slash dev slash null

stuff about puters

Category: Uncategorized

How not to structure your database-backed web applications: a study of performance bugs in the wild

The case against ORM continues in this study of performance bugs in the wild.

the morning paper

How not to structure your database-backed web applications: a study of performance bugs in the wild Yang et al., ICSE’18

This is a fascinating study of the problems people get into when using ORMs to handle persistence concerns in their web applications. The authors study real-world applications and distil a catalogue of common performance anti-patterns. There are a bunch of familiar things in the list, and a few that surprised me with the amount of difference they can make. By fixing many of the issues that they find, Yang et al., are able to quantify how many lines of code it takes to address the issue, and what performance improvement the fix delivers.

To prove our point, we manually fix 64 performance issues in [the latest versions of the applications under study] and obtain a median speed-up of 2x (and up to 39x max) with fewer than 5 lines of…

View original post 1,507 more words

File Corruption And Consensus

The Morning Paper blog continues to deliver with on overview of how file corruption causes data loss on consensus systems such as Zookeeper and etcd:

Protocol aware recovery for consensus-based storage

etcd is used by Kubernetes (which is eating the cloud), and Zookeeper is a banks best friend for managing distributed systems configuration, so this is a major problem.

Better yet the paper retrofits a solution called CTRL onto those popular open source work horses with only a 4% overhead. It seems highly likely that CTRL will be coming to your part of the cloud any day soon.

Rust and Embedded Databases for Paxos 

So far on my spike into Rust we have been on a roll. Next on the bucket list is an embedded disk backed B-tree database to act as the Paxos journal for TRex. This is where I have hit my first bump in the road. Read the rest of this entry »

C# ASP.NET with SQLServer on Docker and Linux is now “A Thing™”

Those of you who have been following along will know that Scala on Linux is my preferred ecosystem. This past few weeks in the office I have been tinkering with the opensource C# ASP.NET ecosystem. What I came across shocked me to the dotnet core. I have posted some evidence of my findings up on GitHubRead the rest of this entry »

Cassandra For Shared Media Libraries

A good friend of mine is working on a project which hosts media libraries in his cloud service. At the end of 2015, I integrated Cassandra into a big financial services platform. Cassandra is a great fit for my friend’s service. In this post, I will outline an appropriate Cassandra data model and along the way outline some of the killer features of Cassandra. Read the rest of this entry »

Designing software for ease of extension and contraction

Today’s Morning Paper post is a must read for software engineers: “Designing software for ease of extension and contraction Parnas, IEEE Transactions on Software Engineering, 1979″

Domain Driven Design: Entities, Value Objects, Aggregates and Roots with JPA (Part 2)

Detour: Why use  JPA in this demo?

For the purposes of this demo, JPA is an officially supported part of the Java ecosystem and is a mature and well documented Java-to-relational mapping tool. Yes, it has quite a few quirks. If you fight it you will probably lose (your mind). If you learn how to do the basics and don’t deviate from that it can be a used as a rapid application tool to support an agile TDD build on Java against a relational database. Read the rest of this entry »

Click Trajectories: End-to-end analysis of the spam value chain

interesting analysis of the world of spam

the morning paper

Click Trajectories: End-to-end analysis of the spam value chain – Levchenko et al. IEEE Symposium on Security and Privacy, 2011

This week we’re going to be looking at some of the less desirable corners of the internet: spam, malvertisements, click-jacking, typosquatting, and friends. To kick things off, today’s paper gives an insight into the end-to-end spam value chain. If we really want to stop spam it turns out, talk to the banks…

As an advertising medium, spam ultimately shares the underlying business model of all advertising. So long as the revenue driven by spam campaigns exceeds their cost, spam remains a profitable enterprise. This glib description belies the complexity of the modern spam business…

How does spam work?

There’s much more to spam than just the email! There are three key stages – advertising, click support, and realization – supported by a whole value chain.

Advertising concerns how…

View original post 1,531 more words

Uncovering bugs in Distributed Storage Systems during Testing (not in production!)

the morning paper

Uncovering bugs in Distributed Storage Systems during Testing (not in production!) – Deligiannis et al. 2016

We interviewed technical leaders and senior managers in Microsoft Azure regarding the top problems in distributed system development. The consensus was that one of the most critical problems today is how to improve testing coverage so that bugs can be uncovered during testing and not in production. The need for better testing techniques is not specific to Microsoft; other companies such as Amazon and Google, have acknowledged that testing methodologies have to improve to be able to reason about the correctness of increasingly more complex distributed systems that are used in production.

The AWS team used formal methods with TLA+, which was highly effective but falls short of checking the actual executable code. The Microsoft IronFleet team used the Dafny language and program verifier to verify system correctness and compile it to…

View original post 1,019 more words

The Secure Remote Password Protocol

The recent Heartbleed debacle had me remember a project a decade ago where the version of weblogic was upgraded but the script failed to deploy the matching version of the apache plugin. Fortunately we contracted a pen test firm who threw a load of custom perl script attacks at the site before we let the public in. They found that the error responses being thrown back to the attack scripts were just like Heartbleed; raw chunks of memory containing whatever was passing through the web server after having been decrypted. Read the rest of this entry »