#311 — April 7, 2021

Web Version

StatusCode Weekly
What's happening in software development, ops, platforms and tools.

US Supreme Court Sides with Developers in Google v. OracleGoogle v. Oracle has been a case running for over a decade based around Oracle’s claim that Google violated its copyright in reproducing the Java API in Android. The Supreme Court has finally sided 6-2 in Google’s favor and is reassuring for anyone developing software to be compatible with someone else’s API. CNBC’s coverage has more detail, or you can dig into the Supreme Court’s 62-page judgment PDF to really pick it over.


The Systems Involved in Building a Fast Web Analytics ServiceFathom is one of a number of new privacy focused ‘well, at least it’s not Google’ Web analytics systems becoming more popular lately. This post goes into fantastic detail about how they had to scale quickly, their database history, and how they’ve ended up storing all their analytics data on the ‘database of their dreams’ – there’s so much to enjoy and learn from here that it’s a must read IMHO.

Jack Ellis (Fathom Analytics)

Prom-Migrator: The Universal Prometheus Data Migration Tool 🔥 — Learn how and why we built a free (open-source) tool that makes it easy to migrate your Prometheus data to and from long-term storage systems. Our engineers breakdown how it works and show you how to get up and running in < 10 mins 🚀

Timescale sponsor

Breaking GitHub Private Pages for $35k — A security expert walks through his thought process in finding and working through a string of vulnerabilities in GitHub’s Pages hosting system.

Robert Chen

One Year of Graviton2 at Honeycomb: A Retrospective — AWS has really been pushing their Graviton2 ARM-based instances recently but how do they perform in the real world? “Traffic to Honeycomb has surged in the past year, but the expense for serving and the complexity of our services hasn’t. Graviton2 is a large part of how we do it.”

Liz Fong-Jones (Honeycomb)

  • AWS has added a WAF Bot Control feature to protect your systems from unwanted bot traffic. This comes just a week after Cloudflare's Super Bot Fight Mode feature.
  • Japan's largest telco, NTT, has estimated cosmic rays lead to 30,000 'malfunctions' in its network each year.
  • Azure had a significant outage last Thursday and it was caused by a defect in its DNS service.
  • A nice profile of cURL's creator, Daniel Stenberg, after 23 years working on the project.
  • The development of the C# standard is now fully in the open while still taking place within the ECMA C# standards committee.

💻 Jobs

Team Lead @ Nebulab (Remote) — Join our distributed team and build high-volume eCommerce applications in a workplace made by developers for developers.


Remote Developer and Engineer Positions @ Kinsta — Whether you are an experienced JS Developer, DevOps or a SysOps Engineer you’ll find something for you at Kinsta.


📘 Tutorials, Opinions and Stories

What Problems Do People Solve with strace?strace is a tool for tracing system calls and signals on Linux and it lets you tackle all sorts of problems from finding files a process is depending upon to investigating why a process is running slowly.

Julia Evans

What Are CORS Proxies, and When Are They Safe? — CORS proxies aim to let you bypass the security restrictions that Cross-Origin Resource Sharing (CORS) applies.

Tim Perry

Understanding Kubernetes: Modernizing Your Cloud Infrastructure — Learn fundamental concepts of Kubernetes, from the components of a cluster to network model implementation in this free eBook.

Linode sponsor

Five Ways to Prevent Code Injection in JavaScript and Node — Some best practices for keeping your Node projects safe from code injection attacks.

Liran Tal

All C++20 Core Language Features with Examples — If you haven’t used it in decades years, C++ isn’t quite the language it used to be now it has things like type inference and lambdas. C++20 takes things another step forward and this is a nice practical roundup of what’s new.

Oleksandr Koval

Learning a New Codebase: Hacking on NGINX — Like Phil, I also believe in downloading projects and ‘having a play’. Nginx is a pretty good one to play around with as you can’t fail to learn something. (Redis is a personal favorite of mine as the C is quite easy to follow.)

Phil Eaton

Kubernetes Single Sign On: A Detailed Guide — How to set up a group based SSO system for Kubernetes including the kubectl CLI, any web app with ingress, a Docker registry and gitea.

Ben Dixon

How We Handle Incidents at Getaround — An example of what happens when a bad commit is deployed, including a timeline.

Miguel Torres

Balancing Act: The Current Limits of AWS Network Load Balancers — If you’re not into the territory of hundreds of thousands of established connections, this won’t affect you.

Paddy Byers

Introducing Bramble: A Federated GraphQL Gateway Implemented in Go — GraphQL federation is a reasonably new concept that addresses aggregating services behind a GraphQL API so you can make many services look like a single service.


🛠 Code and Tools

supported by Okta

ngx_waf 5.0: A Web Application Firewall Module for NGINX — Boasts a lack of ‘complex configuration’ to get you up and running fast. Lets you block on IP addresses, URLs, request arguments, user agents, cookies, etc.


PostgREST: Serve a RESTful API from a Postgres Database — I was surprised to see I hadn’t linked to this useful project in over a year. It hasn’t seen any large updates recently but is still actively under development and could come in useful for spinning up an API in a hurry.

Joe Nelson and Steve Chavez

NativeScript 8.0 Released — NativeScript is a framework for building iOS and Android apps that lets you use native APIs directly from JavaScript or TypeScript – it’s agnostic so it can be used alongside Angular, React, Vue or Svelte too.

OpenJS Foundation

fselect: Find Files with SQL-Like Queries — Do you love SQL so much that you’d like to use its style of code to find files on your system? Your wish has been granted! It goes further than you might think.

J H S Petersson

Observability Won’t Replace Monitoring (Because It Shouldn’t)

Lightstep sponsor

xplr: A Hackable, Minimal, Fast TUI File Explorer — The latest in a line of Rust-based terminal alternatives – this file explorer is inspired by numerous sources.

Arijit Basu

Condition: A 64KB WebGL 'Demo' — The demoscene is a programming and art subculture where impressive visual demos are created (often with limited resources) and this is a Web-based example using WebGL. Here’s the source code.


ctop: A top-Like Interface for Container Metrics