Mostly Software

  • Friday

    • Coinbase q4 earnings beat EPS 48.53% @3.35, beat rev 25.40% @2.5b.
    • SEO is so important. https://developers.google.com/search/docs/advanced/guidelines/get-started.
    • Top 10 nginx config mistakes: https://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes.
      1. worker_connections, defaults for each worker to have at max 512 connections. Could be a file descriptor managing the client-server connection, could be an FD for a log, could be an FD for a served file, could be many others. But the os limits FDs per process, usually default 1024. Make sure these aren’t in conflict, set worker_rlimit_nofile.
      2. “error_log off” does not disable error logging; it writes error logs to a file called “off”. Pipe to devnull if you want to actually turn off (which you don’t).
      3. When proxying requests to backend servers, nginx by default creates/closes a new connection for each. This can be inefficient (and exhaust all ports in a dos). Include the “keepalive” directive in every “upstream” block.
      4. Remember nested blocks inherit from their parent. If both contain the same directive, the child replaces (doesn’t add). This is confusing with directives like “add_header” – ONLY the childmost will count.
      5. “proxy_buffering” is on by default. Nginx will internally buffer the full response before sending ANY data to the client. You can turn this off, and nginx will start sending data back right away, but the cons almost always outweigh the pros. It will lock nginx up when dealing with slow clients, rate limiting and caching are all impacted, more.
      6. The “if” directive should only be used with “return” and “rewrite” – can segfault when used with others.
      7. Don’t overuse the “health_check” – only once per upstream (proxy_pass) block.
      8. “stub_status” provides great nginx metrics, but also exposes data that can be used to compromise your site. Don’t use this on a location without auth.
      9. “ip_hash” will load balance, but only using the hash of the first 3 octets of the client IP (v4). If all of your clients are in the same /24 cidr block, they won’t be load balanced and will all have the same hash and be sent to the same upstream. Switch “ip_hash” to “hash $binary_remote_addr consistent”.
      10. Create upstream groups. You can share resources, enforce a consistent config, improve performance, more.
    • Even after 20 years of regular computer use, I still find it valuable to sporadically do formal keyboarding exercise. I probably slow from 60wpm/80% to 40wpm/95%, but then normalize to >60wpm with good accuracy. c and x are toughest for me, ring/middle dexterity with left hand.
    • Cert expired on supercontest (autorenew bot should handle this) – will resolve soon.