Work-in-progress implementation of SPIFFE.
spiffe  spire  identity  security  ops  dist 
3 days ago
Identity framework that directly addresses the disconnect between server identity and process identity in modern systems.
spiffe  identity  security  ops  dist 
3 days ago
Crypto-Gram: February 15, 2017 - Schneier on Security
Some really compelling thoughts on IoT security, externalities, and policy.
iot  security  policy 
9 days ago
Debugging an evil Go runtime bug - marcan.st
Good story but most worth it for the talk of gen_initramfs_list.sh.
golang  linux  kernel  initrd  initramfs 
9 days ago
Gruntwork | DevOps as a Service
Pay-to-play infrastructure code sharing.
gruntwork  aws  terraform  packer  ops 
14 days ago
higebu/packer-alpine: Alpine Linux Packer template
I tried to bend this into AWS but it didn't go well.
packer  alpine  linux  aws  ec2 
14 days ago
Unikernels are unfit for production | Joyent
The dissenting opinion which, at least in the medium-term, I believe. I'm not yet willing to bet my instrumentation is _that good_.
15 days ago
unigornel/unigornel: A library operating system for Go
This one's actually aspiring to be written in Go, too.
golang  unikernel 
15 days ago
SPIFFE (Secure Production Identity Framework For Everyone) might have a lot of the properties I've been dreaming about for identity bootstrapping.
spiffe  identity  security  pki  x509  authentication  authorization  acl 
16 days ago
Curiously, this doesn't mention anything about Grub Legacy. I wonder if that was ever truly the problem.
aws  ec2  ami  linux  linuxfromscratch 
17 days ago
Linux From Scratch on EC2
I tried, and failed, to do this but I am still very interested.
aws  ec2  linux  linuxfromscratch 
17 days ago
Unikernels - Rethinking Cloud Infrastructure
I like so much about the unikernel architecture and the idea of a "library operating system" but the arc towards Kubernetes et al requires more software underneath the application than just a hypervisor.
unikernel  kernel  linux  mirageos 
17 days ago
How to Monitor the SRE Golden Signals – DevOpsLinks: The Must-Read Publication for Aspiring DevOps Professionals – Medium
Not super enlightening on the theory front but it's a good treasure map that can help bypass a whole bunch of man pages when getting these tools dialed.
monitoring  sre  aws  haproxy  nginx  apache  mysql  linux 
18 days ago
Trunk Based Development
A cool collection of resouces. I haven't read all of them yet.
programming  deployment  vcs  trunk 
18 days ago
Go FCC Yourself
A redirect to the comment process for Ajit Pai rolling back network neutrality.
fcc  politics  netneutrality 
20 days ago
TLDR pages
In case you're into the whole brevity thing.
tldr  man  docs  linux  unix 
21 days ago
Lots of thoughts on how to get bytewise reproducible builds from all sorts of sources.
build  security 
22 days ago
A Lisp specifically designed for implementing other languages.
racket  programming  language  scheme  lisp 
24 days ago
Open Policy Agent
Looks a lot like Smallstep.
policy  security  auth  soa  docker 
25 days ago
The Rust Code of Conduct · The Rust Programming Language
A code of conduct that's simple and considered by those who know more than me to be pretty complete.
rust  codeofconduct  diversity  inclusion 
4 weeks ago
For completeness, here's a "framework" for making Lambda functions in Go.
aws  lambda  golang  sparta 
5 weeks ago
eawsy/aws-lambda-go-shim: Author your AWS Lambda functions in Go, effectively.
And this is the logical conclusion. This is a Go program using CGo and the Python C API to be even faster. I'm impressed.
aws  lambda  golang  python  c 
5 weeks ago
Understanding Container Reuse in AWS Lambda | AWS Compute Blog
This is about what I expected and can definitely be exploited to run Go programs (as the next few bookmarks will show).
aws  lambda  containers  performance 
5 weeks ago
Creating Effective Docker Images
Specific examples of smallest-possible Docker containers for a variety of runtime environments, including the separation of build and run containers. Thanks, Abby!
docker  containers 
5 weeks ago
Corda: Frictionless Commerce
Chain isn't the only one. This is the Java one.
blockchain  ledger  finance  corda  r3  dist  banking  crypto 
6 weeks ago
Revisions · Comparing the GPL v3 to the AGPL v3
Side-by-side diff of the GPL and AGPL.

Both: "Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate."
legal  license  opensource  gpl  agpl  diff 
6 weeks ago
Oh that's nice. Something to help you make HTML emails that will actually work.
html  email  design 
6 weeks ago
Explaining blockchain — how proof of work enables trustless consensus
Lofty parable motivating proof-of-work better than the Bitcoin paper does.
bitcoin  crypto  cryptocurrency  proofofwork 
6 weeks ago
The largest Git repo on the planet | Brian Harrys blog
Facebook's trials with Mercurial seem easier. Still. Super impressive.
git  microsoft  windows  gvfs 
6 weeks ago
Cthulhu: Organizing Go Code in a Scalable Repo
Their gta toolfor figuring out what needs to be rebuilt sounds rad.
golang  monorepo  digitalocean 
6 weeks ago
GitHub - 99designs/aws-vault: A vault for securely storing and accessing AWS credentials in development environments
A neat way to remove some, but not all, of the risks associated with AWS access keys on laptops.
aws  security  iam 
6 weeks ago
Aspires to be the Mac App Store but for Linux.
linux  packaging  flatpak  flathub 
6 weeks ago
Flatpak - the future of application distribution
A desktop-focused fat packaging scheme for Linux.
packaging  linux  desktop  flatpak 
6 weeks ago
halting problem : Dev v Ops
Good point: Distro packaging is never what I want for critical-path production software.
packaging  distros  linux 
6 weeks ago
community/container-runtime-interface.md at master · kubernetes/community · GitHub
Entrypoint to the documentation on CRI (Container Runtime Interface) which is Kubernetes' designated point of polymorphism for Docker, Rocket, and others.
kubernetes  cri  docker  rkt 
6 weeks ago
Intel® Clear Containers and CRI-O* – cri-o – Medium
A security-focused container variant that (miraculously) works with both Docker and Kubernetes.
security  containers  docker  kubernetes  cri-o  intel 
6 weeks ago
ferd.ca -> Tout est Terrible
Depressing. Motivating. Not a lot to offer as far as advice, though.
iot  software 
6 weeks ago
Using ZFS with LinuxKit and Moby | Matt-J.co.uk : Ramblings
This is ostensibly about ZFS but I want to keep a reference to it for the real working LinuxKit walkthrough.
linux  linuxkit  zfs 
6 weeks ago
secure-development-and-deployment/README.md at master · ukncsc/secure-development-and-deployment · GitHub
The UK government's distillation of some very primal security practices that should underpin every development methodology.
sdlc  sdl  security 
6 weeks ago
Chain | Enterprise Blockchain Infrastructure
This seems like entirely the right idea for the cryptocurrency genre.
crypto  banking  blockchain  finance  dist  ledger 
6 weeks ago
Introducing Sequence – Chain
A signed ledger as a service. This strikes me as a pretty smart "sell shovels" product. We certainly built exactly this software at Betable.
finance  ledger  accounting  crypto  sequence 
6 weeks ago
Meet The New DBA, Different From The Old
This really neatly explains why I wanted Slack's Storage Ops team not to have any DBAs (by the old definition) on it.
db  dba  ops  vividcortex 
7 weeks ago
The MySQL High Availability Landscape in 2017 (the Babies) - Percona Database Performance Blog
Third of a three-part series (with links to the first two) covering all sorts of technologies, some of which were new to me.
mysql  ha  dist 
7 weeks ago
Watchman A file watching service | Watchman
This might be a more robust dependency than the Go fsnotify package.
facebook  watchman  filesystem  inotify 
7 weeks ago
Scaling Mercurial at Facebook | Engineering Blog | Facebook Code
It's hard to argue with this performance. I'm actually bullish that it doesn't even necessarily require the level of server scale-out they have done for normal-scale.
facebook  hg  dvcs 
7 weeks ago
The TLA Home Page
I want to give this more of a college try when I'm back at work.
tla  tla+  tlaplus  formalmethods  design  verification  spec 
7 weeks ago
OMG SysML Home | OMG Systems Modeling Language
First, it's hilarious this group existed as OMG since 1989. But then it's rather a shame that there don't seem to be any tools in existence that can bridge the gap from SysML's existing userbase to the vim crowd.
sysml  uml  design  verification  formalmethods 
7 weeks ago
ANSYS SCADE Suite: Model-Based Development
This is the "programming environment" they used to build the software for the A380.
ansys  scade  aviation  safety  software  programming  verification  formalmethods 
7 weeks ago
The Coming Software Apocalypse - The Atlantic
"We already know how to make complex software reliable, but in so many places, we’re choosing not to." Sobering motivation to be better at our job.
programming  software  engineering  reliability 
7 weeks ago
Cubrick: Indexing Millions of Records per Second for Interactive Analytics
Facebook's real system analogous to MDDS. It sounds a bit like the idea of sparse POSIX files taken to their extreme conclusion.
facebook  cubrick  db  olap 
7 weeks ago
Ingestion, Indexing and Retrieval of High-Velocity Multidimensional Sensor Data on a Single Node
Exploration of how fast one can make the write path for high-cardinality sensor data. It reminds me a lot of Penelope. As an aside it also makes clear just how expensive serialization and deserialization really are.
kdtree  rtree  db  olap 
7 weeks ago
« earlier      
air amazon apache apartment api apollo apple apt architecture art audit automation aws backup bash beer bicycle bike blog book browser build business c c++ ca caching cassandra chef christmas chrome ci cli cloud cm compliance concurrency containers cooking crypto css culture cycling data db debian debugging deploy deps design devops dist dns docker docs ec2 economics education ego email engineering facebook ffmpeg filesystem firefox flash flex flickr food fs funny fuse gcc geo git github gnu golang google gpg graphicsmagick graphite hack hadoop hardware hash heroku hiring history hosting howto html http humor ie innodb intel internet io java jpeg js json jvm kernel kubernetes kv legal linux logging lxc mac make management maps math me memcache memcached memory messaging metrics mfc microsoft monitoring mozilla music mysql nagios networking nginx nodejs nsa oauth opensource openssl ops os osx packaging people performance photography php pki politics preseed privacy profiling programming proxy puppet python rails recipe redis regex replication research ruby s3 security sf sh shell slack socket software solaris sql ssh ssl standards startup startups svn sxsw sysadmin tcp tech testing threading time tls twitter typography ubuntu unicode unix uploadr uploadr3 vc vcs video vim virtualbox visualization washu web web2.0 windows xpcom xul xulrunner yahoo

Copy this bookmark: