Everybody Staze…

Using the wonder that is a personal website, I’m spending today working on optimizing page load times on my site. I’m already ran my theme images through smush.it, and am now working on hosting static files on a non-cookied domain.

This is a test image:

Better rewrite code: here dealing with better mod_rewrite code for a wordpress permalink site, is, amazing.

It significantly sped up this site, and I’m planning to implement it on a couple other sites tomorrow at work.

Also of note, I do a fair amount of post revisions, which added up to about 600 or so revisions in wordpress. That can really slow down a site. So, I ran a nice plugin (though the “copy” on the wordpress site is HORRIBLE) called Delete-Revision that really helped speed up things (in addition to the above).

Sweet!

Links of Interest:

• http://storecrowd.com/blog/wordpress-optimisation/
• http://www.askapache.com/htaccess/mod_rewrite-tips-and-tricks.html

Update: So, I got my site up to an “A” score (90 points) on YSlow. The main problems were that for some reason, js files weren’t being compressed, I didn’t have ETags configured, and I needed to get Expires Headers working. They are now working. When I started, my score was in the 70′s. As for Google PageSpeed, I’m at a 95/100. For the longest time, I couldn’t get cookies to not cross domains. Turns out, hidden in the google docks here, I had to set the setDomainName to “None” to disable cross subdomain tracking. Since I got that fixed, google is bitching about parallelizing downloads. So, I’ll have to work on that a bit more. Might set up a rewritemap to randomly rewrite requests to static content to various aliases of my static subdomain… we’ll have to see if this works. =/

This entry is going to be one I come back to, or at least post multiple parts for, because AD/OD integration, while easy, can’t be considered trivial. This first part will just cover what the scope is, and how we can get to where we want.

At this point, all I have tried is basic integration and testing with PHDs (Portable Home Directories).

Basically, campus just brought up a new AD forest that is well designed, and centrally managed from the top, and rights given to each organization to manage their OU’s. Students exist at the top of the directory, and are not assigned to any lower level OU (because they can (and do) take classes from different units). Employees all exist within specific OUs (who employs them).

Initial testing was done when the AD was being designed on whether or not to extend the schema to include the Apple attributes. Turned out, it wasn’t going to work, because rights cannot be given to OU admins to assign schema attributes for accounts not in their OU (e.g. students).

So, currently, every term, we take a dump of the campus student “database” and find all the students that are taking classes within our unit. We then limit it down to just the uniques, run that through a program called Passenger and then take that output, and import it into WGM.

Read more…

Working on my site a bit today, I noticed that my recent install of “Broken Link Checker” was not functional. Turns out that it was throwing a ton of errors about the DB tables not existing. And indeed, they didn’t. I do a bit of digging, and find that at some point, probably for security sake, I had removed the “Grant” and “Drop” privileges from my WP site user. Once I added those, then reinstalled the plugin, it created the tables, and worked fine.

Second, I couldn’t modify my sidebar widgets. After some messing around, I found that it was due to my modifying my .htaccess file with some content from perishablepress.com. After removing chunks, then adding them back, I found it had to do with this line:

RewriteCond %{QUERY_STRING} ^.*(request|insert|union|declare|drop).* [NC]

Which was blocking the ajax functionality of the page. =/ I’m sure I could modify it a bit to allow these query strings from certain subnets, but it was just easier to remove it. *shrugs*

I’ll probably re-enable that line when I don’t need to modify the sidebar anymore… but for now, it works.

That’s all. Think I’m going to go out and see about replacing the HID bulbs on my 07 Prius.

This week, I discovered a bug with NTP in 10.6 that was preventing NTP from syncing on my servers at work. So, their times were all over the place. The worst being about 5 minutes off from another (one was 2 minutes fast, the other was 3 minutes slow). While I don’t use Kerberos, this time difference could have been enough for things to get out of wack.

So, what was the bug? Basically, ntp doesn’t pay attention to whether IPv6 is available or not, and if AAAA records are available for the NTP server you’re using, and IPv6 is disabled, NTP will fail, and never sync. So, let me explain a bit more.

First, get a 10.6 box up and going, on a network that supports IPv6. This might be a bit of a problem for some, but…
Next, disable IPv6 on the 10.6 box.
Now, try something like an ntptrace against an NTP server that has both IPv4 and IPv6 information in DNS.

Watch ntptrace die with:

ntpq: connect: No route to host
ntpq -n -c rv ntp.example.com failed at /usr/sbin/ntptrace line 39.

So now, try an ntptrace against the IPv4 address that ntp.example.com resolves to. Works doesn’t it! Next, try ntptrace against a NTP server that doesn’t have an AAAA record. It also works.

I reported this bug to Apple as 7858336, and within a couple hours, I got back a response saying it was a duplicate of 6736177. So, I’m not the first to find this issue. My hope is that it’s a bug with ntptools only, and not something larger (like the whole dns resolution system). But, I haven’t found anything else that exhibits this problem.

So, for now, I’ve changed my NTP settings to hit against a “hidden” ntp server on campus that doesn’t have an AAAA record. Hopefully this issue will be resolved with 10.6.4, because this certainly is an issue for organizations that are trying to be IPv6 friendly.

As for the question of why I’ve got IPv6 disabled? It traditionally hasn’t gotten along with Xsan. So, it’s off. Simple as that.

Oh, and it seems time.apple.com (the default NTP server for 10.6 (that at least 10.5 before that) systems) doesn’t have any IPv6 info, so it works just fine.

Double “oh”… if you don’t know how to check to see if your time server has an AAAA record, just do this in terminal:

`dig aaaa ntp.example.com` (where ntp.example.com is the server in question).

Good luck, and let’s all hope Apple gets this fixed.

My favorite XKCD, probably ever.