Path Building vs Path Verifying: The Chain of Pain
On the last Saturday in May, at 10:48 GMT, a time when most folks in the US were still sleeping, the self-signed AddTrust External CA Root certificate expired. This is usually ok because those are usually well prepare ahead of time and the new root cert should be added in your local trust store. Then servers will usually returns both of old (soon to be expired) and the new one so client can verify. But for old OpenSSL <= 1.0.2g, they always prefered to expired one so even though your system has the new root certs, it will try to verify with the expired root cert and cause error. Since the problem have a big impact, and many apps or IoT devices was down due to this, I throw in a few more resource. Fixing the Breakage from the AddTrust External CA Root Expiration has more practical info. This patch from Ubuntu explains background and what they done. And a crazy story of Partial RavenDB Cloud outage due to invalid certs and client cannot talk to serves since they won’t trust server anymore
Gentle introduction to GPUs inner workings
This article summarizes some lower level aspect of how GPU executes. Although GPU programming is not that complicated when compared to CPU, it also doesn’t match to what hardware is doing exactly. The reason is that we can’t just program GPU without some API, which is an abstraction over its inner workings.
Partitioning GitHub’s relational databases to handle scale
At its core, GitHub.com remained built around one main database cluster (called mysql1) that housed a large portion of the data used by core GitHub features, like user profiles, repositories, issues, and pull requests. They paritition data to reduce load up to 50% and share with us how they do it. A very good idea is use virtual partitions, before database tables can be moved physically, we have to make sure they are separated virtually in the application layer. It’a lession before we physically touch the data, we can experiment with logically data separation
Why we spent the last month eliminating PostgreSQL subtransactions
Gitlab journey to eliminates all
SAVEPOINT call in their SQL queries that causes slow query, high cpu/disk uo, lock up connections.
Fundamentally, the problem happens because a replica behaves differently from a primary when creating snapshots and checking for tuple visibility.
Zero-downtime Postgres schema migrations need this: lock_timeout and retries
When you deploy database schema changes, you are not protected from system downtime even if you have very high-level automation but don’t use very low values of lock_timeout (or statement_timeout) to acquire a lock on the DB objects that are subject to change and do not implement some kind of retry logic. It’s better to use short-timeout and have system retry running query when running DDL migrations.
Code to read
A concurrent rate limiter library for Golang based on Sliding-Window rate limiter algorithm.
Easily generate .docx files with JS/TS. Works for Node and on the Browser.
Simple and safe way to dynamically render error pages or JSON responses for Rails apps
Open-Source Web GUI for Apache Kafka Management
Help you to build wiki with just markdown of a git repo.
A Zanzibar-inspired database that stores, computes, and validates application permissions. Essentially allow us to define subject, action on object so we can answer questions like can this user(subject) edit(action) this post(object). Useful to delegata auth into a separate system. Similar project in this space is Oso
An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
a high-performance interactive 2D/3D data visualization library. VisPy leverages the computational power of modern Graphics Processing Units (GPUs) through the OpenGL library to display very large datasets
That's it for this round, have a great day! If you like this newsletter, please tell the world, or
tweet about this