#228 — August 7, 2019

Read on the Web

Covering the week's news in software development, infrastructure, ops, platforms, and performance — Formerly Web Operations Weekly and currently in transition.

PartiQL: A Universal, SQL-Compatible Query LanguagePartiQL is a new query language that extends SQL to be able to support non-relational, schemaless and other data formats too. It’s open source and already in use internally in various AWS systems. One of its co-creators also created SQL++ (which saw implementation via Couchbase’s N1QL) several years ago.

Papakonstantinou, Goo, et al.

CapitalOne's Data Breach: What They Got Wrong (and Right) — CapitalOne recently suffered a huge data breach at the hands of a former AWS employee which involved a variety of S3 buckets being scanned and downloaded. Here’s some further technical explanation.

Corey Quinn

Git Best Practices for SOC 2 Compliance Quick Wins — A practical list of Git best practices for SOC 2 compliance, written from a developer's perspective. Learn how implementing them can help you satisfy SOC 2 requirements, while improving developer productivity.

Datree.io sponsor

Cloudflare (and Others) Terminate 8Chan's Hosting Services8chan is/was a weakly moderated message board which served as a base for numerous disturbing communities, some of which have been implicated in recent tragedies. 8chan used Cloudflare as a CDN and for DDOS protection, but Cloudflare, well known for its neutrality as a service provider, has had enough. A company that provided servers that 8chan was hosted on has also pulled the plug.

Matthew Prince (CloudFlare)

Amazon Won't Spin Off AWS, and That's Too Bad for AWS — Many customers are not using AWS the way it’s designed to be used, as a holistic, deeply integrated platform, and the looming shadow of Amazon is the reason why.

Forrest Brazeal

RTB RIP? The Writing Could Be On The Wall For Real-Time Bidding In Europe — Real-time bidding (RTB) is a technique in which Web advertising inventory is bought and sold via instantaneous auctions, but with laws like GDPR, its days could be numbered.

Allison Schiff

Quick bytes:

💻 Jobs

DevOps Engineer at X-Team (Remote) — Join the most energizing community for developers. Work from anywhere with the world's leading brands.


WebOps Developers Are in Demand on Vettery — Ready for a bold career move? Make a free profile, name your salary, and connect with hiring managers from top employers today.


💬 Stories and Opinions

All The Best Engineering Advice I Stole From Non-Technical People — Some interesting bits and pieces in here. If you like stuff like this, check out our Code Wisdom Twitter account as well :-)

Marianne Bellotti

A History of Amazon Web Services — The visualization is not the best, but this is a pretty neat list of AWS’s almost 150 (yes!) services and when they were first announced and released.

Jerry Hargrove

Chaos Conf Is Back — Now in its second year, Chaos Conf is a must-attend for anyone interested in Chaos Engineering and resilience.

Gremlin sponsor

How I Finally Won My Name from Domain Squatters After 9 Years of Waiting — If, like me, you take a special interest in domain names (and buying too many of them) this tale of woe-made-good will be up your street.

Jerry Alex

Why I Turned Down an AWS Job Offer“I once turned down a job offer from AWS, who told me my reasoning was preposterous. Last week they did exactly what I was afraid of.”

Corey Quinn

How TCP Segment Size Can Affect Application Traffic Flow — I doubt many of us are working with firewalls down at such a low level, but an interesting dig into the nitty gritty of TCP nonetheless.

Shashank Suresh Kumar (Walmart Labs)

Don’t Underestimate Grep Based Code Scanning — When it comes to scouring source code for security issues, a naive approach can get you a rather long way..

Crazy Contini

How CircleCI Processes Over 30 Million Builds Per Month


📖 Tutorials

▶  PID Loops and the Art of Keeping Systems Stable — A developer involved in building EC2, S3, and other AWS services shows what PID loops (essentially feedback and control loops - nothing to do with process IDs!) look like in the context of modern systems, and how exponential backoff, flow-control, and other techniques can be wielded to build self-healing systems.

Colm MacCárthaigh

▶  What is Observability and How to Measure the Quality of Microservices — A 35 minute interview with Charity Majors of Honeycomb on observability and going beyond logs and dashboards to better understand the systems we build.

Charity Majors and Darko Fabijan podcast

Picture Perfect: How JPEG EXIF Data Hides Malware — The metadata stored inside JPEG images isn’t an obvious attack vector.. which is partly what makes it a dangerous one.

Shyam Sundar Ramaswami

🛠 Code and Tools

ipify: A Simple Public IP Address API — A free and open service to quickly grab your public-facing IP address in various formats.

Randall Degges

Seashells: Pipe Output from CLI Programs to the Web in Real Time — Keep the security implications in mind, of course.

Anish Athalye

Test Drive GoCD in Minutes

ThoughtWorks GoCD sponsor

LF: A Fully Decentralized, Fully Replicated Key/Value Store — It’s billed as ‘beta’ software, but this is an interesting experiment in creating a fast data store for ‘small but critical’ pieces of information (think etcd but suitable for open, decentralized systems).

ZeroTier, Inc.

Gitea 1.9.0 Released — This self-hosted Git service, written in Go, has just reached version 1.9.0. It contains various security fixes that could not be backported to 1.8 — as such, updating is strongly recommended.


Artichoke Ruby Playground: A New Ruby Interpreter — Artichoke Ruby is a Ruby interpreter built in Rust (GitHub repo). They’ve released a cool in-browser playground for playing with it and it has some exciting potential usages given it can compile to WebAssembly.