Links for 2020-05-07
2020-05-07 #links #rust #io-uring #async #github #codespaces #virtual #insights #jira #reports #codescanning #securityThe difference between Epoll and IO-URing and how it related to async apps and things announced on Github Satellite.
Notes on io-uring
Although focused on the problems of using (said) io-uring on Rust, Boats does one hell of a job explaining what io-uring is, how it works and how async systems must deal with the way it works.
For those not aware, io-uring is another async IO layer, which appeared in the last few versions of the Linux kernel. It allows one program to ask to the OS to do something and just receive a notification when it's done, so it can do other things -- you know, async stuff. The difference here is that the previous system, epoll, would notify the program when it was ready to perform an operation, while io-uring notifies when the operation is complete.
But enough spoilers, it is a well written description of the current state of asynchronous IO.
Github Codespaces
In case you missed Github Satellite presentation this year, Github announced a new service that will allow you to run a whole dev environment in the cloud, using your Github repo as a starting point.
The interesting points, though, is that this environment will, initially, support VS Code, which is quite weird, considering that Github itself is the one that started the Atom editor. Why would they pick another editor instead of working with what they already have? Another point is that you can define what your environment have, which is basically a container, but it doesn't use the Dockerfile format; it is a completely different format, using JSON instead of YAML. Again, since everything runs on Docker, why use another format?
The feature is still in beta, and should be rolled to all users, with undefined pricing at this point, later.
GitHub Insights
Another feature presented on Github Satellite was "Insights", Jira-like reports based on the work done on Github repos. While most of us, personal users of Github, will find it only curious, managers will find it quite interesting, specially since if their team is already using Github, they don't need to pay for Jira anymore.
Couple this with the fact that Github already has a virtual kanban and you can see exactly where Github is aiming.
Github Codescanning
The third feature announced was Codescanning, a tool that can scan your code (if it is hosted on Github) for vulnerabilities. What it does is that it follows the data coming from outside the system to the inside, figuring out how it is used and if it can lead to some security failure.
While cool, one has to wonder how the tool knows the entry point for your application; what happens if you have multiple entry points (for example, you provide a web interface and console interface); how it detects unsanitized inputs when the underlying framework does this already (like Django). Sure it has "decades of research behind it" (as pointed in the presentation) and everything else, but I end up with more questions than answers.
This post was built with the help of