DNS for service discovery is fraught with perils. Many implementations don't respect TTLs, or don't actually use multiple records, or don't do something smart like power of two. Even if you pick all your impls…
I don't think SRV records are the right answer; your networking layer should be k8s aware and issue a watch command on Endpoints; it'll be updated immediately-ish when the servers changes. This is similar to how…
My current startup and my last one, both smaller orgs. I setup both build systems, and initially used SBT in the previous one. In both cases I think it helps that we had engineers from larger companies familiar with a…
> operator-overloading enabling eDSL-creation This is almost certainly in the negative column for me. SBT has the dubious distinction of being the only build system that takes me hours to figure out how to change a…
If you use cert pinning, like the DigiNotar/Iran/Gmail, you're still protected against a trusted CA, assuming you've communicated in the past, which is realistic for a real world attack. It's an attack that's difficult…
> FWIW, my personal website uses let's encrypt, so it would be yellow or worse. This shouldn't effect your security stance. There's a common misconception that you trust your private keys with your CA and they can…
We were a parse user for (many) apps, and tried to run parse server briefly before just letting all the features built on it die. I think one of the major instabilities not mentioned the request fanout. On startup the…
DNS for service discovery is fraught with perils. Many implementations don't respect TTLs, or don't actually use multiple records, or don't do something smart like power of two. Even if you pick all your impls…
I don't think SRV records are the right answer; your networking layer should be k8s aware and issue a watch command on Endpoints; it'll be updated immediately-ish when the servers changes. This is similar to how…
My current startup and my last one, both smaller orgs. I setup both build systems, and initially used SBT in the previous one. In both cases I think it helps that we had engineers from larger companies familiar with a…
> operator-overloading enabling eDSL-creation This is almost certainly in the negative column for me. SBT has the dubious distinction of being the only build system that takes me hours to figure out how to change a…
If you use cert pinning, like the DigiNotar/Iran/Gmail, you're still protected against a trusted CA, assuming you've communicated in the past, which is realistic for a real world attack. It's an attack that's difficult…
> FWIW, my personal website uses let's encrypt, so it would be yellow or worse. This shouldn't effect your security stance. There's a common misconception that you trust your private keys with your CA and they can…
We were a parse user for (many) apps, and tried to run parse server briefly before just letting all the features built on it die. I think one of the major instabilities not mentioned the request fanout. On startup the…