Archive | May, 2011

The History Of The Future & WebCamp KL

So a little while ago I gave a very dry and rather deeply technical talk about WordPress, scaling and so on titled High Performance WordPress at WordConf in KL.

Shortly after that I found out the next WebCamp KL event was coming up webcamp:five – so I thought I’d like to attend. Right after that, I got asked to speak. It was rather an abstract request, talk about the future of the web – where do I think it’s going?

It’s a tough subject, not being clairvoyant…I really don’t know what’s going to happen. So I decided rather than do something technical and nitty-gritty I’d do something a bit more upbeat, pop-culture and entertaining. It’d also push me to give a different kind of talk in a less formal environment, I do tend to gravitate towards doing extremely deep tech stuff.

Anyway I titled my talk The History Of The Future and based it around science-fiction and where we have come from in terms of tech, I also tried to summarise where we are now (How far we’ve come in 20 years in comparison) and where we are heading.

The slides are here:

Here’s some pics of me talking.

Me Talking at webcamp:five

Picture via Danny Foo.

Me Talking at webcamp:five

Picture via Colin Charles

It was an extremely vibrant crowd and there were great talks from Colin, Kamal, Ngai Yuen & Wu Han – I got to meet some really interesting industry people and the energy in the room was electrifying. You can see ideas being created out of thin air.

Perhaps it is time for me to stop being a hermit and get out there a little bit, there are some very bright and talented people in KL. There was also a talented artist there Maggie T. Sutrov who drew a rather neat sketch of the speakers – here’s me:

Me by Maggie

Cool eh! I’m looking forwards to the next WebCamp already.

You can see all my talks given here.

Tags: , , , , , , , , , , ,

Continue Reading · 6 Comments · Internet & Tech

Movie Review – Thor – Mighty Hammer!

Thor (2011)

Thor, a powerful but arrogant warrior, is sent down to Earth as punishment for reigniting a reckless war. But after a dangerous villain from his world sends the darkest forces of Asgard to invade Earth, the hammer-wielding Thor will learn what it takes to be a true hero in order to save mankind.

This was of course a movie I was looking forwards too, Marvel movies are always well made and on the whole – very enjoyable. Yah Iron Man 2 wasn’t all that great, but I’m super looking forwards to X-Men: First Class & Captain America: The First Avenger later this year.

We have to wait until 2012 for the first proper “The Avengers” movie which should have an all star cast. Sometimes these individual character movies just feel like movies building up to The Avengers, especially with Samuel L. Jackson always popping out after the credits.

I watched this directly after Fast 5 – and wow that was a hell of a rush, so this movie sure did seem rather slow after that.

The choice of Chris Hemsworth was an interesting one for Thor, you may remember him from the shortest scene in Star Trek (he was George Kirk). I would have preferred they used the original viking and son of Stellan Skarsg̴rd (who happens to be in Thor too) РAlexander Skarsg̴rd AKA Eric in True Blood.

But obviously the ladies watch the movie because of this, and they frequently complain he was not half-naked often enough.

Chris Hemsworth as Thor - Half Naked

Other than that? The film was well written, the dialogue was pretty solid, the acting was ok – Natalie Portman wasn’t really noticeable. I guess she wanted something a little less intense after putting her heart and soul into Black Swan. Sir Anthony Hopkins had a fairly minor role so he didn’t really have to do that much.

The soundtrack was forgettable, but the special effects were excellent! I have to say I didn’t watch the movie in 3D (really not a fan of 3D movies) but it was visually very appealing.

Thor (2011) Special Effects

Thor is actually doing really well on IMDB with a solid 7.5/10 – a really strong score. For me the movie was really carried by Chris Hemsworth – will he win an Oscar for it – I honestly don’t think so.

Was it an enjoyable movie? Yes it was.

Will I watch the next Marvel episode – of course I will!

Coincidentally I also recognized Heimdall – The Gatekeeper as Idris Elba – best known to me as Russell ‘Stringer’ Bell from The Wire.

Thor is definitely worth a watch and I give it a Gatekeeping 6.5/10.

Tags: , , , , , , , , , , , , , ,

Continue Reading · 3 Comments · Movies

High Performance WordPress – Scaling, Tuning, Optimizing & More

So this past weekend I gave a (nearly) 2 hour talk on High Performance WordPress at Wordconf KL 2011 – it’s a commonly asked question and a lot of people run WordPress but are clueless when it comes to tuning or optimizing their setup.

The talk I gave was pretty technical and in point form, so I’m going to put the notes I made here – the notes the presentation was based on and basically what I talked about. The slides for the talk are here as an overview:

Perhaps you can run through the slides once first then come back here for the expanded version with links/scripts and explanations.


Start out with WordPress and LAMP architecture
Layers and functional parts of WordPress (core, themes & plugins)
How different things effect performance (themes which make direct DB calls etc)
OS Level stuff (briefly) memory lock, cpu lock, hdd thrashing etc

Start with the OS

What do you do on an OS level?
Turn off logging (only log errors)
tcp.ip kernel settings if necessary (can be touched upon/mentioned) Reference here – Linux Tuning Parameters & Optimizing Linux network TCP/IP kernel parameters
Kill anything that isn’t really necessary but is using memory/cpu cycles
Install a simple firewall to stop zombies/bots costing you a lot of cycles (I suggest CSF/LFD, free and easy to use)
Keep an eye on the hardware for dedicated box users (syslog & messages) – a degrading HDD or dodgy RAM can cause massive unsolvable performance issues (test with bonnie++) script

Then the LAMP Stack


We’ve taken care of the L in LAMP, next is the A — Apache.
Tuning Apache, scripts/methods to calculate Apache main settings (StartServers, MaxClients etc)
Apache Tuning can get really hairy and really intense, if you want to do it properly — do it offline and benchmark with ab (apachebench) or httperf and see how much the hardware can really handle without locking/spiking load.
Script to calculate MaxClients
There are infinite articles out there on tuning Apache, so get out and read them. You will find a lot of conflicting views, but you will also learn a lot. Reduce loaded Apache Modules to a minimum.
Every server needs different settings so I can’t give you a definitive list of settings (KeepAlive etc)
Most default settings by hosts are actually dangerous and can easily kill the server if you get a traffic spike (too many Clients/Threads) — RlimitMem directive and script to calculate it (script for CPanel users on a VPS is here).


There’s a whole other bible on MySQL tuning, don’t worry too much about it just try and make sure your settings won’t kill your server if you get a traffic spike — again too many servers give you dangerous defaults.
The MUST have tools for this job are and — these two tools are basically what you need to get your my.cnf settings in a decent place.
Another must have tool if your server is struggling is mytop, this is basically top for MySQL and will show you a live list of the SQL statements causing.
Also make sure you turn on the slow query log — that can give you some good clues on what is bogging you down (probably a badly coded WordPress plugin)
Make sure you keep your tables defragmented (you can do this with a cron-job at least once a day)
You can also benchmark MySQL using mysqlslap and Super Smack.


There’s not a whole lot of performance tuning you can do with PHP, just get your memory settings right for the server and make sure you install some kind of opcode cache — my preference is currently Xcache — but I do use Eaccelerator as well on some sites.
Opcode caching is pretty easy to install so you can test whichever works best for you. I like Xcache because it integrates well with Munin (more on that later).
Cover a few performance related php.ini settings.

Ah finally — WordPress

WordPress plugins are often written by people with no traffic or no consideration for performance, they are often horribly coded and they work — but that’s about it.
Places to look at when WordPress is running like a pig:
-bloated wp_options tables (can crash) – Get Clean Options plugin but use WITH CARE.
-disable all plugins
-switch to default twenty-ten theme
You’d be surprised how much difference plugins and themes can make, if you are really doing a tuning/optimization on a site you need to go through both with a fine-toothed comb.
Themes can make a LOT of unnecessary calls to the database, a lot of which can be hard-coded into the wp_config.php file (such as WP_HOME, WP_SITEURL etc) these stop unnecessary database calls – Reference here: Optimize WordPress Performance with the wp-config.php File
Plugins are the number one biggest problem when it comes to poor performance on WordPress, disable everything you absolutely do not need.

Ok you’ve tuned it up — the server is still struggling — what now?


Now it’s getting serious, time to look at some kind of caching — the weapon of choice for WordPress ninjas is W3 Total Cache — it can take care of all of the above and can even utilise whatever opcode cache you installed earlier (if it’s Xcache or APC or an old version of eAcclerator)
If fully utilized (including CDN etc) it really can take you to a YSlow! score of A and a 10x increase in load-speed.
If you don’t want to go as far as paying for a CDN, at least separate serving static content onto another more lightweight server using mod_proxy (lightweight = lighttpd, nginx etc). But really CDN wins at life and it’s not expensive (Amazon S3 + Cloudfront is a great and affordable combo).
Make sure you utilise the Browser cache as much as possible (set long expires for things that don’t change often like .css .js and media files).

Ok what more can we do?

Ok if you get to this point, you have a very serious site and should have the money to expand because really you’re going to need more than one machine.
The most basic setup is 2 machines — 1 Apache and 1 MySQL.
I would also suggest at this point, trying to keep Apache out of the picture as much as possible because it’s a memory hog. You could switch to nginx or lighttpd but honestly I don’t see they make that much difference on a really heavily trafficked site unless you use the caching — even then it’s not that great.
This is where something like Varnish comes in, Varnish serves everything from memory — it’s extremely fast and extremely efficient. It doesn’t need oodles of memory either, from my experience the ‘hot’ data set of mosts sites is around 100mb as long as you are using a CDN.
You can run Varnish — Apache and MySQL on a single machine, and it’ll do pretty well. I sugggest at least putting the MySQL on another machine though to be safe.
Run Apache on a different port (4080 or 8080 or whatever floats your boat) and run Varnish on port 80 and point it to https://localhost:8080
Varnish tuning can also get extremely complex, but a basic default setup will server most people just fine.

We’re beyond that too my friend

Well honestly speaking, you’re now reaching a point which very few people reach. You must be looking at some really serious traffic (over 100,00 uniques per day) to want a more serious setup.
Of course this also depends on the hardware specs of the machines, you can easily do that traffic if you have a Quad Xeon CPU machine with 64GB RAM and a Gigabit Internet pipe.
But for most people, that’s not realistic — more small, cheaper machines with load balancing works better (the Google model).
One step up from the above would be a 3 machine setup, 1 Varnish Cache, 1 Apache Web Server and 1 MySQL Database. The database would need the best specced machine, but unless the cache was being totally purged regularly it shouldnt get thrashed too bad.
Then another one up would be a 5 machine set-up, 1 Varnish Cache — 2 Apache Web Servers and 2 MySQL Databases in a Master-Slave config — this can be considered a Fail-over or High-availability setup (HA). Apart from the Varnish machine (which is a single point of failure) — so the ideal situation would be to have 6 machines (1 spare slave Varnish at the front in case the main one dies). This gives you total failover on each of the 3 tiers. The spare Varnish can also function as a backup/media server or whatever you need it for.

What about beyond that, I’m the next Facebook/Twitter/!

Well then it gets complicated, and it gets complicated really fast! You need to start scaling to n-tier architecture — which basically means it’s infinite.
You need to start looking at a clustered MySQL setup, a distributed file system for the web servers and media like MogileFS or similar.
You need to start looking at memcached to wrap your SQL queries more effectively.
You can also plug HyperDB into WordPress which gives you the ability to read from multiple databases (it replaces the standard wp-db.php class).
HyperDB also supports partitioning of data (putting different tables into different database servers to increase performance).

General Stuff

From a front-end perspective tools like YSlow! and PageSpeed do help A LOT and can really help you narrow down what is slowing your site down. You will see massive gains when using a CDN.
Monitor everything as well as you can without causing a log storm on the server, most important are MySQL slow query logs, Apache error logs and get something like Munin on the servers with as many plugins as possible. Then if something is going titsups you can see when, where, why and check it out immediately.
If you really want lightning fast performance especially on DB servers use SSD not traditional mechanical HDDs.
You can also look at HipHop, some benchmarks for WordPress here and here.


A lot of the above can be used for any CMS (I’ve done most things on ExpressionEngine too) as long as it’s LAMP based, so use it as you will.

That’s all really, if you have any questions feel free to drop a comment below or drop me an e-mail using the contact form.

You can see all my talks given here.

Tags: , , , , , , , , , , , , ,

Continue Reading · 2 Comments · Internet & Tech, Sys Admin & DevOps

Deadmau5 Outdoor LED Concert Live At Sunway Lagoon, Malaysia – May 2011

So the big music event this year for EDM fans was Deadmau5 hitting Sunway lagoon May 7th for a LED Concert! I managed to get in thanks to BRANDTHINK and Carlsberg Malaysia!

I do write about Music sometimes – and I definitely want to go to more awesome concerts this year. We headed to Sunway early to grab the tickets and have a bite to eat, the traffic was pretty terrible (as usual in that area!).

It was quite packed when we headed inside (around 8pm) and Deadmau5 was rumoured to be coming out at around 9.30pm.

Deadmau5 Live at Sunway

The DJ before Deadmau5 was quick banging thankfully, so he got the party warmed up nicely. He came on about 9.45pm and started with some of the more ‘normal’ tracks, he saved his epic tracks for later on. Honestly I’m not a big fan of the more monotonous of his tunes like FML.

When he came out the crowd went WILD, there’s a lot of Deadmau5 fans in Malaysia I can say that for certain.

Deadmau5 in Malaysia

The Full LED show was actually pretty impressive, the way the cube and the backdrop lights were syncronised, it was visually very stimulating!

Of course when dropped those epic tracks like Raise Your Weapon (my absolute fav), Ghosts and Stuff and Strobe the crowd went NUTS. It was hot and we were thirsty – so we did some damage to the Carlsberg stock haha.


We had a great time of course 😀

Us at Deadmau5

I didn’t spend all my time videoing the epic songs because I was too busy enjoying them. Much better than holding a camera in the air 😀 I did catch a bit of Moar Ghosts n Stuff though.

We headed off during his last song or so to avoid the massive exodus of people and the jam. Supper was definitely on the agenda after all that jumping around – so off to Asia Cafe we went.

All in all a good night!

Tags: , , , , , , , , , , , , ,

Continue Reading · 4 Comments · Music, Parties & Gatherings

Movie Review – Fast Five – Flipping Fantastic Film!

Fast Five (2011)

Since Brian O’Conner and Mia Toretto broke Dom Toretto out of custody, they’ve blown across many borders to elude authorities. Now backed into a corner in Rio de Janeiro, they must pull one last job in order to gain their freedom. As they assemble their elite team of top racers, the unlikely allies know their only shot of getting out for good means confronting the corrupt businessman who wants them dead. But he’s not the only one on their tail. Hard-nosed federal agent Luke Hobbs never misses his target. When he is assigned to track down Dom and Brian, he and his strike team launch an all-out assault to capture them.

The last time I wrote about this franchise was way back in 2006 (the third movie), Movie Review — The Fast and The Furious — Tokyo Drift – which I gave a fairly lukewarm 6/10. And well the first movie came out 10 years ago in 2001 – way before my blog existed.

As far as the franchise has gone, the first movie was great – the second and third were poor – and the 4th was a good come-back. But now with the 5th they’ve brought it to a whole new level, I would personally say this is the best F&F movie so far.

Everyone I know who has seen it said it was a great movie and I’ve been pumped to see it since I saw the trailer. I had to watch it on opening week on the big screen and I got my wish! I watched it on Screen 1 with THX – very the boomz. It’s even storming on IMDB with a massive 7.8/10 – that’s huge for this kind of popcorn movie.

The movie surely didn’t disappoint, it flipped out the old characters, familiar cars and a proper F&F plot (some talking, a crazy heist with lots of action and a bit of romance). The dialogue was surprisingly witty and very amusing and wow the action sequences blew me away! Plus an awesome new character – Luke Hobbs!

The fist fight between The Rock and Vin Diesel was INTENSE!

Dom Toretto (VIN DIESEL) vs Luke Hobbs (DWAYNE JOHNSON)

And the rooftop chase scene? And the main heist car chase? And then that part on the bridge? It was gripping, I don’t remember enjoying a movie SO much for a very long time. I mean don’t get me wrong it’s not going to win any Oscars and it’s certainly no masterpiece of movie-making.

But to me it was AWESOME, non-stop adrenaline pumping ACTION. And setting it in Rio, Brazil was a stroke of genius – what a genuinely beautiful place. The soundtrack was banging as per usual, hot chicks, fast cars and characters we have come to know and love.

Dom Toretto (VIN DIESEL) and Brian O'Conner (PAUL WALKER)

I have to say I thought I was going to be a little disappointed with the film after hearing everyone rave about it, but honestly I wasn’t – not even a little bit.

And if you’re interested in the car models etc (like I am) – I could get most of them including the Koenigsegg – but the Muscle cars I had no idea (Dodge Charger, Dodge Challenger etc).

Fast and Furious 5 — Fast Five Cars List

Oh yah and when you watch, make sure you stay until the end of the first section of the credits. There’s a little sneak peak into the next movie in the franchise, there surely will be a 6. Eva Mendes *hubba*.

I give it an adrenaline pumping 8/10.

Tags: , , , , , , , , , , , , , , , ,

Continue Reading · 3 Comments · Movies

How To Secure Yourself Online – Twitter, Facebook, Google (Gmail) & WordPress

There’s been a lot of stories lately about fake accounts, hacking, viruses and all kinds of nasty things going on with social networks. Plus the fact that both Twitter and Facebook have recently introduced full time SSL – it’s time to get yourself secure online.

If you aren’t familiar with Twitter you can check out my old article here – Why Twitter is SO Popular. I’m pretty sure you all know what Facebook is, the majority of you have a Google account and for the self-hosted bloggers out there you use WordPress.

I’ve tweeted a few tips lately about online security habits and practice – and quite a few people seemed interested, so I thought I may as well blog about it in more detail.

First up, make sure you have a strong AND unique password for each service. Don’t use the same password for everything, especially important accounts like Facebook and Google, use totally different passwords for forums and sites that have a greater chance of being hacked.

You can generate strong passwords here –

They don’t necessarily have to be hard to remember either, you can always take a phrase and convert it into l33t-sp34k and add some special characters. For example ‘I like cookies’ can become:

Which would be considered a very good password.

As a general rule always use https:// for any site that requires a login, some of these services allow you to force it all the time and all sites that deal with financial information WILL force it anyway. But you can always type it in yourself to ensure your session is protected.


Facebook recently introduced full time SSL, but for some reason they don’t set it on by default – so for the majority of people it passed by unnoticed.

To turn it on you need go the Account Settings page, then under Account security click ‘change’ and you should see this:

Facebook HTTPS

Tick the box next to “Browse Facebook on a secure connection (https) whenever possible” and it’ll ensure you’re always using an SSL encrypted session. This is especially important for users that surf Facebook on public Wifi spots.

You can also monitor Login notifications & Your recognised devices on this page – make sure there’s nothing fishy in there. I suggest you set email notification whenever a new location or device is added.

Some people will also have the option of dual factor authentication if you’ve added a mobile device, this means every time you login from an unknown location you’ll receive an SMS with an authentication code. That’s the theory anyway, how well it works with Malaysian telcos is another issue entirely.


Twitter also recently introduced a full time SSL option, you can find it under Settings – Account:

Twitter HTTPS

Just tick the box next to “Always use HTTPS”. That’s the only option they have in relation to security right now, but then Twitter doesn’t really store any personal data or anything important so it doesn’t have to be super secure. It’s only really a risk in terms of identity theft.


Now Google, since they store a LOT more of your information has a whole magnitude of security options to keep your account safe – so many in fact it can be quite bewildering.

IMHO the best place to start is at the extremely comprehensive Gmail Security Checklist. This will really help you measure the security level of your Google account and get you up to scratch.

Gmail Security Checklist

If you value your Google account as much as I do (which is likely) – turn on 2-step verification and read this – Getting started with 2-step verification.

The awesome part of this for me is the application or device specific passwords, and the fact you can revoke them. That means if you have your Google accounts/e-mail set-up on your smartphone (very likely) and for some reason you lost you phone or it got stolen – you can revoke the password for that device and all your accounts will instantly stop working!

Application Specific Passwords

For signing in through the browser or supported applications you’ll need to use the 2-step verification application, there are apps for iPhone, Android and BlackBerry devices – so there’s no excuse not to use it.

You can also set Gmail/Google to always use https, do so here (link for Gmail) under Settings – General.


Awesome eh.


WordPress being a web application is a much more complex beast, I could write multiple posts just about that – but I’ll try and cover a few basics to make your WordPress install more secure.

  • The second after that would be, ensure all plugins are always up to date.
  • The third would be try and use a safe theme, if you code your own check it for XSS vulnerabilities especially in the search form.
  • Don’t use the main admin account, create another account with Editor privileges and use that for publishing stuff (less likely to get caught out with XSS etc).
  • Use a strong password

There are some plugins that can help you too, I recommend:

Others worth a look are:

There are some more in-depth guides here:

That’s all folks 🙂

Tags: , , , , , , , , , , , , , , , ,

Continue Reading · 2 Comments · Hacking & Infosec