xz
Folly
xz | Folly | |
---|---|---|
25 | 92 | |
160 | 27,319 | |
- | 0.9% | |
9.7 | 9.8 | |
3 months ago | 2 days ago | |
C | C++ | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
xz
-
Ask HN: Why are people so mean in the open source community? (about xz again)
Browsing the xz repo in GitHub and checking the recent entries in the Issues tab, I just found this entry:
https://github.com/tukaani-project/xz/issues/121
The person wasn't able to compile the project and he starts by being mean when he asks for help:
- "it shouldn't be this hard"
-
XZ backdoor story – Initial analysis
Very funny. This one:
https://github.com/tukaani-project/xz/commits?author=thesame...
- Xz: Update maintainer and author info. The other maintainer suddenly disappeared
- Thanks Andres Freud
- The xz-utils backdoor has been removed
-
The xz sshd backdoor rabbithole goes quite a bit deeper
> The payload of the 'hack' contains fairly easy ways for the xz hackers to update the payload. They actually used it to remove a real issue where their hackery causes issues with valgrind that might lead to discovering it, and they also used it to release 5.6.1 which rewrites significant chunks;
The valgrind fix in 5.6.1 overwrites the same test files used in 5.6.0 instead of using the injection code's extension hooks. This is done with what should have been a highly suspicious commit: https://github.com/tukaani-project/xz/commit/6e636819e8f0703... - this replaces "random" test files with other "random" test files. The state reson is questionable to begin but not including the seed used when the the purpoted reason was to be able to re-create the files in the future is highly suspicous. This should have raised red flags bug no one was watching. I'd say this is another part of the operation that was much more sloppy than it needed to be.
-
Timeline of the xz open source attack
In https://archive.softwareheritage.org/browse/revision/e446ab7...
-
GitHub Disabled the Xz Repo
You're right, but maybe because there's nothing to see : https://github.com/tukaani-project/xz
- Xz Repository Censored by GitHub
- Backdoor in upstream xz/liblzma leading to SSH server compromise
Folly
-
Compilers Are (Too) Smart
Easily solved manually reserving exponentially. All my projects use some variation of this: https://github.com/facebook/folly/blob/9f125c94e10fd01f5567c...
But I've burned myself on this a few times before.
-
Intel's Lion Cove Architecture Preview
Modern hash table implementations use vector instructions for lookups:
- Folly: https://github.com/facebook/folly/blob/main/folly/container/...
- Abseil: https://abseil.io/about/design/swisstables
-
Ask HN: How bad is the xz hack?
https://github.com/facebook/folly/commit/b1391e1c57be71c1e2a...
-
Backdoor in upstream xz/liblzma leading to SSH server compromise
https://github.com/facebook/folly/pull/2153
-
A lock-free ring-buffer with contiguous reservations (2019)
To set a HP on Linux, Folly just does a relaxed load of the src pointer, release store of the HP, compiler-only barrier, and acquire load. (This prevents the compiler from reordering the 2nd load before the store, right? But to my understanding does not prevent a hypothetical CPU reordering of the 2nd load before the store, which seems potentially problematic!)
Then on the GC/reclaim side of things, after protected object pointers are stored, it does a more expensive barrier[0] before acquire-loading the HPs.
I'll admit, I am not confident I understand why this works. I mean, even on x86, loads can be reordered before earlier program-order stores. So it seems like the 2nd check on the protection side could be ineffective. (The non-Linux portable version just uses an atomic_thread_fence SeqCst on both sides, which seems more obviously correct.) And if they don't need the 2nd load on Linux, I'm unclear on why they do it.
[0]: https://github.com/facebook/folly/blob/main/folly/synchroniz...
(This uses either mprotect to force a TLB flush in process-relevant CPUs, or the newer Linux membarrier syscall if available.)
-
Appending to an std:string character-by-character: how does the capacity grow?
folly provides functions to resize std::string & std::vector without initialization [0].
[0] https://github.com/facebook/folly/blob/3c8829785e3ce86cb821c...
-
Can anyone explain feedback of a HFT firm regarding implementation of SPSC lock-free ring-buffer queue?
My implementation was quite similar to Boost's spsc_queue and Facebook's folly/ProducerConsumerQueue.h.
-
A Compressed Indexable Bitset
> How is that relevant?
Roaring bitmaps and similar data structures get their speed from decoding together consecutive groups of elements, so if you do sequential decoding or decode a large fraction of the list you get excellent performance.
EF instead excels at random skipping, so if you visit a small fraction of the list you generally get better performance. This is why it works so well for inverted indexes, as generally the queries are very selective (otherwise why do you need an index?) and if you have good intersection algorithms you can skip a large fraction of documents.
I didn't follow the rest of your comment, select is what EF is good at, every other data structure needs a lot more scanning once you land on the right chunk. With BMI2 you can also use the PDEP instruction to accelerate the final select on a 64-bit block: https://github.com/facebook/folly/blob/main/folly/experiment...
-
Defer for Shell
C++ with folly's SCOPE_EXIT {} construct:
https://github.com/facebook/folly/blob/main/folly/ScopeGuard...
-
Is there any facebook/folly community for discussion and Q&A?
Seems like github issues taking a long time to get any response: https://github.com/facebook/folly
What are some alternatives?
wasmtime - A fast and secure runtime for WebAssembly
abseil-cpp - Abseil Common Libraries (C++)
libarchive - Multi-format archive and compression library
Boost - Super-project for modularized Boost
stencil-golang - Template repository for Golang applications
Seastar - High performance server-side application framework
tukaani-project
parallel-hashmap - A family of header-only, very fast and memory-friendly hashmap and btree containers.
freedesktop-sdk
EASTL - Obsolete repo, please go to: https://github.com/electronicarts/EASTL
systemd - The systemd System and Service Manager
Qt - Qt Base (Core, Gui, Widgets, Network, ...)