That feeds into best practice for configuring NTP clients - configure one upstream source, or at least three. Never two.

While in practice most admins configure /64s as subnets, there's nothing preventing netblocks that are smaller than /64. I have /127 point-to-point subnets on my network, and /96s going to server racks. You need a /64 in order to do RA, however, but you can use DHCPv6 instead on smaller subnets.

What's more likely - I've run into exactly this scenario before, in fact - is that the configuration generation system regenerates configs on a regular schedule, and at one point encountered a failure or spurious bug that caused it to push an invalid config. On the next run - right as the SREs started poking around - the generator ran again, the bug wasn't encountered, and it generated and pushed a correct config, clearing the error and allowing apps to recover.

In python, that's correct. There's some method name mangling to ensure that devs writing code calling private methods know what they're doing, but otherwise it's allowed. In other languages (Java for example) private methods are completely hidden from outside classes.

Disclaimer: Another Twitter engineer here. What my apparently former colleague said, plus X.

Also: Don't be afraid to add caching layers when you see your web server or DBs start to run hot. Putting a memcached instance in place in "front of" your database layer is much easier than sharding the database layers to relieve load - eventually you'll have to do both, but you'll definitely want the memcache layer first. Same with web caches/proxies - putting varnish or squid in front will take some pressure off before you need to implement load balancers.

So...former HP customer, or former employee?

That's true, and everyone who knew how to use it did, because Cisco's VPN client software is crap.

Could you imaging the CEO of Northrop Grumman or Lockheed being able to talk about the engineering issues at this level of detail? Or even the head of NASA? This is why I bought TSLA stock.

His severance package is $378.36. not $378 thousand or $378 million, Three Hundred and Seventy Eight dollars and Thirty Six cents.

The FSF has been knocking Apple over iOS since its release. http://www.fsf.org/blogs/community/why-free-software-and-apples-iphone-dont-mix

Good news here: Google's DoubleClick and AdSense ads are served over SPDY today. In fact, I'm not aware of any Google properties that don't use SPDY, since they're all routed through the same GFE (Google FrontEnd) proxy farms.

The good news there is that connections to Google's ad networks DO run over SPDY now, assuming a compatible browser.

Because no one's bothered to ship a BEEP implementation in a major browser release?

SPDY as implemented requires SSL, since the protocol capability is negotiated by a TLS extension on port 443. There's no spec for negotiating SPDY on a standard HTTP port - it would only work if the capability was assumed on both sides before the connection (for example, URLs that start with spdy:// instead of http:/// which connects to a different TCP port on the server).

That only works if all of those hostnames resolve to the same IP addresses. The main optimization in SPDY is the elimination of the need to make multiple TCP connections simultaneously, but all of those resources must live on the same server. If the resources have different hostnames, you might be able to detect hostnames that point to the same IP and then interleave those, but I don't know if the current implementations do that yet.

Most CDNs, however, return different IPs for nearly every query, and web developers use multiple hostnames pointing to the same resources to get non-SPDY multiplexing today. This sounds like an optimization that's easy to accomplish dynamically, though (if request is SPDY, don't spread the resources across different hostnames).