Mon blog-notes à moi que j'ai

Blog personnel d'un sysadmin, tendance hacker

Compilation veille Twitter & RSS #2016-46

La moisson de liens pour la semaine du 14 au 18 novembre 2016. Ils ont, pour la plupart, été publiés sur mon compte Twitter. Les voici rassemblés pour ceux qui les auraient raté.

Bonne lecture

Security & Privacy

SHA-1 Certificates in Chrome
We’ve previously made several announcements about Google Chrome’s deprecation plans for SHA-1 certificates. This post provides an update on the final removal of support.
The SHA-1 cryptographic hash algorithm first showed signs of weakness over eleven years ago and recent research points to the imminent possibility of attacks that could directly impact the integrity of the Web PKI. To protect users from such attacks, Chrome will stop trusting certificates that use the SHA-1 algorithm, and visiting a site using such a certificate will result in an interstitial warning.
Mission Improbable: Hardening Android for Security And Privacy
After a long wait, the Tor project is happy to announce a refresh of our Tor-enabled Android phone prototype.
This prototype is meant to show a possible direction for Tor on mobile. While I use it myself for my personal communications, it has some rough edges, and installation and update will require familiarity with Linux.

System Engineering

Visualize Kubelet Performance with Node Dashboard
In Kubernetes 1.4, we introduced a new node performance analysis tool, called the node performance dashboard, to visualize and explore the behavior of the Kubelet in much richer details. This new feature will make it easy to understand and improve code performance for Kubelet developers, and lets cluster maintainer to decide configurations according to provided Service Level Objectives (SLOs).
LinkedIn’s Next-Generation Data Center Goes Live
Earlier this year we announced Project Altair, our massively scalable, next-generation data center design. We also announced our plans to build a new data center in Oregon, in order to be able to more reliably deliver our services to our members and customers. Today, we’d like to announce that our Oregon data center, featuring the design innovations of Project Altair, is fully live and ramped. The primary criteria when selecting the Oregon location were: procuring a direct access contract for 100% renewable energy, network diversity, expansion capabilities, and talent opportunities.
Infrastructure Update: Pushing the edges of our global performance
Dropbox has hundreds of millions of registered users, and we’re always hard at work to ensure our customers have a speedy, reliable experience, wherever they are. Today, I am excited to announce an expansion to our global infrastructure that will deliver faster transfer speeds and improved performance for our customers around the world.
How to solve anything in VCL, part 3: authentication and feature flags at the edge
In « How to solve anything » parts 1 and 2, we outlined how to use Varnish Configuration Language (VCL) to address some of your more challenging problems. In this post, we’ll discuss how Andrew Betts of the Financial Times uses advanced VCL to securely cache and serve authenticated and authorized content, and set up feature flags.
Performance Tuning HAProxy
In a recent article, I covered how to tune the NGINX webserver for a simple static HTML page. In this article, we are going to once again explore those performance-tuning concepts and walk through some basic tuning options for HAProxy.
How Urban Airship Scaled to 2.5 Billion Notifications During the U.S. Election
Urban Airship is trusted by thousands of businesses looking to grow with mobile. Urban Airship is a seven year old SaaS company and has a freemium business model so you can try it for free. For more information, visit Urban Airship now averages more than one billion push notifications delivered daily. This post highlights Urban Airship notification usage for the 2016 U.S. election, exploring the architecture of the system–the Core Delivery Pipeline–that delivers billions of real-time notifications for news publishers.


Monitoring items for uneven values, how odd is that?
As someone working in IT infrastructure, every now and then you are confronted with a problem that you are not certain how to solve. Often times I have found myself overthinking things and ending up with a complex solution that isn’t very elegant but get’s the job done.

Software Engineering

Circuit breaker, un pattern pour fiabiliser vos systèmes distribués (ou microservices) : partie 3
Maintenant que nous avons vu la théorie sur les précédents articles disponibles ici et ici, penchons-nous sur la pratique.
HTTP/2 : la transition est en marche! Quels changements pour le développeur front-end?
Nous l’avons annoncé il y a quelques semaines : notre outil de test de performance est maintenant pleinement compatible HTTP/2 et notre référentiel de bonnes pratiques de performance a été adapté pour prendre en compte les particularités de ce protocole. Je vous propose aujourd’hui de revenir en détail sur ce qui a motivé la naissance de HTTP/2, les changements majeurs apportés, mais aussi les différentes bonnes pratiques HTTP/1 dont nous allons devoir nous défaire!
Engineering Infrastructure at Scale: Test Tracking
This blog series describes the engineering infrastructure (technologies, processes, tools, and culture) that enables several hundred engineers across LinkedIn to innovate and release software continuously with agility, quality, and productivity. This post describes the analytics infrastructure across iOS, Android, web, and API.
In order to collect information on how members interact with LinkedIn apps and websites, we’ve built a powerful tracking infrastructure framework at LinkedIn. This framework has allowed us to assess whether new features are successful, to conduct business auditing, and to gain insight into member behavior in general. What we call « tracking » is also referred to as « metrics » or « analytics » at some companies.
Dans le Libre : la bifurcation (fork)
Dans cette série d’articles consacrés aux usages du Libre et après avoir abordé les principales étapes de la démarche du Libriste pour résoudre un problème (gratter ses propres démangeaisons) par la création puis l’utilisation d’un programme (manger ce que l’on prépare) puis enfin l’automatisation de sa conception et de son déploiement (tout automatiser), nous nous intéresserons à l’une des pratiques les controversées mais aussi des plus efficaces du Logiciel Libre : la bifurcation (fork en anglais).

Databases Engineering


A New Way To Ingest - Part 2
This is the second part of a two-part series about ingest nodes, a new feature in Elasticsearch 5.0.
In the first part we talked about what ingest nodes are, and how to configure and use them. In this second part we will focus on how to use ingest nodes as part of a deployment of the Elastic Stack.

MySQL & MariaDB

All You Need to Know About GCache (Galera-Cache)
Percona XtraDB Cluster is a multi-master topology, where a transaction executed on one node is replicated on another node(s) of the cluster. This transaction is then copied over from the group channel to Galera-Cache followed by apply action.
The cache can be discarded immediately once the transaction is applied, but retaining it can help promote a node as a DONOR node serving write-sets for a newly booted node.
So in short, GCache acts as a temporary storage for replicated transactions.
Scaling MySQL with TCP Load Balancing and Galera Cluster
We introduced TCP load balancing in NGINX Plus R5, and have continually added features in subsequent releases, as well as support for UDP load balancing. In this article we explore the key requirements for TCP load balancing and how NGINX Plus addresses them.
To explore the features of NGINX Plus we will use a simple test environment that represents the key components of an application with a scaled database backend. For complete instructions on building the test environment, see Appendix 1.

Data Engineering & Analytics

Open-Sourcing Yelp’s Data Pipeline
For the past few months we’ve been spreading the word about our shiny new Data Pipeline: a Python-based tool that streams and transforms real-time data to services that need it. We wrote a series of blog posts covering how we replicate messages from our MySQL tables, how we track schemas and compute schema migrations, and finally how we connect our data to different types of data targets like Redshift and Salesforce.
The Story of Batching to Streaming Analytics at Optimizely
Our mission at Optimizely is to help decision makers turn data into action. This requires us to move data with speed and reliability. We track billions of user events, such as page views, clicks and custom events, on a daily basis. To provide our customers with immediate access to key business insights about their users has always been our top most priority. Because of this, we are constantly innovating on our data ingestion pipeline.
Regression (LR and MLR) and differences, not for the Economy. Professional analyst should be able to answer these three questions.
To produce a regression analysis of inference that can be justified or trustworthy in the sense that helpful. The term in the statistical methods that generate a linear the best estimator is not bias (best linear unbiased estimator) abbreviated BLUE. Then there are some other things that are also important to note, in which the data to be processed, must meet certain requirements. In terms of statistical methods some terms or conditions of the so-called classical assumption test. Because they meet the assumptions of classical statistical coefficient will be obtained which actually became estimator of parameters that can be justified or accurate, among others:

Management & Organization

Etsy’s Debriefing Facilitation Guide for Blameless Postmortems
In 2012, I wrote a post for the Code As Craft blog about how we approach learning from accidents and mistakes at Etsy. I wrote about the perspectives and concepts behind what is known (in the world of Systems Safety and Human Factors) as the New View on « human error. » I also wrote about what it means for an organization to take a different approach, philosophically, to learn from accidents, and that Etsy was such an organization.