#229 — August 14, 2019

Read on the Web

Covering the week's news in software development, infrastructure, ops, platforms, and performance — Formerly Web Operations Weekly and currently in transition.

A Proposal to Shorten Maximum TLS/SSL Certificate Lifetimes to 13 Months — A new CA/Browser Forum proposal being discussed now would shorten maximum certificate lifetimes to 13 months. This comes after lifetimes were reduced from 39 to 27 months in 2018.

Timothy Hollebeek

Paged Out! A New Security and Hacking Developer Magazine — Topics in the first issue run the gamut from JavaScript to C#, PNGs, the NES, reverse engineering and rsync. It's freely downloadable as a 12MB PDF.

Paged Out! Institute

Tutorial: How to Build APIs Your Users Love — Learn about common pitfalls and gotchas when designing an API. Plus, hear about how Mux uses an OpenAPI driven toolchain to accelerate product development.

Mux sponsor

GitHub Actions Now Supports CI/CD (Free for Public Repos)Actions, GitHub’s process and workflow automation platform, now includes built-in CI/CD.

The GitHub Blog

Are Microsoft's License Changes 'Bad for the Cloud Industry'? — Last week we mentioned how Microsoft’s new licensing terms will impact users using on-prem services on ‘dedicated hosted cloud services’ (e.g. AWS). Cloud economist Corey Quinn thinks this is a bad move and represents ‘old Microsoft’ rearing its head.

Corey Quinn

NGINX Updates Mitigate Latest HTTP/2 Vulnerabilities — NGINX has unveiled a variety of updates to its HTTP server in response to the recent discovery of security vulnerabilities in several HTTP/2 implementations.


AWS Lake Formation Now Generally Available — Not got enough time to build a data warehouse..? Just throw your data into a ‘data lake’, basically a giant pit of all of your data which you can query at leisure. Lake Formation makes the process simpler if you’re using AWS.

Amazon Web Services

Quick bytes:

💻 Jobs

Lead Cloud Security Engineer — Make an impact as our first Security Engineer, focusing on driving innovation and best practices around our cloud security efforts.

Cockroach Labs

WebOps Developers Are in Demand on Vettery — Ready for a bold career move? Make a free profile, name your salary, and connect with hiring managers from top employers today.


💬 Stories and Opinions

How We Built a Logging Stack at Grab — Before the work outlined in this post, “performing a query for a string from the last three days was something only run before you went for a beverage.” I think we can all sympathize.. Elasticsearch to the rescue!

Daniel Kasen

Why Our Team Cancelled Our Move to Microservices — A headline like that is always going to attract attention. An interesting story, though, and proof that no one architecture is a one-size-fits-all.

Steven Lemon

Monolith to Microservices to Serverless: One Company's Journey — It’s brief and high level, but here’s the tale of how call tracking service ResponseTap broke their monolithic app into Docker-ised microservices and then embraced AWS and serverless computing.

Ben Jones

Chaos Conf Is Coming Back to San Francisco. Tickets Start at $299

Gremlin sponsor

Not Sold Yet, GraphQL: A Humble Tale from Skeptic to Enthusiast — Garrett Heinlen talks about how Netflix builds and deploys GraphQL and how they are running it in production.


Lorem Picsum – Death by A Million Pixel-Gigabits — Or how to serve half a billion placeholder images a month on a budget. A short but sweet case study where Varnish, Redis, and DigitalOcean Kubernetes all make an appearance.

David Marby

How a Scalable SQL Database Powers Real-Time Analytics at Uber


Building a Real-Time Anomaly Detection System for Time Series at Pinterest

Kevin Chen and Brian Overstreet

Everything You Need to Know About Automation Testing — It’s time to take advantage of automation tools to streamline WebOps and DevOps.

Zephyr sponsor

A Look at Serverless Framework's EventBridge IntegrationAWS EventBridge provides a serverless, event-driven way to connect third party services and AWS services together. Serverless Framework now has a way to work directly with it – here’s two use cases.

Philipp Müns (Serverless, Inc.)

The Traits of Serverless Architecture — Low barrier-to-entry, hostless, stateless, elasticity, distributed, and event-driven.

Wisen Tanasa (ThoughtWorks)

What I Do as a 'DevOps Engineer' — It’s all about being a jack of all trades.

André Ilhicas dos Santos

🛠 Code and Tools

Ciao: An Open Source HTTP Monitoring Service — Built on Ruby on Rails, but easily deployed anywhere with Docker, Ciao is an open source webapp that checks HTTP endpoints and can send notifications when things occur (e.g. a site goes down or throws an error).

Brot and Games

Kubernetes Gated Deployments — A look at a Kubernetes extension GoDaddy has built and open sourced that automates regression testing and canary analysis, complete with rollbacks if things go back.

GoDaddy Engineering

OpenCensus Web: Full End-to-End Observability for Your Entire Stack — OpenCensus Web is a tool to trace and monitor the user-perceived performance of your web pages.


Preview Release of the new AWS Tools for PowerShell — AWS have been refactoring their popular PowerShell AWS Tools which have exploded to a hard-to-manage 6000 cmdlets spanning 160 services.

Amazon Web Services

AWS Amplify Gets Local Mocking and Testing Features — The Amplify Framework can now locally mock AppSync GraphQL APis, AWS Lambda functions, S3, Cognito pools and more, making the development process a lot easier. Here’s a practical walkthrough of the features.

Amazon Web Services

🥇 A Golden Oldie

A Readable Specification of TLS 1.3 — It’d be great if more people made things like this 😄 An engineer has created a “biased copy of RFC 8446” (which defines TLS 1.3) complete with explanatory videos. It’s still very technical but easier to digest nonetheless.

David Wong