High Availability Web Services Using HAProxy

I was recently tasked with increasing the up time of my employer's main Web site. The site uses a content management system that lives on two Windows/IIS servers. (I know, the system was purchased before I was hired.) One server is for making changes to content (design-time server) and the other is the public web site (run-time server). The design-time server has a complete copy of the site which is replicated to the run-time server. Unfortunately the run-time server has a habit of refusing to serve pages at the most inopportune times, usually when I'm on vacation or somewhere without a computer.

Butt Kicking Chair

A couple of years ago I was sitting in one of those mind numbing meetings about stupid users or some such thing when I began to doodle and hit upon an idea. Wouldn't it be cool if all of our users sat in specially designed (or retrofitted) chairs that were capable of producing a shot to the sitter's posterior. The idea called for a chair, a boot, a lever, an actuator, a small computer with a network connection (wired or wireless), and some custom software. The computer would provide a network interface that would allow an administrator or help desk person to send a request to the chair and the person sitting in it would get a single kick in the pants. The idea for the interface later morphed into a web page and/or XML-RPC interface that listened to requests from authorized administrators which would trigger the butt kicking as well as various presets (single kick, small whooping, smack down, death by boot, etc).


Kernux is a fully kernel-mode http-daemon for Linux. Currently Kernux is in it's developing stage. Similiar developments in the same area were khttpd by Arjan van de van and Tux web-server by Ingo Molnar. Khttpd was included in the linux testing kernel 2.5 by Linus Torvalds. But it was actually not in kernel-mode of operation. Also it handled dynamic requests which is assumed to be insecure for the server OS by the Linux kernel developers. Tux is another implementation of kernel mode http-daemon, being developed by RedHat. The developer is Ingo Molnar, the creator of O(n) scheduler, which control the procsses from Linux kernel version 7.2 onwards.

Java Password Strength Check

How do you insure your users passwords meet required standards?
For a front end HTML solution to strong password checking see Steve's Javascript example.
On the Java server side or from the command line take a look at PasswordCheck. This code extends Steve's script onto the server side allowing pre-defined rules to determine pass or fail strength checking before the user's password is stored to the database, LDAP or other directory server. Open source licensed.

Sending Cache-control Headers Using Apache 2.x and mod_expires

About a year ago I wrote about how use mod_header with Apache 1.3x to send Cache-control headers. It worked so well that I want to configure my Apache 2.x servers to send the same headers. It's even simpler with Apache 2.x since mod_expires is included in most default installs. Here's what I did.

I added a configuration directive for the main server configuration (inside the Directory block) which sends the Cache-control header for common graphics.

Mitigate the risks of a stolen laptop

Think about it for a second. What would you loose if someone stole your laptop (or desktop) computer? What kind of damage could be done to you with the information retrieved from your laptop? The theft of a computer brings with it all the problems associated with a failed hard drive plus the added risks of the data on the drive being out of your control and potentially used by an unauthorized person for things that are likely to impact you negatively. Risk Overview:
  • Loss of computer hardware (laptop)
  • Loss of control of stored data
    • credit card numbers

Javascript Password Strength Meter

What makes a strong password? This quick and dirty password strength meter is meant to help users learn how to create stronger passwords. Because it's written in Javascript the password is never sent over the network. Feel free to audit the code and recommend some better regular expressions, weightings, or bug fixes by submitting a comment.

NOTE: This was meant as a quick and dirty educational tool. It served my purposes many years ago. If you want to make it better please submit a comment with a patch or some type of improvement. Other than that I'm going to ignore comments like, "I put in XYZ password at it said it was weak, strong, whatever."