DevCentral Top5 04/14/2012
Given the time and my unabashed geekery for all things comic related, especially Batman-esque, I feel the burning need to make some sort of "Dark Knight" joke here, but I'll refrain. That kind of thing would drive readers batty, and I just don't have any desire to come off as a Joker. Here's where you groan...all together now. All right, now that that's out of my system...we've got lots of goodness to get to. The ninjas and pirates (we're diverse like that) that keep things running out in DevCentral land have been hard at work putting together a host of content that shouldn't be missed. Let's get right to it with my Top5 picks for the week: 1024 Words: 1000 Posts https://devcentral.f5.com/s/weblogs/macvittie/archive/2012/04/11/1024-words-1000-posts.aspx First and foremost, I'd like to take a moment to congratulate a truly prolific contributor to DevCentral. Lori MacVittie has reached the 1000 blog post mark on DevCentral, and to me, that is definitely Top5 worthy. She blew past that number, in fact, but this is the first chance I've had to call it out. Not only is this a DC first, and momentous for that reason, but it's also a showing of a truly massive outpouring of content to continue engaging and bettering the community. Ironically her post is most a big thank you to her readers (spoiler alert...wait, I think I did that wrong), and I want to thank her here...but I can handle a little irony from time to time. Go take a look, browse through some of her old posts, and drop a thank you from all of us to her for doing what she does. iControl Guru Panel - A "Pi" Day Webcast With iControl Gurus https://devcentral.f5.com/s/weblogs/dctv/archive/2012/03/14/icontrol-guru-panel-a-quotpiquot-day-webcast-with-icontrol.aspx I've been remiss in mentioning the Guru panels that we've done on DevCentral! So swept up with the other content was I that I forgot to call out this cool new thing that is happening on an internet near you. Available now is the growing series of Guru Panels that we here on the DC team have been cooking up. It started way back when with the iApp Guru panel, then came iRules, and most recently iControl. So what is a Guru panel you ask? A guru panel is where we get together a couple of experts on a given topic, sit down in front of a camera, have a dialog, and ask the community to feed us questions to answer. What usually comes out is a lively discussion that ranges from the kiddy pool with water wings to a half gainer from the high dive, with plenty of history, commentary and anecdotes along the way. These are a great way to get an infusion of knowledge about a particular subject, or to see what the community is up to and curious about. Whatever your reason, they're informational, low key and fully community driven. That's a good combo any way you slice it. Take a look and keep an eye out for future Guru panels. I know there's a security one right around the corner, so keep a sharp watch for more info. Perl example of deploying an iApp application service https://devcentral.f5.com/s/wiki/iControl.Perl-example-of-deploying-an-iApp-application-service.ashx I don't often call out specific CodeShare entries here in the Top5. That's not because there aren't awesome things being added to the CodeShare all the time (hint: there are), it's more because there is usually just so much stuff to go through I can't even get to it all. This week, however, one of the engineers here in one of F5's Skunk Works style teams swung by my desk to ask where to post a particular code sample. He wanted to post an example written in Perl, using iControl, to deploy an iApp. I'm going to repeat that, because that is the kind of thing that bears repeating. Perl -> iControl -> iApp. That's like...a trifecta. If he had told me the iApp was then used to deploy or manage iRules, I think I may have shed a tear of joy and built a shrine in reverence. Regardless, this is a pretty wicked example of combining F5 technologies and making them work for you in an automated fashion. It also happens to touch on some of my favorite bits in the system, which may or may not have played partially into my decision to include this post here. Perhaps. Possibly. It's cool, I promise! Check it out and be impressed, I was. Freedom vs. Control https://devcentral.f5.com/s/weblogs/psilva/archive/2012/04/11/freedom-vs.-control.aspx Pete Silva delivers an interesting read this week in the form of a dilemma of sorts: Freedom vs. Control. We're not talking about political power struggles here, we're talking about corporate security policies and how they are in a pinch when trying to deliver the right balance of both. With an increase in mobile devices, the BYOD trend continuing to rise, and the proliferation of platforms outside of IT's direct control, it would seem that confidence is waning in regards to which devices are actually accessing business resources. If many companies can't even be sure of which devices are accessing apps, then how are they going to balance their security measures appropriately? It's a bit of a vexing question to be sure, and Pete digs into a bit more in this post. Take a look and see what you think. Your guess is as good as mine on this one, but it's definitely something to be thinking about, and the sooner the better, especially for those of you that may be responsible for implementing or tuning such policies. Stripping EXIF From Images as a Security Measure https://devcentral.f5.com/s/weblogs/macvittie/archive/2012/04/09/stripping-exif-from-images-as-a-security-measure.aspx Do you know what an Exif tag is? Let me save you the trouble, here's what Wikipedia will tell you: "Exchangeable image file format (Exif) is a standard that specifies the formats for images, sound, and ancillary tags used by digital cameras (including smartphones), scanners and other systems handling image and sound files recorded by digital cameras." So what does that mean, and why is that a security risk? Well, digging a little deeper you'll quickly find out that one of the tags included in the Exif info of many pictures these days stores geolocation data. Why do you care about geolocation info on your photos? Well, what about the photos you're taking of your house, car, personal jet-pack or other such sundry goods with your GPS enabled smart phone that all now have the exact GPS coordinates of where said images were taken embedded in them? Those photos you posted to that everyone on the tubes can now see detailing the amazing new widget you bought? Yeah, it also might contain the exact location of said widget, for someone who is looking deep enough. Does this sound like a security issue to you yet? It does to me. Lori digs into it in a lot more detail and depicts a possible solution in this post. This is becoming massively prevalent and could be a serious concern in some cases...this one is definitely worth the time to read. There you have it my intrepid friends, another 5 goodies from the DevCentral realm to tide you over until next time. Enjoy! #Colin P.S. This may be the first Top5 in history without an iRules specific post. P.P.S. Don't count on that becoming a trend. I haven't given up the faith.DevCentral Top5 6/27/2011
As rare as the Hippocampus and as fleeting as the Pegasus, this special Monday edition of the Top5 is brought to you by "too much to get done on Friday"(tm). Think of it as a bonus edition though, not delayed, as this Top5 comes bearing wondrous gifts from around DevCentral. From iRules Challenges to MVP contributed Tech Tips to a special 20LoL and more, the community has borne deliciously geeky fruit of all manner the past weeks. So much so in fact that the bounty could not possibly be contained within this abbreviated format. Even still, I feel that the five I've chosen are worthy, and I hope you enjoy this week's Top 5: iRules Challenge #4 Results: Contemplating Context http://bit.ly/mjvwAx Every time I get the joy of participating in one of these FSE iRules Challenges I have a blast, but I'm also repeatedly blown away by the abilities of these new recruits. Not only are these people new to F5, but many have no scripting background whatsoever. If that weren't enough, while here in boot camp they're receiving a massive amount of information to process and imbibe every day. Given only their spare time to work on the iRule for the challenge, it's impressive that they even complete an iRule. Despite all of that, however, they somehow persevere and submit awesome entries, every time. This particular challenge was a doozy from the "What the heck did he just ask us to do?" stand point. A brief 20 minutes of questions goes by pretty fast when they're trying to formulate a plan and figure out what the heck they need to know. In spite of the intentionally confusing challenge some strong results cropped up, and I'm looking forward to the next challenge. Well played, one and all. BIG-IP and Merge File Configuration Changes http://bit.ly/iKWcVA Whenever a DevCentral MVP steps up to the plate, watch the fences for the outcome. Michael Yates continued the trend of awesome MVP contributions with his Tech Tip detailing how to make use of the a Merge File to make non disruptive changes to your BIG-IP's config. In a high throughput environment where downtime isn't an option, sometimes even largely simple changes can be a no-go if they cause even a brief hiccup in traffic while the config re-loads. With a merge file you can avoid that interruption, assuming the change itself doesn't cause one (I.E. things like removing a pool or pool member will always cause an interruption, even with a merge file). I get the feeling that this handy technique is something that many other users will be able to benefit from, in part thanks to the solid document Michael has put together to educate future BIG-IP experts. MVP indeed, well earned Michael and thanks for the contribution. BIG-IP APM-Customized Logon Page http://bit.ly/kEJrJe While APM offers some impressive power and inspection capabilities, let's be honest about the default login page: it's basic. Not bad basic, mind you, just simple and functional basic without a lot of bells and whistles that you don't need anyway. Why don't you need them? I'm glad you asked. You don't need our bells and whistles on your APM default login page because it is designed with the concept in mind that you will be adding your very own bells, whistles and any other doo-dads you see fit via customization. The login page is completely under your control. Whether you want to statically alter it, do away with it or like in Jason's fine example here, set up some automation around the way that it's customized via iRules fu, the choice is yours. In this example Jason is displaying how you can combine APM configuration options with a little iRules know how to get a powerful, dynamic result. Take a look for yourself for the details. F5 Friday: Performance, Throughput and DPS http://bit.ly/la6wsA Lori found a topic last week for her F5 Friday post that resonated so clearly with me that it would have been beyond the power of my will to refrain from adding it here today: DPS vs. Performance vs. Throughput. Now I admit that as a reformed WoW aficionado when I first saw DPS I was confused as to how it was applicable here, but the DPS of which Lori speaks is in fact Decisions Per Second. When dealing with metrics in an application world, how much do you really want to measure network throughput or the number of TCP transactions the network was able to set up and tear down in a given time period? These things are not directly applicable to the application, the way it behaves, what portion of the application's decision making chores have been offloaded to the network in one way or another, etc. What you really want to know, or likely should if you don't, is how many decisions per second are occurring and where. Just how much heavy lifting - application lifting that is - is your network really doing? If you aren't sure, maybe you should be. This is a great topic for discussion, though I warn that it may grow heated as you involve the different groups necessary to gauge this slippery concept. I'm not saying that throughput or TPS or whatever other metrics you're used to looking at are bad or shouldn't be reported, that would be asinine. I'm merely saying, thanks to Lori's unintentional prodding, that you should probably start looking at DPS as well to see where the real work is being done, and how to best tweak that. This one is worth a read for sure to get more depth. 20 Lines or Less #50: iRules Challenge Round-up http://bit.ly/mPqMbN Last on the page but first in my heart, I bring to you the (marginally) momentous 50th installment of the 20 Lines or Less series. This series has been running for 3+ years now, and I enjoy it every single time I get to take the time to write it. It's a pleasure sharing the awesome code snippets produced by the community, our engineers, the DC team and sometimes even by me. With over 150 examples of how iRules can provide serious power in under 21 lines of code, clearly no one could refute the benefit iRules bring to the table if they would but take a few minutes to browse through this series and see the proverbial rabbits being pulled out of hats by F5 users worldwide. For this 50th edition I shared my solutions to three of the iRules Challenges that have been issued so far. 50 down and I'm just getting started, so stay tuned for many more, and thanks for reading. That'll do it for this (last) week's DC Top5. As always thanks for playing and let me know if you've got any feedback, questions or contributions. Until then... #ColinDevCentral Top5 12/10/2010
It’s Friday! Your work week is wrapping up (most of you, anyway) or perhaps it’s even over already, depending on your time zone. You’re looking forward to your weekend and trying to wrap up the last few loose ends at work to get yourself set up for a solid Monday. One of those things should be this week’s Top 5. With the 5 coolest things to grace DevCentral this week in hand, you can go spread the good word about how cool this stuff is to anyone that will listen. Well, that’s what I do, anyway. You do with it what you will, but here it is just the same: Talking Microsoft Lync Server Availability and Scalability http://bit.ly/ifbSfw This week we got to sit down, albeit some of us virtually, with part of the Microsoft team here at F5 and talk about Microsoft Lync Server. Honestly, we let them do most of the talking, which was good because they really knew their stuff. They talked about how to design deployments, how to ensure things are stable while scaling or optimally available despite the unexpected occurring, etc. Jeff’s blog post does a good job of detailing the conversations' bullet points as well as providing some links to follow to read more. The real reason it’s on the list though is that we recorded the live stream, complete with the F5 Microsoft folks taking questions from users via chat and answering them, and it was some good stuff. Take a peek. F5 Friday: F5 ARX Cloud Extender Opens Cloud Storage http://bit.ly/gtMHhz I’m not one to talk about the cloud all that much, generally speaking. It’s there, I realize it’s there and that companies are dealing with it more and more, but frankly there are enough people talking about it that I leave it to them to dish out all the necessary info to keep you abreast. People like Lori and, in this case since it’s dealing with storage as well, Don, are great at exactly that. In this joint post they talk about cloud based storage, why it’s designed horribly from the ground up, at least from the standpoint of someone trying to attach to it via conventional means is concerned, and how a cloud extender can help solve that problem. It’s pretty interesting stuff, honestly, even for cloud talk. Take a look and see if you can help your company save some time, money, energy or any combination thereof by getting them connected to cloud based storage easily. DevCentral Weekly Podcast 157 – Security and Some Free Beer http://bit.ly/ex9bUw We do the DC podcast every Thursday (at 2PM PST for those that might want to tune in) so it’s not normally something that I report on here unless there is something particularly interesting that crops up. It just so happens that this is such a week. We were lucky enough to wrangle not one, not two, but three, yes count them three F5 security types (Andy Oehler, Chris Webber, and Jonathan George) to hang out with us on the podcast this week. We talked about, as you might imagine, security. More specifically we talked about the new consolidated security group on DevCentral, how security is a moving target and continues to change with technology and the pressures being applied via standards and new requirements, and a whole lot more. We kind of squeezed a couple DevCentral topics in there at the end, but the meaty bits, the part with the guests who know their stuff, is right there at the front. Take a listen/look and see what these guys had to say about the security world from their perspective. Java iControl Objects – Networking SelfIP http://bit.ly/f9CWSF You can always count on Joe to dish out some smooth, refreshing, less filling iControl goodness, and that’s precisely what he’s done again here. It’s straight-forward, it’s detailed, it contains chunky chunks of code and it shows you how to set up a self IP on your F5 device via iControl, this tech tip has it all. It also illustrates something that could come in quite handy if you’re in the “I need to configure a bunch of boxes but don’t want to log into each one and manually make the changes” setting that some people are in more than they care to speak of. If you’re into that whole iControl thing, and I know I am, then definitely take a look. Heck, even if you’re not using iControl this series is a solid one, and there’s no time like the present to dive in. 20 Lines or Less #42 – Secret list … OF DOOM http://bit.ly/e0NM2X Always last, but never least, the 20 Lines or Less is back yet again, bringing you three tasty morsels of iRules goodness in so few lines of code that they could safely travel under the speed limit in most US states. This week I’ve got a follow up from a post reaching way back that shows how a user eventually got in-line payload matching working to replace password data, some selective HTTP/HTTPS redirection on a single virtual, and a sweet bit of iRuling from our friendly FSEs that shows off how to perform some very handy rate limiting using the table command. All of these are cool examples, and weigh in at less than 21 lines of code each, which means anyone could grab them and get started right away. Maybe you’d rather tweak them to better suit your needs, either way is fine by me, just check them out, they’re cool. The last example is so cool in fact that I’m breaking it down into a full tech tip for Monday, in a wicked cool new style that Jason and I have been talking about. But that’s Monday, for now, take a look and check out some cool iRules. There you have it, my favorite five from DevCentral this week. Be back next week for more, and as always, drop me a line if you have any comments, questions, suggestions or feedback of any sort. #ColinDevCentral Top5 12/03/2010
After another few blazingly fast weeks in the DevCentral world, I’m back with another injection of wicked cool topics from DC land. From upgrades to slick iRules to Australian escapades, to holidays, there has been much afoot as always, and there is much goodness to report on. With that, let’s get right to this week’s Top 5: SSL Profiles Part 3: Certificate Chain Implementation http://bit.ly/eAfvMW Jason is three parts into his amazing SSL Profiles series already, and I’m a major fan. In this series he’s tearing open the protocol and describing exactly how it works, what to expect, how to tune for it, and perhaps most importantly how to configure and administer your F5 systems to deal with it effectively. This “from the ground up” approach is not only extremely helpful and educational, it’s inspiring. Keep an eye out for more articles from Jason (and I’m wagering the rest of the team) in this killer style. Go, read, prosper. iControl 101 #23 – Module Resource Provisioning http://bit.ly/hDZ7Ok Up to his usual iControl tricks, Joe walks you through a less-known but plenty cool BIG-IP feature: Module Resource Provisioning. “But what is Module Resource Provisioning” you ask? Well, it’s the ability to change the allocation of resources given to each of the modules running on your F5 device. Say you want to give that ASM module a little more memory, or convince WA to use a little less disk space…this how you can do just that. And with Joe’s help, you can do it via iControl in a snap. A system that can automatically scale the resources allocated to suit the needs of a given application (module, in this case) … if only there were a name for that. Something stretchy or fluffy or…something. Mitigating Slow HTTP Post DDoS Attacks With iRules – Follow-up http://bit.ly/e7n63I George posted an update to the already very cool iRule he shared last month to thwart incoming Slow Post attacks. With this update he shared a couple of tweaks built into the iRule by the community and the man himself, hoolio, to work around a couple gotchas in the original example. This is still a sweet fix for a possibly disastrous attack, but now with more hawesome! So take a look for yourself, especially if you’re already using the older version. Most Human Viruses are obvious http://bit.ly/hvGfDM In this interesting comparison between a common cold and a computer virus Don talks about one very important difference between the two: visibility. Computer viruses are, many times, something that you can’t lay your eyes on at all until it’s far too late. By the time the first symptom is displayed, your entire system (or network) is infected. The CPU spiking like that isn’t a good thing, chief, and it means you’re late to the party trying to stop the problem. Much like any illness, solving symptoms of the problem won’t solve the core of the issue, but unlike humans that tend to remedy themselves when given enough rest, computers demand much more attention, not to mention attention to detail. Take a read and give it some thought, it’s worth a few minutes of pondering for sure. The Database Tier is Not Elastic http://bit.ly/g3FCSU This article hits close to home for plenty of reasons. I’ve been working with DBs for quite some time, as has anyone that’s been dealing with applications for a while. I’ve also been dealing with distributed applications on the web in one manner or another for quite a while. Trying to deal with both of those concepts, databases and distributed applications, working together can be quite a headache. Lori delves into why, and puts things into perspective when talking about the cloud as well as just internally distributed apps. I agree with her general slant: Until we can truly distribute the DB layer, we’re always going to have a bottleneck. It’s an interesting one to start thinking about. This one was a good read and still has me churning on how we can help deal with that, and what the industry at large is going to do down this avenue. Well there it is, your DevCentral Top5 for the week. I’ll be back next week (yes, actually next week, as long as there are now freak occurrences of snow, holidays, illnesses, last minute international trips, etc.) with more awesome DC content for your enjoyment. Until then, keep browsing and feel free to drop me a line if you have any questions, comments or feedback. #ColinDevCentral Top5 5/21/2010
Phew! Having DC5 successfully out the door, I'm happy to resume my regularly scheduled programming. I'm back, bringing you my Top5 picks off of DevCentral every week. I'll help you sort through the content pouring across the (now new and improved!) site and offer you a few things that you should definitely check out. It's good to see that the content has still been chugging away even while the team was heads down working on the new site improvements. A big thanks to the awesome community and the extended DC team folks (Lori, Pete and co.) for keeping the lights on. Now that I'm back at it, though, allow me to offer you this week's DC Top5: Network Optimization Won’t Fix Application Performance in the Cloud http://devcentral.f5.com/s/weblogs/macvittie/archive/2010/05/20/network-optimization-wonrsquot-fix-application-performance-in-the-cloud.aspx In her blog yesterday Lori pointed out some key differences between Network Acceleration/Optimization and Application Delivery Acceleration/Optimization that caught my eye and I thought were worth passing along. Her discussion really focuses on Application Performance and the idea that no amount of improving network performance can improve the performance of your application. You can do all the magic in the world to the network traffic while treating it like network traffic, buy the biggest pipes in the world, and still have a slow app. Why? Because changing the network speeds and feeds can't change your application or its behavior. Application Delivery, on the other hand, treats the application like an application and works with the application to try and better serve that application to the users trying to access it. As usual Lori goes into far more depth far better than I could, so just go read the post and thank me later. Automated Gomez Performance Monitoring http://devcentral.f5.com/s/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1084373/Automated-Gomez-Performance-Monitoring.aspx Joe hit another solid one with his dive into Gomez and iRules working together to provide a detailed look at what your application is doing. First he talks a bit about how Gomez gives you a true look from the outside of what your users are actually seeing in regards to app performance and behavior, then he dives into how iRules can help you deploy the scripts necessary for Gomez to do that thing it does. iRules, as always it seems, make this task much easier and allows you to inject the required code in one place rather than across multiple servers, as well as giving you some other tweaks that you can perform, should you so desire. Take a look at the article for step by step walk through along with necessary code. Multi-core Redux: Virtually Indistinguishable http://devcentral.f5.com/s/weblogs/dmacvittie/archive/2010/05/19/multi-core-redux-virtually-indistinguishable.aspx As sad as I was to see Don move on to another team within F5, I have to say I'm excited to see the kind of content he's been putting out since joining the TMM team. His delve into the multi-core world was of particular interest to me this week. In his spot-on commentary about how Multi-core, as amazing as it can be, tends to muddy the waters for developers as both individuals and as organizations thinking long-term, he talks about some personal experience he's had with that as well as a possible solution rapidly becoming more and more popular. Via virtualization you can all but ignore multi-core needs by simply supplying more instances of your application rather than a single instance making use of multiple cores. It's an interesting concept and one that I tend to agree is the path of least resistance and likely of most benefit as well. Take a read, I assure you it's worth your time. 20 Lines or Less #39 – Selective SSL, Port Stripping and Headers http://devcentral.f5.com/s/weblogs/cwalker/archive/2010/05/21/20-lines-or-less-39-ndash-selective-ssl-port-stripping.aspx Ahhh my beloved 20LoL. Long was it also neglected due to the steady march of impending deadlines which had to be met, but it too is back this week. I bring you three more examples of how awesome iRules can be in less than 21 lines of code. Take a look at how people in the community (not JUST hoolio, either!) are making use of network side scripting to selectively encrypt back-end SSL, strip port info from redirects, and deal with some interesting custom header needs. Novell Shoots at the Cloud and Scores http://devcentral.f5.com/s/weblogs/macvittie/archive/2010/05/18/novell-shoots-at-the-cloud-and-scores.aspx This week I'll leave you with a quite humorous bit brought to you by the good folks at Novell, by way of Lori's blog. They've been running a series of adds in the style of dramatic poetry readings using interesting tech topics as content. Lori's "Get Your SaaS Off My Cloud" article was fodder for one such add and it had me spinning up the roflcopter, so I thought I'd share with you for a late Friday funny. Check out the source article as well, as it's definitely a good read. That's it for my first week back post DC5 haze. I hope you've enjoyed it as I always do, and I'll be back next week with 5 more to keep your DC cravings fulfilled. #ColinDevCentral Top5 03/19/2010
Time does fly when you're having fun, and trying to keep up with everything that's been going on with DevCentral is my kind of fun. I love watching what everyone is up to, from updates from the con to new folks blogging about their hippy proclivities, there's never a dull day in DC land. And all of this while we're hard at work on many things behind the scenes that aren't readily apparent just yet. Of course, I realize I may be slightly biased and not everyone is as apt to stay immersed as I am, hence the introduction of this little newsletter many years ago, in which I pick the five things you really need to see, which I offer to you yet again here: There's Privacy Then There's Privacy http://devcentral.f5.com/s/weblogs/macvittie/archive/2010/03/18/privacy-different-from-privacy.aspx In one of Lori's recent blog entries she discusses allowing users to implement flexible security based on policies they craft themselves. That's an intriguing topic in its own right, but then she went on to talk about doing so with network side scripting, and I was hooked. The idea is to allow a user to implement their own filter to scrub content they themselves post before allowing it out into the wild. Are you concerned that your mom might read something bad on your Facebook page because you forgot to keep things "appropriate"? No worries, you could have a content scrubber in place allowing your posts to either get scrubbed or at least bounced back to you for editing before they're released into the wild. And all of that could be done with no modifications to the application itself. That's a pretty neat concept in my opinion, and Lori goes into way more detail in the post, so check it out. Addicted to Open Source http://devcentral.f5.com/s/weblogs/rcorder/archive/2010/03/12/addicted-to-open-source.aspx Ryan Corder introduces himself as an addict in this post, letting us know that he has an affliction that can't be shaken, a serious need for open source software. I've heard of worse things to be addicted to, so I'm sure he'll be all right, and in the meantime I look forward to enjoying his open source focused writing. In this introductory post he talks about his goal, what we need to do to get there, things we're already doing to move towards that end and generally how cool DevCentral is. Okay, I made that last part up, but it's a good post and if the next ones are just as good, this will soon be a blog to watch if you're interested in the software world, and particularly in open source. Post of the Week - High Speed Logging, iRules and you http://devcentral.f5.com/s/weblogs/dctv/archive/2010/03/11/post-of-the-week-ndash-high-speed-logging-irules-and.aspx There were some questions surrounding High Speed Logging via iRules that I wanted to get cleared up, so I attempted to do so in the post of the week last week. Since not everyone is familiar with HSL, I took a couple minutes to discuss what it is, how it works and how one might go about using it and why, then tried to answer a few of the questions that have been cropping up about it. This is a wicked cool feature that hasn't gotten a ton of publicity just yet, so I'm happy to showcase it a little and talk about what it can do. If you're into iRules and/or looking for a way to ship data off of an LTM, this is the ticket. Self Serve Security http://devcentral.f5.com/s/weblogs/psilva/archive/2010/03/17/self-serve-security-again.aspx In a look at the softer side of security, Pete discusses the importance of user awareness and education in his most recent post. Stemming from the final keynote he took in at this year's RSA conference, he delves into the importance of user education and shows off some stats from a very official looking report that say more is better. Honestly though, it's often underestimated what a giant part educating and preparing users and employees is in an overall security plan. Trying to forcibly keep users safe is much more difficult and much less effective than educating them on how to stay safe themselves. This is a good topic and I'm all for education of users over even more restricted access and policies, so read up and see what you can do to help keep yourself secure. 20 Lines or Less #38 - Classes, Encryption Detection & Caching http://devcentral.f5.com/s/weblogs/cwalker/archive/2010/03/18/20-lines-or-less-38-ndash-classes-encryption-detection-amp.aspx Often last but never least, is the 20 Lines or Less for this week. With cool examples from two of our most esteemed forum contributors, hoolio and l4l7, this one shouldn't be missed. This week shows off a good way to find and parse data stored in a class, a very cool way to gracefully handle HTTP traffic on an HTTPS port, and an oldie from the archives that'll let you set custom caching timeouts based on file extension. These are fun and quick to consume, and a darn good way to find out what kinds of things you can and maybe should be doing with F5's gear beyond the obvious. Whether you're an iRules pro or just contemplating using them, the 20LoL is never a bad place to start. That's it for this week, I'll be back next week with 5 more from DevCentral, assuming being locked in a conference room with the team all week doesn't preclude my ability to do so. Thanks for reading, and drop me a line of you have any feedback or suggestions. #ColinDevCentral Top5 11/06/2009
While ramping up for "The Next Big Thing" continues amongst the DC staff, there is much to talk about in regards to content that's happening in the here and now, not just in the eagerly awaited future (with jet-packs and stuff…). DevCentral has seen its share of cool content this week, as it does every week, so let's talk about what needs talking about. Bringing you everything from TCL strings to a philosophical discussions of when vs. where and which is more important, I'm here with my Top5 picks for the week. And here they are: When Is More Important Than Where in Web Application Security http://devcentral.f5.com/s/weblogs/macvittie/archive/2009/11/06/when-is-more-important-than-where-in-web-application-security.aspx In this post Lori was as insightful and informative as ever, discussing why being timely is more important, in general, than being perfect when it comes to application security. It's a pretty simple concept to me. When it comes right down to it, no one really cares where you solve a security problem, they care about when you solve it. It's well and good that you want to argue that things should be solved at the app layer vs. the WAF, but if I can provide a solution in 10 minutes...how long is it going to take you to patch every single application for even a miniscule security flaw? I agree just as much with Lori's reminder that WAF and app security models shouldn't compete. They are complimentary in the war against attacks, not mutually exclusive, and should be treated as such. Every time someone tries to tell you which method is more "proper" or "correct", though, I'd ask them just how much they care about being proper in very real terms. How much is it worth in terms of hours (or days) of their application being exposed? At what point is it worth trading 20, 40, 120 hours of being exposed to a known exploit for an ounce of being "proper", which is already debatable at best, as opposed to getting the fix in place in a fraction of the time? Lori being insightful and informative isn't anything new. She knew she had a solid point to make and I tend to agree. What she didn't know was just how timely she was in setting the stage for her point to be illustrated, but we'll get to that in a moment. They call that foreshadowing, I think. I can tell you're on pins and needles. 20 Lines or Less #31 - Traffic shaping, header re-writing, and TLS renegotiation http://devcentral.f5.com/s/weblogs/cwalker/archive/2009/11/06/20-lines-or-less-31-ndash-traffic-shaping-header-re-writing.aspx Behold, your suspense is relieved! I unveil before your very eyes the payoff to Lori's unintentional setting of the stage. But how, you ask, does the 20LoL tie in with the When vs. Where of App Security? Via the much discussed TLS renegotiation vulnerability that has been burning up the net, of course. When a security measure as deeply rooted and common as TLS encryption is found to be susceptible to attacks, there is much to talk about, and talk they have. It turns out that via a man in the middle attack would-be ne'er-do-wells have the potential to insert information into a renegotiated SSL connection. This is very bad. What's very good, however, is that a user from the DevCentral community drafted a simple fix, at least in their deployment, the very next day. That's the power of iRules. Agility at its very finest, if I've ever seen it. We could debate all day where the best place, technically speaking, to implement the fix is. Or we could just fix it in about 10 minutes of coding and another 30 minutes of testing, and be done with it. That's just one of the rules in the 20LoL, of course. There are two more very cool examples of iRules doing the cool things they do in less than 21 lines of code. Check them out. iRules 101 - #16 - Parsing Strings with the TCL Scan Command http://devcentral.f5.com/s/Default.aspx?tabid=63&articleType=ArticleView&articleId=2346 Jason digs into the amazingly powerful yet often overlooked scan command in his latest contribution to the iRules 101 series. The scan command has some pretty staggeringly powerful capabilities to parse strings in an ultra efficient manner. It takes a little getting used to but it's definitely a command that has potential beyond what's obvious at first glance. Jason does a good job of breaking down some of the options and giving clear examples of not only the command itself but how you might use it in the context of an iRule. Very cool stuff, and worth a read for any current or would be iRulers out there. Operations Manager Debugging Part I: Top 10 Tools for Developing and Debugging Management Packs http://devcentral.f5.com/s/weblogs/jhendrickson/archive/2009/11/04/operations-manager-debugging-part-i-top-10-tools-for-developing.aspx You've been hearing a lot about the Management Pack lately. That's not likely to change, especially if they keep putting out not only consistent, timely releases with new features, but awesome documentation and commentary along the way. Case in point, Joel Hendrickson put up a blog post this week about his Top 10 favorite tools for the kind of debugging he ends up doing often times as a member of that team. Whether or not you're directly involved with the Management Pack, this is a very cool list. It's interesting to see him walk through each tool, what it does and in some cases how he uses them. I'm always a sucker for hearing a geek talk about … well … being a geek, and that's just what Joel's up to in this informative post. Take a look for all your code debugging needs. pyControl Just as Happy on Linux http://devcentral.f5.com/s/weblogs/jason/archive/2009/11/04/pycontrol-just-as-happy-on-linux.aspx In response to the many questions asking about pyControl and whether or not it's viable as a Linux solution to iControl programming, Jason put together this tidy little post that not only answers the question (yes, by the way), but shows you just how to get started. This was a cool reminder to me not only of how awesome the pyControl project is, but of just how easy it can be to get started digging into iControl and all the cool things that it can do. With just a few commands, outlined in Jason's post, you can have an environment up and running, ready to start developing. I'm even more excited to see what's coming in pyControl2, whenever I get a chance to play with that. But that's a post for another day. There you have it, five picks for this week that you just really should not miss. As always, don't be shy with your feedback, and check out previous versions here: http://devcentral.f5.com/s/Default.aspx?tabid=101 #ColinDevCentral Top5 09/25/2009
Side-projects and behind the scenes activities abound as the DevCentral team works towards the next goal on our plans for world domination, carefully sketched on Jeff's whiteboard. I'm glad to say that the extended DC team has been helping, as always, to keep the content flowing though, and there's plenty to highlight this week. Take a look at this week's Top5: Closing in on the iRules Contest Deadline http://devcentral.f5.com/s/weblogs/jason/archive/2009/09/15/closing-in-on-the-irules-contest-deadline.aspx Jason points out a very important, timely fact. It's nearly the end of your window to submit killer iRules for great prizes! The iRules contest is coming to a close. We've gotten some awesome entries so far and I've personally loved seeing them flow in from all over the world. There is still time, though. If you've got an iRule that you use that is cool and unique and warrants sharing, now is the time! Get it submitted and put your bid in for one of the pretty killer prizes offered to the winners. Check out Jason's post to get the details of what they are, where to apply, and a cool example iRule from the forums that could easily be submitted. Despite Rumors to the Contrary F5 Remains In the Lead http://devcentral.f5.com/s/weblogs/macvittie/archive/2009/09/25/despite-rumors-to-the-contrary-f5-remains-in-the-lead.aspx Lori comes to you this week with an important news bulletin: F5 is still leading the charge in the ADC market, despite the mutterings you may have heard recently. With the release of the new Magic Quadrant from Gartner there is always a fair amount of posturing and hubbub. Lucky are we that our positioning continues to speak for itself, well in the lead. I'm not usually one to go in for marketing type stuff, but the geek in me loves that we have the coolest technology at the party, bar-none. This is one of the many indicators of that, and I was glad to see Lori point it out. DevCentral Weekly Roundup Episode 104 - Guru, Guy, and My BIG-IP http://devcentral.f5.com/s/weblogs/dcpodcast/archive/2009/09/24/devcentral-weekly-roundup-episode-104-guru-guy-and-my.aspx This week's podcast was a particularly cool one, thanks to the caller that decided to join us. A few weeks ago we started dabbling in live-streaming our podcasts as we record them. This week Joe added the functionality to allow users to call in and chat with us in real-time, while we record. I was pleasantly surprised that we had a community member do precisely that, and share with us what they're currently doing with our tech. If you ever doubt that DevCentral is a far-reaching community with active members, an impromptu call from an international user to chat with us about what they're doing should cure what ails you. Turn Your Podcast Into An Interactive Live Streaming Experience http://devcentral.f5.com/s/weblogs/Joe/archive/2009/09/25/turn-your-podcast-into-a-interactive-live-streaming-experience.aspx As I mentioned above, the past few weeks we've been adding functionality to our podcasts. This once simple process has become increasingly more complex as we've tried to leverage new and cool features to make them more engaging and interactive for our users. With Joe at the helm we've incorporated several tools that make this possible. Today he put out a blog post detailing just how these all work together and exactly how it is that he crafted this bigger, better mousetrap. I found it quite interesting and it's a neat peek behind the curtains into one of the things we do here in DC Land. Reduce your Risk http://devcentral.f5.com/s/weblogs/psilva/archive/2009/09/24/reduce-your-risk.aspx In Pete's 13 th of 26 short topics about security he discusses mitigation. He touches on the fact that you should generally assume, if you're dealing with a publicly facing application, that you will eventually be the target of some malicious activity. He also details a few ways in which we all help to mitigate those risks on a daily basis. From firewalls to strong passwords to access cards to secure facilities, there are many hoops we all jump through daily, whether we think about it or not, to try and mitigate the risks inherent in today's IT world. This series is an interesting one and the pieces are easy to digest. I intend to keep following it as it moves towards topic #26, and I recommend you do the same. There you have it, my Top5 picks from DevCentral for the week. Hopefully you enjoyed them, and I'll be back with more soon. Be sure to check out previous editions of the Top5 here - http://devcentral.f5.com/s/Default.aspx?tabid=101 #ColinDevCentral Top5 3/27/2009
Taking the rush of content on DevCentral in stride, I'm back again with 5 more items of interest for you that you really shouldn't miss. Hopefully the week's been good for you, whether that means bug-free code, trouble free system patching or happy clients. Things haven't really slowed down here since being turned "up to 11", so there's plenty to do and digest for everyone. Amidst the always churning stream of geeky goodness that DevCentral has to offer, there are rumblings lately of very cool things to come, so keep your eyes peeled. For now I offer you my picks for this week's DevCentral Top5: 20 Lines or Less #22 http://devcentral.f5.com/s/weblogs/cwalker/archive/2009/03/26/20-lines-or-less-22.aspx Making its triumphant return to the Top5 is this week's edition of my 20 Lines or Less series. It's lain dormant for a while now due thankfully to an overabundance of irons in the fire, not a lack of iRules awesomery (yes, awesomery). This post gives you three easy to consume, powerful yet concise iRules every week(ish) so make sure you watch out for it, subscribe, etc. If you're looking for great examples of iRules that are doing cool stuff without making anyone's eyes cross, this is a great place to start. Lots of previous editions are available to peruse as well. Intro to Load Balancing for Developers - The Gotchas http://devcentral.f5.com/s/weblogs/dmacvittie/archive/2009/03/25/intro-to-load-balancing-for-developers-ndash-the-gotchas.aspx Don continues his great "ILBD" series with a few of the things for Dev types to watch out for when moving into a highly available environment. I still think this is one of the best series that I've seen lately. The focus on breaking down the LB/ADC world for App/Dev people is exactly what DevCentral is all about. We should all be working together, not apart, and I can see this being a good tool for working towards that. Hopefully he'll keep it up. Real IT Interview - Joe Hicks talks worldwide deployments http://devcentral.f5.com/s/weblogs/realit_extras/archive/2009/03/26/real-it-interview---joe-hicks-talks-about-best-practices.aspx Real IT is steaming along with a new episode this week, several video blogs and a great interview that offers some insight into some of the challenges we faced while trying to deploy DC China. I got a chance to interview Joe Hicks recently and get his take on worldwide deployments, CDNs, the China network layout, and more. It was a great white-board session where he really got into his experiences with these kind of deployments, his personal experiences in the region, how some of our products like Web Accelerator can help, and things to look for when trying to accomplish this kind of deployment. Joe's has a ton of knowledge about this stuff and is engaging to watch, so this one is a sure thing. The Revolution Begins: The IT Bill of Rights http://devcentral.f5.com/s/weblogs/macvittie/archive/2009/03/27/the-revolution-begins-the-it-bill-of-rights.aspx Lori's deviates from her always insightful often detailed blog posts that delve into different discussion topics to deliver something a little bit more…revolutionary. I think this is a great format to express some of the things that we should all keep in mind when working towards delivering applications to the best of our abilities. I like the format, too. It's punchy and almost tongue in cheek, but delivers some really good points that made me stop and think. I'm hoping that by the title she's implying that there's more to come. If so, I'll be sure to go read it, and I think you should too. Top Ten Reasons You Are Not an Architect http://devcentral.f5.com/s/weblogs/dmacvittie/archive/2009/03/27/top-ten-reasons-you-are-not-an-architect.aspx Okay, so this is today's "Friday Funny" blog post from Don. I usually keep the Top5 to more serious, engaging, technical topics but this one made me laugh and think about our industry at the same time, so I thought it worth sharing. Here's a little levity as you go into your weekend. Enjoy. There's your DevCentral Top5 for the week. Hopefully you've found some goodness in there, and you'll come back for more next time. As always, comments and feedback are welcome. #ColinDevCentral Top 5 3/20/2009
With the Real IT series in full swing, the team got together this week to hash out plans for the coming months. It's always productive and exciting when we get the team together in one room, and this was no exception. I'm eager to share with everyone all the things that are coming your way, but for now a recap of the last weeks of DevCentral's best will have to do. There has been some great content in the last couple weeks, so enjoy. TFTP Server via iRules http://devcentral.f5.com/s/Default.aspx?tabid=63&articleType=ArticleView&articleId=343 This example iRule that spawned out of a forums discussion is absolutely fantastic. It's a killer example of community collaboration, the different ways that information gets spread across DevCentral, and it's also just a darn cool solution. A client wanted to serve a file via TFTP out of an iRule. Many people would have been daunted, but Jason was able to craft a very cool solution that shows off just how powerful iRules can be. Having chatted with Jason about this a bit while he was building it I was excited to see it wrapped up as a doc, and I definitely think it's worth a read. Intro to Load Balancing for Developers - How they work http://devcentral.f5.com/s/weblogs/dmacvittie/archive/2009/03/17/intro-to-load-balancing-for-developers-ndash-how-they-work.aspx It's funny that with all the talk of trying to get developers and application engineers/architects to utilize the application extension features in the LTM more often that this kind of thing hasn't been done before. In the second installation of this series Don gives a good, straight-forward look at how Load Balancing and Load Balancers work, but with a mind towards the development savvy. It's something that will hopefully help bridge the gap in mindsets and experience and I think it's a good read regardless of your level of dev geekery. Be sure to check this one out and look out for future updates to the series. This one promises to be a good one. Real IT Episode 4, Colos and Testing http://devcentral.f5.com/s/weblogs/realit/archive/2009/03/18/real-it-episode-4-colos-and-testing.aspx The Real IT series is well under way and continues to deliver every week with this fourth episode now live on DevCentral. You can follow along as we work through the questions, problems and discovery surrounding getting some accelerated, localized content delivered to our China team and their local users. It was a great ride and I definitely learned a lot, as did the whole team. I'm very much hoping that some of that is passed on through the video series. We're all hoping that we can shed some light on what went into making this happen, and possibly answer some questions others might have in similar situations. Maybe we can even convince some people that it can be done when they thought it'd be too complicated, who knows. Control, choice, and cost: The Conflict in the Cloud http://devcentral.f5.com/s/weblogs/macvittie/archive/2009/03/18/control-choice-and-cost-the-conflict-in-the-cloud.aspx In yet another great blog post, Lori digs into some of the issues facing the proliferation of cloud infrastructures. Enterprises wrestle with the perceived lack of control brought on by some cloud providers lack of attention to the details of the infrastructure needed to support a flourishing application deployment. Turning a blind eye to things such as Security, Authentication, Rate Shaping and Compression across a deployment is a narrow view of reality and causes trepidation amongst those that require such control, limiting their choices. Lori explains it in much more detail with a great explanation of some of the problems and solutions currently faced. Take a look for yourself. iRules 101 - #15 TCL List Handling Commands http://devcentral.f5.com/s/Default.aspx?tabid=63&articleType=ArticleView&articleId=342 Keeping the iRules 101 series alive, Jason put out another great tip last week that didn't get highlighted, so I wanted to take a moment to do so here. Lists inside of TCL are a powerful and often used feature in the iRules toolbox. This is a great look at some of the options you have to work with them and what can be done. Digging into a few of the most popular of these commands Jason gives usable examples that show how they work and what you might do with them. I'm always a fan of iRules articles with code-based examples and Jason doesn't disappoint on this one. There's your Top 5 for the week. If you have any feedback or suggestions please don't hesitate to drop me a line. #Colin