We skipped one issue last week due to my personal workload on my side project, email forwarding service. I also get into a few blockchain projects recently and it was a lot to learn. We resume our schedule one day later :-).
Happy tuesday everyone. I hope you enjoy this issue, as much as I do.
On the last Saturday in May, at 10:48 GMT, a time when most folks in the US were still sleeping, the self-signed AddTrust External CA Root certificate expired. This is usually ok because those are usually well prepare ahead of time and the new root cert should be added in your local trust store. Then servers will usually returns both of old (soon to be expired) and the new one so client can verify. But for old OpenSSL <= 1.0.2g, they always prefered to expired one so even though your system has the new root certs, it will try to verify with the expired root cert and cause error. Since the problem have a big impact, and many apps or IoT devices was down due to this, I throw in a few more resource. Fixing the Breakage from the AddTrust External CA Root Expiration has more practical info. This patch from Ubuntu explains background and what they done. And a crazy story of Partial RavenDB Cloud outage due to invalid certs and client cannot talk to serves since they won’t trust server anymore
This article summarizes some lower level aspect of how GPU executes. Although GPU programming is not that complicated when compared to CPU, it also doesn’t match to what hardware is doing exactly. The reason is that we can’t just program GPU without some API, which is an abstraction over its inner workings.
HTTP Keep-Alive between a reverse proxy and an upstream server combined with some misfortunate downstream- and upstream-side timeout settings can make clients receiving HTTP 502s from the proxy.
At its core, GitHub.com remained built around one main database cluster (called mysql1) that housed a large portion of the data used by core GitHub features, like user profiles, repositories, issues, and pull requests. They paritition data to reduce load up to 50% and share with us how they do it. A very good idea is use virtual partitions, before database tables can be moved physically, we have to make sure they are separated virtually in the application layer. It’a lession before we physically touch the data, we can experiment with logically data separation
Gitlab journey to eliminates all
SAVEPOINT call in their SQL queries that causes slow query, high cpu/disk uo, lock up connections.
Fundamentally, the problem happens because a replica behaves differently from a primary when creating snapshots and checking for tuple visibility.
When you deploy database schema changes, you are not protected from system downtime even if you have very high-level automation but don’t use very low values of lock_timeout (or statement_timeout) to acquire a lock on the DB objects that are subject to change and do not implement some kind of retry logic. It’s better to use short-timeout and have system retry running query when running DDL migrations.
A concurrent rate limiter library for Golang based on Sliding-Window rate limiter algorithm.Go
Simple and safe way to dynamically render error pages or JSON responses for Rails appsRuby
Open-Source Web GUI for Apache Kafka Management
Help you to build wiki with just markdown of a git repo.
A Zanzibar-inspired database that stores, computes, and validates application permissions. Essentially allow us to define subject, action on object so we can answer questions like can this user(subject) edit(action) this post(object). Useful to delegata auth into a separate system. Similar project in this space is Oso
An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
a high-performance interactive 2D/3D data visualization library. VisPy leverages the computational power of modern Graphics Processing Units (GPUs) through the OpenGL library to display very large datasets
Better Dev Link