Open Policy Agent
Looks a lot like Smallstep.
policy  security  auth  soa  docker 
16 hours ago
The Rust Code of Conduct · The Rust Programming Language
A code of conduct that's simple and considered by those who know more than me to be pretty complete.
rust  codeofconduct  diversity  inclusion 
5 days ago
For completeness, here's a "framework" for making Lambda functions in Go.
aws  lambda  golang  sparta 
14 days ago
eawsy/aws-lambda-go-shim: Author your AWS Lambda functions in Go, effectively.
And this is the logical conclusion. This is a Go program using CGo and the Python C API to be even faster. I'm impressed.
aws  lambda  golang  python  c 
14 days ago
Understanding Container Reuse in AWS Lambda | AWS Compute Blog
This is about what I expected and can definitely be exploited to run Go programs (as the next few bookmarks will show).
aws  lambda  containers  performance 
14 days ago
Creating Effective Docker Images
Specific examples of smallest-possible Docker containers for a variety of runtime environments, including the separation of build and run containers. Thanks, Abby!
docker  containers 
17 days ago
Corda: Frictionless Commerce
Chain isn't the only one. This is the Java one.
blockchain  ledger  finance  corda  r3  dist  banking  crypto 
19 days ago
Revisions · Comparing the GPL v3 to the AGPL v3
Side-by-side diff of the GPL and AGPL.

Both: "Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate."
legal  license  opensource  gpl  agpl  diff 
20 days ago
Oh that's nice. Something to help you make HTML emails that will actually work.
html  email  design 
20 days ago
Explaining blockchain — how proof of work enables trustless consensus
Lofty parable motivating proof-of-work better than the Bitcoin paper does.
bitcoin  crypto  cryptocurrency  proofofwork 
20 days ago
The largest Git repo on the planet | Brian Harrys blog
Facebook's trials with Mercurial seem easier. Still. Super impressive.
git  microsoft  windows  gvfs 
22 days ago
Cthulhu: Organizing Go Code in a Scalable Repo
Their gta toolfor figuring out what needs to be rebuilt sounds rad.
golang  monorepo  digitalocean 
22 days ago
GitHub - 99designs/aws-vault: A vault for securely storing and accessing AWS credentials in development environments
A neat way to remove some, but not all, of the risks associated with AWS access keys on laptops.
aws  security  iam 
23 days ago
Aspires to be the Mac App Store but for Linux.
linux  packaging  flatpak  flathub 
23 days ago
Flatpak - the future of application distribution
A desktop-focused fat packaging scheme for Linux.
packaging  linux  desktop  flatpak 
23 days ago
halting problem : Dev v Ops
Good point: Distro packaging is never what I want for critical-path production software.
packaging  distros  linux 
23 days ago
community/container-runtime-interface.md at master · kubernetes/community · GitHub
Entrypoint to the documentation on CRI (Container Runtime Interface) which is Kubernetes' designated point of polymorphism for Docker, Rocket, and others.
kubernetes  cri  docker  rkt 
23 days ago
Intel® Clear Containers and CRI-O* – cri-o – Medium
A security-focused container variant that (miraculously) works with both Docker and Kubernetes.
security  containers  docker  kubernetes  cri-o  intel 
23 days ago
ferd.ca -> Tout est Terrible
Depressing. Motivating. Not a lot to offer as far as advice, though.
iot  software 
23 days ago
Using ZFS with LinuxKit and Moby | Matt-J.co.uk : Ramblings
This is ostensibly about ZFS but I want to keep a reference to it for the real working LinuxKit walkthrough.
linux  linuxkit  zfs 
23 days ago
secure-development-and-deployment/README.md at master · ukncsc/secure-development-and-deployment · GitHub
The UK government's distillation of some very primal security practices that should underpin every development methodology.
sdlc  sdl  security 
23 days ago
Chain | Enterprise Blockchain Infrastructure
This seems like entirely the right idea for the cryptocurrency genre.
crypto  banking  blockchain  finance  dist  ledger 
23 days ago
Introducing Sequence – Chain
A signed ledger as a service. This strikes me as a pretty smart "sell shovels" product. We certainly built exactly this software at Betable.
finance  ledger  accounting  crypto  sequence 
24 days ago
Meet The New DBA, Different From The Old
This really neatly explains why I wanted Slack's Storage Ops team not to have any DBAs (by the old definition) on it.
db  dba  ops  vividcortex 
24 days ago
The MySQL High Availability Landscape in 2017 (the Babies) - Percona Database Performance Blog
Third of a three-part series (with links to the first two) covering all sorts of technologies, some of which were new to me.
mysql  ha  dist 
25 days ago
Watchman A file watching service | Watchman
This might be a more robust dependency than the Go fsnotify package.
facebook  watchman  filesystem  inotify 
25 days ago
Scaling Mercurial at Facebook | Engineering Blog | Facebook Code
It's hard to argue with this performance. I'm actually bullish that it doesn't even necessarily require the level of server scale-out they have done for normal-scale.
facebook  hg  dvcs 
25 days ago
The TLA Home Page
I want to give this more of a college try when I'm back at work.
tla  tla+  tlaplus  formalmethods  design  verification  spec 
25 days ago
OMG SysML Home | OMG Systems Modeling Language
First, it's hilarious this group existed as OMG since 1989. But then it's rather a shame that there don't seem to be any tools in existence that can bridge the gap from SysML's existing userbase to the vim crowd.
sysml  uml  design  verification  formalmethods 
25 days ago
ANSYS SCADE Suite: Model-Based Development
This is the "programming environment" they used to build the software for the A380.
ansys  scade  aviation  safety  software  programming  verification  formalmethods 
25 days ago
The Coming Software Apocalypse - The Atlantic
"We already know how to make complex software reliable, but in so many places, we’re choosing not to." Sobering motivation to be better at our job.
programming  software  engineering  reliability 
25 days ago
Cubrick: Indexing Millions of Records per Second for Interactive Analytics
Facebook's real system analogous to MDDS. It sounds a bit like the idea of sparse POSIX files taken to their extreme conclusion.
facebook  cubrick  db  olap 
25 days ago
Ingestion, Indexing and Retrieval of High-Velocity Multidimensional Sensor Data on a Single Node
Exploration of how fast one can make the write path for high-cardinality sensor data. It reminds me a lot of Penelope. As an aside it also makes clear just how expensive serialization and deserialization really are.
kdtree  rtree  db  olap 
25 days ago
Automate tasks with Puppet Bolt™ | Puppet
I think this means the great MCollective experiment has produced a negative result.
puppet  puppetbolt  orchestration  ops 
4 weeks ago
BBR: Congestion-Based Congestion Control - ACM Queue
...rather than always assuming packet loss is due to congestion.
tcp  bbr  networking  congestion  performance  bufferbloat 
4 weeks ago
Leaky by Design – Hacker Noon
Wherein he equates breaking an SOA boundary with a leaky abstraction. Holds water to me.
programming  abstraction 
5 weeks ago
Zebras all the way down: The engineering challenges of the data path
New-to-me medical term: Zebra, which is a rare condition which may be mistaken for one or more common conditions.
ops  hardware  firmware  zerbra  monitoring  observability 
5 weeks ago
Short Story - Superiority - by Arthur C. Clarke
Tough not to see this as a parable for software companies given that I first encountered it in an account of what went wrong with Windows Vista but there are also shades of the Silver Bullet in here, too.
superiority  arthurcclarke  scifi 
5 weeks ago
Windows: a software engineering odyssey
Vignettes to remind us that everyone's build systems are a bit of a mess. Also some really fascinating self-hosting and bootstrapping problems here that present themselves to OS vendors.
microsoft  windows  build 
5 weeks ago
How to achieve low latency with 10Gbps Ethernet
Practical networking tips. Maybe some of these apply in the cloud.
networking  linux  solarflare  intel  performance  latency 
6 weeks ago
Toolkit for rolling your own TCP or whatever outside the kernel.
dpdk  networking  performance  linux  tcp  ip  udp 
6 weeks ago
ledger - Git at Google
A storage system from Google's Fuschia OS project. Offline-first and with transactional domains that remind me of Megastore.
google  fuschia  os  ledger  dist  db 
6 weeks ago
ScaleFT - The Zero Trust Security Company
What started as an SSH CA company is now billing itself in its marketing as the BeyondCorp company.
scaleft  ssh  ca  security  google  beyondcorp 
7 weeks ago
Key Vault | Microsoft Azure
Microsoft's cloud competitor to Amazon CloudHSM and/or KMS.
microsoft  azure  keyvault  hsm  crypto  security 
7 weeks ago
LogDevice: a distributed data store for logs | Engineering Blog | Facebook Code | Facebook
The "non-deterministic record placement" design reads as pretty compelling for write availability relative to Kafka.
facebook  logdevice  logging  dist 
7 weeks ago
Applied PKCS #11 — Python PKCS#11 documentation
Surprising general utility for a language-specific document.
crypto  pkcs11  python 
7 weeks ago
A rather full implementation of a key management service written in Go and using both a Go PKCS#11 library and Tiger Tonic.
golang  crypto  pkcs11  hsm  kms 
7 weeks ago
The kernel connection multiplexer [LWN.net]
A message-oriented network transport that uses BPF for framing semantics.
linux  kernel  networking  kcm  bpf 
8 weeks ago
Facebook's in-kernel TLS record encryption scheme that allows them to use sendfile(2) and such.
tls  ktls  linux  kernel  crypto  facebook 
8 weeks ago
src/crypto/tls/generate_cert.go - The Go Programming Language
Quick reference for self-signed X.509 certificates in Go.
golang  pki  x509  ca  crypto  security 
8 weeks ago
Borg, Omega, and Kubernetes - ACM Queue
This is a completely unjustified conflation: "A modern container is more than just an isolation mechanism: it also includes an image—the files that make up the application that runs inside the container. Within Google, MPM (Midas Package Manager) is used to build and deploy container images. The same symbiotic relationship between the isolation mechanism and MPM packages can be found between the Docker daemon and the Docker image registry. In the remainder of this article we use the word container to encompass both of these aspects: the runtime isolation and the image."

Of course, the computers just tend to themselves now: "Because well-designed containers and container images are scoped to a single application, managing containers means managing applications rather than machines."
google  borg  omega  kubernetes  containers  linux 
9 weeks ago
« earlier      
air amazon apache apartment api apollo apple apt architecture art audit automation aws backup bash beer bicycle bike blog book browser build business c c++ ca caching cassandra chef christmas chrome ci cli cloud cm compliance concurrency containers cooking crypto css culture cycling data date db debian debugging deploy deps design devops dist dns docker docs ec2 economics education ego email engineering extension facebook ffmpeg filesystem firefox flash flex flickr food fs funny fuse gcc geo git github gnu golang google gpg graphicsmagick graphite hack hadoop hardware hash heroku hiring history hosting howto html http humor ie innodb intel internet io java jenkins jpeg jquery js json jvm kernel kubernetes kv lambda legal linux logging lxc mac make management maps math me memcache memcached memory messaging metrics mfc microsoft monitoring mozilla music mysql nagios netflix networking nginx nodejs nsa oauth opensource openssl ops os osx packaging people performance perl photography php pki politics posix preseed privacy profiling programming provision proxy puppet python queue rails recipe redis regex replication research ruby s3 security sf sh shell slack soa socket software solaris songbird sql ssh ssl standards startup startups stl storage svn sxsw sysadmin tcp tech testing threading time tls twitter typography ubuntu ui unicode unix uploadr uploadr3 vc vcs video vim virtualbox visualization washu web web2.0 windows xpcom xul xulrunner yahoo

Copy this bookmark: