I originally used the name ‘slashdot’ on my desktop a year earlier when I got my first static IP in the Voorhees Hall dorm room I shared with Dave. Back in 1996, our floor was the first in all of Hope College to be granted 24/7 high speed internet access.
The 547 unreachable links are attached to graphical elements that collectively take up 342,000 pixels (face value: $342,000). Redirects account for a further 145,000 pixels (face value: $145,000).
不過如果以網站數量來看,則大約還有 63% 活著:
Of the 2,816 links that embedded on the page (accounting for a total of 999,400 pixels), 547 are entirely unreachable at this time. A further 489 redirect to a different domain or to a domain resale portal, leaving 1,780 reachable links.
# build the static files and put them on the static server
`make -C /home/reddit/reddit static`
`rsync /home/reddit/reddit/static public:/var/www/`
# iterate through the app servers and update their copy
# of the code, restarting once done.
foreach $h (@hostlist) {
`git push $h:/home/reddit/reddit master`
`ssh $h make -C /home/reddit/reddit`
`ssh $h /bin/restart-reddit.sh`
}
The process for actually doing the deploy looked the same, but now the system did the work for you and told everyone what you were doing.
另外值得一提的是,因為他們不是自己架 IRC server 而是用外面第三方的伺服器,所以他們決定 IRC 只有單向告知的功能:
There was a lot of talk of systems that managed deploys from chat around this time, but since we used third party IRC servers we weren’t able to fully trust the chat room with production control and so it remained a one-way flow of information.
2012 時則是把機器列表放到 DNS 上,某種 service discovery 系統:
First, it fetched its list of hosts from DNS rather than keeping it hard-coded. This allowed us to update the list of hosts without having to remember to update the deploy tool as well — a rudimentary service discovery system.
Another small but important change was to always deploy a fixed version of the code. The previous version of the tool would update master on a given host, but what if master changed mid-deploy because someone accidentally pushed up code? By deploying a specific git revision instead of branch name, we ensured that the deploy got the same version everywhere in production.
What happens if a server is launched while a deploy is ongoing? We had to make sure each newly launched server checked in to get new code if present. What about servers going away mid-deploy? The tool had to be made smarter to detect when the server was gone legitimately rather than there being an issue with the deploy process itself that should be noisily alerted on.
2014 遇到機器數量太多,推一輪要一個小時而被迫要平行化處理:
Over time, the number of servers needed to serve peak traffic grew. This meant that deploys took longer and longer. At its worst, a normal deploy took close to an hour. This was not good.
2015 則是加上 deploy lock,避免同時間有兩個人在 deploy:
Engineers would ask for the deploy lock and either get it or get put in the queue. This helped keep order in deploys and let people relax a bit while waiting for the lock.
2017 的部份則是提到了伺服器的數量:
This new mechanism allows us to deploy to a lot more machines concurrently, and deploy timings are down to 7 minutes for around 800 servers despite the extra waiting for safety.
The new law will require hiring managers to state a compensation figure upfront — based on what an applicant’s worth is to the company, rather than on what he or she made in a previous position.
法案是「Bill S.2119」,可以看到「An Act to establish pay equity」的說明,應該是指目標之類的。
裡面的幾個重點,首先是生效日期:
SECTION 7. This act shall take effect on January 1, 2018.
然後是求職期間的禁止行為:
(3) seek the salary history of any prospective employee from any current or former employer; provided, however, that a prospective employee may provide written authorization to a prospective employer to confirm prior wages, including benefits or other compensation or salary history only after any offer of employment with compensation has been made to the prospective employee;
Sniffly is an attack that abuses HTTP Strict Transport Security and Content Security Policy to allow arbitrary websites to sniff a user's browsing history. It has been tested in Firefox and Chrome.
Sniffly sets a CSP policy that restricts images to HTTP, so image sources are blocked before they are redirected to HTTPS. This is crucial! If the browser completes a request to the HTTPS site, then it will receive the HSTS pin, and the attack will no longer work when the user visits Sniffly.
When an image gets blocked by CSP, its onerror handler is called. In this case, the onerror handler does some fancy tricks to time how long it took for the image to be redirected from HTTP to HTTPS. If this time is on the order of a millisecond, it was an HSTS redirect (no network request was made), which means the user has visited the image's domain before. If it's on the order of 100 milliseconds, then a network request probably occurred, meaning that the user hasn't visited the image's domain.