Monthly Archives: February 2011

3 Apache mod_cache gotchas

If you want to avoid the learning curve of Squid and Varnish or the cost of a dedicated caching & proxying appliance, using Apache with mod_cache may seem like a good, simple and cheap solution. Rest assured, it can be -to some extent- but here are 3 gotchas I learned the hard way:

  1. mod_cache ignores Cache-control if Expires is in the past (which it shouldn’t according to RFC2616), so you might have to unset the Expires-header.
  2. mod_cache by default caches cookies! Let me repeat; cookies are cached! That might be a huge security-disaster waiting to happen; sessionid’s (that provide access for logged-on users) are generally stored in cookies. If a logged on user that request an uncached page, then that user’s cookie will get cached and sent to other users that request the same page. Do disable this by adding “CacheIgnoreHeaders Set-Cookie” to your config
  3. mod_cache by default treats all browsers like the one that triggered the caching of the object. In the field that approach can cause problems with e.g. CSS-files that are stored gzipped (because the first browser requested with header “Accept-Encoding: gzip, deflate”). If a browser that does not support gzipped content requests the same file, the CSS will be unreadable and thus not applied. The solution; make sure the “backend webserver” sends the “Vary: Accept-Encoding” header in the response (esp. for CSS-files). This will tell mod_cache to take different Accept-Encodings into account, storing and sending different versions of the same CSS-file.

Why your WordPress blog needs DoNotTrack

So what’s with all that nagging about tracking and that DoNotTrack plugin, you might wonder? Well, it’s pretty simple actually.

  1. Some very popular WordPress plugins include 3rd party tracking, sometimes even without properly disclosing, often without means to disable this behavior
  2. 3rd party tracking has privacy implications: all your visitors are tracked by the 3rd party, in general for behavioral marketing purposes (depending on what data is captured, tracking might even be illegal in some countries)
  3. 3rd party tracking has a performance impact: every visit to your blog will include between 2 and 5 extra requests for the 3rd party tracking to succeed, effectively delaying full page rendering

It is my conviction that blog owners should be able to install and use WordPress plugins without having to worry about undisclosed tracking and that plugins should provide a way to disable such 3rd party tracking if included.

As this is not the case yet, we have to resort to (messy) solutions to stop unwanted tracking from happening. And that’s exactly what DoNotTrack does. It’s a small javascript-hack in a WordPress-plugin to stop 3rd party tracking introduced by some of the most popular plugins.

Some details from the readme.txt:

  • What works:
  • What does not work (yet): Tracking code added using innerHTML or appendChild/insertBefore is not yet intercepted (but I’m working a solution for that)
  • What else might be added:
  • How you can help:
    • Provide me with links to plugins that include browser-based tracking + domain where the tracking is done.
    • Provide me with known opt-out code (javascript) to disable tracking services on a site.
    • Tell plugin writers you’re not happy with 3rd party tracking!
    • Tell your visitors about tracking & privacy, link to e.g. http://www.privacychoice.org/

And remember: if you host your WordPress blog yourself, you and nobody else should be able to decide who tracks your users!

As found on the web (February 16th)

blog (feed #46)
youtube (feed #51)
generic (feed #49)
frank posted IE9 RC released.
generic (feed #49)
generic (feed #49)
frank posted (.
generic (feed #49)
generic (feed #49)
youtube (feed #51)
frank liked 2 videos.
generic (feed #49)
youtube (feed #51)

Google Analytics for the privacy aware

While the entire German blogosphere seems to have discovered the pretty unpleasant, secretive inclusion of Quantcast tracking in the “WordPress.com Stats” plugin, I found an article on the blog that broke the story in Germany, that explains how you can somewhat limit (valid) privacy-concerns with Google Analytics.

You just have to push “_gat._anonymizeIp” as an option in the _gaq object, as shown on line 5 in this code snippet:

<script type="text/javascript">
  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-xxxxxxx-x']);
  _gaq.push(['_trackPageview']);
  _gaq.push(['_gat._anonymizeIp']);

  (function() {
    var ga = document.createElement('script');
    ga.type = 'text/javascript';
    ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0];
    s.parentNode.insertBefore(ga, s);
  })();
</script>

According to the relevant Google Analytics docs page, this:

“Tells Google Analytics to anonymize the information sent by the tracker objects by removing the last octet of the IP address prior to its storage. Note that this will slightly reduce the accuracy of geographic reporting.”

Call me naive (or overly idealistic), but shouldn’t your Google Analytics implementation have this option on as well?

As found on the web (February 9th)

blog (feed #46)
facebook (feed #40)
frank Frank de ene android (een bijna-nieuwe cheapo acer e110) is de andere (een trouwe maar verloren gelopen htc hero) niet ….
youtube (feed #51)
generic (feed #49)
blog (feed #46)
youtube (feed #51)

On the rebound with an Acer beTouch e110

On January 28th I was stupid enough to forget my trusty HTC Hero on the train. I filled out the NMBS’ online lost luggage forms and mourned the loss of my faithful personal digital assistant for a couple of days. As my employer is supposed co-finance a new handset in July, I decided to look for a cheap temporary replacement for now. Main requirements: cheap, 3G+, tethering and optionally Android. The Acer beTouch e110 seemed to be a perfect match.

The e110 is a small and light touchscreen device, running Android 1.5 (Cupcake). It comes with 3G+ (HSDPA), Bluetooth, GPS and FM radio and it is one of the cheapest Android-based handset available. And when I say cheap, I mean cheap as in “you can’t even find a decent 2nd hand device for that price”-cheap.

So what’s not to like? Well, the CPU is pretty slow, there’s no WiFI and the touchscreen needs some tough love. Android 1.5 Cupcake isn’t exactly the latest and greatest Android around either. Although Acer did issue new ROM’s in 2010, those were all based on Android 1.5 and there are no plans for an Eclair or Froyo version. What’s more surprising (although some would consider this a plus) is that the e110 is not a Google-branded phone. This means, amongst other things, that there’s no Google Market and no Contacts synchronization. Add the lack of Exchange integration to the equation and you’ve got very empty contacts and calender, which is pretty frustrating if you want to use your phone for work purposes.

No, Acer’s beTouch e110 certainly is no Hero, but I’ve got my HSDPA, tethering and even Android for a very low price. So I’ll cope until my Hero comes home. And if that doesn’t happen, the unboxing of the Desire Z in July will be all the more exiting.