You can choose TCP or HTTP Protocol to balance, but no HTTPS yet. You can strict the session by table or HTTP cookie.

Because Linode provides TCP, HTTP Valid Status and HTTP Body Regex as healthy checking methods, you can check if the generated HTML page is correct (for example, there is “</html>” tag in the response body). You can not specify Host: header in the healthy checker now, so you must configure your virtual host listen on different port if you want to run several websites on the same backend.

The screenshot after set a “Port” up:

Add some nodes to it:

You can not specify other values except 192.168.*.* or IPv6 Link Local Address in the node address.

The post on the official forum said that IPv6 is supported, but I can not specify the IPv6 link local address into the field successfully:

After do some experiment, the IPv6 support works fine. And the header X-Forwarded-For is supported, too.

Two problems in production usage:

1. You can not make sure the X-Forwarded-For header is provided by the NodeBalancer. i.e. If someone is in the same private LAN with you, he/she can make a forged X-Forwarded-For header in a HTTP request. The Elastic Load Balancer (ELB) by AWS solved the problem by a special security group (Firewall), but NodeBalancer is still suffered by the problem.
2. The UP/Down healthy status was not updated. I added a new node at 17:00 (Taipei Time) but the status of that node is still “Unknown” until 21:30…

1. Develop on a Mac only.
   It’s weird. Since Mac is a good platform for daily usage, but I would also like to use Linux or Microsoft Windows to develop applications. We can have a very powerful (8GB RAM, Intel E8xxx CPU) PC below USD$500 (and $0 for ubuntu), but not in Mac’s world.
2. Provision
   What’s that? Why can’t I run my SELF-WRITTEN application on my OWN device in a easy copy-and-run approach?
3. Yearly Developer Program Fee
   I must make money from my application to pay for the developer program fee yearly. (But Microsoft and Amazon adopted the policy too…)
4. DRM, or License issue
   I can not opt-out Apple’s DRM if I would like distribute to my app in App Store. Therefore I can not use any GPLed libraries (or codebase) in my application.
5. iTunes
   Speed matters. iTunes is so slow in both Mac and Windows.

Usage: jumpgate -B

pass in quick on $wan1 reply-to ($wan1 $wan1gw) from !$wan1net to ($wan1) keep state
pass out  route-to ($wan1 $wan1gw) proto {udp, icmp} from $wan1net to any no state
pass out  route-to ($wan1 $wan1gw) proto tcp from $wan1net to any flags any no state

In FreeBSD 7.0, the pf.conf above worked. But it doesn’t work in recent 7-STABLE. The TCP session may connect successfully, but the performance is very very poor (~ 1KB/s).

I have do some research for days, but have no idea. Now I use ipfw to do policy routing…

We love Taiwan!

People running into the MRT station after the firework. About 1.95 million passengers served by TRTC yesterday.

To celebrate Nangan Station available to service, TRTC runs a “panda” train in the MRT blue line.

Although mp4box is a multiplexor for MP4 files, I just use it to hint my MP4 file:

# cd /usr/ports/multimedia/gpac-mp4box
# make install clean
# mp4box -hint video.mp4

Now, I can stream my MP4 files with Flash player.

For example,

(sda is the old /, and sdb is the new disk)
# sfdisk -d /dev/sda | sfdisk /dev/sdb
# mdadm -C /dev/md0 –level=raid1 –raid-devices=2 /dev/sdb1 missing
# mkfs -t ext3 /dev/md0
# mount /dev/md0 /mnt
# rsync -ax / /mnt/
# vim /etc/fstab
# vim /boot/grub/menu.lst

Modify fstab and menu.lst, and make sure all /dev/sda is changed to /dev/md0.

# reboot

Make sure that md0 is mounted successfully.

# mdadm –manage /dev/md0 –add /dev/sda1

Now, we successfully moved / to software RAID 1

(In FreeBSD, iSCSI Target)

Starting iscsi_target.
Reading configuration from `/usr/local/etc/iscsi/targets’
target0:rw:10.1.1.0/24
       extent0:/dev/stripe/gs0:0:2500582432768
DISK: 1 logical unit (4883950064 blocks, 512 bytes/block), type iscsi fs
DISK: LUN 0: 2384741 MB disk storage for “target0″
TARGET: TargetName is iqn.1994-04.org.netbsd.iscsi-target

(In Debian Linux, iSCSI initiator)

scsi 3:0:0:0: Direct-Access     NetBSD   NetBSD iSCSI     0    PQ: 0 ANSI: 3
sd 3:0:0:0: [sdc] 588982768 512-byte hardware sectors (301559 MB)
sd 3:0:0:0: [sdc] Write Protect is off
sd 3:0:0:0: [sdc] Mode Sense: 0e 00 00 08
sd 3:0:0:0: [sdc] Got wrong page
sd 3:0:0:0: [sdc] Assuming drive cache: write through
sd 3:0:0:0: [sdc] 588982768 512-byte hardware sectors (301559 MB)
sd 3:0:0:0: [sdc] Write Protect is off
sd 3:0:0:0: [sdc] Mode Sense: 0e 00 00 08
sd 3:0:0:0: [sdc] Got wrong page
sd 3:0:0:0: [sdc] Assuming drive cache: write through
sdc: unknown partition table
sd 3:0:0:0: [sdc] Attached SCSI disk

I don’t know if it is a iSCSI protocol or a implementation limitation.

# cd /usr/src && make TARGET_ARCH=i386 TARGET=i386 buildworld
# mkdir -p /home/jails/i386 && make TARGET_ARCH=i386 TARGET=i386 DESTDIR=/home/jails/i386 installworld
# make TARGET_ARCH=i386 TARGET=i386 DESTDIR=/home/jails/i386 distribution
# ln -s /home/jails/i386/libexec/ld-elf.so.1 /home/jails/i386/libexec/ld-elf32.so.1

Then, edit rc.conf in jail to run sshd and start jails. Some utilities, like w/ps/top can not run because they retrieve data from FreeBSD kernel, and the kernel returns 64-bit structures, not 32-bit.

w
4:37AM  up 12 days,  8:40, 1 user, load averages: 0.03, 0.18, 0.20
USER             TTY      FROM              LOGIN@  IDLE WHAT
w: kinfo_proc size mismatch (expected 768, got 1088): No such file or directory

I am doing further test to make sure there aren’t any mines