• 15 Posts
  • 547 Comments
Joined 1 year ago
cake
Cake day: June 30th, 2023

help-circle
  • 0x0@programming.devtoSelfhosted@lemmy.worldWhy do so many people use NGINX?
    link
    fedilink
    English
    arrow-up
    21
    arrow-down
    1
    ·
    19 hours ago

    When NGINX showed up it beat the then dominant apache on resource utilzation hands-down.

    It’s also very configurable and has a lot of modules, both in-house and third party.

    The only downside for me: as of late the whole commercial part of the project has been gobbling up everything to shove the non-free version to the point where it’s hard to find info on the free version, e.g., the wiki page that lists all the third-party modules. The nginxtutorials site seems to be a good resource.

    Btw one of the main devs forked it into freenginx:

    Dounin writes in his announcement that “new non-technical management” at F5 “recently decided that they know better how to run open source projects. In particular, they decided to interfere with security policy nginx uses for years, ignoring both the policy and developers’ position.” While it was “quite understandable,” given their ownership, Dounin wrote that it means he was “no longer able to control which changes are made in nginx,” hence his departure and fork.

    Also, fun fact: this is probably the only instance of russian software muricans don’t cry Commie! all the time (maybe because the parent company was acquired).







  • On Wednesday, CrowdStrike released a report outlining the initial results of its investigation into the incident, which involved a file that helps CrowdStrike’s security platform look for signs of malicious hacking on customer devices.

    The company routinely tests its software updates before pushing them out to customers, CrowdStrike said in the report. But on July 19, a bug in CrowdStrike’s cloud-based testing system — specifically, the part that runs validation checks on new updates prior to release — ended up allowing the software to be pushed out “despite containing problematic content data.”

    When Windows devices using CrowdStrike’s cybersecurity tools tried to access the flawed file, it caused an “out-of-bounds memory read” that “could not be gracefully handled, resulting in a Windows operating system crash,” CrowdStrike said.

    Couldn’t it, though? 🤔

    And CrowdStrike said it also plans to move to a staggered approach to releasing content updates so that not everyone receives the same update at once, and to give customers more fine-grained control over when the updates are installed.

    I thought they were already supposed to be doing this?