dev jmeter, siege, chaos_monkey

Know thy limits! This is especially important when you’re developing a system that expects a high traffic. Moving systems onto the cloud makes it easier to adapt and scale out to match the load but you have to prepare for node failures and instant spikes in the traffic. Also you have to make sure that your system is responsive under long heavy load. Below I recommend 3 tools to test your system against such situations:

01. JMeter

Apache JMeter, is a Java-based open-source desktop application. I submitted a basic introduction to JMeter here. But it has many advanced feature which I’m planning to cover in a post in the near future.

02. Siege

Siege is an HTTP load testing tool. It’s not complex as JMeter but works the job well and it is very simple to use. It supports UNIX variants but not on Windows. It can obtained from here.

03. Chaos Monkey

Chaos Monkey

Originally developed by Netflix and open-sourced later. It is AWS specific tool. What is does is connect to your AWS system and terminate instances randomly. So that you can observe your system in such worst case scenarios. The good thing about it is, it selects its “victims” by looking at a tag you provide. So if you don’t want a single node such as a database server, you can easily exclude it. Source code can be downloaded from here.

security yubikey


I love my Yubikey so much that I recently bought another one. I couldn’t find a good use for it yet but I’m sure I will someday :-)

If you don’t know what a Yubikey is, check out its vendor here. Basically it is a one-time password (OTP) generator. It has a USB input device. It doesn’t require batteries to operate so you can use one everywhere without having to worry about such issues. I’m trying to incorporate using it into my daily life so that I can leverage two-factor authentication as much as possible.

Today, I found another usage. Yubikey Wordpress plugin. By using this plugin now I can login to my blog using my password and OTP generated by Yubikey. Yubikey has a web API and the plugin calls the API to authenticate your device. To learn more about the settings visit the plugin’s site:

dev jmeter

One of the key goals when developing a web application is to make it scalable. Meaning that it should handle lots of traffic without hindering the performance. But most of the time we only care about performance when it becomes a problem and generally it’s then too late to make radical design changes. Therefore, an upfront automated load testing is very helpful to gauge your application’s performance and being aware of its limits. One popular tool used for load testing is JMeter.

JMeter Basics

  • Thread Group: Each thread acts like a single user. All elements must be under a thread group.
  • Listener: Allows access to the information gathered by JMeter. Some listener examples are Aggregate Report, Graph Report and Summary Report
  • Logical Controller: They allow you to add construct to control the flow of your tests such as If, While, ForEach
  • Sampler: They tell jMeter to send requests to server and wait for a response.

When you launch JMeter there are 2 items on the left menu: Test Plan and Workbench. Test Plan is the real deal. That is the actual sequence of events that are fired. Workbench is where you can store test elements.

Creating a load test plan can be accomplished in 2 simple steps:

  1. Create a thread group: Everything runs under a thread group. Think of each thread as a user.


  2. Insert an HTTP request: Set the host name and page you want to call.


That’s it! If all you need is to create some heavy load you can create a few different HTTP requests and start bombarding your server right away.

A trivia about the JMeter is that it is mentioned in the book titled “We Are Anonymous”. Apparently it can also be used as a DDoS tool!