napkin-math
advisory-database
napkin-math | advisory-database | |
---|---|---|
13 | 10 | |
3,031 | 1,620 | |
- | 1.9% | |
6.3 | 10.0 | |
21 days ago | 6 days ago | |
Rust | ||
MIT License | Creative Commons Attribution 4.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
napkin-math
- capacity planning in system design interviews
- Napkin Math
-
S3 Express Is All You Need
Most production storage systems/databases built on top of S3 spend a significant amount of effort building an SSD/memory caching tier to make them performant enough for production (e.g. on top of RocksDB). But it's not easy to keep it in sync with blob...
Even with the cache, the cold query latency lower-bound to S3 is subject to ~50ms roundtrips [0]. To build a performant system, you have to tightly control roundtrips. S3 Express changes that equation dramatically, as S3 Express approaches HDD random read speeds (single-digit ms), so we can build production systems that don't need an SSD cache—just the zero-copy, deserialized in-memory cache.
Many systems will probably continue to have an SSD cache (~100 us random reads), but now MVPs can be built without it, and cold query latency goes down dramatically. That's a big deal
We're currently building a vector database on top of object storage, so this is extremely timely for us... I hope GCS ships this ASAP. [1]
[0]: https://github.com/sirupsen/napkin-math
-
Random Read or Sequential Read
Trying to estimate performance using some napkin math based on this: https://github.com/sirupsen/napkin-math
-
A CVE has been issued for hyper. Denial of Service possible
So napkin maths time. Typical cross-world bog-standard network speeds for a single TCP channel of ~25MiBps. A single HEADERS+RST pair is likely < 128 bytes (40 for the HEADERS + whatever payload, and 32 for the RST). So 8 pairs per K, 8K pairs per MiB, 200K pairs per 25MiB...
- Index Merges vs Composite Indexes in Postgres and MySQL
-
I/O is no longer the bottleneck
Yes, sequential I/O bandwidth is closing the gap to memory. [1] The I/O pattern to watch out for, and the biggest reason why e.g. databases do careful caching to memory, is that _random_ I/O is still dreadfully slow. I/O bandwidth is brilliant, but latency is still disappointing compared to memory.
[1]: https://github.com/sirupsen/napkin-math
- Monthly cost to host server for 1M DAUs?
- Napkin-math: Techniques and numbers for estimating system's performance
-
System Design prep?
https://github.com/sirupsen/napkin-math (memorize these)
advisory-database
- Request GitHub to build an advisory database for C / C++ packages · Issue #2963 · github/advisory-database
- Extend GitHub's CNA scope to manage CVEs for projects on GitHub
-
A CVE has been issued for hyper. Denial of Service possible
That has since been updated to Moderate: https://github.com/github/advisory-database/commit/aa9e5d5386c5610944edf2b0ee0e4301aabaf1c5
-
CVE-2022-23529 – node-jsonwebtoken
I am trying this on GitHub https://github.com/github/advisory-database/pull/1595
- CVE-2022-23529 - jsonwebtoken has insecure input validation in jwt.verify function - used by over 22,000 projects and downloaded over 36 million times per month on NPM - Exploiting the flaw could enable attackers to bypass authentication mechanisms, access confidential information etc.
-
GitHub’s database of security advisories is now open source
We already have fixed versions (where they exist) - example link below.
On backfilling the data to include advisories from before 2017 - absolutely. So far we've done this in a relatively ad-hoc way - you should already find that the most important (severe and wide-reaching) CVEs from before 2017 are in the database (and if there are any that aren't you think should be we'd love you to open an issue on the DB). We want to do a more complete backfill in the near future.
https://github.com/github/advisory-database/blob/main/adviso...
- GitHub's database of known vulnerabilities is now open source
- Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software
What are some alternatives?
huniq - Filter out duplicates on the command line. Replacement for `sort | uniq` optimized for speed (10x faster) when sorting is not needed.
h2 - HTTP 2.0 client & server implementation for Rust.
adix - An Adaptive Index Library for Nim
vulndb - [mirror] The Go Vulnerability Database
elixir-security-advisories - Public database of Elixir security advisories
RAMCloud - **No Longer Maintained** Official RAMCloud repo
GHSA-896r-f27r-55mw
simdjson - Parsing gigabytes of JSON per second : used by Facebook/Meta Velox, the Node.js runtime, ClickHouse, WatermelonDB, Apache Doris, Milvus, StarRocks
rustsec - RustSec API & Tooling
Killed by Google - Part guillotine, part graveyard for Google's doomed apps, services, and hardware.
hyper - An HTTP library for Rust