Mon blog-notes à moi que j'ai

Blog personnel d'un sysadmin, tendance hacker

Compilation veille Twitter & RSS #2016-48

La moisson de liens pour la semaine 28 novembre au 2 décembre 2016. Ils ont, pour la plupart, été publiés sur mon compte Twitter. Les voici rassemblés pour ceux qui les auraient raté.

Bonne lecture

Security & Privacy

Understanding CORS
RTFM… just kidding! There is no manual for the CORS (Cross-Origin Resource Sharing) specification. I really had you going there, didn’t I?
Email Security - DKIM
Domain Keys Identified Mail, or DKIM, is another security mechanism available to us that allows us to prevent spoofing or forging of emails from our domain. Using public key cryptography to assure the integrity and authenticity of emails, properly configured DKIM is an excellent protection.

System Engineering

GLB part 2: HAProxy zero-downtime, zero-delay reloads with multibinder
Recently we introduced GLB, the GitHub Load Balancer that powers GitHub.com. The GLB proxy tier, which handles TCP connection and TLS termination is powered by HAProxy, a reliable and high performance TCP and HTTP proxy daemon. As part of the design of GLB, we set out to solve a few of the common issues found when using HAProxy at scale.
Every Day Is Monday In Operations
We live in a world where our online services never sleep. Those of us who build and operate the services, however, do need to sleep—so ideally we build, monitor, alert on, and operate our services so that we can. Unfortunately, any service that is live 24/7 is in a state of change 24/7, and with change comes failures, escalations, and maybe even sleepless nights spent firefighting. Since our services must always be available, we must always be ready to answer the call. However, each problem solved is progress towards more restful nights in the future. Read on and we’ll share two war stories and lessons learned that explain why every day is Monday in operations.
Application Pauses When Running JVM Inside Linux Control Groups
Linux cgroups-based solutions (e.g., Docker, CoreOS) are increasingly being used to host multiple applications on the same host. We have been using cgroups at LinkedIn to build our own containerization product called LPS (LinkedIn Platform as a Service) and to investigate the impact of resource-limiting policies on application performance. This post presents our findings on how CPU scheduling affects the performance of Java applications in cgroups. We found that Java applications can have more and longer application pauses when using CFS (Completely Fair Scheduler) in conjunction with CFS Bandwidth Control quotas. During these pauses, the application is not responding to user requests, so this is a severe performance pain that we need to understand and address.
HPACK: the silent killer (feature) of HTTP/2
If you have experienced HTTP/2 for yourself, you are probably aware of the visible performance gains possible with HTTP/2 due to features like stream multiplexing, explicit stream dependencies, and Server Push.
There is however one important feature that is not obvious to the eye. This is the HPACK header compression. Current implementations of Apache and nginx servers, as well edge networks and CDNs using them, do not support the full HPACK implementation. We have, however, implemented the full HPACK in nginx, and upstreamed the part that performs Huffman encoding.

Software Engineering

Annotations on Document Previews
Location-specific feedback has always been fundamental to collaboration. At Dropbox, we’ve recognized this need and implemented annotations on document previews. Our goal was to allow users to provide focused and clear feedback by drawing rectangles and highlighting text on their documents. We ran into a few main challenges along the way: How do we ensure annotations can be drawn and rendered accurately on any kind of document, with any viewport size, and using any platform? How can we maintain isolation of user documents for security? How can we keep performance smooth and snappy? Below, I’m going to answer these questions and dive a bit deeper into how annotations work at Dropbox.
Asynchronous data exchanges, découpler avec classe – partie 1
Déporter des traitements lourds, transférer des logs, gérer des pics de charges, architecture réactive… Il existe de nombreux cas d’utilisation du design pattern Asynchronous data exchanges qui permet de gérer la communication de message en mode asynchrone.
On the C language, and performances
I recently gave a training to my co-workers, about the C language. Wasn’t really a training, but an introduction. With attendies really used to high level programing language, such as PHP, it was not very easy to teach some low level concepts, yet crucial to understand the power of information computation. This is mainly because we don’t cope with the same problems in low level languages, than in high.
Toggle Talk with Damian Brady
I sat down with Damian Brady, Solution Architect at Octopus Deploy for a conversation about his experience with feature toggles. He shared with me his tips for best practices, philosophies on when to flag and what he thinks the future of feature flagging will look like.
How to Manage Application Dependencies Like a Pro
As enterprises grow and scale to meet market demand, they’re finding it vital to move away from monolithic applications. Instead, a great number of organizations are transitioning to development architectures with many small components that allow them to release software much more quickly.

Web Performances

Testing with Realistic Networking Conditions
When testing performance for websites or apps that you are working on it is critical to test them with networking conditions that are representative of your users. That was one of the main reasons that I originally created WebPageTest so it was easy to test and demonstrate what performance looked like when pages were not being loaded on ultra-fast corporate networks.

Databases Engineering

DBAs, a priesthood no more
Companies have had and needed Database Administrators for years. Data is one of a business’s most important assets. That means many businesses, once they grow to the point where they must be able to rapidly scale, need someone to make sure that asset is well managed, performant for the product needs, and available to restore in case of disasters.

MySQL & MariaDB

Database Daily Ops Series: GTID Replication and Binary Logs Purge
This blog continues the ongoing series on daily operations and GTID replication.
Galera Cache (gcache) is finally recoverable on restart
This post describes how to recover Galera Cache (or gcache) on restart.
Recently Codership introduced (with Galera 3.19) a very important and long awaited feature. Now users can recover Galera cache on restart.
Using the InnoDB Buffer Pool Pre-Load Feature in MySQL 5.7
In this blog post, I’ll discuss how to use the InnoDB buffer pool pre-load feature in MySQL 5.7
Starting MySQL 5.6, you can configure MySQL to save the contents of your InnoDB buffer pool and load it on startup. Starting in MySQL 5.7, this is the default behavior. Without any special effort, MySQL saves and restores a portion of buffer pool in the default configuration. We made a similar feature available in Percona Server 5.5 – so the concept has been around for quite a while.

Data Engineering & Analytics

Artificial intelligence, revealed
It’s 8:00 am on a Tuesday morning. You’ve awoken, scanned the headlines on your phone, responded to an online post, ordered a holiday sweater for your mom, locked up the house, and are driving to work, listening to some great new music on the radio.
Difference Between Data Scientists, Data Engineers, and Software Engineers - According To LinkedIn
The differences between Data Scientists, Data Engineers, and Software engineers can get a little confusing at times. Thus, here is a guest post provided by Jake Stein, CEO at Stitch formerly RJ Metrics, which aims to clear up some of that confusion based upon LinkedIn data.

Management & Organization

Why You Need a Postmortem Process
Failure is inevitable. As engineers building and maintaining complex systems, we likely encounter failure in some form on a daily basis. Not every failure requires a postmortem, but if a failure impacts the bottom line of the business, it becomes important to follow a postmortem process. I say « follow a postmortem process » instead of « do a postmortem », because a postmortem should have very specific goals designed to prevent future failures in your environment. Simply asking the five whys to try and determine the root cause is not enough.
Building and Motivating Engineering Teams
I have agreed to give a guest lecture for a class at Yale, and they’ve asked me to speak about « building and motivating engineering teams » from the perspective of a smaller startup. The readings for my section include A Field Guide to Software Developers by Joel Spolsky. I remember reading it when it was first written. I admire Joel’s work, and the piece has many valuable takeaways.