Bees With Machine Guns!

beesThat’s a funny name for a very nice tool. It spawns a number of EC2 instances in region US-East-1 and starts load testing a predefined URL with Apachebench.

All you need is:

  • A EC2 account
  • A Keypair, stored under ~/.ssh/keypair.pem
  • An availability zone “public” with SSH access allowed

Install the tool with

and start having fun. Please keep in mind to shut down all EC2 instances after the test to avoid high bills.

Get the sources and docs on GitHub.

Links for 19.01.2015

Today’s post is all about performance testing websites. PhantomJS is doing a great job here.

AngularJS – Perceived Performance: In a traditional page, measuring the page performance is quite easy; a request is made, the server responds with some HTML and the browser renders it. Done. In a Single Page Application, things get trickier.

YSlow for PhantomJS: PhantomJS is a headless WebKit with JavaScript API. YSlow for PhantomJS is a command line script that allows page performance analysis from live URLs, unlike YSlow for Command Line (HAR) where a pre-generated HAR file is needed in order to analyze page performance. – Tags: performancetesting

collectd – The system statistics collection daemon: collectd gathers statistics about the system it is running on and stores this information. Those statistics can then be used to find current performance bottlenecks (i.e. performance analysis) and predict future system load (i.e. capacity planning).

BigQueri.es – Tags: performancetesting

HTTP Archive: The HTTP Archive tracks how the Web is built. – Tags: performancetesting

Links for 08.01.2015

HTTP/2.0 — The IETF is Phoning It In: Good article about the issues with the HTTP/2.0 spec.

HOWTO setup your very own Jabber server…: Nice howto. I am also reachable via Jabber now 🙂

Hyperfox – HTTP and HTTPs Recording: MITM-Proxy for HTTP debugging. Hyperfox is capable of forging SSL certificates on the fly using a root CA certificate and its corresponding key (both provided by the user). If the target machine recognizes the root CA as trusted, then HTTPs traffic can be succesfully intercepted and recorded. – by CyberPunk

sametmax/0bin · GitHub: 0bin allows anybody to host a pastebin while welcoming any type of content to be pasted in it. The idea is that one can (probably…) not be legally entitled to moderate the pastebin content as he/she has no way to decrypt it.

Bug: .NET WebBrowserControl switches User-Agent headers when using XMLHttpRequest in compatibility view

Microsoft .NET supplies a WebBrowserControl that can be used to integrate web browser functionality into a windows application.

During the last days I learned some weird stuff about this component, especially regarding user agent HTTP headers.
Continue reading “Bug: .NET WebBrowserControl switches User-Agent headers when using XMLHttpRequest in compatibility view”

Links for 10.12.2014

The POODLE bites again (08 Dec 2014): October’s POODLE attack affected CBC-mode cipher suites in SSLv3 due to SSLv3’s under-specification of the contents of the CBC padding bytes. Since SSLv3 didn’t say what the padding bytes should be, implementations couldn’t check them and that opened SSLv3 up to an oracle attack.

musicForProgramming();: Some nice tracks for concentration

Wickr’s self-destructing secure messages are now on OS X, Windows and Linux: The Wickr mobile apps for iOS and Android are known for incredibly secure messaging that feature a self-destruct option for text, images and videos. Now those messages are available on your desktop. – by Roberto Baldwin

The astonishing rise of Angela Merkel, the most powerful woman in the world.: A summer afternoon at the Reichstag. Soft Berlin light filters down through the great glass dome, past tourists ascending the spiral ramp, and into the main hall of parliament. Half the members’ seats are empty. – by John Lanchester, George Packer

Mantis: Netflix’s Event Stream Processing System: Another great techonolgy by Netflix – by Danny Yuan