Links for 2020-05-07

content/links/20200507.md

@@ -0,0 +1,81 @@
++++
+title = "Links for 2020-05-07"
+date = 2020-05-07
+
+[taxonomies]
+tags = ["links", "rust", "io-uring", "async", "github", "codespaces",
+"virtual", "insights", "jira", "reports", "codescanning", "security"]
++++
+
+The difference between Epoll and IO-URing and how it related to async apps and
+things announced on Github Satellite.
+
+<!-- more -->
+
+# [Notes on io-uring](https://boats.gitlab.io/blog/post/io-uring/)
+
+Although focused on the problems of using (said) io-uring on Rust, Boats does
+one hell of a job explaining what io-uring is, how it works and how async
+systems must deal with the way it works.
+
+For those not aware, io-uring is another async IO layer, which appeared in the
+last few versions of the Linux kernel. It allows one program to ask to the OS
+to do something and just receive a notification when it's done, so it can do
+other things -- you know, async stuff. The difference here is that the
+previous system, epoll, would notify the program when it was _ready_ to
+perform an operation, while io-uring notifies when the operation is
+_complete_.
+
+But enough spoilers, it is a well written description of the current state of
+asynchronous IO.
+
+# [Github Codespaces](https://github.com/features/codespaces)
+
+In case you missed Github Satellite presentation this year, Github announced a
+new service that will allow you to run a whole dev environment in the cloud,
+using your Github repo as a starting point.
+
+The interesting points, though, is that this environment will, initially,
+support VS Code, which is quite weird, considering that Github itself is
+the one that started the Atom editor. Why would they pick another editor
+instead of working with what they already have? Another point is that you can
+define what your environment have, which is basically a container, but it
+_doesn't_ use the Dockerfile format; it is a completely different format,
+using JSON instead of YAML. Again, since everything runs on Docker, why use
+another format?
+
+The feature is still in beta, and should be rolled to all users, with
+undefined pricing at this point, later.
+
+# [GitHub Insights](https://github.com/features/insights)
+
+Another feature presented on Github Satellite was "Insights", Jira-like
+reports based on the work done on Github repos. While most of us, personal
+users of Github, will find it only curious, managers will find it quite
+interesting, specially since if their team is already using Github, they don't
+need to pay for Jira anymore.
+
+Couple this with the fact that Github already has a virtual kanban and you can
+see exactly where Github is aiming.
+
+# [Github Codescanning](https://github.com/features/security/)
+
+The third feature announced was Codescanning, a tool that can scan your code
+(if it is hosted on Github) for vulnerabilities. What it does is that it
+follows the data coming from outside the system to the inside, figuring out
+how it is used and if it can lead to some security failure.
+
+While cool, one has to wonder how the tool knows the entry point for your
+application; what happens if you have multiple entry points (for example, you
+provide a web interface and console interface); how it detects unsanitized
+inputs when the underlying framework does this already (like Django). Sure it
+has "decades of research behind it" (as pointed in the presentation) and
+everything else, but I end up with more questions than answers.
+
+---
+
+This post was built with the help of
+
+* [Read Rust](https://botsin.space/@readrust)
+* [HN Tooter](https://mastodon.social/@hntooter)
+* [newsbot](https://mastodon.social/@newsbot)