Mon blog-notes à moi que j'ai

Blog personnel d'un sysadmin, tendance hacker

Compilation veille Twitter & RSS #2016-30

La moisson de liens pour la semaine du 25 au 29 juillet 2016. Ils ont, pour la plupart, été publiés sur mon compte Twitter. Les voici rassemblés pour ceux qui les auraient raté.

Bonne lecture

Security & Privacy

Bringing HSTS to
For many years, we’ve worked to increase the use of encryption between our users and Google. Today, the vast majority of these connections are encrypted, and our work continues on this effort.
To further protect users, we’ve taken another step to strengthen how we use encryption for data in transit by implementing HTTP Strict Transport Security—HSTS for short—on the domain. HSTS prevents people from accidentally navigating to HTTP URLs by automatically converting insecure HTTP URLs into secure HTTPS URLs. Users might navigate to these HTTP URLs by manually typing a protocol-less or HTTP URL in the address bar, or by following HTTP links from other websites.
Protecting Android with more Linux kernel defenses
Android relies heavily on the Linux kernel for enforcement of its security model. To better protect the kernel, we’ve enabled a number of mechanisms within Android. At a high level these protections are grouped into two categories—memory protections and attack surface reduction.
[M.I.T.] Guide to Lock Picking
Le secret du crochetage de serrure tient en deux mots : c’est facile. N’importe qui peut apprendre comment crocheter une serrure.
One password reset to rule them all!
A company called Ecotricity recently launched a new app in the UK. They are a utility provider for your gas and electric but also run a nationwide network of charge points for electric vehicles that their new app will be used to control. Unfortunately there was a problem with the password reset process.

System Engineering

Distributed Resource Scheduling with Apache Mesos
Netflix uses Apache Mesos to run a mix of batch, stream processing, and service style workloads. For over two years, we have seen an increased usage for a variety of use cases including real time anomaly detection, training and model building batch jobs, machine learning orchestration, and Node.js based microservices. The recent release of Apache Mesos 1.0 represents maturity of the technology that has evolved significantly since we first started to experiment with it.
Migrating applications, clusters, and Kubernetes to etcd v3
Recently etcd v3.0 was released. This new version introduces a new v3 API that provides transactions, continuous event delivery, multi-versioned key-value storage, and more. Besides those features, the new etcd3 server delivers sustained high performance, as shown in various benchmarks.
This post explains how to migrate etcd clusters from v2 to the new v3, including the new etcdctl migrate subcommand for offline data migration. We also discuss migrating a Kubernetes cluster to use the new etcd v3. We distinguish between simple upgrades, which only replace binaries with the latest versions, and migrating, which means changing client applications and data to take advantage of new etcd v3 features.
What if you could run the same, everywhere?
Is multi-cloud a pipe dream? I think not!
From startups to enterprises, despite material increases in efficiency and the price to performance ratio of the compute, network and storage resources we all use, infrastructure continues to come at substantial cost. It can also be a real risk driver; each implementation choice affects future scalability, service level and flexibility of the services being built. It’s fair to say that « future-proofing » should be the primary concern of every system architect.
Performing A/B Testing with NGINX and NGINX Plus
When you are testing changes to an application, there are some factors you can measure only in a production environment rather than a development test bed. Examples include the effect of UI changes on user behavior and the impact on overall performance. A common testing method is A/B testing – also known as split testing – in which a (usually small) proportion of users is directed to the new version of an application while most users continue to use the current version.


Kubernetes Log Analysis with Fluentd, Elasticsearch and Kibana
Logging is one of the major challenges with any large deployment on platforms such as Kubernetes, but configuring and maintaining a central repository for log collection can ease the day-to-day operations. For that purpose, the combination of Fluentd, Elasticsearch, and Kibana can create a powerful logging layer on top of Kubernetes clusters.

Software Engineering

Microservices: Pros and Cons of Mono repos
Recently, there was an interesting question on Quora on Microservices – What companies use a mono repo but deploy as microservices?
The real question is hidden behind those words – Is it ok to use Mono repos to store Microservices code?
How to Address Database Change Scripts and Other Challenges of Continuous Delivery
DevOps (a portmanteau of development and operations) is a practice that emphasizes collaboration between software developers and other information-technology (IT) professionals while automating the process of software delivery and infrastructure changes.
DevOps focuses on organizational culture, while continuous delivery and continuous integrations are mainly about automation and tests, which require a trustworthy source control. An ever increasing number of organizations are implementing DevOps and continuous delivery process. They are fueled by reports of the benefits, which include quicker time to market, reduced costs and higher quality products.
Effective DevOps and continuous delivery must encompass the database, but the database represents some unique challenges not faced in the application. Here we will address some of these challenges and provide best practices to handle them.
Synchronous communication for microservices: current status and learnings
Since we started breaking our monolith and introduced a microservices architecture we rely a lot on synchronous request-response style communication. In this blog post we’ll go over our current status and some of the lessons we learned.
What exactly is an Event-loop?
Rather than doing another all-out performance post, I’ll look at some aspects of asynchronous I/O today instead: what it is at a high level, what it isn’t and why you would use it.
There aren’t many aspects of programming today that are as saturated with buzzwords and misinformation as asynchronous IO and some of the frameworks which build on top of this. If you work with server code which has to handle a nontrivial number of connections at the same time you’ve probably overheard people saying things like, « if this were nonblocking it’d be much faster » or « we’d get much better throughput with node.js », with ensuing nods and stroking of beards. Even after you’ve taken the plunge with node, people will implore you to « not block the event-loop! »- but the more JS meetups you go to, the less you can figure out why…
Making the Switch from Node.js to Golang
I’ve dabbled in JavaScript since college, made a few web pages here and there and while JS was always an enjoyable break from C or Java, I regarded it as a fairly limited language, imbued with the special purpose of serving up animations and pretty little things to make users go « ooh » and « aah ». It was the first language I taught anyone who wanted to learn how to code because it was simple enough to pick up and would quickly deliver tangible results to the developer. Smash it together with some HTML and CSS and you have a web page. Beginner programmers love that stuff.
Building Your Application for Cloud Portability - An Alternative Approach to Hybrid Cloud
In my previous post, I discussed the differences between hybrid cloud and cloud portability, as well as how to achieve true hybrid cloud deployments without compromising on infrastructure API abstraction, by providing several use cases for cloud portability.

Web performances

Website Speed Optimization Guide for Google PageSpeed Rules
Page Speed/Site speed is termed as the speed with which your site or its pages get opened. It can be described as « page load time » (the time it takes to fully display the content) or « time to first byte » (how long it takes for your browser to receive the first by of information from the web server). It doesn’t matter usually how we define page speed, the only important thing to consider here is how we can get pages work better and faster.

Databases Engineering

Advanced Postgres Performance Tips
You’ve added the INDEXes, both partial and covering. You’ve VACCUUM ANALYZEd. You JOINed and INNER JOINed everything to a single query. And yet, your report is still taking too long. What do you do when the low-hanging fruit has been harvested?
It’s time to get down and dirty with some of the lesser known SQL constructs in Rails land.


Random notes on improving the Redis LRU algorithm
Redis is often used for caching, in a setup where a fixed maximum memory to use is specified. When new data arrives, we need to make space by removing old data. The efficiency of Redis as a cache is related to how good decisions it makes about what data to evict: deleting data that is going to be needed soon is a poor strategy, while deleting data that is unlikely to be requested again is a good one.
Real-World Redis Tips
Redis might sound like it’s just a key/value store, but its versatility makes it a valuable Swiss Army knife for your application. Caching, queueing, geolocation, and more: Redis does it all. We’ve built (and helped our customers build) a lot of apps around Redis over the years, so we wanted to share a few tips that will ensure you get the most out of Redis, whether you’re running it on your own box or using the Heroku Redis add-on.


Security and Alerting for Elasticsearch: A Vandis Story (Part 2)
It’s just another day when Shield, Watcher, Marvel, and Beats help Vandis identify and resolve problems before their customers know anything’s amiss.

MySQL & MariaDB

Multiple MySQL Instances on a Single Machine
Typically, on a single machine (be it a physical or a virtual one) only a single MySQL instance (process) is running. This is perfectly ok for all those situations where a single instance is sufficient, like for storing small amounts of data (RedHat using MySQL for postfix, KDE using it for akonadi, …), as well as those where a dedicated machine per MySQL instance is appropriate (high CPU load, memory fully loaded, availability requirements).
Why Uber Engineering Switched from Postgres to MySQL
The early architecture of Uber consisted of a monolithic backend application written in Python that used Postgres for data persistence. Since that time, the architecture of Uber has changed significantly, to a model of microservices and new data platforms. Specifically, in many of the cases where we previously used Postgres, we now use Schemaless, a novel database sharding layer built on top of MySQL. In this article, we’ll explore some of the drawbacks we found with Postgres and explain the decision to build Schemaless and other backend services on top of MySQL.


The Right Tool for the Job: Using Apache Hadoop with Vertica for Big Data Analytics
I have an entrepreneur friend who used to carry a butter knife around. He claimed this « almighty » tool was the only one he ever needed! While the butter knife does serve a wide range of purposes (especially with a stretch of the imagination), in practice it doesn’t always yield optimal results. For example, as a screwdriver, it may work for common screws, but certainly not a Phillips (unless you push down very hard and hope not to strip the screw). As a hammer, you may be able to drive finishing nails, but your success and mileage may vary. As a pry bar, well, I think you get my point! Clearly one tool isn’t sufficient for all purposes – a good toolbox includes various tools each fulfilling a specific purpose.

Data Engineering & Analytic

Real-time Message-driven Service Oriented Architecture: Bringing the Boom!
At Strata+Hadoop World in London, MapR Director of Enterprise Strategy & Architecture Jim Scott talked about Real-time Hadoop: The Ideal Messaging System. You can watch his presentation here or read the post below to learn more
From Query Logs to Visualization
Researchers and scientists use data visualizations to better understand data and communicate results. Good visualizations can provide insight into a dataset that might otherwise be overlooked. In this post, we’ll go through the process of creating graphic insight from an abstract dataset by building an actual data visualization step-by-step.
Kafka Streams : encore un framework de stream processing?
Dans les papiers des ingénieurs de depuis 2015, Kafka 0.10 est sorti en mai 2016. Peu après la sortie de la version 0.9 qui introduisait principalement l’API Kafka Connect, la version 0.10 apporte elle un composant majeur : Kafka Streams.

Network Engineering

BGP Routing Tutorial Series, Part 2
In part 1 of this series, we established that BGP is the protocol used to route traffic across the interconnected Autonomous Systems (AS) that make up the Internet. We also looked at why effective BGP configuration is an important part of controlling your destiny on the Internet, and we covered some of the basic building-block concepts needed to understand what BGP does and how it does it. We’ll continue on that path in this post, adding more concepts and digging deeper into how BGP works and what makes it of value.

Management & Organization

OpsDev is coming
Developers, end users, investors, analysts and the competition were all eager to learn what Apple had in mind to maintain its leadership and market share at the recent WWDC in San Francisco. No new mind blowing product was announced, and Apple’s stock price actually fell. But there was a common theme that recurred throughout many sessions: user experience. Apple is continually aligning all products and apps so a user with multiple Apple products can have a seamless experience while switching from one device or app to another without losing the user’s context of what they are doing. Instead of focusing on the product features or product specs, the company focuses on its customers’ experiences. Apple has a knack for this kind of thinking. While its competitors are touting the large number of megapixels for their cameras and the number of cores in its newest smartphone model, Apple is comfortably showing beautiful, inspirational pictures taken by the iPhone without even mentioning any of the phone’s technical details.
Completed Staff Work: The Secret Management Technique to Empower Your Team
When I was introduced to the concept of Completed Staff Work, I felt like I had been handed a secret management technique. I had been a manager for several years and never heard of it, so it felt like a big secret when I did. And the idea simply exploded how I thought of my work as an engineering manager.
Three Principles to Get DevOps Right
Remember the days of quarterly product releases and updates? Thanks to DevOps, those days are gone and companies are able to release software continuously and consistently. With the help of automation and a turnaround of business culture, the development and deployment process has been changed for the better, allowing for increased speed and value.