Makura no Soshi

The SMTP standard is just as ubiquitous as it is ossified and hard to change. Thus all newer RFCs follow similar patterns of a) adding optional extensions and b) providing feedback loops to detect usage, problems, and abuse of these extensions.

One more recent extension tries to enforce TLS transport between mailservers. This sounds very simple (and would be very simple if one could change the SMTP standard to require TLS), but is not trivial when compatibility is necessary and all TLS policies are “opt-in”.

Read the rest of this entry »

Soup.io wird abgeschaltet. Ich habe der Seite schon 2017 den Rücken gekehrt als nach einem Ausfall drei Jahre Daten verloren waren. Auch damals hat die Finanzierung durch quasi-Spenden von Nutzern schon nicht für einen sicheren Betrieb gereicht.
Und doch trifft mich die Nachricht jetzt wieder weil vorher noch viele Jahre vorhanden waren; aber wenn das nun ganz offline geht, dann stirbt ein Stück meiner persönlichen Internetgeschichte.
Read the rest of this entry »

On Open Source and AWS …

• research!rsc: Our Software Dependency Problem – Russ Cox
  Software dependencies carry with them serious risks that are too often overlooked.
• What comes after “open source” – Steve Klabnik
  Software licenses can only restrict what people can do when they distribute the source code, and that’s it. It cannot force someone to have a bug tracker, or a code of conduct, or accept your patch.
• The Cloud and Open Source Powder Keg – Stephen O’Grady, RedMonk
  The Amazon and Elastic controversy is the product of a collision of models.
• The problem with Amazon and Open Source isn’t Amazon – VM (Vicky) Brasseur
  These projects are not being relicensed to protect them from Amazon. Claiming that they are is at best naive and at worst wilfully lying.
• The Complicated Economy of Open Source Software – Daniel Oberhaus, VICE
  A look at the complicated business of funding open source software development.
• AWS Ruins Own Attempt at Sabotage – Corey Quinn
  AWS has now found themselves in the headlines again for an unforced error that makes anyone with other job options reconsider accepting an offer—or even interviewing at AWS at all.

More on programming …

• The Lines of Code That Changed Everything, Slate
  To shed light on the software that has tilted the world on its axis, the editors polled computer scientists, software developers, historians, policymakers, and journalists. They were asked to pick: Which pieces of code had a huge influence? Which ones warped our lives?
• UTC is Enough for Everyone, Right? – Zach Holman
  Programming time is pretty weird. It can sometimes make you feel week in the knees, and very days and confused about how it all fits together. But watch it: this is hour burden to bear, and we can’t just let it past us over.
• So you want to be a wizard – Julia Evans
  This zine is about what the skill of “figure it out anyway” looks like.
• In space, no one can hear you kernel panic – Glenn Fleishman, Increment
  When you’re millions of miles from home, it’s hard to install an operating system update—but not impossible.
• Programmer’s critique of missing structure of operating systems – Bystroushaak
  As I was thinking about it, I’ve realized that architecture of the operating system itself is wrong for this kind of job. The stuff it offers and the stuff it allows us to do, is not what we want and expect. […] How about we take away all the weird string formats, whether it’s passing command line parameters when launching programs or communication in between the programs, and replace them with a concise, easy-to-write language for structure definitions?
• Programming for Everyone, Everyone’s a Programmer? – Observations from Uppsala
  It is probably good to be able to do a little bit of it at home for household needs. But don’t equate that to the professional development of industrial-strength software.

On programming …

• A Branchless UTF-8 Decoder – Chris Wellons
  This week I took a crack at writing a branchless UTF-8 decoder: a function that decodes a single UTF-8 code point from a byte stream without any if statements, loops, short-circuit operators, or other sorts of conditional jumps.
• Notes on structured concurrency, or: Go statement considered harmful — njs blog
  Every concurrency API needs a way to run code concurrently. Here’s some examples of what that looks like using different APIs:
• Some reasons for Go to not make system calls through the standard C library – Chris Siebenmann
  On the surface this makes Go sound unreasonable, and you might ask why it can’t just make Unix system calls through the system’s C library the way pretty much every other Unix language does.
• An analysis of performance evolution of Linux’s core operations – the morning paper
  This paper presents an analysis of how Linux’s performance has evolved over the past seven years… To our surprise, the study shows that the performance of many core operations has worsened or fluctuated significantly over the years.
• Git from the inside out – Mary Rose Cook
  The essay focuses on the graph structure that underpins Git and the way the properties of this graph dictate Git’s behavior.
• A half-hour to learn Rust, amos
  I’ll try to go through as many Rust snippets as I can, and explain what the keywords and symbols they contain mean.

On the Web and its tools …

• Front-End Performance Checklist 2019 — Smashing Magazine
  Let’s make 2020… fast! An annual front-end performance checklist, with everything you need to know to create fast experiences on the web today. Updated since 2016.
• Brutalist Web Design – David Copeland
  Brutalist Web Design is honest about what a website is and what it isn’t. […] A website is about giving visitors content to enjoy and ways to interact with you.
• What the hell is REST, Anyway? — programming is terrible
  Originating in a thesis, REST is an attempt to explain what makes the browser distinct from other networked applications.
• Is WebAssembly the return of Java Applets & Flash? – Steve Klabnik
  The first reason that WebAssembly is different is that it’s succeeded, and those technologies did not.
• How to get a direct WebRTC connections between two computers – François Marier
  Here’s how to tell whether or not your WebRTC calls are being relayed, and how to ensure you get a direct connection to the other host.
• Firefox Profilemaker
  This tool will help you to create a Firefox profile with the defaults you like. You select which features you want to enable and disable and in the end you get a download link for a zip-file with your profile template.

On AWS …

• AWS Graviton2 – James Hamilton, Perspectives
  I believe there is a high probability we are now looking at what will become the first high volume ARM Server.
• Observations on ARM64 & AWS’s Amazon EC2 M6g Instances – Liz Fong-Jones, Honeycomb
  For our use case, M6g is superior in every aspect to C5: it costs less on-demand, has more RAM, exhibits lower median and significantly narrower tail latency, and runs cooler with the same proportional workload per host.
• A Detailed Overview of AWS API Gateway – Alex DeBrie
  AWS API Gateway is an awesome service to use as an HTTP frontend. […] In this post, you’ll learn the different steps in an API Gateway request. For each step, we’ll see what you should be doing in that step and how it fits in the overall picture.
• How to optimize AWS Lambda performance – Efi Merdler-Kravitz, Lumigo
  In this article, we are going to talk about various parameters to be considered for AWS Lambda performance tuning.
• Why is AWS IAM So Hard? – Stephen Kuenzli, #NoDrama DevOps
  IAM is really important and it’s really hard for a lot of people, even on good teams with robust processes.
• AWS isn’t killing your business, you just suck at it – Corey Quinn
  Companies that currently aren’t thriving love to blame AWS for their problems. But I don’t think the criticism sticks.

I still like Zabbix as a simple allround monitoring solution. With its agent and UserParameter configuration it is very flexible and can be used (and abused) in many interesting ways. Here I want to show and compare three different patterns of collecting metrics from a service:

1. simple item fetch
2. fetch and send
3. preprocessing

Read the rest of this entry »