on the website, some being very critical and others being minor ones.

First problem with the website is that it is hosted with Mirror Image Internet, at a datacenter in Japan, while WSJ and HT are currently hosted in the US. Connectivity between India and Japan is not the best in the world and ideally they should be hosted in India if they are targeting the Indian audience. It could even be a misconfigured CDN, since Mirror Image is based out of the US. On a related note, HT Media Ltd is listed as the netblock owner for the Livemint IP, with an entire Class D range allocated to it. Something surely is cooking there.

In true WSJ fashion, you need to register to be able to read the website, the RSS feeds (partial summary) are available without the log-in and the registration is free. The registration form has a couple of quirks, mainly because of the slow server taking its own sweet time in updating the drop-downs according to your previous choices.

Another problem I had was with the ‘Register’ ‘Reset’ and ‘Cancel’ buttons. Of the three, the first two look way too similar and what’s with the arrows on all of them?

Another issue I found was with the templating, which is funny and inconsistent. http://www.livemint.com/SectionPages/SectionEconomyAndPolitics.aspx is the same as http://www.livemint.com/SectionPages/SectionEconomyAndPolitics.aspx?ID=11. So why use the query string anyway? Thankfully, section pages also seem to be real than virtual (since this returns a 404), which is a good thing from a security point of view (we don’t want pesky bloggers trying to pass queries on to the database, do we?) but awful from a point of maintaining things (look up a similar website called www.moneycontrol.com for example).

The guys who have developed the website have been smart enough to have RSS feeds from the word go, though Nikhil complains here that he could not find them. There is no auto-detection code in any of the pages, which will deprive most of the new generation browsers in their quest for auto-discovery glory. Moreover, the feeds don’t validate. And the errors can be easily fixed:

line 8, column 4: Undefined channel element: Pubdate 

<Pubdate>Thursday, February 01, 2007</Pubdate> -- Wrong case used here.

line 13, column 6: Undefined item element: Author

<Author /> -- Wrong way to close the tag.

And it would be lovely if they could give us the GUIDs too on entries.

Now to the security issues. The email confirmation page is an email harvester’s delight. Changing the Userid gives away the email address of guys who’ve already registered. There is no cookie or session validation there. And in general, the cookie handling is awful, when I wanted to edit my profile, I ended up on someone else’s profile in the edit page, which is very very bad idea.

It might also be a good idea to enable custom errors, preventing errors being thrown up like this. Not a major problem there in terms of information being given away, but it is a good idea to turn errors off on production machines.

Webtrensds Live for tracking? Uh oh. Google Analytics is better, a million times over and free too!

The source code is tag soup of DIV and tables, adding to the already delayed rendering of the page. Go for a DIV-only layout guys, cache the CSS and speed up your pages.

And what exactly is an article feed? http://www.livemint.com/Articles/ArticleRss.aspx. It does not use session tracking and also spews out full text in the description. Update: It is returning a 302, though, due to the funky ways in which the response codes are treated by different browsers, I get redirected to the homepage in IE and the old page in Firefox.

This is by no means a takedown of the work that’s gone into it. I remember when we had launched just over a year ago, the number of mess ups we had made were too many even count with your fingers. I am also sending this link to their customer support and hopefully they should do something about it. Running a widely-viewed media website is a major learning curve and I am sure they’d fix most of the problems before soon.

Technorati tags: , , , ,

Written by shyam

February 1, 2007 at 2:41 pm

WordPress.com, growth, issues and the road ahead

with 4 comments

What we have here today is Matt Mullenweg, who runs the entire WordPress show via Automattic, making good on his promise and answering a couple of pesky questions I had for him regarding WordPress.com.

Interesting comments from the answers include content filtering (I mean it as a positive, than as a negative, considering how little adult content on WordPress.com gets on to the homepages, while some of the best adult blogs I know are hosted on it), the usage of a CDN called Netli for content caching and rough numbers regarding usage in India, which is by far the highest I’ve ever seen anywhere.

If you are keen on helping blogging in India in the local languages, they are looking for translators.

And as an interesting aside, this is the first interview-ish sort of a thing I’ve done in a long time, that too after I’d hung up my journalistic shoes about three years ago and that too on my blog. Strange to see how the tables have turned.

Meanwhile, here’s a big thanks to Matt. Read on:

1) How big is the uptake for WordPress.com in India (Since you guys are one of the oddest web ops in terms of sharing internal numbers, it would be nice if you could give the break up in terms of sign ups, regular users (average 3-4 logins a week), and probably a percentage figure and numbers of the traffic originating from India)?

We don’t have a breakdown for sign ups in that detail but Google analytics does say we get about 221,984 page views from India, mostly from Maharashtra. The best I can tell we have a few thousand blogs that self-classify as being in an Indian language like Hindi.

2) Do you have more goodies lined up for India, beyond improving on the serving infrastructure? I remember seeing a lot of blogs in the heydays of Blogger with a lot of bloggers blogging in the local languages. Are you planning to reach out to these bloggers?

I’m very open to suggestions in that regard, the obvious things after making the service faster is local support forums and a better translation of the interface. (People can donate translations at translate.wordpress.com.)

3) Is the VSNL IP that we’ve seen before just a co-located server you have in the IDC or is it a part of the infrastructure of a CDN? Or even better, is Automattic now getting into the CDN business?

It’s part of a dynamic CDN called Netli, which accelerates our dynamic pages and provides standard CDN static caching stuff as well.

4) How well is WordPress.com dealing with its current growth? After all, the code base you have for the framework is still the single user/multi-user WordPress installation. Is it stable enough for me to dump five years worth of blogging on to the framework?

The growth has surprised everyone, even myself. We now regularly break 4 million page views a day and server close to 350/reqs a second. (Non-cached.) I think our current infrastructure is in a very good place right now, thanks mostly to the work of Barry. We’ve got a robust setup in Dallas and are aggressively expanding in other DCs in the US.

5) Even when the framework handles the stress well, there are other factors you need to keep an eye out for: storage, bandwidth, billing (for premium accounts) etc. Do you guys have the leeway to scale it to handle, let us assume, a 4x growth across all those variables?

All of that is pretty easy, except for storage which can be tricky to synchronize cross-datacenter. Right now we have a method that works well, but I’d like something cleaner before we get into terabytes of files.

6) WordPress.com has stopped redirecting all requests to wp-login.php to the encrypted SSL URL. Not quite a smart thing to do, you’d agree, even if it has sped up the pages a lot. You could probably do what Yahoo! Google and Microsoft does and keep the authentication part forced to redirect to the SSL version and switch back to plain HTTP for the other admin pages.

Yep, that’s definitely something we’re looking at. I had no idea when we originally added SSL that it would be such a pain.

7) Why was the SSL option dropped anyway? Were you guys using an add on crypto processor or was it being handled by the acceleration appliance?

It had nothing to do with processing speed, our dashboard traffic is light enough that it wasn’t a problem at all, it all had to do with user speed. The increased latency and sucky client caching of SSL content made the admin interface just crawl, especially for international folks, and in our testing we found nothing helped as much as just turning off SSL.

8) Why LiteSpeed?

It’s the fastest and most robust web server we’ve tested. The only thing I dislike about it is that it’s not open source, and we’re seriously considering replacing it purely for philosophical reasons. It’s the only non-OS app in our stack.

9) Will WordPress.com ever give up PHP/MySql and move into the Java scheme of things? At this point an application server would surely look like an enticing prospect to you?

Never, that would be the biggest waste of time.

10) Is there any sort of content filtering on WordPress.com ? There are plenty of sex blogs and adult content being served from the framework, but these don’t tend to show up normally on the regular WordPress.com listing pages.

Yes we pretty aggressively filter mature blogs from public listings to try and keep the front page and admin areas PG-rated.

Written by shyam

January 22, 2007 at 6:57 am

Is Microsoft ignoring the mainstream media server space?

leave a comment »

Mainstream media publications may not be a high value market for Microsoft, but the segment scores very high as far as visibility and perception go. Who would really not love to have a “Powered by” label on a high volume traffic website like the New York Times, as a showpiece for their product? What you are going to read is by no means a scientific or foolproof way of coming to any conclusion. It is based on the headers that the server returns and Netcraft coming in as the fallback option when faced with the ‘unknown’ server signature.

The list is broken down into three parts. The first is a list of the websites of the top twenty newspapers in America. The second is a smaller listing of European publications. The third is a list of publications from India, because, well that’s where I come from.

The US List

USA Today
IIS5 & BigIp

The Wall Street Journal
IBM WebSphere Application Server

The New York Times
SunOne Webserver

LA Times
SunOne Webserver

The Washington Post
SunOne Webserver

Chicago Tribune
SunOne Webserver

New York Daily News
Apache

Philadelphia Inquirer
Apache & Akamai

Rocky Mountain News
Netscape Enterprise 4.1

Houston Chronicle
Apache 2.0.x + Akamai

New York Post
Apache 2.0.x

Detrori Free Press
IIS6

Dallas Morning News
Apache 2.0.x

Minneapolis Star Tribune
Apache 1.3.x & Akamai

Boston Globe
Apache 2.0.x

The Star-Ledger
Apache

Atlanta Journal-Constitution
Apache 1.3.x

Arizona Republic
Apache 2.0.x

Newsday
SunOne Webserver

San Francisco Chronicle
Apache 1.3.x

Apache: 11
SunOne Webserver: 5
IIS: 2
Websphere Application Server: 1
Netscape Enterprise: 1
Oracle Application Server: 0
Java Server Pages: 0

The European List

International Herald Tribune
Apache

Le Monde
Apache & Akamai

The Jerusalem Post
Java Server Pages & Akamai

Der Spiegel
Apache 1.3.x

El Pais
Apache & Akamai

Corriere Della Sera
Apache 2.0.x

The Guardian
Apache

The Independent
Oracle-Application-Server-10g

The Sun
Apache 1.3.x

The Mirror
Apache 1.3.x

BBC News
Apache

South China Morning Post
Netscape Enterprise 3.6

Apache: 9
SunOne Webserver: 0
IIS: 0
Websphere Application Server: 0
Netscape Enterprise: 1
Oracle Application Server: 1
Java Server Pages: 1

The Indian List

NDTV
IIS5 & Akamai

Rediff
Apache 2.0.x & Akamai

Indiatimes
IIS6 & Akamai

Hindustan Times
Netscape Enterprise 6.0

The Hindu
Apache 2.2.x

CNN-IBN
Apache 2.2.x

CNBC TV18-India
Apache 2.2.x

Sify.com
Apache 2.0.x

Mumbai Mirror
IIS6

Daily News and Analysis
IIS6

The Indian Express
Apache 2.2.x

Mid Day
IIS6

The Pioneer
IIS5

Tehelka.com
IIS4

WebDunia.com
IIS5

The Telegraph
SunOne & ASP

Malayala Manorama
IIS6 & Akamai

Business Standard
Apache 2.2.x

Apache: 7
SunOne Webserver: 1
IIS: 9
Websphere Application Server: 0
Netscape Enterprise: 1
Oracle Application Server: 0
Java Server Pages: 0

The Final Count

Apache: 27
IIS: 14
SunOne: 6
Netscape Enterprise: 3
Websphere Application Server: 1
Oracle Application Server: 1
Java Server Pages: 1

Couple of interesting observations:

  • 3 out of 20 in the US use a CDN (Akamai)
  • 3 out of 12 in the Europe chart use a CDN (Akamai)
  • 4 out of 18 in India use a CDN (Akamai)
  • Sun is impressive with its pitch in US, but non existent in Europe and India (with the exception one site which is running ASP via SunOne).
  • No Apache 2.2.x in the US list
  • IIS does well in India
  • Netscape Enterprise is still around from version 3.6 to 6.0
  • Help! Somebody out there still uses IIS4 on a live website. Line them up and shoot them!

One of the main reasons why this might not be a high value market for Microsoft is that it has become more or less the norm for media websites with huge traffic to get on the Akamai CDN these days than to scale vertically or horizontally to serve the surge in traffic. In fact, some websites on the list run on ancient five to six-year-old servers, running the origin servers for Akamai. From that point of view, Microsoft has little to gain because these guys are not buying new licenses for new CPUs or new servers.

Another interesting trend is the use of acceleration and caching devices like BigIp and Netscaler, that used to be the domain of major ecommerce operations. It is hard to predict and tune your infrastructure in a media set up. The traffic patterns are unpredictable and after a while you really don’t want to break you head over your squid clusters and nothing works as well as a well set-up acceleration device that does TCP offloading.

More to come later.

p.s: The US top-20 list has been sourced from here.

Technorati tags: , , , ,

Written by shyam

January 4, 2007 at 1:16 pm