For an easy way to lookup a domain’s SMTP TLS Reporting Policy try my nice MTA-STS Policy Viewer.
After writing the first notes on SMTP TLS Reporting I thought it would be nice to see all setting on one page, without using multiple tools and lookups for DNS and HTTPS data. The first iteration was a shell script, and the second iteration was a Python function. With some more fiddling I set it up as a Google Cloud Function, with a simple web frontend.
The SMTP standard is just as ubiquitous as it is ossified and hard to change. Thus all newer RFCs follow similar patterns of a) adding optional extensions and b) providing feedback loops to detect usage, problems, and abuse of these extensions.
One more recent extension tries to enforce TLS transport between mailservers. This sounds very simple (and would be very simple if one could change the SMTP standard to require TLS), but is not trivial when compatibility is necessary and all TLS policies are “opt-in”.
On Open Source and AWS …
Software dependencies carry with them serious risks that are too often overlooked.
Software licenses can only restrict what people can do when they distribute the source code, and that’s it. It cannot force someone to have a bug tracker, or a code of conduct, or accept your patch.
The Amazon and Elastic controversy is the product of a collision of models.
These projects are not being relicensed to protect them from Amazon. Claiming that they are is at best naive and at worst wilfully lying.
A look at the complicated business of funding open source software development.
AWS has now found themselves in the headlines again for an unforced error that makes anyone with other job options reconsider accepting an offer—or even interviewing at AWS at all.
More on programming …
To shed light on the software that has tilted the world on its axis, the editors polled computer scientists, software developers, historians, policymakers, and journalists. They were asked to pick: Which pieces of code had a huge influence? Which ones warped our lives?
Programming time is pretty weird. It can sometimes make you feel week in the knees, and very days and confused about how it all fits together. But watch it: this is hour burden to bear, and we can’t just let it past us over.
This zine is about what the skill of “figure it out anyway” looks like.
When you’re millions of miles from home, it’s hard to install an operating system update—but not impossible.
As I was thinking about it, I’ve realized that architecture of the operating system itself is wrong for this kind of job. The stuff it offers and the stuff it allows us to do, is not what we want and expect. […] How about we take away all the weird string formats, whether it’s passing command line parameters when launching programs or communication in between the programs, and replace them with a concise, easy-to-write language for structure definitions?
It is probably good to be able to do a little bit of it at home for household needs. But don’t equate that to the professional development of industrial-strength software.
On programming …
This week I took a crack at writing a branchless UTF-8 decoder: a function that decodes a single UTF-8 code point from a byte stream without any if statements, loops, short-circuit operators, or other sorts of conditional jumps.
Every concurrency API needs a way to run code concurrently. Here’s some examples of what that looks like using different APIs:
On the surface this makes Go sound unreasonable, and you might ask why it can’t just make Unix system calls through the system’s C library the way pretty much every other Unix language does.
This paper presents an analysis of how Linux’s performance has evolved over the past seven years… To our surprise, the study shows that the performance of many core operations has worsened or fluctuated significantly over the years.
The essay focuses on the graph structure that underpins Git and the way the properties of this graph dictate Git’s behavior.
I’ll try to go through as many Rust snippets as I can, and explain what the keywords and symbols they contain mean.
On the Web and its tools …
Let’s make 2020… fast! An annual front-end performance checklist, with everything you need to know to create fast experiences on the web today. Updated since 2016.
Brutalist Web Design is honest about what a website is and what it isn’t. […] A website is about giving visitors content to enjoy and ways to interact with you.
Originating in a thesis, REST is an attempt to explain what makes the browser distinct from other networked applications.
The first reason that WebAssembly is different is that it’s succeeded, and those technologies did not.
Here’s how to tell whether or not your WebRTC calls are being relayed, and how to ensure you get a direct connection to the other host.
This tool will help you to create a Firefox profile with the defaults you like. You select which features you want to enable and disable and in the end you get a download link for a zip-file with your profile template.
On AWS …
I believe there is a high probability we are now looking at what will become the first high volume ARM Server.
For our use case, M6g is superior in every aspect to C5: it costs less on-demand, has more RAM, exhibits lower median and significantly narrower tail latency, and runs cooler with the same proportional workload per host.
AWS API Gateway is an awesome service to use as an HTTP frontend. […] In this post, you’ll learn the different steps in an API Gateway request. For each step, we’ll see what you should be doing in that step and how it fits in the overall picture.
In this article, we are going to talk about various parameters to be considered for AWS Lambda performance tuning.
IAM is really important and it’s really hard for a lot of people, even on good teams with robust processes.
Companies that currently aren’t thriving love to blame AWS for their problems. But I don’t think the criticism sticks.
I still like Zabbix as a simple allround monitoring solution. With its agent and UserParameter configuration it is very flexible and can be used (and abused) in many interesting ways. Here I want to show and compare three different patterns of collecting metrics from a service:
