StatusCode Weekly Issue 75: July 20, 2016

Issue 75 — July 20, 2016

httpoxy: A Set of Vulnerabilities on CGI/CGI-like Environments

RFC 3875 (CGI) puts the HTTP ‘Proxy’ header from a request into an ‘HTTP_PROXY’ environment variable, but this is then often used to configure an outgoing HTTP proxy.

Dominic Scheirlinck

How Google does Planet-Scale Engineering for Planet-Scale Infrastructure

A write up of a talk given at GCP NEXT 2016 about how Google approaches the challenge of providing ‘planet scale’ infrastructure.

High Scalability

Real-World HTTP/2: 400GB of Images Per Day

A look at the performance outcomes 99designs experienced when adopting HTTP/2. In some cases, rendering time was increased - but why? “The pursuit of web performance is one of tradeoffs and nuance.”

Michael Mifsud

Find and Fix App Errors Faster (and have fun doing it)

Quickly pinpoint what’s broken and why. Get the context and insights to defeat all Software application errors.

ROLLBAR sponsored

How I Setup A Raspberry Pi 3 Cluster Using The New Docker Swarm Mode

The Raspberry Pi offers an appealing platform to play around with clustering on a smaller scale. Here, Malcolm demonstrates a Docker Swarm-backed cluster, built in just 30 minutes.

Malcolm Jones

The Story of Enabling Secure HTTP for BBC Online

Paul Tweedy explains how browsing across BBC Online will become more secure with the release of a new update. It appears Google Chrome encouraged the BBC to take this move.

BBC

A Look at Serverless Architectures

Serverless architectures replace individually-managed servers with a collection of third party services and FaaS (Functions as a Service).

Mike Roberts

Mitigating the HTTPoxy Vulnerability with NGINX

This post describes the vulnerability (top featured item) and explains how to use NGINX to defeat attempts to exploit it on your servers.

Owen Garrett

Microsoft Invests in Fundamentally Speeding Up Networking

Microsoft is updating its TCP/IP network stack to take advantage of Google’s latest Internet network transport improvements.

Steven J. Vaughan-Nichols

Jobs

AWS Video Training Author (Freelance, Part-time)

Create and publish AWS-related training videos on Pluralsight.com. Cash in on your teaching skills by sharing your knowledge with a global audience and helping others learn.

Pluralsight

Stop Applying to Jobs - Let Companies Come To You

On Hired, engineers typically get 5+ job offers in 1 week. Find that new opportunity you've been craving and get access to 4,000+ companies instantly.

Hired.com

In brief

Corgibytes Pays Down Technical Debt

How clean is your codebase? Corgibytes can help you crank out features faster.

corgibytes sponsored

Why Marketers Should Care About Mobile Page Speed news

New research reveals the factors that cause your mobile site to underperform.

Google

etcd3: A New etcd news tools

CoreOS

Has The Adoption of Containers Stalled? news

Lawrence Hecht

Skype Finalizes Its Move to The Cloud, Ignores The Elephant in The Room news

Has moved away from peer-to-peer.

Peter Bright

Apcera NATS Moves to Real-time Message Streaming with Persistence news

Scott M. Fulton III

Getting A Network Trace From A Single Application (on Linux) tutorial

jonasdn.blogspot.com

Deploying an Elixir App to Google App Engine tutorial

Ben Sarmiento

From Pet to Cattle – Running Sonar on Kubernetes tutorial

Moving Sonar and Postgres off a Jenkins server.

Adam Sandor

Moving a Node.js app from PaaS to Kubernetes Tutorial tutorial

Péter Márton

3 Easy Web Performance Wins for Designers tutorial

A look at image optimization, font choice, and ‘active waiting’.

Una Kravets

Web Performance and the Impact of SPDY, HTTP/2 and QUIC: Part 5 story

The final installment in a 5-part series discussing web application performance and how new protocols like SPDY, HTTP/2, and QUIC will hopefully improve it so we can have happy website users.

Jean Tunis

API automation. tools

Instant developer ecosystems, with auto-generated APIs from any database. Thriving open source community.

DreamFactory sponsored

http2-push-detect: Lists HTTP/2 Pushes When Requesting a URL tools

Surma

aq: Query AWS Resources with SQL tools

e.g. SELECT instance_type, count(*) count FROM ec2_instances

Binh Le

lua-resty-auto-ssl: Let's Encrypt SSL Reg and renewal inside OpenResty/NGINX code

Nick Muerdter

Biscuit: A Multi-Region HA Key-Value Store for AWS Infrastructure Secrets code

Doug Coker