Berkeley CSUA MOTD:Entry 52764
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/05/24 [General] UID:1000 Activity:popular
5/24    

2009/3/27-4/2 [Computer/SW/Security, Computer/SW/OS/FreeBSD] UID:52764 Activity:nil
3/27    i just want to set up a proxy.  squid is too annoying.  privoxy
        locks too much content down.  any tips ?
        \_ Use ssh's built-in SOCKS server.  On the client, run "ssh -D1080
           proxyhost", and then set your browser to use localhost:1080 as a
           SOCKS proxy.
           \_ best advice. Fuck squid. SSH has everything.
                http://osdir.com/ml/user-groups.ale/2003-03/msg01182.html
        \_ http://seankelly.tv/blog/blogentry.2007-03-02.4768602564
        \_ http://calomel.org/firefox_ssh_proxy.html <--- pretty helpful
2025/05/24 [General] UID:1000 Activity:popular
5/24    

You may also be interested in these entries...
2012/9/24-11/7 [Computer/SW/Languages, Computer/SW/Unix] UID:54484 Activity:nil
9/24    How come changing my shell using ldapmodify (chsh doesn't work) doesn't
        work either? ldapsearch and getent show the new shell but I still get
        the old shell on login.
        \_ Scratch that, it magically took my new shell now. WTF?
           \_ probably nscd(8)
	...
2011/5/19-7/30 [Computer/SW/Security] UID:54110 Activity:nil
5/19    Uh, is anyone still using this? Please mark here if you post and
        haven't added this yet. I'll start:
        \_ person k
        \_ ausman, I check in about once a week.
        \_ erikred, twice a week or so.
        \_ mehlhaff, I login when I actually own my home directory instead of
	...
2009/10/1-21 [Computer/SW/WWW/Browsers] UID:53417 Activity:moderate
10/1    I am thinking of installing firefox on soda under my home directory.
        Will this make me a hozer?
        \_ Possibly. I wonder if we should have another VM for that...btw,
           I remember someone saying they're glad we're not on FreeBSD
           anymore, but last I checked, a bunch of our stuff is on FreeBSD,
           but our login server is not.
	...
2009/3/8-17 [Computer/SW/Unix] UID:52685 Activity:kinda low
3/8     I'm reading about an old exploit where someone used a buffer overflow
        in a printer daemon to get "daemon privileges," which allowed them
        to use another exploit on the mail delivery program to get root.  I'm
        not sure what daemon privileges are.  Is there some set of priveleges
        that most daemons run on that is higher than user but lower than root?
        What are they?  I've never heard this before.
	...
2009/1/2-8 [Computer/HW, Computer/HW/Drives] UID:52310 Activity:low
12/31   SOMEONE PLEASE FIX KEG!  Why does it keep crashing?
        \_ It's hard to tell. The risk of crashing seems to increase with
           disk activity, or so it seems, but debugging the kernel doesn't
           seem to yield much info. Email root for detailed info; I don't
           have a deep understanding of the problem --t
           \_ How about a backup LDAP server? I don't need files as much
	...
2009/1/5-8 [Computer/SW/Unix] UID:52313 Activity:kinda low
1/3     no hurry but do you know of:
        $ chsh
        Password:
        Enter the new value, or press return for the default
         Login Shell [/usr/local/bin/bash]: /bin/zsh
        failed: Insufficient access
	...
2009/1/2 [Computer/SW/Security] UID:52311 Activity:nil
1/1     Is email still down?  My outgoing email seems to be not working.
        Also ssh password login seems to be not working (but certificate works).
        Thanks and Happy New Year.
	...
2008/12/4-10 [Computer/HW/CPU, Computer/HW/Drives] UID:52163 Activity:nil
12/4    A question to you old crufy alumni: So lately we've suggested
        VMs, and been asked why it's necessary. We've suggested top-of-the-line
        hardware and been told we don't need that much power. So I'd like to
        ask -- what exactly do you think the CSUA is supposed to _be_?
        \_ Noone said VMs weren't needed.  They suggested you use the
        \_ No one said VMs weren't needed.  They suggested you use the
	...
2008/11/16-17 [Computer/Networking, Computer/SW/Security, Computer/SW/Unix] UID:51999 Activity:low
11/16   Can I use my SBC Yahoo! DSL login name "xxx@sbcglobal.net" and password
        for the DSL at someone else's home?
        \_ Why don't you try it...
        \_ Don't check your email at your mistress' house.
	...
Cache (8192 bytes)
seankelly.tv/blog/blogentry.2007-03-02.4768602564
Print this page I love calamari, paella loaded with squid, and even ika (squid) sushi. But the Squid cache and HTTP accelerator is off my menu from now on. com, and helping out the websites of various local interests, I've also been doing some work for a major online magazine for home theater. I've never been involved with high-volume sites before, and so it's been a hugely educational experience. Squid proxy and HTTP accelerator is generally considered some of the "best practice" when it comes to high volume web sites. Your CMS may spend a lot of time compositing a page, but once it's all assembled it doesn't change all that much. Sure, the little "portlets" on the sides may be updated, but the meat of the page is still the same, and so caching the assembled page for a hungry web audience to consume via direct-from-cache-to-browser is a good idea. And if not Squid, then there's always Apache's mod_proxy, or even a combination of Squid and Apache. That was until the site tried to go live, several times, with the Squid setup--only to find that its confounding configuration and impenetrable log files showed that it was doing almost no good. It also refused to do round-robin upstream requests to multiple Zope servers after the site decided to make some major hardware investments. Now, I'm generally a patient person, and many of my colleagues know just how much I'll put into banging my head against a configuration file to get something working. With Squid, though, I feel as though I was literally wrestling with a giant leviathan from the deep, a massive monster of a squid risen up from oceanic depths to do battle with me, balancing futilely from a tiny little dinghy rocked upon angry waves. My bruised and battered body, covered in welts from the beast's suction cups, washed up on some lost shore. Never heard of it--which isn't saying much for the names of open source software packages, which have given up on even providing the tiniest hints of what their function might be. Consider: Siege (a regression test system), Spring (web application framework), Scarab (issue tracker), Cantus (media file tagger), Elektra Initiative (key/value pair framework), Cactus (test framework), Azureus (P2P client), Fink (Mac package framework) and so forth. And not just by default--it's lightyears ahead of Squid. Now, Squid certainly tries to be a lot more than an HTTP accelerator, which is all I wanted for this client, so I should forgive it that. Except that in trying to do so many things--outgoing web proxy, FTP proxy, transparent proxy, load balancer, and reverse proxy--it made it really hard to do just the one task that I needed it to do. Squid also comes with a default configuration file that weighs in at over 4000 lines. Granted, there's a lot of documentation in that file, but it's essentially an embedded man page; strip out all the comments and it's still over 250 lines of configuration. Worse, the past stable version 24, and the current development version, 30, both have good online documentation. Are you supposed to surf the bleeding edge or be mired in the past with Squid? Lastly, Squid, despite my own lame attempts at configuration and an expert's corrections, is just slow. Squid, when acting as reverse-proxy HTTP accelerator, takes an incoming request for a page and sees if it already has it in its memory cache or disk cache. If it's in neither location, it'll ask its upstream content management system to compose the page, at which point it'll cache it in memory in the optimistic hope that someone else will request it again soon. If, after awhile, there are no other requests for it, it'll write it off to disk for the less optimistic case that some request will come in later. Sadly, this strategy effectively defeats the whole point of demand-paged virtual memory provided by modern operating systems. It's an operating system's job to abstract out memory so that an application doesn't have to worry about it. Squid, in actively worrying about it, ruins the operating system's ability to give the application any edge. Take the case where Squid has an object cached in memory--and the operating system sees that the memory page hasn't been referenced in awhile before Squid notices. The operating system transparently and without Squid's knowledge pages it out to disk. Then Squid's timers go off and it decides to write that same object out to disk. It forces the operating system to page it back into memory only so that Squid itself can write it back out to disk! Modern Unix operating systems have the mmap system call which makes such shenanigans totally unnecessary. Varnish instead just maps into memory a huge disk file and treats it as cache. It's the OS's job to manage that and it does just fine, whether you're on Linux, FreeBSD, or otherwise. Squid's disk cache consists of hundreds of files in dozens of subdirectories, forcing the disk subsystem to do dozens of cartwheels to track inodes, disk pages, and other metadata. Varnish's cache is just a big chunk of a file which you can preallocate with dd, minimizing fragmentation, maximizing speed. Look at what else Squid does that's slow and back-asswards: Squid takes the configuration file and uses it to set all sorts of conditions in memory whose codeways must be traversed in order to figure out what to do. Varnish takes its configuration and compiles it at launch time into executable machine code! Squid logs to files, causing disk I/O virtually all the time. I've seen this technique once before, when I worked for a company that made commercial-grade digital video servers. We had two of the core team from FreeBSD working there, and they used the same technique: logging was absolutely vital in debugging that system, and yet it was lighter than the breath of a fairy. I guess it's no wonder that the principal architect of Varnish is yet another FreeBSD core team member: Poul-Henning Kamp. fuck, I learned here more in 5 minutes then in those 2 years at my present job Reply So, is it working? I would love to see this turn into a contribution to the cachefu configs. In fact, despite Runyaga's encouragement to discredit Squid I held off and gave it a number of additional honest chances. In the end, Squid came by my opinion of it completely fairly and honestly, no monetary exchange at all. If so, got some suggestions for Mac-specific installation and configuration? Yes, it has most of the plumbing necessary (memory mapping, dynamic generation, various timers), but there are a few components that are either different or missing to make it an easy reality. I'm all for writing a blog saying that you found Varnish to be better than Squid for what you are trying to accomplish, but FUCK SQUID? PS - Your join link seems to go to your login page, so I can't join. I've amended my posting now that I'm wearing a more level head. I guess I should call myself lucky to have so much work that I can't work on my own site! I worked with a site that had each reverse proxy with 8GB of RAM and little swap. The reason was that if we went into swap the game was over anyway. with an alternative tuning of 30 minutes for hot-release days when if a file wasnt in memory for that long it wasnt going to be seen that day. Now the site actually has its reverse proxies using something like 32GB of ram on x86_64 as the main targets are ISOs and large files. I would love to try and take down a kraken Smooge Reply Virtual Hosting? Anyway, we need to do virtual hosting with the VHMonster product; using Squid this was accomplished by a redirector application (typically Squirm or iredir) where you could set rules for (sub-)domain matching very elegantly by regular expressions. conf via backend definitions and a sub vcl_recv routine. The mappings tab had been invisible to me because for some reason the 'AddSiteRoor# permission was checked off. Now I'll figure out how to get proper statistics because logging is also handled differently by varnish. It is heavily customised and there are certain components that are triggered on each page view that are sub-optimal from a Plone performance point of view, but are necessary from a business requirements point...