The kernel connection multiplexer [LWN.net]
A message-oriented network transport that uses BPF for framing semantics.
linux  kernel  networking  kcm  bpf 
2 days ago
Facebook's in-kernel TLS record encryption scheme that allows them to use sendfile(2) and such.
tls  ktls  linux  kernel  crypto  facebook 
2 days ago
src/crypto/tls/generate_cert.go - The Go Programming Language
Quick reference for self-signed X.509 certificates in Go.
golang  pki  x509  ca  crypto  security 
3 days ago
Borg, Omega, and Kubernetes - ACM Queue
This is a completely unjustified conflation: "A modern container is more than just an isolation mechanism: it also includes an image—the files that make up the application that runs inside the container. Within Google, MPM (Midas Package Manager) is used to build and deploy container images. The same symbiotic relationship between the isolation mechanism and MPM packages can be found between the Docker daemon and the Docker image registry. In the remainder of this article we use the word container to encompass both of these aspects: the runtime isolation and the image."

Of course, the computers just tend to themselves now: "Because well-designed containers and container images are scoped to a single application, managing containers means managing applications rather than machines."
google  borg  omega  kubernetes  containers  linux 
12 days ago
A unikernel OS with seemingly a lot of batteries included.
mirageos  ocaml  kernel  unikernel  os 
25 days ago
OK, I give up. Is Docker now Moby? And what is LinuxKit?
A little clearer understanding of how LinuxKit fits into the ecosystem of minimal OS tools.
linux  linuxkit  docker 
26 days ago
Google Is 2 Billion Lines of Code—And It’s All in One Place | WIRED
Including a promise at the end that Facebook and Google are working to make Mercurial scale like this.
google  piper  vcs  facebook  hg 
28 days ago
Comparison of Networking Solutions for Kubernetes — Comparison of Networking Solutions for Kubernetes 2 documentation
Seemingly well-done research but more useful as a series of pointers to some serious network performance tuning strategies.
linux  networking  kubernetes  docker  coreos  flannel  ipvlan 
28 days ago
SEC.gov | Investor Bulletin: Initial Coin Offerings
That feeling when it gets a little too real and people wearing suits show up.
bitcoin  ethereum  crypto  cryptocurrency  sec  regulations 
4 weeks ago
Mastering Programming
Advice on focus and organizing one's work.
4 weeks ago
GitHub - cncf/landscape: Cloud Native Landscape
A pretty nonsensically-organized list of products and services, many open-source, that one might plausibly slam together in the creation of a product today.
cncf  cloudnative  cloud  vendors  ops  saas  security 
4 weeks ago
What version control system does Google use, and why? - Quora
A little more on the experience of working with Piper at Google.
google  piper  programming  vcs 
5 weeks ago
iovisor/bcc: BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more
Big pile of Linux performance analysis tools with an underlying toolkit for building more.
linux  kernel  bcc  bpf  perf 
5 weeks ago
The SRE model – Jaana B. Dogan – Medium
This mostly served to reinforce just how different (and more advanced) Google is compared to the rest of us.
google  operations  sre 
7 weeks ago
Everyone is not Ops – Cindy Sridharan – Medium
I like this cautionary reminder that both NoOps and AllOps are absolutes that ignore large swaths of reality.
operations  engineering 
7 weeks ago
A framework (for each major OS) of all the categories of security risk that should be mitigated in a mature security program.
security  mitre  mitreattack  threatmodel 
9 weeks ago
AzureCopy to the Rescue for an S3 to Azure Blob Copy! – Cindy Gross: Small Bites of Big Data, Small Data, All Data
There's an Azure region that's 214 miles from Frankfurt which makes for a pretty compelling German disaster recovery site.
azure  cloud  dr  frankfurt  madgeburg  germany  eu  gdpr 
10 weeks ago
Spotting a Million Dollars in Your AWS Account · Segment Blog
Some good ideas in here, particularly the one about accounting for EBS volumes.
aws  billing  costmanagement  segment 
june 2017
Nick Craver - HTTPS on Stack Overflow: The End of a Long Road
I haven't read this in its entirety but it's a cornucopia of all the reasons "this should be easy" isn't accurate.
https  security  stackoverflow 
june 2017
This seems pretty obviously teed up to be the right way to route traffic within a Kubernetes cluster.
istio  envoy  kubernetes  dist  routing  loadbalancing  proxy 
may 2017
Image Packaging System — Project Kenai
Weird place for the IPS homepage but whatever.
sun  solaris  omnios  ips  packaging 
march 2017
Habitat - Automation That Travels with the App
Rumor confirmed that they basically had to build a Linux distribution to make this work. They also, perhaps oddly, threw some orchestration primitives into this.
chef  habitat  packaging  dist 
march 2017
OmniOS-specific docs about its usage of IPS.
omnios  solaris  ips  packaging 
march 2017
Build it all. This is Theo's philosophy and Chef's Habitat seems to share it.
kysty  omnios  packaging 
march 2017
Running containers without Docker - Julia Evans
As an incremental step between everything being in configuration management and everything being in Kubernetes, I think this makes a whole bunch of sense. There may even be a smaller increment to step through on the way.
docker  containers  ops  rkt 
february 2017
Google Online Security Blog: The foundation of a more secure web
I wonder what it would have been like to get into the CA game years ago like we considered.
pki  ssl  tls  crypto  security  trust  google 
february 2017
odeke-em/drive: Google Drive client for the commandline
The closest thing there's ever likely to be to an official Google Drive client for Linux. This is basically required equipment on a Chromebook if you ever need to really manipulate files sent to you via email.
google  googledrive  linux  chromebook 
january 2017
php - How to mark a build unstable in Jenkins when running shell scripts - Stack Overflow
Sometimes you really want a third state to go with SUCCESS and FAILURE. Here's how to do it without writing a real Jenkins plugin.
jenkins  ci  monitoring 
january 2017
Animated Engines - Home
Allspaw's right, this is a neat website.
engine  animation  engineering 
january 2017
Authenticator Plus
Potentially better and backup-friendly TOTP app.
security  2fa  authenticator  authenticatorplus  iphone  ios 
december 2016
Amazon Ion
A really neat serialization protocol that's self- describing like JSON or Avro but wire efficient like Protocol Buffers or Thrift and includes s-expressions. Only has C and Java libraries.
amazon  ion  serialization 
december 2016
How to get the touch pad working in Chromium OS | ArnoldTheBats World of Whimsy
I haven't done this and I don't want to but I feel the need to hold onto documentation of how to get my trackpad working fully.
chromeos  chromebook  apple  magictrackpad  trackpad  drivers  linux  synaptics 
november 2016
Weathering the Unexpected - ACM Queue
Failure as learning opportunity on a very large scale.
google  failure  testing  dirt 
november 2016
What Etsy Does When Things Go Wrong: A 7-Step Guide | Co.Design | business + design
Really good commentary on a very similar postmortem process to Slack's.
etsy  postmortem  ops 
november 2016
Lessons learned from reading postmortems
The obvious failure modes, especially process failures, are the ones that get you.
postmortem  failure  outage  ops 
november 2016
mrb: How to Sell SaaS
This is really good stuff. I wonder if the guy's firm is any good.
saas  marketing  gotomarket  sales  business 
november 2016
musl libc
Small is the new black, I guess.
musl  libc  linux 
november 2016
« earlier      
air amazon apache apartment api apollo apple apt architecture art audit automation aws backup bash beer bicycle bike blog book browser build business c c++ ca caching cassandra chef christmas chrome ci cli cloud cm compliance concurrency containers cooking crypto css culture cycling data date db debian debugging deploy deps design devops dist dns docker docs ec2 economics education ego email engineering extension facebook ffmpeg filesystem firefox flash flex flickr food fs funny fuse gcc geo git github gnu golang google gpg graphicsmagick graphite hack hadoop hardware hash heroku hiring history hosting howto html http humor ie innodb intel internet io java jenkins jpeg jquery js json jvm kernel kv legal linux logging lxc mac make management maps math me memcache memcached memory messaging metrics mfc microsoft monitoring mozilla music mysql nagios netflix networking nginx nodejs nsa oauth opensource openssl ops os osx packaging people performance perl photography php pki politics posix preseed privacy profiling programming provision proxy puppet python queue rails recipe redis regex replication research ruby s3 security sf sh shell slack socket software solaris songbird sql ssh ssl standards startup startups stl storage svn sxsw sysadmin tcp tech testing threading time tls twitter typography ubuntu ui unicode unix uploadr uploadr3 vc vcs video vim virtualbox visualization washu web web2.0 windows xpcom xul xulrunner yahoo

Copy this bookmark: