Cloudflare R2 Storage 的插曲...

Hacker News 首頁上看到「Cloudflare's Disruption (stratechery.com)」這篇,文章「Cloudflare’s Disruption」這篇其實還好,主要就是分析一下 Cloudflare R2 Storage 在下的棋,真的讓我想寫的是反而是 Hacker News 上的討論...

首先是提到了 S3 -> R2 -> Q1 -> P0 這個:

ksec 36 minutes ago | unvote [–]

^gt; The service will be called R2 — “one less than S3,” quipped Cloudflare CEO Matthew Prince in an interview with Protocol ahead of Cloudflare’s announcement

Oh I never thought of that. So the next one is Q1 and final one would be P0.

另外下面有也提到 IBMHAL

piaste 33 minutes ago | unvote [–]

And it is likely inspired by the old joke that 2001: A Space Odyssey's HAL was one less than "IBM".

下一個 Q1 是明年了,來看看 2022Q1 會不會有 P0 issue XDDD

StackOverflow 開賣 Ctrl、C、V 的鍵盤

StackOverflow 今年愚人節的鍵盤真的開賣了:「No joke—you can buy our copy/paste keyboard right now」。

愚人節的文章在「Introducing The Key」,這次開賣的網站是跟 Drop 合作:「Stack Overflow The Key Macropad | Mechanical Keyboards | Mini Mechanical Keyboards | Drop」,可以看到是機械鍵盤,但要 US$29 一隻...

鍵盤是凱華 BOX 黑軸:

They’re also outfitted with Kailh Box Black switches to deliver an ultra-smooth linear feel.

然後可程式化定義 XDDD

Fully programmable, these three keys can do much more than copy and paste. In fact, you can configure them to perform virtually any key command you want.

不過想要的人也得注意一下,目前看到的 ship date 是年底了:

Estimated ship date is Dec 13, 2021 PT.

然後目前已經賣出 2.6k 件了?XDDD

2.6k Sold

Brendan Gregg 遇到的 An Unbelievable Demo

Hacker News Daily 上看到的熱門話題,Brendan Gregg 是效能分析領域的大老,現在在 Netflix 工作,在維基百科的條目「Brendan Gregg」上也有提到他的一些知名發明,像是 Flame Graphs:

He has also created visualization types to aid performance analysis, including latency heat maps, utilization heat maps, subsecond offset heat maps, and flame graphs.

昨天他發了一篇文章在講之間他遇到的事情,原文把過程寫的很有戲劇性,值得去看一看:「An Unbelievable Demo」,而 Hacker News 上的討論也很精彩:「An Unbelievable Demo (brendangregg.com)」,還引出了 Colin Percival 也分享他的經驗。

快速講 Brendan Gregg 遇到的事情,2005 年時 Brendan Gregg 因為業務上的需要 (他當年是效能分析的顧問),幫 Sun 推出的 DTrace 寫了一包工具,叫做 DTraceToolkit,用 GPLv2 或是 CDDL 釋出。

這包工具被 Sun 的人拿去用,並且拔掉作者與授權資訊,然後還被拿去「世界巡迴」介紹這個工具,最後在雪梨的時候居然是拿來介紹給 Brendan Gregg,然後被原作者打臉。

不過他後來還是加入了 Sun... XDDD

Colin Percival 的故事則沒有牽扯到 copyright issue,不過也很有趣,這邊提到的是 bsdiff,也是個經典的工具:

Reminds me of when Apple started providing "smaller size updates" to OS X. I was curious about the details since my doctorate had touched on the topic, so I worked my contacts (I had a few in Apple engineering from the FreeBSD / OS X relationship) and after a few months I got back as answer: "We're using a tool called bsdiff, are you familiar with it?" I was indeed, since I was the author of said tool.

(Just to be clear, there was no license violation involved in this case; just a lack of awareness of the provenance of the open source software they were using.)

另外在其他的 thread 裡面,可以看到 Brendan Gregg 也有浮上來回應 (可以直接字串搜尋 brendangregg),裡面也提到了有趣的故事,像是他另外一個發明 latency heat map 在一些會場上的交流,以及自己也有遇到其他工具的作者:

Thanks. There was a time when many observability products were adding latency heat maps, and at one conference expo floor there were three companies with latency heat maps on their screen at the same time, pitching them as a flagship feature. If I walked near them they'd start trying to explain them to me, and I never figured out an appropriate response. If I said "hey, great to see you added them, I invented these back at Sun" I'd get funny looks.

I think it's a small world, and everything is software, so the chance you'll bump into someone who wrote software you are using I think is pretty high. I was once trying to get my head around Andi Kleen's pmu-tools, and I had the github repo open in my browser on my laptop I was carrying, when the guy sitting next to me on a bus says he's Andi Kleen. (Ok, it was a bus taking Linux conference attendees to an event, not a random bus, but I still found it remarkable timing -- I was studying pmu-tools at that exact time!)

拿來配啤酒的文章 XD

CVE-2021-32471 發了一個 1967 年電腦的安全性漏洞?

Hacker News 首頁上看到好幾則都在講 CVE-2021-32471

Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. For example, a tape head may have an unexpected location after the processing of input composed of As and Bs (instead of 0s and 1s). NOTE: the discoverer states "this vulnerability has no real-world implications."

等下,今天不是四月第一天啊,現在已經五月多了啊...

泡茶方式的 ISO 標準:ISO 3103

Twitter 上看到這個太哭腰了,泡茶也有 ISO 標準:

在中文維基百科內也有條目可以看:「ISO 3103」,裡面有提到這是從 BSI 6008:1980 來的:

ISO 3103是一項由國際標準組織(通稱ISO)所制訂的標準,其中詳細說明了一種標準化的泡茶方法,源自於1980年由英國標準協會(BSI)所制定的標準BS 6008:1980。此標準是由ISO的第34技術委員會(食品)中的第8子委員會(茶)所制定。

1999年搞笑諾貝爾獎將文學獎授予BS 6008標準。

這個真的是太哭腰了...

繞過 Screensaver Lock 的有趣話題...

Hacker News Daily 上看到「Screensaver lock by-pass via the virtual keyboard」這篇,裡面這邊題到了 screensaver lock 的有趣話題。

先講嚴肅一點的,這個 bug 被編號為 CVE-2020-25712,問題出在 xorg-x11-server 上:

A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

比較有趣的事情是,這個 bug 是小朋友在亂玩時拉出 virtual keyboard 觸發的:

A few weeks ago, my kids wanted to hack my linux desktop, so they typed and clicked everywhere, while I was standing behind them looking at them play... when the screensaver core dumped and they actually hacked their way in! wow, those little hackers...

然後他說他自己搞不出來:

I tried to recreate the crash on my own with no success, maybe because it required more than 4 little hands typing and using the mouse on the virtual keyboard.

另外一個人也說他家小朋友也弄出 segfault 了:

My kids came upon a similar cinnamon-screensaver segfault! I've emailed details of how to reproduce the problem to root@linuxmint.com.

小朋友超強 XDDD

日本郵政的 CSV 資料

看到「Parsing the Infamous Japanese Postal CSV」這篇在抱怨日本郵政提供的 CSV 資料超級糟糕的問題覺得頗「有趣」的,在 Hacker News 上也有人「同病相憐」XDDD:「Parsing the Infamous Japanese Postal CSV (dampfkraft.com)」。

文章作者是「posuto」這個套件的維護人,這個套件讓開發者可以很方便的在 Python 下從郵遞區號推出對應的地點資訊:

import posuto as 〒

? = 〒.get('〒105-0011')

print(?)
# "東京都港区芝公園"
print(?.prefecture)
# "東京都"
print(?.kana)
# "トウキョウトミナトクシバコウエン"
print(?.romaji)
# "Tokyo To, Minato Ku, Shibakoen"
print(?.note)
# None

作者建立的資料是從「読み仮名データの促音・拗音を小書きで表記するもの(zip形式)」這邊取得並且分析,然後這篇文章就是在描述這些 CSV 檔的資料裡面有超級多奇怪的例外,用機器讀取超哭爸的 XDDD (好像不怎麼意外?)

不過最有趣的應該還是他提到的這個:

Oh, and if you need a Win3.1 or DOS program to copy the data onto an IBM H floppy disk, just check the bottom of JP Post's page - they've got you covered.

看起來是頁面下方的這塊:

這就真的太哭爸了啊 XDDD

不停機把 server 搬到兩百米外的機房

Hacker News Daily 上看到的有趣故事,作者在 Reddit 上描述怎麼不停機把實體的伺服器搬到兩百米外的機房,中間還經過了停車場:「[Rant... sorta] Physically moved a server today...」,另外作者的 FAQ 在「[FAQ][Rant... sorta] Physically moved a server today...」這邊可以看到。

我會把這個當故事看一看就好,裡面還是有一些細節沒有被敘述 (像是網路不斷線的部份),感覺不太對,但就一個故事來看是蠻有趣的 XD

搬運的過程中間包括了使用 UPS 與多顆 switch 對接,另外中間經過一個停車場,算是很有趣的方式?

嘲笑某些大公司的技術文章...

看到「Why we at $FAMOUS_COMPANY Switched to $HYPED_TECHNOLOGY」這篇,建議一定要搭著看 Hacker News 上的各種評論 (或者叫做「導讀」):「We at $Famous_company switched to $Hyped_technology (saagarjha.com)」。

在「導讀」裡面的馬上就看到三篇文章,然後也有一些討論:

另外討論裡面還有用到大量的 $VARIABLE 在嗆來嗆去,還被拿來反諷 Hacker News 上的各種 comments XD

原作者提到的這些技術文章大多都是 workaround,代表只有在很特定的情況下帶來的優點會大於缺點。

這些大公司會選擇某種 workaround 通常跟他公司內的政治因素有關,但在這些文章裡面都不會描述出來 (無論是作者不知道,或者知道但不能寫)。在沒有說明「為什麼會這樣 workaround」的前提下,其實文章看過、知道技術上有這種解法就好。

而且在實務上,除非你處理的資料量有一定的規模 (通常是在這些大公司內),不然一般人手上的資料量,以現在硬體的發展情勢,「暴力」其實可以解決很多問題。

整個產業透過雲端改變了不少以前的思維:這是個可以在 AWS 上租 x1e.32xlarge 把資料全部放到記憶體裡面 random access (128 vCPU + 3904 GB RAM),就算是寫爛的 O(n^2) 演算法,先開個幾千台 EC2 instance 撐著,再花時間慢慢解。

這跟以前自己弄硬體的思維跟雲端的思維玩法不一樣,「等產品衝起來再說」(或者說「活下去再還技術債」) 的可行性變得更高。