Tag: ruby

Ruby 2.4 中 Hash Table 的效能改善

前幾天 Ruby 推出了 2.4.0 (Ruby 2.4.0 Released),其中特別被拿出來提的:「Introduce hash table improvement (by Vladimir Makarov)」。

討論串很長而且歷時很久,但可以看出來方向是提高 CPU cache 效率:

Modern processors have several levels of cache. Usually,the CPU reads one or a few lines of the cache from memory (or another level of cache). So CPU is much faster at reading data stored close to each other. The current implementation of Ruby hash tables does not fit well to modern processor cache organization, which requires better data locality for faster program speed.

中間還有拿 Redmine 當作測試項目... XD

Ruby 上使用 DynamoDB 的函式庫:aws-record

AWS 正式發表了在 Ruby 上使用 DynamoDB 的 library:「Announcing General Availability of aws-record」。

GitHub 連結在「aws/aws-sdk-ruby-record」,而 Ruby Gems 的連結在「aws-record」。

這樣用起來更簡單了...

在 Python 的 pip、Nodejs 的 npm、Ruby 的 RubyGems 上面放木馬研究?

在 Python 領域裡常用 pip 安裝軟體:

$ pip install reqeusts

或是:

$ sudo pip install reqeusts

其他的平台也大致類似於這樣的動作。而在「Typosquatting programming language package managers」這篇文章裡,作者用 typo 之類的方式列出可能的名稱,像是這樣的名稱:

$ sudo pip install reqeusts

然後在這三個平台上發動攻擊,上傳了數百個套件並且觀察:

All in all, I created over 200 such packages and equipped them with a small program and uploaded them over the course of several months. The idea is to add some code to the packages that is executed whenever the package is downloaded with the installing user rights.

而這是「成果」:

MIT 開發出靜態分析工具,找出 23 個 RoR 軟體未被發現的漏洞

MIT 弄出來的新玩意,靜態分析工具叫做 Space:「New MIT Scanner Finds Web App Flaws in a Minute」,MIT 官方的報導在「Patching up Web applications」這邊:

In tests on 50 popular Web applications written using Ruby on Rails, the system found 23 previously undiagnosed security flaws, and it took no more than 64 seconds to analyze any given program.

接下來就是什麼時候會放出來了...

Terminal 下操作 VMware 的 vSphere

Twitter 上看到 zmx 提到:

其中 Ruby vSphere Console (rvc) 被標成 deprecated:

Note: This Fling is deprecated, so the download is no longer available, and it will not be updated. Also, feedback is no longer monitored.

Python vSphere Client with a dialog(1) interface (pvc) 看起來比較新:

不過我自己測試後發現死在 SSL certificate 上,之後再來研究要怎麼閃開吧...

Square 放出的 git-fastclone

Square 放出 git-fastclone:「Introducing git fastclone」,會生出這個軟體的原因是 git clone 的速度太慢,對於 CI 的速度影響頗大:

Square uses git-fastclone as part of our iOS and hardware CI systems. Being able to quickly clone into an empty directory, saves us time and ensures we always know the starting state for our builds — no matter what has happened in previous builds. This in turn increases the reliability of the system overall and benefits our engineers.

Ruby 寫的,可以用 gem install git-fastclone 直接安裝起來。

Ruby 2.2.0:放假前的新版本

Ruby 2.2.0 在假期前釋出:「Ruby 2.2.0 Released」。

在「Notable Changes since 2.1」的部份有提到新的 GC algorithm (Incremental GC) 以及讓 Symbol 可以被 GC (Symbol GC),而且提到了 Rails 5.0 會受益於此:

Recent developments mentioned on the Rails blog suggest that Rails 5.0 will take advantage of Incremental GC as well as Symbol GC.

在 Rails 這邊的說明:

Rails 5.0 will target Ruby 2.2+ exclusively. There are a bunch of optimizations coming in Ruby 2.2 that are going to be very nice, but most importantly for Rails, symbols are going to be garbage collected.

GitHub 升級到 Rails 3 了...

GitHub 從 2.3.github 特製版升級到 Rails 3:「Upgrading GitHub to Rails 3 with Zero Downtime」,其中切換的原因之一是維護成本:

This choice has bitten us in the form of gem incompatibility, having to manually backport security patches, missing out on core framework performance and feature improvements, and being unable to easily contribute back to the open source rails project.

升級的過程工程浩大,用了四個人的全職時間去做到完美切換:

Over the last six months, we’ve had a team of 4 engineers working full time on upgrading to Rails 3.

接下來不知道是不是繼續切換到 Rails 4...

memkeys:用 C++ 寫的 mctop (memcache top)

在「mctop:memcache top」介紹過由 Etsy 所開發的 memcache top 工具 mctop

這套軟體用 Ruby 寫,其實就是個 sniffer + packet analyzer,但這套軟體有效能問題。在流量很高的時候無法處理所有封包,而變成 sampling 類型的監控。

Tumblr 用 C++ 新寫了一個版本,叫做 memkeys。依照軟體的說明,在 1Gbps 滿載時 mctop 約 50% 到 75% 的 packet drop (sampling rate 約 25% 到 50%),而 memkeys 只有 3% packet drop (sampling rate 約 97%):「Open Source - Memcache Top」。

This was originally inspired by mctop from etsy. I found that under load mctop would drop between 50 and 75 percent of packets. Under the same load memkeys will typically drop less than 3 percent of packets. This is on a machine saturating a 1Gb network link.

效能好不少 :p

送出 ooxx HTTP Header 提升安全性...

現在的 browser 支援一堆 HTTP Header 規格,用來防堵各種安全性問題。在「SecureHeaders」看到一包 Ruby Gems,可以針對這堆規格一次搞定,包括了:

就算不是用 Ruby 的人也可以拿文件說明的部份當入口,評估看看系統有哪些地方可以加強。