Weekly Digest – Week 12, 2021

Articles and News

Firefox 87 Trims HTTP Referrers by Default

»Starting with Firefox 87, we set the default Referrer Policy to ‘strict-origin-when-cross-origin’ which will trim user sensitive information accessible in the URL.«

https://blog.mozilla.org/security/2021/03/22/firefox-87-trims-http-referrers-by-default-to-protect-user-privacy/

#firefox #http-referrers

Trying Out Cosign

cosign is part of the sigstore project to make the open-source software supply chain more secure. In this post, the author describes how to use the cosign tool to sign container images.

https://raesene.github.io/blog/2021/03/21/Trying-out-cosign/

#container-security #sigstore

Rethinking Site Capacity Projections With Capacity Analyzer

This in-depth article shows how LinkedIn Engineering improved the capacity projections on their site.

https://engineering.linkedin.com/blog/2021/rethinking-site-capacity-projections-with-capacity-analyzer

#linkedin #capacity-planning

Regexploit: DoS-able Regular Expressions

This post explains the issue of DoS against regular expressions. The authors also introduce their tool regexploit, which helps analyze regular expressions against such vulnerabilities.

https://blog.doyensec.com/2021/03/11/regexploit.html

#dos #security #regex

Transfer of Plan 9 to the Plan 9 Foundation

Nokia has transferred the copyright of Plan 9 to the Plan 9 Foundation.

https://9fans.topicbox.com/groups/9fans/Tf20bce89ef96d4b6

#plan-9 #operating-system #nokia

Notes on Some PostgreSQL Implementation Details

This is an interesting write-up of a PostgreSQL performance issue.

https://buttondown.email/nelhage/archive/notes-on-some-postgresql-implementation-details/

#postgresql #database-performance

Does Sigstore Really Secure the Supply Chain?

The author discusses which supply chain attacks aren’t covered by sigstore.

https://www.i-programmer.info/news/90-tools/14436-sigstore-to-mitigate-most-supply-chain-hazards-but-not-all.html

#sigstore #security #supply-chain-attack

Red Hat OpenShift Service on AWS Now GA

AWS launched Red Hat OpenShift Service on AWS (ROSA).

https://aws.amazon.com/blogs/aws/red-hat-openshift-service-on-aws-now-generally-availably/

#aws #openshift

PDF: Performance Optimizations in VMware vSphere 7.0 U2 CPU Scheduler for AMD EPYC Processors

The performance impact of a new CPU scheduler for AMD EPYC in VMware vSphere 7.0 U2 is described in this document by VMware.

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/performance/vsphere70u2-cpu-sched-amd-epyc.pdf

#vmware #virtualization #amd #amd-epyc

RFC 8996

Deprecating TLS 1.0 and TLS 1.1

https://datatracker.ietf.org/doc/rfc8996/

#rfc #tls #ssl

RFC 9006

TCP Usage Guidance in the Internet of Things (IoT)

#rfc #iot #tcp

How to Conditionally Configure Your Git Username and Email Address

This short post explains how to use different git usernames and email addresses per directory.

https://www.jessedejonge.com/blog/use-different-git-email-addresses

#git

SQLite Is Not a Toy Database

The author gives some good reasons why the omnipresent DBMS should not be underestimated.

https://antonz.org/sqlite-is-not-a-toy-database/

#dbms #sqlite

How We Responded to a 2-Hour Outage in Our Grafana Cloud Hosted Prometheus Service

Short post-mortem on a Grafana Cloud Prometrheus outage.

https://grafana.com/blog/2021/03/26/how-we-responded-to-a-2-hour-outage-in-our-grafana-cloud-hosted-prometheus-service/

PDF: BPF for Storage: An Exokernel-Inspired Approach

Paper on using BPF to reduce access latency for new NVMe storage devices.

https://arxiv.org/pdf/2102.12922.pdf

Projects and Releases

Grafana 7.5

The latest stable release of Grafana comes with a new and improved pie chart panel, alerting support for Loki, a Grafana Tempoo backend data source, and many other improvements.

https://grafana.com/blog/2021/03/25/grafana-7.5-released-loki-alerting-and-label-browser-for-logs-next-generation-pie-chart-and-more/

#grafana