What Heartbleed Can Teach The OSS Community About Marketing

Patrick McKenzie has a nice piece posted for the open source software community (and technologists in general, really) on what can be learned from the massive and timely efforts that needed to be coordinated to avoid serious problems worldwide. Ultimately, it came down to communicating the problem well.

This makes marketing an engineering discipline.  We have to get good at it, or we will fail ourselves, our stakeholders, our community, and the wider world.

How to Learn Git

Learn Git in your browser for free with Try Git.

The entire Pro Git book, written by Scott Chacon and published by Apress, is available here, for free, if you are willing to read online.

The Git videos here.

If I missed any other excellent freely available resources, comment or shoot me a note.

Lessons From a Recent Malware Incident

Rob VandenBrink, writing on the ISC SANS handler blog, discusses a few lessons learned during a malware incident response:

I had a client call me recently with a full on service outage – his servers weren’t reachable, his VOIP phones were giving him more static than voice, and his Exchange server wasn’t sending or receiving mail – pretty much everything was offline.

 

40 Gbps of New Traffic Created by Heartbleed

The Heartbleed vulnerability required any servers running vulnerable code to revoke and reissue replacement SSL certificates. Normally this happens, well, almost never.

The process of revoking SSL certificates requires updates to the CRL database.  “CRL” = Certificate Revocation Lists. This is a list of all the SSL certificates that have been revoked, which web browsers reference to confirm if a certificate is still valid or not.

Matthew Prince, writing on CloudFlare’s blog on The Hard Costs of Heartbleed shares a bit of the “hidden” impact of this sudden surge in the CRL size:

Globalsign, who is CloudFlare’s primary CA partner, saw their CRL grow to approximately 4.7MB in size from approximately 22KB on Monday. The activity of browsers downloading the Globalsign CRL generated around 40Gbps of net new traffic across the Internet.

Globalsign was able to defer much of this new traffic, of course, to CloudFlare’s CDN.

Big Upgrades at Linode (SSD, RAM, Connectivity, Single Thread CPU Performance)

Chris Aker (caker) writes on the Linode blog about some hefty upgrades today:

Over the last year, and very feverishly over the past five months, we’ve been working on a really big project: a revamp of the Linode plans and our hardware and network – something we have a long history of doing over our past 11 years. But this time it’s like no other. These upgrades represent a $45MM investment, a huge amount of R&D, and some exciting changes.

This coming on the heels of last week’s launch of hourly pricing.

The New Outsourcing

Steve Shah with a commentary piece in InformationWeek entitled DevOps: The New Outsourcing:

As IT shifts from nuts-and-bolts maintenance and manual processes to virtualization, automation, and IT-as-a-service, different skills are moving to the forefront. Yes, work is being brought back in-house, but it’s coming back in a different form, and different people will be doing it.
 
We no longer need to carry dozens of people just to keep servers running, make changes, or understand what’s happening in the network. Instead, we need just a few people with a higher-level understanding of business needs and the insight to convert ideas into automation scripts.
 
“DevOps Ninja” is quickly becoming a cliché, but there’s some truth behind it. This is one more reason CIOs should love DevOps. Instead of increasing headcount to get more done, you just change the kind of people you’re hiring — and you can hire far fewer of them.

If you don’t think this is real, you are likely inside an organizational bubble.

Bruce Schneier on Ephemeral Apps

Bruce Schneier posted a thought piece on Ephemeral Apps on his blog:

The problem is that these new “ephemeral” conversations aren’t really ephemeral the way a face-to-face unrecorded conversation would be. They’re not ephemeral like a conversation during a walk in a deserted woods used to be before the invention of cell phones and GPS receivers.

The Internals of a Major SaaS Platform

A nice overview of the internals of a major SaaS platform. Bobby Grace writes, on the Fog Creek Software blog, in How We Make Trello:

Look around you. Is there something nearby that is firmly bolted to the ground? Okay good. Hold onto it. I’m about to pull back the curtains on everything you thought you knew about how Trello was made. The revelation could result in a rippling shockwave that knocks you off your seat and may have troubling, unpredictable consequences for the time-space continuum. Possibly.

Incidentally, if you haven’t already tried out Trello, give it a shot. You just might like it.

Scaling on AWS From Your First User …and to Infinity

An excellent presentation that will test some of your assumptions. Starts with your first user (likely yourself) and then gets you thinking about scalability in logical increments. The key takeaway should be that there are very different approaches at each step, and that being overly concerned with what to do at 10m doesn’t really make much sense at, say, 100,000 users. Includes specific approaches for each step.

The presentation slides:

The presentation video: