napkin-math VS shim

Most production storage systems/databases built on top of S3 spend a significant amount of effort building an SSD/memory caching tier to make them performant enough for production (e.g. on top of RocksDB). But it's not easy to keep it in sync with blob...

Even with the cache, the cold query latency lower-bound to S3 is subject to ~50ms roundtrips [0]. To build a performant system, you have to tightly control roundtrips. S3 Express changes that equation dramatically, as S3 Express approaches HDD random read speeds (single-digit ms), so we can build production systems that don't need an SSD cache—just the zero-copy, deserialized in-memory cache.

Many systems will probably continue to have an SSD cache (~100 us random reads), but now MVPs can be built without it, and cold query latency goes down dramatically. That's a big deal

We're currently building a vector database on top of object storage, so this is extremely timely for us... I hope GCS ships this ASAP. [1]

[0]: https://github.com/sirupsen/napkin-math

Trying to estimate performance using some napkin math based on this: https://github.com/sirupsen/napkin-math

So napkin maths time. Typical cross-world bog-standard network speeds for a single TCP channel of ~25MiBps. A single HEADERS+RST pair is likely < 128 bytes (40 for the HEADERS + whatever payload, and 32 for the RST). So 8 pairs per K, 8K pairs per MiB, 200K pairs per 25MiB...

Yes, sequential I/O bandwidth is closing the gap to memory. [1] The I/O pattern to watch out for, and the biggest reason why e.g. databases do careful caching to memory, is that _random_ I/O is still dreadfully slow. I/O bandwidth is brilliant, but latency is still disappointing compared to memory.

[1]: https://github.com/sirupsen/napkin-math

https://github.com/sirupsen/napkin-math (memorize these)

That's exactly how Userify[0] used to work. (when it was Python; now that it's a Go app, we do the caching in memory using Ristretto[1]).

0. https://userify.com (team ssh key management/sudo authz)

1. https://github.com/dgraph-io/ristretto

Userify centralizes management of your users' SSH authorized_keys files across different projects and instance/server groups across multiple clouds. Using a web-interface (red=root, green=user, white=none), you can click to change permissions or remove access for that user across all servers in that group.

Your servers run a small (https://github.com/userify/shim) python script that continuously checks in with Userify via HTTPS. If a user no longer exists in that group, all sessions are actively killed (kill -9), the user account is deleted, and the home directory is renamed to /home/deleted:username so you can review the files in there at your convenience. If a user is later restored, that directory is automatically restored as well.

It's available via zero-install Userify Cloud or you can install your own server for data sovereignty.