today's leftovers
-
Blatant Self-Promotion
Liam Proven's NixOS and the changing face of Linux operating systems is a very interesting discussion of Linux distros and package management. He starts by discussing radical restructuring of Linux distros, focusing on NixOS and GoboLinux. Then he looks at less radical alternatives:
So, instead of re-architecting the way distros are built, vendors are reimplementing similar functionality using simpler tools inherited from the server world: containers, squashfs filesystems inside single files, and, for distros that have them, copy-on-write filesystems to provide rollback functionality.
The goal is to build operating systems as robust as mobile OSes: periodically, the vendor ships a thoroughly tested and integrated image which end users can't change and don't need to. In normal use, the root filesystem is mounted read-only, and there's no package manager.
-
Persistency management of memory based filesystem on OpenBSD
For saving my SSD and also speeding up my system, I store some cache files into memory using the mfs filesystem on OpenBSD. But that would be nice to save the content upon shutdown and restore it at start, wouldn't it?
I found that storing the web browser cache in a memory filesystem drastically improve its responsiveness, but it's hard to make measurements of it.
-
Secure your Kubernetes deployments with eBPF | Red Hat Developer
Numerous adaptations of the Linux kernel—notably seccomp, SELinux, and AppArmor—bolster its security through runtime checks on sensitive activities such as file access and system calls (syscalls). In particular, seccomp denies access to system calls that don't match rebuild profiles of allowed calls. But the creation of seccomp profiles for Kubernetes workloads can be a major obstacle to deploying containerized applications. Those profiles have to be maintained over the complete life cycle of the application because changing the code might require changes to the seccomp rules as well.
To overcome this burden, it would be absolutely stunning if developers could record seccomp profiles by running a test suite against the application and automatically deploy the results together with the application manifest. But how to record seccomp profiles? Well, the Security Profiles Operator in Kubernetes offers several ways to record activity. This article shows how to use the Operator to secure your applications and how the recorder that uses extended Berkeley Packet, eBPF (or just BPF) does the job.
-
An elegant way to performance test microservices on Kubernetes
Application programming interfaces (APIs) are the core system of most services. Client, web, and mobile applications are all built from APIs. They sit on the critical path between an end-user and a service, and they're also used for intra-service communication.
Because APIs are so critical, API performance is also essential. It doesn’t matter how well-built your front-end application is if the API data sources it accesses take several seconds to respond. This is especially true in a world of microservices, where services depend on each other to provide data. In my opinion, the best feature your API can offer is great performance.
To measure API performance, you need to benchmark your APIs as reliably as possible, which can be challenging. The optimal approach depends on your performance objectives. In this article, I'll guide you through an elegant process for measuring the performance of backend applications running on Red Hat OpenShift or Kubernetes. You'll also learn how to use Vegeta, a versatile HTTP load testing and benchmarking tool written in Golang. We will deploy Vegeta on OpenShift and run performance tests in both standalone and distributed modes.
-
- Login or register to post comments
- Printer-friendly version
- 649 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Software and Programming Leftovers
Debian and Canonical/Ubuntu Leftovers
Open Hardware/Modding: PinePhone, Pine64, and PCB
Proprietary Microsoft Blunders
Recent comments
8 hours 13 min ago
8 hours 25 min ago
17 hours 2 min ago
17 hours 8 min ago
17 hours 30 min ago
17 hours 36 min ago
18 hours 32 min ago
18 hours 55 min ago
20 hours 2 min ago
20 hours 36 min ago