Mon blog-notes à moi que j'ai

Blog personnel d'un sysadmin, tendance hacker

Compilation veille Twitter & RSS #2016-44

La moisson de liens pour la semaine du 31 octobre au 4 novembre 2016. Ils ont, pour la plupart, été publiés sur mon compte Twitter. Les voici rassemblés pour ceux qui les auraient raté.

Bonne lecture

Security & Privacy

Why I don’t Use 2048 or 4096 RSA Key Sizes
I have used non-standard RSA key size for maybe 15 years. For example, my old OpenPGP key created in 2002. With non-standard key sizes, I mean a RSA key size that is not 2048 or 4096. I do this when I generate OpenPGP/SSH keys (using GnuPG with a smartcard like this) and PKIX certificates (using GnuTLS or OpenSSL, e.g. for XMPP or for HTTPS). People sometimes ask me why. I haven’t seen anyone talk about this, or provide a writeup, that is consistent with my views. So I wanted to write about my motivation, so that it is easy for me to refer to, and hopefully to inspire others to think similarily. Or to provoke discussion and disagreement — that’s fine, and hopefully I will learn something.

System Engineering

Orchestrator: Moving VIPs During Failover
In our previous post, we showed you how Orchestrator works. In this post, I am going to give you a proof-of-concept on how Orchestrator can move VIPs in case of failover. For this post, I’m assuming the Orchestrator is already installed and able to manage the topology.
Container Orchestration Thoughts
Since some time everybody (read developer) want to run his new microservice stacks in containers. I can understand that building and testing an application is important for developers.
One of the benefits of containers is, that developer (in theory) can put their new version of applications into production on their own. This is the point where operations is affected and operations needs to evaluate, if that might evolve into better workflow.
Run Nginx proxy in Docker container for HTTP/2
This is a really quick write-up on how I’ve been running HTTP/2 on my server for the last 2 months, despite having an OS that doesn’t support OpenSSL 1.0.2.

Software Engineering

Transcript de ma conférence « Notre environnement de développement n’est plus un bizutage! » au Forum PHP 2016 Paris
Le 27 octobre, j’étais présent au Forum PHP 2016 organisé par l’AFUP, pour une présentation intitulée « Notre environnement de développement n’est plus un bizutage! ». J’ai publié les slides il y a quelques jours et, si vous voulez en savoir plus, voici une tentative de transcript de cette conférence — c’est la première fois que je rédige un post de ce genre, je suis preneur de vos retours;-)
Circuit breaker, un pattern pour fiabiliser vos systèmes distribués (ou microservices) : partie 1
L’évolution des besoins (réductions des coûts et du time to market, concept d’ATAWAD (AnyTime, AnyWhere, AnyDevice)…) a mis en avant certaines architectures (architecture applicative cloud ready, architecture microservices, architecture distribuée…).
The Response Time Stretch Factor
Computer systems, and for that matter all types of systems that receive requests and process them, have a response time that includes some time waiting in queue if the server is busy when a request arrives. The wait time increases sharply as the server gets busier. For simple systems there is a simple equation that describes this exactly, but for more complicated systems this equation is only approximate. This has rattled around in my brain for a long time, and rather than keeping my notes private I’m sharing them here (although since I’m still trying to learn this stuff I may just be putting my ignorance on full display).
The Square Root Staffing Law
The square root staffing law is a rule of thumb derived from queueing theory, useful for getting an estimate of the capacity you might need to serve an increased amount of traffic.

Databases Engineering

Elasticsearch

How to resolve unassigned shards in Elasticsearch
In Elasticsearch, a healthy cluster is a balanced cluster: primary and replica shards are distributed across all nodes for durable reliability in case of node failure.
But what should you do when you see shards lingering in an UNASSIGNED state?

MySQL & MariaDB

Open-sourcing Rocksplicator, a real-time RocksDB data replicator
Pinterest’s stateful online systems process tens of petabytes of data every day. As we build products and scale billions Pins to 150 million people, we need new applications that work in a way where computation co-locates with data. That’s why we adopted RocksDB. It’s adaptable, supports basic and advanced database operations with high performance and meets the majority of requirements for building large-scale, production-strength distributed stateful services. Yet two critical pieces were missing for us: real-time data replication and cluster management for RocksDB-based stateful services. To fill this gap, we built a RocksDB replicator–Rocksplicator–a cluster management library, as well as tools for RocksDB-based stateful services. Today we’re open-sourcing the project on GitHub for all RocksDB users.
MySQL Server bootstrapping and dictionary initialization
In MySQL 8.0, we are making large changes to the way the MySQL server stores meta data with the introduction of our native data dictionary. As part of these improvements, we have also made changes to the way the server bootstraps. This blog post will explore what happens when the MySQL server starts, and in particular, how we initialize the transactional data dictionary. We have made changes in this area in several iterations, and we will point out the improvements in terms of functionality as well as implementation, and how we think this will enable further long-term improvements.
Dockerizing MySQL at Uber Engineering
Uber Engineering’s Schemaless storage system powers some of the biggest services at Uber, such as Mezzanine. Schemaless is a scalable and highly available datastore on top of MySQL¹ clusters. Managing these clusters was fairly easy when we had 16 clusters. These days, we have more than 1,000 clusters containing more than 4,000 database servers, and that requires a different class of tooling.

Vertica

Best Practices for Using LDAP Link with Vertica
So you’ve got LDAP Link configured, enabled, and working with Vertica, thus synchronizing LDAP users and groups with corresponding Vertica users and roles. You still have to manage users and roles in Vertica that you did not create with LDAP Link. The following graphic shows how your configuration might look.

Data Engineering & Analytics

Visualizing the Evolution
Evolutionary data is a collection of past events and circumstances. Understanding it can be extremely valuable, because it reveals history, brings insights to the present, and often times forecasts the future well. In this post we’ll outline some useful techniques for visualizing evolutionary data and provide tips to make a powerful impact.
How Bayesian Inference Works
Bayesian inference is a way to get sharper predictions from your data. It’s particularly useful when you don’t have as much data as you would like and want to juice every last bit of predictive strength from it.

Network Engineering

Introducing Community Cellular Manager: A management and deployment suite for small-scale cellular networks
At Facebook, we believe in empowering individuals and communities with the tools for communication. This is particularly relevant in rural areas, where traditional methods of building network infrastructure — such as centralized telecom roll-outs — are often infeasible for financial reasons.
An open approach for switching, routing, and transport
More and more people are connecting to the internet every day, and as new services like video and VR become more popular those people are using more and more bandwidth. These two factors are driving the need for more scalable and cost-effective infrastructure. To solve this challenge we need a combination of wireless connectivity with scalable and cost-effective backhaul infrastructure. The highest performing « bandwidth and reach » are still fiber-based technologies — in particular switching, routing, and transport DWDM technologies. Facebook is exploring new approaches in this space, focusing on packet-optical technologies.
The Death of Transit?
Geoff Huston discusses the possible demise of transit services and the rise of content networking.
I was struck at a recent NANOG meeting just how few presentations looked at the ISP space and the issues relating to ISP operations, and how many were looking at the data centre environment.