Assorted Links

Friday 2024-04-19 Assorted Links
Assorted Links links
Published: 2024-04-19
Friday 2024-04-19 Assorted Links

Assorted links for Friday, April 19:

  1. APIs as infrastructure: future-proofing Stripe with versioning
  2. Versioning releases from a monorepo
  3. Securing the Supply Chain of Nothing
  4. Does the GitOps Emperor Have No Clothes?
  5. Ninja Van’s monitoring stack
  6. Continuous Load Testing: Building a culture of performance with Koi Pond
  7. Open Source Software (OSS) Secure Supply Chain (SSC) Framework Simplified Requirements
  8. Git’s database internals I: packed object store
  9. Scaling Git’s garbage collection
  10. Viewing the world as a computer: Global capacity management
Thursday 2024-04-18 Assorted Links
Assorted Links links
Published: 2024-04-18
Thursday 2024-04-18 Assorted Links

Assorted links for Thursday, April 18:

  1. How to Roll Your Kafka Cluster With Zero Downtime and No Data Loss
  2. Risk Assessments for AWS Access are Not Just for Large Companies
  3. How DoorDash Governs Its Infrastructure with Open Policy Agent
  4. State of AWS Security: A Look Into Real-World AWS Environments
  5. The Future of Ops Is Platform Engineering
  6. Announcing the 2022 Accelerate State of DevOps Report: A deep dive into security
  7. What’s Inside Of a Distroless Container Image: Taking a Deeper Look
  8. The Art of Logging: Creating a human- and machine-friendly logging format
  9. How to select technology for Data Mesh
  10. Enabling static analysis of SQL queries at Meta
Wednesday 2024-04-17 Assorted Links
Assorted Links links
Published: 2024-04-17
Wednesday 2024-04-17 Assorted Links

Assorted links for Wednesday, April 17:

  1. Introducing Wolfi: The first Linux (un)distro designed for securing the software supply chain
  2. The Top 5 kubectl Plugins by GitHub Stars
  3. Why and How eBay Pivoted to OpenTelemetry
  4. Boosting Kubernetes container runtime observability with OpenTelemetry
  5. Common mistakes in DevOps metrics
  6. Container Tools, Tips, and Tricks - Issue #2
  7. Introducing Finch: An Open Source Client for Container Development
  8. Seeing through hardware counters: a journey to threefold performance increase
  9. The Evolution of DevOps
  10. The Importance of Just-in-Time Access for Least Privilege in the Cloud
Tuesday 2024-04-16 Assorted Links
Assorted Links links
Published: 2024-04-16
Tuesday 2024-04-16 Assorted Links

Assorted links for Tuesday, April 16:

  1. Shared Responsibility Model
  2. Estimating the effort to build a Bazel CI/CD
  3. The Secret Sauce of Tik-Tok’s Recommendations
  4. Tulip: Modernizing Meta’s data platform
  5. How the GitHub Docs team uses GitHub Projects
  6. io_uring and networking in 2023
  7. The technology behind GitHub’s new code search
  8. Fast and Furious: Doubling Down on SBOM Drift
  9. How DoorDash Upgraded a Heuristic with ML to Save Thousands of Canceled Orders
  10. How to Increase Deployment Observability and Simplify Deployment Pipelines
Monday 2024-04-15 Assorted Links
Assorted Links links
Published: 2024-04-15
Monday 2024-04-15 Assorted Links

Assorted links for Monday, April 15:

  1. cURL audit: How a joke led to significant findings
  2. Incident travel time: The real investment is how fast you get there
  3. Introducing Hermes, An Open Source Document Management System
  4. Unreadable Metrics: Why You Can’t Find Anything in Your Monitoring Dashboards: A Guide to Effective Dashboard Design for DevOps and SRE
  5. A Complete Guide to Google’s Core Web Vitals and How to Optimize Them
  6. What Are Structured Logs and How Do They Improve Performance?
  7. The life of a DNS query in Kubernetes
  8. Building a Staging Environment for Data Teams
  9. Getting Started With Java Development in 2023 — An Opinionated Guide
  10. Fairness in multi-tenant systems
Friday 2024-04-12 Assorted Links
Assorted Links links
Published: 2024-04-12
Friday 2024-04-12 Assorted Links

Assorted links for Friday, April 12:

  1. Software Supply Chain Attestation the Easy Way
  2. How Many Is Too Much? Exploring Costs of Coordination During Outages
  3. How We Keep Our Government Apps Running With High Reliability: A Peek at Our Incident Management Strategy
  4. Infrastructure as Code is Not the Answer!
  5. 20 Terraform Best Practices to Improve your TF workflow
  6. SBoMs with Dracon, cheaper, faster, more accurate, better
  7. The State of Secrets Sprawl 2023
  8. The COGS Problem
  9. Presets for bazelrc
  10. The Biggest Cloud Native Strategy Mistake
Thursday 2024-04-11 Assorted Links
Assorted Links links
Published: 2024-04-11
Thursday 2024-04-11 Assorted Links

Assorted links for Thursday, April 11:

  1. GNU Stow 2.4.0 released – I use stow whenever I’m installing custom-compiled software.
  2. Security Vulnerability of HTML Emails

    The email your manager received and forwarded to you was something completely innocent, such as a potential customer asking a few questions. All that email was supposed to achieve was being forwarded to you. However, the moment the email appeared in your inbox, it changed. The innocent pretext disappeared and the real phishing email became visible. A phishing email you had to trust because you knew the sender and they even confirmed that they had forwarded it to you.

  3. Improved Alerting with Atlas Streaming Eval
  4. Why choose sum types over exceptions?
  5. Refresh vs. Long-lived Access Tokens
  6. Why you should use io_uring for network I/O
  7. Clocks and Causality - Ordering Events in Distributed Systems
  8. Twitter’s Recommendation Algorithm
  9. Introducing self-service SBOMs
  10. Practical tips for rightsizing your Kubernetes workloads
Wednesday 2024-04-10 Assorted Links
Assorted Links links
Published: 2024-04-10
Wednesday 2024-04-10 Assorted Links

Assorted links for Wednesday, April 10:

  1. Windows debugger trick: Breaking when a specific debugger message is printed
  2. Security research without ever leaving GitHub: From code scanning to CVE via Codespaces and private vulnerability reporting
  3. Developers with AI assistants need to follow the pair programming model
  4. How Copilot is being used by the Time Travel Debugging team for repetitive C++ coding
  5. Anatomy of a credit card rewards program
  6. How do mixture-of-experts layers affect transformer models?
  7. What is retrieval-augmented generation, and what does it do for generative AI?
  8. Timeline of the xz open source attack
  9. Bullying in Open Source Software Is a Massive Security Vulnerability
  10. Reverse Searching Netflix’s Federated Graph
Tuesday 2024-04-09 Assorted Links
Assorted Links links
Published: 2024-04-09
Tuesday 2024-04-09 Assorted Links

Assorted links for Tuesday, April 9:

  1. OpenBSD system-call pinning
  2. The Rise and Fall of Silicon Graphics
  3. Fine-grained RBAC for GitHub Action workflows With GitHub OIDC and HashiCorp Vault
  4. Using the Platform Engineering Maturity Model to Understand the Commitment Required for an Internal Developer Platform
  5. Best practices for monitoring software testing in CI/CD
  6. File Monitoring with eBPF and Tetragon (Part 1)
  7. Documentation as code: Principles, workflow, and challenges
  8. The lifecycle of a code AI completion
  9. What we know about the xz Utils backdoor that almost infected the world
  10. Bringing enterprise-level security and even more power to GitHub-hosted runners
Monday 2024-04-08 Assorted Links
Assorted Links links
Published: 2024-04-08
Monday 2024-04-08 Assorted Links

Assorted links for Monday, April 8:

  1. GNU Coreutils 9.5 Can Yield 10~20% Throughput Boost For cp, mv & cat Commands: The speed increase is by increasing the default block size from 128KiB to 256KiB. Anyone still working in 4KiB or 64KiB blocks? Time to increase!
  2. Biden orders every US agency to appoint a chief AI officer

    As chief AI officers, appointees will serve as senior advisers on AI initiatives, monitoring and inventorying all agency uses of AI. They must conduct risk assessments to consider whether any AI uses are impacting “safety, security, civil rights, civil liberties, privacy, democratic values, human rights, equal opportunities, worker well-being, access to critical resources and services, agency trust and credibility, and market competition,” OMB said.

  3. Oregon Just Passed a Monumental ‘Right to Repair’ Law

    [W]hat sets this Oregon law apart from the other three states is that is bans “parts pairing,” a term that describes when companies prevent unauthorized parts from functioning in their devices.

  4. Bing on .NET 8: The Impact of Dynamic PGO: .NET continues to deliver significant performance improvements release after release, with near-perfect backwards compatibility.
  5. Google says running AI models on phones is a huge RAM hog: Is it possible that the largest barrier to Artificial General Intelligence (AGI) will be the amount of computing resources (RAM, GPU, electricity, etc.) necessary to run it?
  6. Why the Department of Justice Cares About Green Bubbles on iPhones
  7. Garbage Collection for Systems Programmers
  8. Making AI powered .NET apps more consistent and intelligent with Redis
  9. Improvements to static analysis in the GCC 14 compiler
  10. Running local tools installed by Bazel