La moisson de liens pour la semaine du 31 octobre au 4 novembre 2016. Ils ont, pour la plupart, été publiés sur mon compte Twitter. Les voici rassemblés pour ceux qui les auraient raté.
Security & Privacy
- Why I don’t Use 2048 or 4096 RSA Key Sizes
- I have used non-standard RSA key size for maybe 15 years. For example, my old OpenPGP key created in 2002. With non-standard key sizes, I mean a RSA key size that is not 2048 or 4096. I do this when I generate OpenPGP/SSH keys (using GnuPG with a smartcard like this) and PKIX certificates (using GnuTLS or OpenSSL, e.g. for XMPP or for HTTPS). People sometimes ask me why. I haven’t seen anyone talk about this, or provide a writeup, that is consistent with my views. So I wanted to write about my motivation, so that it is easy for me to refer to, and hopefully to inspire others to think similarily. Or to provoke discussion and disagreement — that’s fine, and hopefully I will learn something.
- Orchestrator: Moving VIPs During Failover
- In our previous post, we showed you how Orchestrator works. In this post, I am going to give you a proof-of-concept on how Orchestrator can move VIPs in case of failover. For this post, I’m assuming the Orchestrator is already installed and able to manage the topology.
- Container Orchestration Thoughts
- Since some time everybody (read developer) want to run his new microservice stacks in containers. I can understand that building and testing an application is important for developers.
One of the benefits of containers is, that developer (in theory) can put their new version of applications into production on their own. This is the point where operations is affected and operations needs to evaluate, if that might evolve into better workflow.
- Run Nginx proxy in Docker container for HTTP/2
- This is a really quick write-up on how I’ve been running HTTP/2 on my server for the last 2 months, despite having an OS that doesn’t support OpenSSL 1.0.2.
- Transcript de ma conférence « Notre environnement de développement n’est plus un bizutage ! » au Forum PHP 2016 Paris
- Le 27 octobre, j’étais présent au Forum PHP 2016 organisé par l’AFUP, pour une présentation intitulée « Notre environnement de développement n’est plus un bizutage ! ». J’ai publié les slides il y a quelques jours et, si vous voulez en savoir plus, voici une tentative de transcript de cette conférence — c’est la première fois que je rédige un post de ce genre, je suis preneur de vos retours ;-)
- Circuit breaker, un pattern pour fiabiliser vos systèmes distribués (ou microservices) : partie 1
- L’évolution des besoins (réductions des coûts et du time to market, concept d’ATAWAD (AnyTime, AnyWhere, AnyDevice)…) a mis en avant certaines architectures (architecture applicative cloud ready, architecture microservices, architecture distribuée…).
- The Response Time Stretch Factor
- Computer systems, and for that matter all types of systems that receive requests and process them, have a response time that includes some time waiting in queue if the server is busy when a request arrives. The wait time increases sharply as the server gets busier. For simple systems there is a simple equation that describes this exactly, but for more complicated systems this equation is only approximate. This has rattled around in my brain for a long time, and rather than keeping my notes private I’m sharing them here (although since I’m still trying to learn this stuff I may just be putting my ignorance on full display).
- The Square Root Staffing Law
- The square root staffing law is a rule of thumb derived from queueing theory, useful for getting an estimate of the capacity you might need to serve an increased amount of traffic.
- How to resolve unassigned shards in Elasticsearch
- In Elasticsearch, a healthy cluster is a balanced cluster: primary and replica shards are distributed across all nodes for durable reliability in case of node failure.
But what should you do when you see shards lingering in an UNASSIGNED state?
MySQL & MariaDB
- Open-sourcing Rocksplicator, a real-time RocksDB data replicator
- Pinterest’s stateful online systems process tens of petabytes of data every day. As we build products and scale billions Pins to 150 million people, we need new applications that work in a way where computation co-locates with data. That’s why we adopted RocksDB. It’s adaptable, supports basic and advanced database operations with high performance and meets the majority of requirements for building large-scale, production-strength distributed stateful services. Yet two critical pieces were missing for us: real-time data replication and cluster management for RocksDB-based stateful services. To fill this gap, we built a RocksDB replicator–Rocksplicator–a cluster management library, as well as tools for RocksDB-based stateful services. Today we’re open-sourcing the project on GitHub for all RocksDB users.
- MySQL Server bootstrapping and dictionary initialization
- In MySQL 8.0, we are making large changes to the way the MySQL server stores meta data with the introduction of our native data dictionary. As part of these improvements, we have also made changes to the way the server bootstraps. This blog post will explore what happens when the MySQL server starts, and in particular, how we initialize the transactional data dictionary. We have made changes in this area in several iterations, and we will point out the improvements in terms of functionality as well as implementation, and how we think this will enable further long-term improvements.
- Dockerizing MySQL at Uber Engineering
- Uber Engineering’s Schemaless storage system powers some of the biggest services at Uber, such as Mezzanine. Schemaless is a scalable and highly available datastore on top of MySQL¹ clusters. Managing these clusters was fairly easy when we had 16 clusters. These days, we have more than 1,000 clusters containing more than 4,000 database servers, and that requires a different class of tooling.
- Best Practices for Using LDAP Link with Vertica
- So you’ve got LDAP Link configured, enabled, and working with Vertica, thus synchronizing LDAP users and groups with corresponding Vertica users and roles. You still have to manage users and roles in Vertica that you did not create with LDAP Link. The following graphic shows how your configuration might look.
Data Engineering & Analytics
- Visualizing the Evolution
- Evolutionary data is a collection of past events and circumstances. Understanding it can be extremely valuable, because it reveals history, brings insights to the present, and often times forecasts the future well. In this post we’ll outline some useful techniques for visualizing evolutionary data and provide tips to make a powerful impact.
- How Bayesian Inference Works
- Bayesian inference is a way to get sharper predictions from your data. It’s particularly useful when you don’t have as much data as you would like and want to juice every last bit of predictive strength from it.
- Introducing Community Cellular Manager: A management and deployment suite for small-scale cellular networks
- At Facebook, we believe in empowering individuals and communities with the tools for communication. This is particularly relevant in rural areas, where traditional methods of building network infrastructure — such as centralized telecom roll-outs — are often infeasible for financial reasons.
- An open approach for switching, routing, and transport
- More and more people are connecting to the internet every day, and as new services like video and VR become more popular those people are using more and more bandwidth. These two factors are driving the need for more scalable and cost-effective infrastructure. To solve this challenge we need a combination of wireless connectivity with scalable and cost-effective backhaul infrastructure. The highest performing « bandwidth and reach » are still fiber-based technologies — in particular switching, routing, and transport DWDM technologies. Facebook is exploring new approaches in this space, focusing on packet-optical technologies.
- The Death of Transit?
- Geoff Huston discusses the possible demise of transit services and the rise of content networking.
I was struck at a recent NANOG meeting just how few presentations looked at the ISP space and the issues relating to ISP operations, and how many were looking at the data centre environment.