Blog Posts
Puppet Camp Paris: Improving Operations Efficiency with Puppet
News
April 20, 2015 | COMMENTS

During Puppet Camp Paris, I got the privilege to present the Continuous Delivery Workflow of TubeMogul's Operations Engineering Team. In few years, we went from few servers to over two thousands nodes fully managed by Puppet. In our presentation, we went over the challenges we faced as well as the implementation of our workflow to improve our day to day operation while still moving fast.

With our operations continuous delivery workflow using Git, Gerrit, and Jenkins, we have been able to manage over 10,000 Puppet deployment in 2014.

Continue Reading
Impact of a Positive Leap Second Introduced In June
News
January 5, 2015 | COMMENTS

The International Earth Rotation And Reference Systems Service (IERS) announced that a positive leap second will be introduced on the last day of June 2015 (Official Bulletin C 49) making the day with 86,401 seconds.

In 2012, a similar event created major outages on most of the internet with only few avoiding problems. See this Forbes post from July 2012: +1: Google Aces 'Leap Second' While Reddit, LinkedIn And More Went Down Saturday.

Continue Reading
Advanced Math Calculation in Bash using GNU bc
Shell Tips
January 1, 2015 | COMMENTS

In this post, we will cover how to do advanced arithmetic and write your own functions with GNU bc.

If you are looking at doing basic arithmetic in a bash shell or using bc, you should take a look at my older post about Performing Math Calculation in Bash.

Continue Reading
POODLE SSLv3.0 Vulnerability CVE-2014-3566
News
October 15, 2014 | COMMENTS

It has been few days that some rumors were talking about a new SSLv3 vulnerability. It's been confirmed yesterday by the Google Security team as they released the details of the vulnerability. See CVE-2014-3566.

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

You must disable SSLv3.0 or CBC-mode ciphers with SSLv3.0 to mitigate the issue. You should make sure to do this for all your services, including third party services like Amazon AWS CloudFront.

References:

Bash Vulnerability: Patch Now! CVE-2014-6271
News
September 24, 2014 | COMMENTS

A Bash vulnerability has just been announced, rated 10 on a scale of 10. The vulnerability is Network Exploitable. Patch Now.

GNU Bash through 4.3 incorrectly handle trailing strings after function definitions in the values of environment variables. An attacker could use this issue to bypass environment restrictions, such as SSH forced command environments, and execute arbitrary code.

You need to patch your systems now.

Update: If you already patched your system. Check it again. You may have to patch again due to a previous incomplete fixes. See CVE-2014-7169, Incomplete fix for CVE-2014-6271

References:

  • ...