Official guidance from the CDC is toning down the “bleach everything!” messaging:
People can be infected with SARS-CoV-2 through contact with surfaces. However, based on available epidemiological data and studies of environmental transmission factors, surface transmission is not the main route by which SARS-CoV-2 spreads, and the risk is considered to be low. The principal mode by which people are infected with SARS-CoV-2 is through exposure to respiratory droplets carrying infectious virus. In most situations, cleaning surfaces using soap or detergent, and not disinfecting, is enough to reduce risk. Disinfection is recommended in indoor community settings where there has been a suspected or confirmed case of COVID-19 within the last 24 hours. The risk of fomite transmission can be reduced by wearing masks consistently and correctly, practicing hand hygiene, cleaning, and taking other measures to maintain healthy facilities.Can we tone down the cleanliness theatre now?
The short version is this: we think about 1% of applications and traffic “out there” are still using TLS1.0/TLS1.1. Given where browsers are at, I think this percentage is an under-estimate of the usage on Java applications – I suspect it’s even higher there. When we dig in with customers “Why are you still using TLS1.0 or TLS1.1” the most common reasons are legacy appliances and applications. Think of hardware load balancers that were never updated, or can’t be, to support TLS1.2 or better. Compliance mandated traffic inspection devices that force TLS1.0 in certain industries are another reason. For these applications, the change will break them, and they’ll get a low-level exception. The users can re-enable TLS1.0 and TLS1.1, but they may suffer an outage because they likely weren’t expecting a breaking change low in the networking stack.
oh god this brings back painful memories —
On a particularly large deployment, I eventually had to layer in a second pgbouncer tier. One tier ran on the application servers and another tier on the database servers. Altogether it aggregated connections for around 1 million client processes. Tuning it was 40% dark art, 40% brute force, and 10% pure luck.Amazing to see that these issues are still something that Postgres users have to worry about :)