Mon blog-notes à moi que j'ai

Blog personnel d'un sysadmin, tendance hacker

Compilation veille Twitter & RSS #2016-45

La moisson de liens pour la semaine du 7 au 11 novembre 2016. Ils ont, pour la plupart, été publiés sur mon compte Twitter. Les voici rassemblés pour ceux qui les auraient raté.

Bonne lecture

Security & Privacy

Ethics of RIPE Atlas Measurements
This article is intended to make RIPE Atlas users aware of ethical issues that could arise when using RIPE Atlas. We do not intend to propose any new formal processes or procedures to address the relevant ethical issues, but we do want to encourage members of the RIPE Atlas community to consider the ethical impact of their behaviour when using RIPE Atlas.
A step towards better Web API authentication
The Fastly API is an integral part of our CDN, as one of our main focuses is to provide a great developer experience — using our APIs, customers are able to instantly reflect configuration changes, purge content, and perform anything that is available on the Fastly control panel from their application. A natural concern with such powerful convenience is security, such as leaked credentials or a compromised, over-privileged API client. Hence, a flexible, scalable, and secure authentication and authorization mechanism is crucial for developers to confidently embrace a Web API. In this blog post, I’ll cover API tokens, our new API authentication method.

System Engineering

Installer un registry Docker privé et multiarch
Un registry Docker privé, c’est pratique! Mais s’il est en plus multiarch, c’est parfait! Pourquoi faire? Pour par exemple pouvoir installer avec le même docker pull une image x86 ou une image arm.
Mais encore? Si votre cluster Kubernetes est composé de noeuds x86 et de noeuds arm et que vous faites un daemonset, il est plutôt indispensable de pouvoir pointer sur une image unique;-) (c’est aussi valable pour du Swarm, du déploiement via du compose…).
The QuickBooks Platform
The QuickBooks ecosystem is the largest small business SaaS product. The QuickBooks Platform supports bookkeeping, payroll and payment solutions for small businesses, their customers and accountants worldwide. Since QuickBooks is also a compliance & tax filing platform, consistency in reporting is extremely important.. Financial reporting requires flexibility in queries – a given report may have dozens of different dimensions that can be tweaked. Collaboration requires multiple edits by employees, Accountants and Business owners at the same time, leading to potential conflicts. All this leads to solving interesting scaling problems at Intuit.
Aller plus loin avec Docker Swarm
Cela fait un petit moment que je n’ai pas écrit d’article, on va donc reprendre en douceur et se monter un petit cluster Swarm de 3 noeuds sur des VMs DigitalOcean. Nous monterons ensuite un cluster GlusterFS afin de partager les volumes de nos containers entre nos VMs puis finalement nos déploierons un site WordPress exposé en HTTPS grâce à Traefik.
Dans le Libre : tout automatiser
Dans le précédent article de cette série Dans le Libre : manger ce que l’on prépare soi-même, nous avons vu pourquoi dans une démarche de Libriste visant à régler un problème par l’utilisation ou l’écriture d’un programme, il était crucial pour améliorer et rendre plus flexible ledit programme de l’utiliser soi-même autant que faire se peut.


Monitoring in the Kubernetes era
This post is Part 1 of a 4-part series about Kubernetes monitoring. Part 2 explores Kubernetes metrics and events you should monitor, Part 3 covers the different ways to collect that data, and Part 4 details how to monitor Kubernetes performance with Datadog.
Monitoring Kubernetes performance metrics
This post is Part 2 of a 4-part series about Kubernetes monitoring. Part 1 discusses how Kubernetes changes your monitoring strategies, this post breaks down the key metrics to monitor, Part 3 covers the different ways to collect that data, and Part 4 details how to monitor Kubernetes performance with Datadog.
As explained in Part 1, using Kubernetes for container orchestration requires a rethinking of your monitoring strategy. But if you use the proper tools, know which metrics to track, and know how to interpret performance data, you will have good visibility into your containerized infrastructure and its orchestration. This part of the series digs into the different metrics you should monitor.
How to collect and graph Kubernetes metrics
This post is Part 3 of a 4-part series about Kubernetes monitoring. Part 1 discusses how Kubernetes changes your monitoring strategies, Part 2 explores Kubernetes metrics and events you should monitor, this post covers the different ways to collect that data, and Part 4 details how to monitor Kubernetes performance with Datadog.
Part 2 digs into the different data you should track so you can properly monitor your container infrastructure as orchestrated by Kubernetes. In this post you will learn how you can manually set up metric collection, storage, and visualization using free, open source tools.

Software Engineering

PHP 7 at Tumblr
At Tumblr, we’re always looking for new ways to improve the performance of the site. This means things like adding caching to heavily used codepaths, testing out new CDN configurations, or upgrading underlying software.
Recently, in a cross-team effort, we upgraded our full web server fleet from PHP 5 to PHP 7. The whole upgrade was a fun project with some very cool results, so we wanted to share it with you.
Circuit breaker, un pattern pour fiabiliser vos systèmes distribués (ou microservices) : partie 2
Lors de l’article précédant, nous avons vu quelques solutions possible pour résoudre la gestion des dépendances (externe ou interne) qui peuvent (et le seront tôt ou tard) défaillantes lors de l’exécution de notre application.
Regardons d’un peu plus près le design pattern circuit breaker.
How to Write an Effective Bug Report That Actually Gets Resolved (and Why Everyone Should)
I want you to take a moment and make a mental note of all the software you use on your computer or phone. Which percentage of the software did you pay for? 50%? 20%? 0%? Chances are if you’re anything like me, most of the software you use, you got for free. I use almost exclusively open source software. Just because I use free software, however, does not mean that the software did not come at a cost. Thousands of developer hours went into each piece of software I use.
Free or not, good software makes our lives better. That is why we use it. So what can we do to give back to the developers who are adding value to our lives? A thank you email perhaps? Donate via PayPal to the developers (even better)? Become a ravenous fan who tweets and instagrams incessantly about the awesome software?

Databases Engineering

MySQL & MariaDB

Checking if a Slave Has Applied a Transaction from the Master
In this blog post, we will discuss how we can verify if an application transaction executed on the master has been applied to the slaves.
In summary, is a good practice to alleviate the load on the master by doing reads on slaves. It is acceptable in most of the cases to just connect on slaves and issue selects. But there are some cases we need to ensure that the data we just applied on our master has been applied on the slaves before we query it.
Changing the Tablespace Directory with pt-online-schema-change
In this blog, we’ll discuss changing the tablespace directory using pt-online-schema-change.
One of the most annoying situations in the life of a DBA is realizing that the disk where the datadir resides is running out of space. If you’re lucky enough to run over an LVM volume or a RAID (depending on the level, though), it is easy to add disk space. But what if you are not that lucky, and your datadir is running on a single disk? Not so funny!


Customize Your Security Authentication in Vertica
If you find yourself, as the Vertica database administrator, locked out of your database account, it usually happens for one of two reasons: either you’ve forgotten your password, or your authentication is not working. Either way, this can be a frustrating situation. This blog discusses how you can customize authentication methods in Vertica.

Data Engineering & Analytics

Accelerating innovation and powering new experiences with AI
Facebook’s long-term roadmap is focused on building foundational technologies in three areas: connectivity, artificial intelligence, and virtual reality. We believe that major research and engineering breakthroughs in each of these areas will help us make more progress toward opening the world to everyone over the next decade.
Our work in AI is helping us move all these projects forward. We’re conducting industry-leading research to help drive advancements in AI disciplines like computer vision, language understanding, and machine learning. We then use this research to build infrastructure that anyone at Facebook can use to build new products and services. We’re also applying AI to help solve longer-term challenges as we push forward in the fields of connectivity and VR. And to accelerate the impact of AI, we’re tackling the furthest frontiers of research, such as teaching computers to learn like humans do — by observing the world.
Delivering real-time AI in the palm of your hand
As video becomes an even more popular way for people to communicate, we want to give everyone state-of-the art creative tools to help you express yourself. We recently began testing a new creative-effect camera in the Facebook app that helps people turn videos into works of art in the moment. That technique is called « style transfer. » It takes the artistic qualities of one image style, like the way Van Gogh paintings look, and applies it to other images and videos. It’s a technically difficult trick to pull off, normally requiring the content to be sent off to data centers for processing on big-compute servers — until now. We’ve developed a new deep learning platform on mobile so it can — for the first time — capture, analyze, and process pixels in real time, putting state-of-the-art technology in the palm of your hand. This is a full-fledged deep learning system called Caffe2Go, and the framework is now embedded into our mobile apps. By condensing the size of the AI model used to process images and videos by 100x, we’re able to run various deep neural networks with high efficiency on both iOS and Android. Ultimately, we were able to provide AI inference on some mobile phones at less than 1/20th of a second, essentially 50 ms — a human eye blink happens at 1/3rd of a second or 300 ms.
An overview of gradient descent optimization algorithms
Gradient descent is one of the most popular algorithms to perform optimization and by far the most common way to optimize neural networks. At the same time, every state-of-the-art Deep Learning library contains implementations of various algorithms to optimize gradient descent (e.g. lasagne’s, caffe’s, and keras’documentation). These algorithms, however, are often used as black-box optimizers, as practical explanations of their strengths and weaknesses are hard to come by.
Introducing Live Data Management – A New Era for Data and Analytics
Since our founding, Treasure Data has been on a mission to simplify data management, and today with the launch of the first-ever Live Data Management platform, we have reached a major milestone on that journey.

Network Engineering

IPv6 Inside LinkedIn Part III: The Elephant in the Room
The LinkedIn site has been available to the public over IPv6 since 2014, and our employees have been able to browse the internet over IPv6 for even longer. In Part I of this series, we explained why we decided to move our internal network over to IPv6. In Part II, we looked at the challenges we faced when we began to enable dual stack in our data centers (with the goal of one day removing IPv4 altogether). In this final post, we’ll look at how to install and manage servers (and other devices) on IPv6-only networks, as well as considering IPv6 from a software engineering point of view. We have not yet built an IPv6-only data center, but this post describes our progress towards that goal.
The Internet is Hostile: Building a More Resilient Network
In a recent post we discussed how we have been adding resilience to our network.
The strength of the Internet is its ability to interconnect all sorts of networks — big data centers, e-commerce websites at small hosting companies, Internet Service Providers (ISP), and Content Delivery Networks (CDN) — just to name a few. These networks are either interconnected with each other directly using a dedicated physical fiber cable, through a common interconnection platform called an Internet Exchange (IXP), or they can even talk to each other by simply being on the Internet connected through intermediaries called transit providers.
Introducing Backpack: Our second-generation modular open switch
Facebook is making it possible for people to create and share new immersive experiences using video and VR, and by some estimates video will make up 75 percent of the world’s mobile data traffic by 2020. With the onset of these new services, we need to make sure our global infrastructure is designed to handle richer content at faster speeds. To meet these current requirements and any future bandwidth demands, we’re working toward the 100G data center.

Management & Organization

10 DevOps Interview Questions to Gauge a Candidate’s Real Knowledge
DevOps is not a new term in the IT world — it has been around for almost ten years. But interestingly enough, as old as the field is, DevOps is still defining itself.
The ever-evolving definition of DevOps is also challenging from an HR perspective, and DevOps managers are increasingly dealing with the challenge of defining DevOps roles within their organizations and finding DevOps talent.