Home » 2017 » June

小台機器上的 innodb_purge_threads 對效能的影響

雖然「MyISAM, small servers and sysbench at low concurrency」這篇標題是在講 MySQL 上的 MyISAM,但還是有提到一些 InnoDB 的東西...

其中提到了 innodb_purge_threads 對效能的影響:

the default value for innodb_purge_threads, which is 4, can cause too much mutex contention and a loss in QPS on small servers. For sysbench update-only I lose 25% of updates/second with 5.7.17 and 15% with 8.0.1 when going from innodb_purge_threads=1 to =4.

當機器不大的時候,innodb_purge_threads 對於效能帶來的影響其實頗大的?

另外從作者最近的一系列測試看起來,5.7 在小機器的效能比 5.6 差不少... 這點在考慮 RDS 的時候也許要注意 (因為 t2.* 應該不算大 XD)。

最近 OpenVPN 的安全性漏洞...

看到「The OpenVPN post-audit bug bonanza」這個只有苦笑啊...

作者在 OpenVPN 經過一連串的安全加強後 (包括 harden 計畫與兩個外部單位的程式碼稽核找到不少問題),決定出手挖看看:

After a hardening of the OpenVPN code (as commissioned by the Dutch intelligence service AIVD) and two recent audits 1 2, I thought it was now time for some real action ;).

然後就挖出不少問題了...

可以看到作者透過 fuzzing 打出一卡車,包含了不少 crash XDDD:(然後有一個是 stack buffer corruption,不知道有沒有機會變成 RCE)

  • Remote server crashes/double-free/memory leaks in certificate processing (CVE-2017-7521)
  • Remote (including MITM) client crash, data leak (CVE-2017-7520)
  • Remote (including MITM) client stack buffer corruption
  • Remote server crash (forced assertion failure) (CVE-2017-7508)
  • Crash mbed TLS/PolarSSL-based server (CVE-2017-7522)
  • Stack buffer overflow if long –tls-cipher is given

Google 推的 BeyondCorp

Google 在推的 BeyondCorp 發了一篇介紹出來:「How to use BeyondCorp to ditch your VPN, improve security and go to the cloud」。

裡面有提到幾篇研究:

在文章開頭處有提到 BeyondCorp 的想法是「zero-trust network security model」,這樣就比較能理解他的設計了:

We moved away from our corporate VPN, and introduced BeyondCorp, a zero-trust network security model.

當掃地的阿桑可以碰到企業內的實體網路時,要怎麼設計防禦機制...

Netflix 對於拍攝影片的要求

Netflix 對於拍攝影片的要求直接放在網站上:「Production and Post-Production Requirements v2.1」。

Provide a set of technical requirements for production and post-production workflows to ensure that a high level of quality is maintained throughout the lifecycle of a project from capture to archive. This serves the purpose of future-proofing the content as the Netflix platform and viewing experience continue to evolve.

裡面有提到一些產品,這些資訊其實可以當作採購指南用... (當預算有到這個 range 時 XD)

不過動畫會怎麼算啊 XDDD (應該是另外的 requirement?)

Archives