Home » 2017 » January (Page 3)

用人力就可以達到離心機的效果...

看到「This Human-Powered Paper Centrifuge Is Pure Genius」這個設計真的很巧妙... 全文刊登在 nature biomedical engineering 上:「Hand-powered ultralow-cost paper centrifuge」。

起源來自於小時候的玩具 (我也有印象,但忘記中文叫什麼了...):

Here, we report an ultralow-cost (20 cents), lightweight (2 g), human-powered paper centrifuge (which we name ‘paperfuge’) designed on the basis of a theoretical model inspired by the fundamental mechanics of an ancient whirligig (or buzzer toy; 3,300 BC).

研究後發現離心速度可以到 125000rpm:

The paperfuge achieves speeds of 125,000 r.p.m. (and equivalent centrifugal forces of 30,000 g), with theoretical limits predicting 1,000,000 r.p.m.

對於無法買昂貴醫療器材的地區,這樣就有簡單但又頗有效的離心機做檢驗...

辦公室採用開放式空間的問題

這幾年對於開放式空間有不少反面意見出來,像是這幾天 BBC 登的「Why open offices are bad for us」。

這是目前的主流,大量的公司採用開放式空間:

Numerous companies have embraced the open office — about 70% of US offices are open concept — and by most accounts, very few have moved back into traditional spaces with offices and doors.

但人的效率會因為開放式空間大約掉 15%:

But research that we’re 15% less productive, we have immense trouble concentrating and we’re twice as likely to get sick in open working spaces, has contributed to a growing backlash against open offices.

採用開放式空間最常見的理由包括辦公室成本 (每個人平均分到的空間大小會比較低),另外一個是藉由開放式空間讓互相討論合作的成本降低,但因為開放式空間,反而是影響到別人的情況比討論合作的情況多,甚至是與工作無關的事情也會影響到期他人:

Beside the cheaper cost, one main argument for the open workspace is that it increases collaboration. However, it’s well documented that we rarely brainstorm brilliant ideas when we’re just shooting the breeze in a crowd. Instead, as many of us know, we’re more likely to hear about the Christmas gift a colleague is buying for a family member, or problems with your deskmate’s spouse.

其實科技的進步讓遠端溝通的成本降低了不少,像是 SlackZoom,現在未必要靠 open office 的架構讓大家溝通了。

伊朗透過 BGP 管制網路的手段影響其他國家網路...

Dyn (之前被 DDoS 打爆,過一陣子被 Oracle 買去的那個 Dyn) 的這篇「Iran Leaks Censorship via BGP Hijacks」講到他們偵測到伊朗透過 BGP hijack 管制網站的問題。

前陣子伊朗透過 private ASN 放了 99.192.226.0/24 出來,影響到其他國家:

Last week, Iranian state telecom announced a BGP hijack of address space (99.192.226.0/24) hosting numerous pornographic websites.

由於這段 IP address 在 internet 上是以 99.192.128.0/17 在放,就因為 /24 優先權比較高而被蓋過去影響到全世界...

然後過了幾天,開始攻擊蘋果的 iTunes 服務,不過這次是以 /32 放出來。由於大多數收的最小單位是 /24,這次的影響沒有上次大:

In addition, TIC announced BGP hijacks for 20 individual IPs associated with Apple’s iTunes service. These too were carried by Omantel to the outside world, albeit with a smaller footprint due to the fact that BGP routes for /32’s typically don’t propagate very far.

這看得出來 routing 在 internet 上還是非常脆弱...

GitHub 重新定位 Redis 的功能...

GitHub Engineering 說明了他們為什麼改變 Redis 的使用情境:「Moving persistent data out of Redis」。

GitHub 裡面,Redis 有兩種不同的情境,一種叫做 transient Redis,只用做 cache:

We used it as an LRU cache to conveniently store the results of expensive computations over data originally persisted in Git repositories or MySQL. We call this transient Redis.

另外一種則是打開 persistence 功能,叫做 persistent Redis:

We also enabled persistence, which gave us durability guarantees over data that was not stored anywhere else. We used it to store a wide range of values: from sparse data with high read/write ratios, like configuration settings, counters, or quality metrics, to very dynamic information powering core features like spam analysis. We call this persistent Redis.

這邊講的是 persistent Redis 被換成用 MySQL (InnoDB) 儲存:

Recently we made the decision to disable persistence in Redis and stop using it as a source of truth for our data. The main motivations behind this choice were to:

  • Reduce the operational cost of our persistence infrastructure by removing some of its complexity.
  • Take advantage of our expertise operating MySQL.
  • Gain some extra performance, by eliminating the I/O latency during the process of writing big changes on the server state to disk.

For the majority of callsites, we replaced persistent Redis with GitHub::KV, a MySQL key/value store of our own built atop InnoDB, with features like key expiration. We were able to use GitHub::KV almost identically as we used Redis: from trending repositories and users for the explore page, to rate limiting to spammy user detection.

後面講了不少轉換的過程 (還包含了某些功能的改寫),但沒有講的太清楚為什麼不繼續使用 Redis。

目前只能就提到的三點問題來看,persistent 的 i/o 成本可能太高?而且難以再壓榨效能出來?而相反的,InnoDB 已經花了很多力氣在上面,直接拿來用反而可以解決問題?

不過看得出來這個轉換還是花了不少力氣,看得出來有些 application 使用 Redis 的模式不能直接搬到 InnoDB 上,花了時間改寫...

Stylish 的維護者換人,開始蒐集使用者資訊...

Solidot 上看到 Google Chrome 上的 Stylish 換人開始蒐集使用者所有的瀏覽記錄:「Chrome 版 Stylish 开始收集用户数据」。

之前是靠 Stylish 在處理 Feedly 的版面,移除掉之後就變得很窄很不好讀... 基於不信任的理由,也不可能用 userstyles.org 上的 Greasemonkey 版本 (反而更危險)。

結果塞翁失馬,找到「Custom Feedly Styles (+ Always Show Left Menu)」這個套件,一包直接支援多種功能,還可以透過 checkbox 選擇要哪些...

利用隱藏的 form input 加上自動完成功能取得敏感資料

anttiviljami/browser-autofill-phishing 這邊示範了怎麼用隱藏的 form input 與自動完成功能取得敏感資料。在這邊可以看到示範 (把 POST 丟到 httpbin 上看 response)。

想法不算困難,但好像也不是很好防... 關掉 autofill 是比較簡單的解法 (我是裝好瀏覽器就會關掉,不過好像很多人都喜歡用這個功能),所以這個問題就丟回給這些 browser vendor 想了 :o

Google 弄出來的 Grumpy:把 Python 2.7 的程式碼轉成 Go...

Google 放出 Grumpy,可以把 Python 2.7 的程式碼轉成 Go:「Grumpy: Go running Python!」。

下面看到一個留言頗有趣的:

This sad to see that Grumpy is mean to be a replacement of CPython 2.7 instead of CPython 3.x . I presume the code from youtube was written in python 2.x hence the reason but I hope we'll see Grumpy supporting python 3.x :)

回到原文,這次的需求主要是出自 YouTube 的需求:

The front-end server that drives youtube.com and YouTube’s APIs is primarily written in Python, and it serves millions of requests per second! YouTube’s front-end runs on CPython 2.7, so we’ve put a ton of work into improving the runtime and adapting our application to work optimally within it.

然後 Python 的 GIL 又被拿出來鞭屍:

除了 C extension 不支援外,還是有些「過於動態」的語法不支援:

exec, eval and compile: These dynamic features of CPython are not supported by Grumpy because Grumpy modules consist of statically compiled Go code. Supporting dynamic execution would require bundling Grumpy programs with the compilation toolchain which would be unwieldy and impractically slow.

這樣可用的範圍少不少,這個專案可以當作 YouTube 這種規模的網站所做的改善,而不是什麼可以拿來用的工具 :o

號稱目前最快的 Terminal 軟體 (因為用 GPU 加速)

看到「Announcing Alacritty, a GPU-accelerated terminal emulator」這個用 GPU 加速 rendering 的 terminal emulator:「Alacritty」。

Alacritty is a blazing fast, GPU accelerated terminal emulator. It’s written in Rust and uses OpenGL for rendering to be the fastest terminal emulator available.

全螢幕全文字的情況下可以到 500 fps:

Alacritty’s renderer is capable of doing ~500 FPS with a large screen full of text. This is made possible by efficient OpenGL usage.

現在支援 Linux 與 macOS,不過要自己編,會比較麻煩一點:

Alacritty currently supports macOS and Linux, and Windows support is planned before the 1.0 release.

Archives