NGINX does some crime

November 19, 2008

from CyberCrime and Doing Time

“The website is in Russia and doesn’t run Apache or IIS or any other common webserver. Its running a webserver called “nginx” (Pronounced Engine-X). That’s a huge negative right there. Many webservers that host malware are using this webserver type.”

Spongecell and Engine Yard use NGINX but I think it’s a huge positive! We use it for analytics reporting in addition to normal mongrel load balancing. We’ve load tested nginx on a single slice being able to handle close to 10,000 requests per second. Perhaps we like it for the same reasons the criminals do: it performs.


Star in a Porno with Facebook Connect and Rails

November 17, 2008

I tried out Facebook Connect with Rails recently. The result is Zack N Miri.

znmFiguring out all the details wasn’t super straightforward. Essentially I took the jogging php example from Facebook and combined it with the Facebooker Rails plugin. You can check out the code at Github.

Who wants to get some milk with Zack?

Screen Sharing Crippled!

October 28, 2008

How annoying, Apple has disabled the power tools in Screen Sharing that are mentioned in this great article. This comes in a recent update to security or system or something. I got around the problem by downgrading my Screen Sharing to 1.0 which I found on an old computer in the office. The app is dated 10/2007.

I use Screen Sharing to connect to my mini at home when I am at the office or on the road and need to access media. I’ve never had to connect to my work computer because I keep that synced with imap, idisk, svn and git.

FileVault is secure if you keep the door locked

October 1, 2008
I did some research to see exactly how strong encryption is if you use Apple’s FileVault. (Windows has BitLocker).


1. If your laptop is stolen while powered on, if someone has the right hardware they can read your ram and steal all vault passwords. This is unlikely but possible.


2. If your laptop is off they can brute force your password. For a simple 6 character password this would take ~1000 EC2 computing days and cost ~$5,000. A 7 character password would cost $40,000 to break and 8 character $2.5 million. Use lowercase, uppercase, numbers and symbols for the best password protection. You must also use secure virtual memory or passwords will be written to disk.


If you don’t use FileVault nor BitLocker and your laptop is stolen then your bank accounts, your email, your passwords and you are compromised.

E-Commerce Presentation at RailsConf Europe

September 4, 2008

I’m in Berlin right now getting ready to give a presentation on E-Commerce. I’ll be comparing a few credit card payment solutions for rails. Europe has stricter banking rules than in the U.S but I’m hoping I can help some people out.

I created an example site, Rails Vendor, to demonstrate payment options and show some code. You can also see an example of one of our new Rich Media Ads picturing DHH himself.

Fastest CDN to Sacramento

August 27, 2008

I tested content delivery to a server we have at Engine Yard in Sacramento.

We are testing CDN’s for our flash delivery so I tested with a 160kb swf file. Media Temple doesn’t claim to be a CDN but I tested it anyways on it’s budget grid server. Panther and Edgecast are CDNs. I did all testing using apache bench from a slice in Engine Yard cluster EY01. The Intranet test was with content from a slice in their cluster EY02. This was a baseline since the servers are probably only meters from each other. S3’s latency is a big reason we’re looking for a good CDN.

.mac was the surprise contender and they only cost $100 a year. Perhaps we were just geographically lucky. They limit to 100gb a month and we hope to be serving more flash than that so .mac is not a realistic solution. Their consumer agreement is not sufficient as well but in reality neither is S3’s.

I tested 10,000 requests with a concurrency of 10. I repeated the ~4 minute test to make sure numbers were settled. The huge bias was location and perhaps time of day. Tests were done at noon on 8/27/08.

Conclusion: the two CDNs performed better than the non-CDN delivery. This data isn’t fair nor significant enough to rule one CDN better than the other.

Embedded Calendars and Github Trolling

June 7, 2008

I was trolling github to see what kind of calendar projects were out there and found calendar_helper. It looks decent. I would probably use it if I needed to display a simple calendar.

For displaying a rich calendar in html the best solution is of course to use Spongecell’s Monthly Online Calendar:

These calendars can easily be created at Spongecell by creating some events and then getting code for your site. For a dynamic calendar built into your web application these calendars can be modified and created using the Spongecell API. A good open source example of this can be found at Spongewolf.

Github is my new favorite social network. My friends are defined by people watching my projects and the projects I am watching. There’s a lot less trashiness and nudity than on other social networks I try to avoid such as MySpace and LinkedIn.