397 liens privés
sudo minicom -s
+-----------------------------------------------------------------------+
| A - Serial Device : /dev/ttyUSB0 |
| B - Lockfile Location : /var/lock |
| C - Callin Program : |
| D - Callout Program : |
| E - Bps/Par/Bits : 115200 8N1 |
| F - Hardware Flow Control : No |
| G - Software Flow Control : No |
"""
Conclusion : si votre version de Firefox est >= 41, passez la valeur de « media.autoplay.enabled » à false dans about:config pour virer le spam vidéo non-Flash qui pollue le web en ce moment (il faudra cliquer sur toute vidéo pour en commencer la lecture). Si vous n'avez pas cette version de Firefox (comme avec Debian stable, par exemple), je n'ai pas trouvé de solution parfaite. La moins pire est donc d'utiliser NoScript en lui demandant de virer les objets embarqués même sur les sites web inclus dans la liste blanche (voir item numéro 6 pour les détails et dommages collatéraux).
"""
merci Guigui.
Joli tuto pour ceux qui veulent commencer avec saltstack.
Voici la vidéo de cette rencontre: http://www.dailymotion.com/video/k5o36NvlFBfyQAbZUDk
"""
Nginx HTTP server boilerplate configs
Nginx Server Configs is a collection of configuration snippets that can help your server improve the web site's performance and security, while also ensuring that resources are served with the correct content-type and are accessible, if needed, even cross-domain.
"""
Beau projet.
De nombreux trolls en perspective.
Viendez.
"""
“Infrastructure as a code” changes the administrator mindset. It makes them developers and requires from them programmatic skills. It perfectly matches the DevOps concept. Looking at it from the other side – taking care of infrastructure becomes interesting for developers and starts to no longer be considered as a necessary evil.
In the current tools and technology state implementing this approach takes quite a lot of time. Using it for small scale solutions and systems might (let me emphasise: might) not pay off. However, if you are managing several dozen configurations and machines you will notice the benefits quite fast. While implementing new changes might still take more time than in the old approach, full tracking, automation and gained stability will leverage the additional effort.
There will be less and less classical admins in the future. We have see this trend since many years ago. I also expect that “Infrastructure as a code” tools will go into direction when setup and usage will be so simple and user friendly that almost no one will consider configuring infrastructure without them.
"""
petit tuto d'introduction à Augeas: http://augeas.net/
Il parle de puppet mais on peut l'utiliser avec salstack également: http://docs.saltstack.com/en/latest/ref/states/all/salt.states.augeas.html
autre prise en main rapide: http://augeas.net/tour.html
Détails techniques sur la gestion de conf (chef) chez Facebook.
Quelques notes pour vous donner envie de voir cette vidéo*
15:50 move indempotency up (avoid stale entries)
24:50 code reviews + lint (testing chef cookbooks)
32:30 we're facebook, fuck it, let's do it! (utilisation d'un module en erlang pour améliorer les perfs, bleeding-edge non-testé ni utilisé par personne)
35:20 tests in production
39:35 Q: how many homogeneous/heterogeneous systems can you maintain? A: > 17k
Q: how many people are needed? A: ~4
- malgré le ton pédant du mec
L'article montre les limites des systèmes de déploiement déclaratifs comme puppet
"""
...
And obviously, the entire problem of server deployment is deeply stateful - your server is quite literally a state machine, and each deployment attempts to modify its current state into (hopefully) the expected target state.
Unfortunately, in such a system it can be difficult to predict how the current state will interact with your deployment scripts. Performing the same deployment to two servers that started in different states can have drastically different results. Usually one of them failing.
Puppet is a little different, in that you don’t specify what you want to happen, but rather the desired state. Instead of writing down the steps required to install the package foo, you simply state that you want foo to be installed, and puppet knows what to do to get the current system (whatever its state) into the state you asked for.
Which would be great, if it weren’t a pretty big lie.
...
"""
NixOS fait également parti de ces systèmes mais son approche différente permet de s'astreindre des principaux défauts de ses 'concurrents'.
Plutôt que de tenter d'ammener le serveur (dans un état X) vers un état Y, NixOS part de zéro.
Mozilla's SSL config generator pour apache, nginx et haproxy.
Benjamin Sonntag a partagé ses (très bonnes) configurations SSL/TLS.
J'ai adopté celle de nginx qui me permet d'obtenir la note globale de A sur ssllabs avec un certificat gratuit class1 de chez startssl: https://www.ssllabs.com/ssltest/analyze.html?d=fralef.me
Voilà voilà, en attendant que DANE (http://www.slideshare.net/Deploy360/introduction-to-the-dane-protocol) soit adopté bientôt, pour une sécurité accessible à tous...