blog/content/links/20200507.md

+++
title = "Links for 2020-05-07"
date = 2020-05-07

[taxonomies]
tags = ["links", "rust", "io-uring", "async", "github", "codespaces",
"virtual", "insights", "jira", "reports", "codescanning", "security"]
+++

The difference between Epoll and IO-URing and how it related to async apps and
things announced on Github Satellite.

<!-- more -->

# [Notes on io-uring](https://boats.gitlab.io/blog/post/io-uring/)

Although focused on the problems of using (said) io-uring on Rust, Boats does
one hell of a job explaining what io-uring is, how it works and how async
systems must deal with the way it works.

For those not aware, io-uring is another async IO layer, which appeared in the
last few versions of the Linux kernel. It allows one program to ask to the OS
to do something and just receive a notification when it's done, so it can do
other things -- you know, async stuff. The difference here is that the
previous system, epoll, would notify the program when it was _ready_ to
perform an operation, while io-uring notifies when the operation is
_complete_.

But enough spoilers, it is a well written description of the current state of
asynchronous IO.

# [Github Codespaces](https://github.com/features/codespaces)

In case you missed Github Satellite presentation this year, Github announced a
new service that will allow you to run a whole dev environment in the cloud,
using your Github repo as a starting point.

The interesting points, though, is that this environment will, initially,
support VS Code, which is quite weird, considering that Github itself is
the one that started the Atom editor. Why would they pick another editor
instead of working with what they already have? Another point is that you can
define what your environment have, which is basically a container, but it
_doesn't_ use the Dockerfile format; it is a completely different format,
using JSON instead of YAML. Again, since everything runs on Docker, why use
another format?

The feature is still in beta, and should be rolled to all users, with
undefined pricing at this point, later.

# [GitHub Insights](https://github.com/features/insights)

Another feature presented on Github Satellite was "Insights", Jira-like
reports based on the work done on Github repos. While most of us, personal
users of Github, will find it only curious, managers will find it quite
interesting, specially since if their team is already using Github, they don't
need to pay for Jira anymore.

Couple this with the fact that Github already has a virtual kanban and you can
see exactly where Github is aiming.

# [Github Codescanning](https://github.com/features/security/)

The third feature announced was Codescanning, a tool that can scan your code
(if it is hosted on Github) for vulnerabilities. What it does is that it
follows the data coming from outside the system to the inside, figuring out
how it is used and if it can lead to some security failure.

While cool, one has to wonder how the tool knows the entry point for your
application; what happens if you have multiple entry points (for example, you
provide a web interface and console interface); how it detects unsanitized
inputs when the underlying framework does this already (like Django). Sure it
has "decades of research behind it" (as pointed in the presentation) and
everything else, but I end up with more questions than answers.

---

This post was built with the help of

* [Read Rust](https://botsin.space/@readrust)
* [HN Tooter](https://mastodon.social/@hntooter)
* [newsbot](https://mastodon.social/@newsbot)
Links for 2020-05-07 5 years ago			`+++`
			`title = "Links for 2020-05-07"`
			`date = 2020-05-07`

			`[taxonomies]`
			`tags = ["links", "rust", "io-uring", "async", "github", "codespaces",`
			`"virtual", "insights", "jira", "reports", "codescanning", "security"]`
			`+++`

			`The difference between Epoll and IO-URing and how it related to async apps and`
			`things announced on Github Satellite.`

			`<!-- more -->`

			`# [Notes on io-uring](https://boats.gitlab.io/blog/post/io-uring/)`

			`Although focused on the problems of using (said) io-uring on Rust, Boats does`
			`one hell of a job explaining what io-uring is, how it works and how async`
			`systems must deal with the way it works.`

			`For those not aware, io-uring is another async IO layer, which appeared in the`
			`last few versions of the Linux kernel. It allows one program to ask to the OS`
			`to do something and just receive a notification when it's done, so it can do`
			`other things -- you know, async stuff. The difference here is that the`
			`previous system, epoll, would notify the program when it was _ready_ to`
			`perform an operation, while io-uring notifies when the operation is`
			`_complete_.`

			`But enough spoilers, it is a well written description of the current state of`
			`asynchronous IO.`

			`# [Github Codespaces](https://github.com/features/codespaces)`

			`In case you missed Github Satellite presentation this year, Github announced a`
			`new service that will allow you to run a whole dev environment in the cloud,`
			`using your Github repo as a starting point.`

			`The interesting points, though, is that this environment will, initially,`
			`support VS Code, which is quite weird, considering that Github itself is`
			`the one that started the Atom editor. Why would they pick another editor`
			`instead of working with what they already have? Another point is that you can`
			`define what your environment have, which is basically a container, but it`
			`_doesn't_ use the Dockerfile format; it is a completely different format,`
			`using JSON instead of YAML. Again, since everything runs on Docker, why use`
			`another format?`

			`The feature is still in beta, and should be rolled to all users, with`
			`undefined pricing at this point, later.`

			`# [GitHub Insights](https://github.com/features/insights)`

			`Another feature presented on Github Satellite was "Insights", Jira-like`
			`reports based on the work done on Github repos. While most of us, personal`
			`users of Github, will find it only curious, managers will find it quite`
			`interesting, specially since if their team is already using Github, they don't`
			`need to pay for Jira anymore.`

			`Couple this with the fact that Github already has a virtual kanban and you can`
			`see exactly where Github is aiming.`

			`# [Github Codescanning](https://github.com/features/security/)`

			`The third feature announced was Codescanning, a tool that can scan your code`
			`(if it is hosted on Github) for vulnerabilities. What it does is that it`
			`follows the data coming from outside the system to the inside, figuring out`
			`how it is used and if it can lead to some security failure.`

			`While cool, one has to wonder how the tool knows the entry point for your`
			`application; what happens if you have multiple entry points (for example, you`
			`provide a web interface and console interface); how it detects unsanitized`
			`inputs when the underlying framework does this already (like Django). Sure it`
			`has "decades of research behind it" (as pointed in the presentation) and`
			`everything else, but I end up with more questions than answers.`

			`---`

			`This post was built with the help of`

			`* [Read Rust](https://botsin.space/@readrust)`
			`* [HN Tooter](https://mastodon.social/@hntooter)`
			`* [newsbot](https://mastodon.social/@newsbot)`