#199 — January 16, 2019

Read on the Web

Web Operations Weekly

HAProxy 1.9 Released with Key Improvements — Due to the holiday season, we missed this significant release of the fantastic load balancing and proxying tool. 1.9 brings end-to-end HTTP/2, buffer and connection management improvements, native HTTP representation, and more.

Daniel Corbett

Amazon Releases DocumentDB, a Document Database with MongoDB Compatibility — AWS has decided to compete with MongoDB’s own Atlas service by offering DocumentDB, a scalable, highly available, and fully managed document database service that supports MongoDB workloads. GeekWire reports on the background to the story.

Amazon Web Services, Inc.

What Is the Real Cost of Downtime? — For ecommerce companies, an outage brings business to a standstill. To illustrate the impact of downtime, Gremlin used online revenue metrics to calculate just how much each second of downtime costs the largest online retailers.

Gremlin sponsor

PagerDuty Releases Its Incident Response Best Practices — A cut down version of PagerDuty’s internal documentation which they use to define the principles and practices around real-time ops support and what to do when operations incidents arise.

PagerDuty, Inc.

Canary Analysis: Lessons Learned and Best Practices from Google and Waze — Waze estimates that ‘canary releases’ (where new releases only go out to a limited subset of users first) can prevent a quarter of all incidents on their services. Google shows how their Spinnaker CD system is used in the process.

Google Cloud Blog

Injecting Chaos to AWS Lambda Functions using Lambda Layers“how to deploy a small chaos engineering experiment using Lambda Layers to conduct latency injection attacks to Lambda functions.” This is the sort of stuff you need to be thinking about if you want to make your functions truly resilient.

Adrian Hornsby

Principles of Modern Backend Application Development — A look at three principles that guide modern application development: keep it small; design for the developer; and make it networked.

Chris Stetson (NGINX, Inc.)

💻 Jobs

Sr. Fullstack Engineer (Remote) — Sticker Mule is looking for passionate developers to join our remote team. Come help us become the Internet’s best place to shop and work.

Sticker Mule

Find A Job Through Vettery — Vettery specializes in developer roles and is completely free for job seekers.


📘 Tutorials

NGINX Mirroring Tips and Tricks — Recent versions of NGINX include the mirror module which lets you create duplicate (‘mirrored’) backend requests from an incoming request.

Alex Dzyoba

How To Use SNS and SQS to Distribute and Throttle Events — SNS distributing events to SQS is a powerful AWS serverless microservice pattern. This post shows how to create subscriptions, add filters, and throttle events.

Jeremy Daly

📈Data-Driven Guide to Engineering Leadership

GitPrime sponsor

An Introduction to Server TimingServer-Timing is a special HTTP header you can use to surface performance data from specially instrumented backend code.

Charles Vazac

How to Keep Your Infrastructure Keys Safe with Vault — Using Hashicorp Vault to manage access to servers over SSH.

Benoît Gastinne and Erwan Alliaume

9 Kubernetes Security Best Practices Everyone Must Follow

Connor Gilbert

💬 Stories & Opinions

The Slow But Inevitable Shift To 'Cloudy' Infrastructure — The adoption of cloud technologies in the enterprise hasn’t been rapid but the latest stats from IDC show that, finally, the amounts spent on cloud infrastructure have overtaken that spent on traditional datacenter gear.

Timothy Prickett Morgan

How We Carried Out Load Tests for Holiday Season Levels of Traffic — A quick flash back to the holiday season and how a social commerce company prepared for it.

Fitz Nowlan (Curalate)

A DNS Hijacking Wave Is Targeting Companies At An Almost Unprecedented Scale — A clever trick allows attackers to obtain valid TLS certificate for hijacked domains.

Dan Goodin (Ars Technica)

Courts Handing Down Hard Jail Time for DDoS — Last week, two cyberattackers got serious jail sentences - one of ten years.

Krebs on Security

Why is Storage on Kubernetes So Hard? — A key problem is that “persistent storage cannot be bound to the rules of being dynamically created and destroyed.”

Gokhan Simsek

Does an AWS Certification Help with Pay/Finding a Higher Paying Job? — Reddit takes on the topic with responses including yes, no, maybe, and sometimes, although ultimately such certifications certainly don’t hurt.


Security Worries Rise as Container Adoption Increases — Over 40 percent of companies have delayed or limited container adoption because of security concerns.

Lawrence Hecht

🔧 Tools

Act: Run Your GitHub Actions LocallyGitHub Actions is a still in-beta service that lets you perform various workflows on your repositories.


Building CI/CD Pipelines Using the CircleCI AWS ECR Orb — CircleCI has recently released a new product called orbs which are designed to get you up and running quickly on CircleCI.

CircleCI sponsor

Nginx Office Hours: A Module to Limit When NGINX Works — It’s a little tongue in cheek, of course, but this module that lets you only serve content during office hours is billed as ‘a victory for the server’s labor rights’ 😄

Rubén Beltran del Río

The Big List of Naughty Strings — A list of strings that have a high probability of causing issues when used as user-input data. Try pushing these into your apps and services(!)

Max Woolf

dhcplb: Facebook's DHCP Load Balancer — Not many people need a DHCP relayer, but Facebook use this in production.

Facebook Incubator