Archives

Hydra

a Nix-based continuous build system, released under the terms of the GNU GPLv3 or (at your option) any later version. It continuously checks out sources of software projects from version management systems to build, test and release them. The build tasks are described using Nix expressions. This allows a Hydra build task to specify all the dependencies needed to build or test a project. It supports a number of operating systems, such as various GNU/Linux flavours, Mac OS X, and Windows.

(tags: nixos nix hydra ci cd gplv3 continuous-integration)

tcpcopy

“tees” all TCP traffic from one server to another. “widely used by companies in China”!

(tags: testing benchmarking performance tcp ip tcpcopy tee china regression-testing stress-testing ops)

Managing private Nix packages outside the Nixpkgs tree

Useful for private-repo Nix usage

(tags: nix packaging deployment ops build ci nixpkgs)

Top 10 AWS Security Best Practices: #6 – Rotate all the Keys Regularly

Good doc on how to perform key rotation in AWS

(tags: aws security key-rotation ops ec2 iam)

[Nix-dev] Pulling a programs source code from a git repo

Nix supports building from git sha. excellent

(tags: nix packaging build dev ci)

Transparent huge pages implicated in Redis OOM

A nasty real-world prod error scenario worsened by THPs:

jemalloc(3) extensively uses madvise(2) to notify the operating system that it’s done with a range of memory which it had previously malloc’ed. The page size on this machine is 2MB because transparent huge pages are in use. As such, a lot of the memory which is being marked with madvise(…, MADV_DONTNEED) is within substantially smaller ranges than 2MB. This means that the operating system never was able to evict pages which had ranges marked as MADV_DONTNEED because the entire page has to be unneeded to allow a page to be reused. Despite initially looking like a leak, the operating system itself was unable to free memory because of madvise(2) and transparent huge pages. This led to sustained memory pressure on the machine and redis-server eventually getting OOM killed.

(tags: oom-killer oom linux ops thp jemalloc huge-pages madvise redis memory)

AllCrypt hacked, via PHP, WordPress, and the marketing director’s email

critical flaw: gaining access to the MySQL db let the attacker manipulate account balances. oh dear

(tags: security fail allcrypt hacks wordpress php)

Tinker Crate

‘inspires kids to explore and learn about science, engineering, and technology—and have fun doing it. Every month, a new crate to help kids develop a tinkering mindset and creative problem solving skills.’ aimed at ages 9-14+

(tags: kids gifts tinkering stem education fun engineering science toys)