a Nix-based continuous build system, released under the terms of the GNU GPLv3 or (at your option) any later version. It continuously checks out sources of software projects from version management systems to build, test and release them. The build tasks are described using Nix expressions. This allows a Hydra build task to specify all the dependencies needed to build or test a project. It supports a number of operating systems, such as various GNU/Linux flavours, Mac OS X, and Windows.
“tees” all TCP traffic from one server to another. “widely used by companies in China”!
(tags: testing benchmarking performance tcp ip tcpcopy tee china regression-testing stress-testing ops)
Managing private Nix packages outside the Nixpkgs tree
Useful for private-repo Nix usage
Top 10 AWS Security Best Practices: #6 – Rotate all the Keys Regularly
Good doc on how to perform key rotation in AWS
[Nix-dev] Pulling a programs source code from a git repo
Nix supports building from git sha. excellent
Transparent huge pages implicated in Redis OOM
A nasty real-world prod error scenario worsened by THPs:
jemalloc(3) extensively uses madvise(2) to notify the operating system that it’s done with a range of memory which it had previously malloc’ed. The page size on this machine is 2MB because transparent huge pages are in use. As such, a lot of the memory which is being marked with madvise(…, MADV_DONTNEED) is within substantially smaller ranges than 2MB. This means that the operating system never was able to evict pages which had ranges marked as MADV_DONTNEED because the entire page has to be unneeded to allow a page to be reused. Despite initially looking like a leak, the operating system itself was unable to free memory because of madvise(2) and transparent huge pages. This led to sustained memory pressure on the machine and redis-server eventually getting OOM killed.
(tags: oom-killer oom linux ops thp jemalloc huge-pages madvise redis memory)
AllCrypt hacked, via PHP, WordPress, and the marketing director’s email
critical flaw: gaining access to the MySQL db let the attacker manipulate account balances. oh dear
‘inspires kids to explore and learn about science, engineering, and technology—and have fun doing it. Every month, a new crate to help kids develop a tinkering mindset and creative problem solving skills.’ aimed at ages 9-14+
(tags: kids gifts tinkering stem education fun engineering science toys)