diff --git a/content/links/20200507.md b/content/links/20200507.md new file mode 100644 index 0000000..7ad0d1f --- /dev/null +++ b/content/links/20200507.md @@ -0,0 +1,81 @@ ++++ +title = "Links for 2020-05-07" +date = 2020-05-07 + +[taxonomies] +tags = ["links", "rust", "io-uring", "async", "github", "codespaces", +"virtual", "insights", "jira", "reports", "codescanning", "security"] ++++ + +The difference between Epoll and IO-URing and how it related to async apps and +things announced on Github Satellite. + + + +# [Notes on io-uring](https://boats.gitlab.io/blog/post/io-uring/) + +Although focused on the problems of using (said) io-uring on Rust, Boats does +one hell of a job explaining what io-uring is, how it works and how async +systems must deal with the way it works. + +For those not aware, io-uring is another async IO layer, which appeared in the +last few versions of the Linux kernel. It allows one program to ask to the OS +to do something and just receive a notification when it's done, so it can do +other things -- you know, async stuff. The difference here is that the +previous system, epoll, would notify the program when it was _ready_ to +perform an operation, while io-uring notifies when the operation is +_complete_. + +But enough spoilers, it is a well written description of the current state of +asynchronous IO. + +# [Github Codespaces](https://github.com/features/codespaces) + +In case you missed Github Satellite presentation this year, Github announced a +new service that will allow you to run a whole dev environment in the cloud, +using your Github repo as a starting point. + +The interesting points, though, is that this environment will, initially, +support VS Code, which is quite weird, considering that Github itself is +the one that started the Atom editor. Why would they pick another editor +instead of working with what they already have? Another point is that you can +define what your environment have, which is basically a container, but it +_doesn't_ use the Dockerfile format; it is a completely different format, +using JSON instead of YAML. Again, since everything runs on Docker, why use +another format? + +The feature is still in beta, and should be rolled to all users, with +undefined pricing at this point, later. + +# [GitHub Insights](https://github.com/features/insights) + +Another feature presented on Github Satellite was "Insights", Jira-like +reports based on the work done on Github repos. While most of us, personal +users of Github, will find it only curious, managers will find it quite +interesting, specially since if their team is already using Github, they don't +need to pay for Jira anymore. + +Couple this with the fact that Github already has a virtual kanban and you can +see exactly where Github is aiming. + +# [Github Codescanning](https://github.com/features/security/) + +The third feature announced was Codescanning, a tool that can scan your code +(if it is hosted on Github) for vulnerabilities. What it does is that it +follows the data coming from outside the system to the inside, figuring out +how it is used and if it can lead to some security failure. + +While cool, one has to wonder how the tool knows the entry point for your +application; what happens if you have multiple entry points (for example, you +provide a web interface and console interface); how it detects unsanitized +inputs when the underlying framework does this already (like Django). Sure it +has "decades of research behind it" (as pointed in the presentation) and +everything else, but I end up with more questions than answers. + +--- + +This post was built with the help of + +* [Read Rust](https://botsin.space/@readrust) +* [HN Tooter](https://mastodon.social/@hntooter) +* [newsbot](https://mastodon.social/@newsbot)