| AWS |
AWS The Internet of Things Blog |
How to develop distributed IoT applications using the AWS IoT Greengrass PubSub SDK |
https://aws.amazon.com/blogs/iot/using-the-aws-greengrass-pubsub-sdk-to-develop-distributed-iot-pubsub-applications/
|
How to develop distributed IoT applications using the AWS IoT Greengrass PubSub SDKIntroduction IoT applications are synonymous with the Publish Subscribe PubSub model where distributed services communicate via event triggered messages The PubSub model offers flexibility in design and is well suited to event driven distributed IoT systems However this flexibility puts many design decisions in the hands of the developer that creates dependencies across systems services … |
2022-09-14 16:22:55 |
| 海外TECH |
Ars Technica |
Five years of data show that SSDs are more reliable than HDDs over the long haul |
https://arstechnica.com/?p=1881156
|
centers |
2022-09-14 16:06:41 |
| 海外TECH |
Ars Technica |
Human trafficking’s newest abuse: Forcing victims into cyberscamming |
https://arstechnica.com/?p=1881183
|
everywhere |
2022-09-14 16:05:21 |
| 海外TECH |
DEV Community |
What are data apps? |
https://dev.to/cubejs/what-are-data-apps-2m5b
|
What are data apps Previously we ve described the parts of headless BI taken an in depth look at the data modeling layer and explored one use case for headless BI embedded analytics This week let s take a step back and look at the category of data applications But first… What are data applications “Data apps is an umbrella term for a category of interactive tools that use data to deliver insight or automatically take action When we talk about data apps we frequently cite the examples of recommendation engines data visualization built into applications and customized internal reporting tools for business teams Isn t this just embedded analytics Embedded analytics takes the kind of exploration that used to happen in dashboards and legacy BI tools and injects it directly into the applications that internal teams and external customers already use Headless BI facilitates building embedded analytics more quickly But embedded analytics is just the beginning Despite being more accessible and customized than traditional dashboards embedded analytics is still primarily a tool for data exploration By contrast data applications are capable of data explanation highlighting trends surfacing insights making recommendations This type of application entails a dynamic purpose built user experience and it is typically developed by software and data engineers not business analysts What are some use cases of data applications The first type of data applications is an embedded data app Think of this as the evolution of embedded analytics but unlike embedded analytics static dashboards embedded data features tend to be highly customized dynamic and purpose built These applications surface insight within the native user experience of another application A business s internal data products and portals are a second kind of data applications Unlike traditional or embedded exploration dashboards this type of data application is purpose built for a specific business unit and is built with relevant business context These applications custom interactivity allows business users to receive insights without mastering data analysts workflows The third type of data applications are end consumer facing applications These may be built for customers partners or shareholders and they are not dissimilar from internal applicationsーbut they tend to require a finer level of design polish and customization Additionally this type of app must be built for higher performance reflecting consumers expectations of speed How are data applications built By their nature data apps require recourse to large quantities of data This has been made possible by the rise of the cloud data warehouse and an ever growing ecosystem of data ingestion governance transformation and orchestration tools But given their complexity and power data apps generally are built by engineering teams and they require integration with modern engineering workflows including version control testing and continuous integration and deployment practices Building from scratchEmbedding data app functionality into a larger application generally requires building from scratch What is the architecture of such a solution Data storeNaturally a data application starts with the dataーand the basis of the modern data stack is the cloud data warehouse This can be a general purpose data warehouse like Snowflake or a real time tool like Firebolt ClickHouse or Materialize Headless BI layerA crucial component of a data app is the headless BI layer Specifically a major piece of this is access control integrated with the warehouse s security controls because embedded analytics always require multitenancy A second piece is advanced caching This is because the data warehouse is a great candidate for a backend but itself does not support highly concurrent queries with sub second latency that modern data consumers expect The BI layer is also where data modeling is handled to ensure that a data app s users consume the same data definitions as users of other internal or external applications Data modeling and metrics definition should be handled once and this must be up stack from every application or dashboard Data is then made available via diverse APIsーe g SQL GraphQL and RESTーto be consumed by… A hybrid presentation layerFor the high customization expected of an embedded data application and when front end teams are looped in different charting libraries can be used These range from D to Chart js and Highcharts These most likely will be natively integrated with frontend application frameworks like React or Angular Working with a frameworkFor the second and third types of data applications the initial layers of the data stack are the sameーi e the base layer is a data warehouse followed by a headless BI layer for data modeling access control caching and application APIs For the user interface however there s typically less customization required This creates the opportunity to take advantage of the new category of no code low code tools like Appsmith and Retool which can be used to quickly build analytics interfaces There also are data application frameworks that are helpful here tools like Plotly Dash and Streamlit make it possible to turn data scripts into shareable web applications without the need for front end development What s next As it gets easier to build customized experiences the number and types of data apps will proliferateーbut the use case for a basic dashboard centric experience won t go away There will always be cases where needs are best met with traditional charts or when the quick turnaround requires making something available without tapping engineering resources for help For these embedded analytics are and will remain the best choice What s exciting though is all of the new opportunities that the modern data application stack makes available Opportunities for working with ever greater quantities of data with ever greater complexity will only grow |
2022-09-14 16:45:59 |
| 海外TECH |
DEV Community |
Great Time at JavaZone 2022 |
https://dev.to/codenameone/great-time-at-javazone-2022-43p8
|
Great Time at JavaZone I had a pretty awful travel experience trying to reach Oslo but it s all worth it for what is possibly my favorite conference JavaZone I absolutely love this conference It has everything Sense of humor craziness heavy metal continuous integration of food and amazing talks with great people This years conference has a fantasy theme which fits into the weirdness of the conference Notice that when I say weird this is one of the highest complements I can give a conference I a world of cookie cutter conferences JavaZone is unique in every way See this opening scene in the morning of the first day The conference had plenty of things to do One of the cool gimmicks was an app that let you set the background and decorations on a green screen Below is a picture of me and Bruno Burges in a typical viking setting JavaZone has continuous integration of food That means food starts coming out in the morning and just never stops There s no lunch breaks Just food constantly available and at the highest quality of any conference I ve ever been to It s catering so I don t want to oversell it but it s great and plentiful and a great part of the experience at JavaZone There s also the party at night where donuts beer and Thai food mix with live music There s no other conference like it Another great feature of JavaZone is the overflow room Before I get into this you need to understand the spectacular venue for this conference The Oslo Spectrum is a huge circular building with a large arena in the center where we have the pavilion parties and live viking fights Around it are seven rooms where we can see the talks Most of these rooms are built like a cinema Where you need to climb to get to the chairs and the screens are HUGE This is wonderful No one will hide the speaker if they sit in front of you The view is absolutely fantastic and the lighting is perfect But the most amazing feature is the overflow It s one room where the screen is divided into and you can see all seven concurrent talks at once You re given a headpiece and you can change the audio channel between the various talks and enjoy several talks at once I used to sit in this room all the time back in the day But with this visit I just couldn t After all this time on Zoom I feel I need to see people live As a result I missed some talks I wanted to attend which is a shame There was just too much content Unfortunately due to the connections and logistics I had to leave very early and so I didn t see much of the second day at JavaZone I try to attend a couple of morning sessions but due to the tight schedule I missed even more Despite the fact I spent half of this trip is in airports in route it s still worth the trip as it s SUCH a great conference in such a great city The Duck Teaches Learn to debug from the masters Local to production kill the bugs Shai Almog me This year I gave a workshop which is a two hour “hands on experience I liked it and got some good feedback but I feel there s room for improvement The main culprit was getting Kubernetes to play nice with the demo code I hoped that since I picked Skaffold for the demo things will work smoothly Skaffold is indeed magical but there are limits to its powers Half of the students couldn t get the environment working which was frustrating and ate up a lot of our time Next time I give this talk I will structure it so the Kubernetes part is in the end and people would still be able to get a lot even without running it Another option is to set up the Kubernetes cluster for them so they can connect to it remotely if this workshop gets accepted into other conferences I might choose to go that route Regardless the class was lovely and I got good feedback so hopefully they enjoyed it I hope to create a video of this workshop so people can follow it at home as it s a pretty cool workshop Speaker DinnerBecause of the flight delays I literally landed and had to rush to the workshop From there I had less than an hour to go to the speaker dinner This is usually one of the highlights of a conference You get to meet the conference friends those of us who go from conference to conference I ve taken a long hiatus from conferences years ago so I don t know as many people as I used to but I m starting to run into familiar faces There are also other “old timers like myself who I know from back in the Sun days I got to meet some people who I ve never met in person but interacted with online which was great The pub where it was happening was a nice one too I was very tired so I left relatively early with a few friends What s cooking in Maven Maarten MuldersMaarten who s an Apache maven committer talked about what s new in that build tool He covered the maven wrapper the build consumer POM reactor and the maven daemon The maven wrapper are the scripts that let us build a maven project from the CLI The mvnw script etc It let s us ignore the version of maven the users have on their system Tikari wrapper is the type of maven wrapper that most of us are familiar with The apache wrapper is the second approach to do the same thing In the upcoming maven the wrapper comes pre packaged into maven It downloads the wrapper code into m wrapper which is an idea from the gradle wrapper There s still no announcement date for the release of Maven We can use snapshots right now to play with it But that s probably not something we d want to use for production development at this point my projection not something Maarten said Decoupling build and consumer is another big change The POM we have in source control is currently the same one we have in maven central or local maven repo This makes things pretty complicated We want the pom to be far more compact but it might break other tools that parse the POM and relies on that The solution is to split the POM we have locally from the POM we upload Maven x is smart it looks through child poms from relative paths and picks up nested POMs without the same level of verbosity we have in Maven x It works by creating an “effective pom from the more terse POM syntax that x allows This lets Maven maintain compatibility while pushing to central through the effective POM while leaving the local POM syntax terse and simple The improved reactor makes multi module projects much simpler The reactor is the part of maven that s aware of your project structure It goes through the project structure and resolves dependencies It builds the conceptual dependency graph required for the build But it only works from the root of the project The new reactor will be root project aware as long as you have a mvn folder It removes the need to constantly do mvn install which is a huge pain Thanks to these changes when a multi module build fails it knows where the build fails and can resume from that point You don t need to explicitly tell it which module needs to resume you can just pass r to the mvn to resume from the last failure The maven daemon is their response to the gradle daemon You have maven already running the background so it can stay running and jitted That way builds will be slightly faster Runs multi threaded builds by default without cluttering the output During the demo a build that took seconds with mvn went down to or even seconds with maven x The main source of benefit was from the multi threaded aspect but the daemon startup also helped Notice that some plugins might not work with the maven daemon It has a version already available today that you can use right now Dependency downloads might also be parallelized but this is a separate process unrelated to the current roadmap to maven x so it might not make it into Since will change the way the POM works we need to start testing it right now if we have a custom plugin It s possible plugins will need updating and might need replacing for some cases We will need to replace the signing plugin when moving to maven we need this plugin to upload to maven central You can follow Maarten on twitter here mthmulders Building Kotlin DSL Anton ArhipovWhile I coded in Kotlin I didn t do so at scale and consider myself a novice in that language I understand the concepts and the code is familiar due to its JVM roots but it s a bit unintuitive to me I love the concepts of DSL so decided to attend this talk Most people pick null safety coroutines multi platform syntax etc as the reason for picking Kotlin Syntax is really the lead for DSL The DSL lets us build a custom syntax to match domain specific needs There are two types external and internal DSL Building DSLs isn t a new idea There have been domain specific language tools for ages Some of these tools are pretty spectacular but the value of adding an internal DSL into Kotlin is that we can build on top of the capabilities that Kotlin already has We can seamlessly integrate with Kotlin and build complex subsets We don t need to build a full language we can build a small feature that s very specific to a domain without solving the entire problem We can still benefit from compiler unity checks and extensibility DSLs in kotlin tend to look very similar since they re derived from the kotlin syntax of blocks We can just invoke functions get syntax highlighting refactoring and pretty much everything that we need to build a DSL The syntax takes getting used to but the benefits of the syntax are pretty great I can think of so many cases where this would be useful for business applications and domain specific code If there s something that will make me switch to Kotlin it s the DSLs You can follow Anton on twitter antonarhipov Deserialization exploits in Java Why should I care Brian VermeerI missed this great talk from Brian at previous conferences due to scheduling conflicts This time around I refused to miss it This remarkably important talk presented in a compelling fashion is a must Serialization and deserialization is the gift that keeps giving At least in terms of security vulnerabilities Serialization skips the constructor and lets us inject invalid values to objects If an object is serialized we can potentially set a variable to any value and mess with application internal state We can set private variables to anything and completely bypass any validation logic Imagine a timestamp value that can suddenly go back to epoch or to a future date Permissions can be elevated and everything can be manipulated A gadget lets you run load a different class upon serialization This will fail later when we downcast but during the read process we can load a different class where we can do arbitrary code execution HashMap is a class that overrides the readObject and can be used as part of an exploit chain ysoserial helps us create a chain of serialization to produce an exploit based on known serialization weaknesses You can run this project and generate payload ser files that you can pass to exploit potential vulnerabilities The LogShell vulnerability had a deserialization aspect to it It s not just a JNDI LDAP vulnerability The LDAP server needs to return a gadget class that performs the actual remote code execution Code execution can be turned to a reverse shell In records deserialization works using the constructor so it works around that problem Records won t solve everything but if we all use them it will reduce some of the problems Use ValidatingObjectInputStream with JEP and you can use ObjectInputFilter to limit the serialization scope Default typing in Jackson lets us inject an invalid object type into the JSON even when we don t use traditional serialization Even if we don t use serialization in the traditional sense we can still be vulnerable because of our dependency graph In XML we can refer to an external entity that points to arbitrary files such as env passed or similar private information and retries such information from the server This is a vulnerability that exists within all XML parsers builtin to the JDK Do not deserialize input from unknown sourcesPrevent Java custom serializationUse filters if you need serializationBe aware how your JSON XML YAML marshaler workCheck for insecure default valuesUpdate insecure librariesYou can follow Brian on twitter BrianVerm Myth Busters Building a High Performance Database in Java Vlad IlyushchenkoVlad is the creator of the open source QuestDB project He used the sun misc Unsafe class to implement fast memory access in Java and provide native level performance for the DB without GC You can allocate a massive array in native RAM and traverse it without data copying This lets Java and C code interact much faster than the typical slow JNI bridge After the talk I asked about the Unsafe deprecation and Vlad indicated this is something he s greatly concerned about Afterwards we had some talk about Panama and some other potential approaches GraalVM etc It s a challenging and interesting domain In order to maximize performance we need to minimize GC thrashing which means avoiding allocations That also means avoiding the Java API as much as possible to reduce allocations as much as possible When the method doesn t create garbage performance can double with very little impact In parsing String is a source of major performance issues To solve this the QuestDB team created their own String implementation that implements CharacterSet but works around the problems in String The DB files are accessed via mmap which lets us map a file to RAM and get random access to it This reached a point where IOPS input output operations per second was maxed out The solution is the IOURing which lets them queue operations to keep the IOPS saturated and use the hardware to the max But not exceed the max That s important in cloud environments where you might exceed and fail They built their own logging system before newer loggers came out It has a syntax designed to avoid string concatenation and avoid GC overhead as a result You can follow Vlad on twitter ilyusvl Event Streaming and Processing with Apache Pulsar Mary GrygleskiWhat is an event generically speaking The fundamental entity of observed physical reality represented by a point designated by three coordinates of place and one of time in the space time continuum postulated by the theory of relativity Event streaming is the practice of taking action on a series of data points that originate from a system that continuously creates data Complex event processing lets you identify opportunities to arrive at some conclusion A good example is fraud detection which can watch over a stream of events at high volume and detect suspicious pattens as they occur Recommendation systems can also represent a common use case Event driven sender emits messages and interested subscribers can subscribe to the messageMessage driven sender and receiver are known to each other address is known Event approach vs batch processing Actor model in Erlang is already doing events Batch processing lets you perform the data when you have time and not immediately to better use computing resources when they re available to you The choice depends on how and when you need the data Streaming pub sub you give the message to the broker which delivers it onward Similarly to mail systems and the broker is the post master Publishing client sends the dataBroker is the middle person agentSubscribing client receives the dataMessage queueing lets us keep messages until they re acknowledged and read This prevents a system from overloading and guarantees delivery Streaming brought the distributed messaging up to a new level Use realtime data to enhance customer experience Use data pipeline to build AI ML models Scale to meet demands of large data volumes Pipelines let us chain data through stages where each stage might be written in a different language through brokers along the way and process the different stages In machine learning this is very useful as we might have very different training processing stages along the way and some of them might be executable in parallel to increase throughput and scale up Apache Pulsar is an open source unified distributed messaging and streaming platform It s kind of like RabitMQ and Kafka combined Created by Yahoo Apache in and top level Cluster basedMulti tenantSimple client API Java C Python Go Separate compute and storageGuaranteed message deliveryLightweight serverless functions frameworkTiered storage offloadsNative GEO replication flexible message processing and multi tenancy are the big benefits of Pulsar Pulsar uses a traditional multi node architecture with an architecture designed for horizontal scaling and mask complexity from consumers It has the following components Producer Client application that sends messagesConsumer Client application for reading messagesBroker Stateless process that handles incoming messagesBookKeeper Persistent message storeZooKeeper Cluster metadata handles coordination tasks between Pulsar clustersIf you re running JMS or similar older messaging system you can just bolt on Pulsar and migrate into it to gain the benefits of Pulsar e g multi tenant The data pipeline is a function that can transform the data in the most efficient way This is like Java streams API only the stream data source can be at cloud event scale Pulsar schema defines the serialization to the data structure you want such as JSON Avro Protobuf primitive key value pairs etc You can find Mary on twitter mgrygles The Secret Life of Maven Central Steve PooleAt some point we all find ourselves searching for code So we can add a new dependency of modern application are open source dependencies Our applications live or die off dependency management and repositories Like the stars in the sky maven central is just there and we don t think about it Why is Sonatype funding maven central Why are they doing this public service Maven central outgrew its origins Three users of maven central Publishers use nexus repositoryRepo usersSearch usersMaven central sits on AWS It s an S bucket with Fastly in between for the repo users Maven central publishes a REST API with some simple capabilities for search etc There are TB of Jar files the cost of S storage is remarkably expensive billion requests in to maven central The volume is growing demand is increasing Keeping your application safe is an important aspect for managing a repository Proof of domain ownership is a part of blocking malicious code Some potential attacks Creating a package with a very new version to try and grab the people using LATEST when buildingTypo squatting is another danger Developers can grab a package like logj instead of logj Typo squatting of the domain e g org apaceh instead of org apache this would be legal if we can purchase the domain and prove it to maven central Python and JavaScript package management systems don t have the same level of domain ownership protections Bots create such packages with malware The structured naming in Java lets us skip some potential attacks Unfortunately everything else beyond that is hard Does the package contain vulnerabilities Malware How do we figure that out Sonatype scans everything that s uploaded and looks for malware It doesn t block vulnerabilities since some vulnerabilities in some situations might be acceptable Maven central does show you if it knows there s a vulnerability it won t block the vulnerable code but it will show you it s there and how critical it is Unfortunately developers are slow to change We aren t proactive enough Since the logshell issue M downloads of logj with vulnerable downloads in the past hours with vulnerableCyber warfare is attacking infrastructure and trying to install exploitable vulnerabilities This will let them sabotage when they wish Maven central is trying to add things to maven central to pre empt such attacks and stop them SBOM across the lifecycleSIG store support central location for signaturesCross industry best practices openssf orgEnhanced developer intelligence looking for your feedback hereCLOMonitor from CNCF lets you see if some basic stuff related to security is configured correctly in your project Can you grade the security level of a project so maven central can kick out projects that fail security Maven central doesn t have a logo so reach out to Steve on twitter or other channels with logo suggestions I suggested verbally to use a logo of Atlas carrying a database Tried to generate it with Dalle but didn t get an ideal result For more information and suggestions follow spoole Thriving on the Cloud Native path with Java and Kubernetes Ana Maria MihalceanuCloud native applications is about building architecture open to concurrent changes Things we should learn fast iterate on delight from and still have cost efficient autoscaling We need a way to synchronize the data across the distributed stores We want to control the traffic within Kubernetes but it isn t designed for that so Isto can come into play But there are still challenges Setting the environment is hardSteep learning curveHard to test consistentlyBloated dependenciesConfiguration might be far from servicesCI CD isn t enough to scale everyday operationsStart small and evolve the dream application Make objective choices as a team Envision the product and build a PoC Gradually evolve the design implementation Encourage team knowledge for the full stack Quarkus is container first Fun to develop with and generally complies with the requirements above At this point the talk focused on a demo of quarkus which which is pretty impressive The Dev UI is very cool and the programming experience is very familiar to Spring developers The advantage of using JVM tooling with quarkus over GraalVM native images is access to auxiliary tooling and capabilities However GraalVM is almost x smaller than the JVM version and starts faster Quarkus includes information about the container orchestration environment right in the project to make the deployment debugging experience seamless You can define a load balancer for Kubernetes right from the Quarkus property file You can use quarkus tests to test that a Kubernetes pod is deployed correctly even if it wasn t built as a part of the quarkus deployment This might not be ideal since this is a job for OPS not for developers but it s still very useful in real life You can create serverless Functions in quarkus with the Func annotation which seems pretty cool Mostly remove everything related to the Kubernetes complexity We can just move the secrets to knative to get this working as expected almost seamlessly Achieve consistent local setup for teamInstant feedback on local code via testsValidate Kubernetes resources by testing YAML contentScale up and down quickly with knative and smaller container imagesDeploy smoothly by binding YAML fragments and app configurationCheck out Ana Maria on twitter ammbra Secrets of Performance Tuning Java on Kubernetes Bruno Borges Addressing the transaction challenge in a cloud native world Grace JansenFor my last two sessions at JavaZone I just couldn t decide so I broke down and went to the overflow This is a pretty common scenario of two great speakers talking concurrently But to my knowledge JavaZone is the only conference that has some solution for that Both Bruno and Grace are amazing speakers with fascinating subjects so my indecision resulted in a split understanding of both talks Luckily JavaZone usually uploads high quality talk videos after the fact so I can catch up later Hopefully the following two sections aren t too much of a mess GraceTreat backing services as attached resources stateless microservices cloud native Is this really the case What does it mean to be cloud native Stateless makes scaling and recovering easier since we can just recreate the resource Stateful is problematic in that sense and makes everything harder Unfortunately we don t live in a purist world In the real world things are stateful Transaction can impact a single record or multiple records It depends on how the transaction is set up Two phase commit lets us cross between data stores while maintaining ACID properties in a single transaction PC works by converting the transaction to two parts and running a verify stage before running the actual transaction PC is great normally but it isn t ideal for cloud native It s slow since we need to wait for the slowest service to verify the transaction Not practical in low relioability issuesNot supported by NoSQLWe need to lock while running the PCSAGA pattern for consistency in distributed applications Based on BASE Atomicity Durability Basically Available Soft State Eventual consistency SAGA can be applied via orchestration or choreography The pattern works by canceling and effectively undoing the action compensating action and restore the system to a previous state in this regard LRA uses annotations for declaring that an LRA transaction in microprofile You can use Complete for completing the micro transaction and Compensate to implement the undo in case of the failure There are also Forget Leave and Status Stateful microservices are still needed in this cloud native worldTraditional transactions aren t suitable for cloud nativeAlternatives like SAGA and MicroProfile LA can help to providesuitable cloud native transactions for microservicesOSS tools and technologies are available to try out these alternatives E g MicroProfile LRACheck out Grace on Twitter gracejansen BrunoMicrosoft uses Java on LinkedIn Minecraft and many other Microsoft properties JVM default ergonomicsGarbage Collectors KubernetesThere are more than GCs in a vanilla JDK but a lot of people don t know that and don t understand the system that picks the GC selected by the JVM The default is picked by CPU and available memory Most devs in a survey of are deploying JVM workloads in containers with up to CPUs GB and IO workloads The default GC when running in a container with one CPU with GB or less of RAM In this case the serial collector is used instead of G because of the CPU RAM limits When no GC tuning is set there are many settings that make no sense such as reserving memory for the graphics card This makes no sense for a container running on a headless machine Two issues coming up in July OctoberMemory limit not respected in cgroup vDo not use cpu share by defaultDo not use java jar myApp jar Tuning the GC is remarkably important when its goal oriented Not just setting the heap size but tuning the GC for the goal throughput overhead etc ParallelGC might be better in some smaller heaps when compared to G Garbage Collection Recommendations Serial Best for single core small heaps Parallel Best for nulti core small heaps Batch jobs with any heap size G Response in medium to large heaps moderate overhead High tail latency effect Z Response in medium to large heaps moderate overhead Less than ms pauses Low tail latency effect Shenandoah Response in medium to large heaps moderate overhead Less than ms pauses High tail latency effect In the old days we used to have the permgen space We now have metaspace which is a bit different Native region where class definitions etc are storedGrows as neededCleaned up for classes no longer reachable in stackJVM Flags MetaspaceSize initial andMaxMetaspaceSizeMaxMetaspaceSize is a large numberMulti threading is problematic with Kubernetes since the CPU cycle might be consumed because of the threads Kubernetes might throttle an application that doesn t do much because it has multiple threads The threads combined might consume the CPU time but not complete their tasks Unfortunately due to time constraints I had to run out before Bruno finished his talk which was slightly longer than Graces talk Check out Bruno on Twitter brunoborges FinallyAs I mentioned at the top it s been an amazing conference and I had a great time I m sorry I missed so many talks that ran concurrently to the ones I attended I also feel I didn t get as much as I could out of the pavilion and parties because I was so exhausted and had to rush to the airport But if JavaZone isn t on your conference schedule you probably should add it It s a unique gem that never disappoints Workshops aren t filmed so my talk won t be available for those of you who might want to check it out I will have a book coming out soon that will cover the subject of my talk and MUCH MUCH more I also plan to create a video of the subject in the workshop so if you follow the blog or follow me on twitter I ll keep you posted |
2022-09-14 16:35:32 |
| 海外TECH |
DEV Community |
Building Super Slim Containerized Lambdas on AWS |
https://dev.to/aws-builders/building-super-slim-containerized-lambdas-on-aws-3kpe
|
Building Super Slim Containerized Lambdas on AWS MotivationAWS Lambda functions should be fast slim and they should do one thing At least this is how I think about them While I was working on my previous article I noticed that after a Lambda container is built its size gets larger than one would expect For example the base image used to run the Rust Lambda executable public ecr aws lambda provided al has a size of MB in addition to which we add our own executable This gets even worse with an image built provided for running JavaScript or Python code Currently the latest public ecr aws lambda nodejs has MB The size increase can be attributed to the NodeJS runtime which can be over MB Similarly the latest Python image is MB in size In my opinion it just feels wrong to deploy such monstrosities to run a limited amount of lines of code My goal is to bring the size of a containerized Lambda down as much as I can There are a few limitations and gotchas to accomplish this Certainly we cannot have a thinner Lambda than our code size built executable Moreover we cannot have a container with additional overhead But we can have something really thin Coming back to my initial idea that Lambda functions should be slim if we want to have the slimmest Lambda we should not use Docker at all We should just package and upload our code or our executable to AWS and we are good By default the inner working of a Lambda environment is hidden from us although most likely the same base image is used in this case as well Distroless ContainersHunting for the slimmest possible container image we will most likely run into a variant of an alpine based image The base alpine image has around MB which is pretty small but we can have even a smaller option Enter distroless containers Distroless containers were first introduced by Google a while ago according to them Distroless images contain only your application and its runtime dependencies They do not contain package managers shells or any other programs you would expect to find in a standard Linux distribution Also there is a very informative talk on distroless containers on youtube that can be watched here Build a Distroless Container ImageFor my previous article we built a Lambda function in Rust for testing and benchmarking This application would be a perfect choice for being deployed in a distroless environment The container we are planning to use to deploy this executable is gcr io distroless static provided by Google container registry The container has around MB uncompressed It was specifically created for statically compiled applications which is exactly what we are looking for in the case of a Rust Lambda In the following lines we will define a Dockerfile to use distrloless with a Rust Lambda executable This Dockerfile will have a multistage definition the first stage will be doing the compilation and building of the application while the second stage will be the execution stage that gets deployed on AWS The Dockerfile for an x Lambda would look something like this ARG FUNCTION DIR function FROM rust buster as builderWORKDIR buildADD Cargo toml Cargo tomlADD Cargo lock Cargo lockADD src src Cache build folders see Docker Buildkit requiredRUN mount type cache target usr local cargo registry mount type cache target home root app target rustup target add x unknown linux musl amp amp cargo build release target x unknown linux musl copy artifacts to a clean imageFROM gcr io distroless static Include global arg in this stage of the buildARG FUNCTION DIR Set the working directory to function root directoryWORKDIR FUNCTION DIR COPY from builder build target x unknown linux musl release bootstrap bootstrapENTRYPOINT bootstrap With slight adjustments we can create an arm Docker container as well ARG FUNCTION DIR function FROM rust buster as builderWORKDIR buildADD Cargo toml Cargo tomlADD Cargo lock Cargo lockADD src src Cache build folders see Docker Buildkit requiredRUN mount type cache target usr local cargo registry mount type cache target home root app target rustup target add aarch unknown linux musl amp amp cargo build release target aarch unknown linux musl copy artifacts to a clean imageFROM gcr io distroless static latest Include global arg in this stage of the buildARG FUNCTION DIR Set working directory to function root directoryWORKDIR FUNCTION DIR COPY from builder build target aarch unknown linux musl release bootstrap bootstrapENTRYPOINT bootstrap Both of these images can be built with docker buildx command docker buildx build progress plain platform linux arm t rust arm f Dockerfile distroless x The whole Lambda project can be found on GitHub Changing the platform argument to linux amd we can build ARM based containers as well We could use the usual docker build command but this will target the systems architecture which can be x for most PC laptop devices and arm for ARM based devices such as M Macs Performance GainsHaving this thin image we might wonder what kind of performance gain can we achieve Our code itself won t run faster regardless of the image On the other hand theoretically we should achieve a certain amount of reduction of the initialization period during a cold start of the Lambda function Our image should be agile in terms of startup time the image should be able to be fetched quickly and can be cached easily To check if there are any performance gains to be found I decided to run the Lambda making sure I will run into a cold start I repeated this times while I was extracting the initialization period of the Lambda function from the CloudWatch Logs The measured results are the following ArchInit exec Init exec Init exec Init exec Init exec x ms ms ms ms msarm ms ms ms ms msAll of these measurements were done in us east region The Lambda had the minimum possible size of RAM allocated MB Comparing the init times with the the ones of the same Lambda running inside the AWS provided ecr aws lambda provided al image we get the following The init times measured above are certainly great They are way below ms in many cases below ms But we should not attribute this to the fact that we are using a distroless base image In the comparison chart we can see that they are similar to the ones of an container image provided by AWS What this proves is that the AWS Lambda container cache works as expected by pro actively caching larger base images as well but unfortunately we were not able to see meaning gains for a smaller image Other Gains As we saw we can not see a significant decrease in running time in the case of distroless Docker containers We might be able to see speed ups elsewhere Small containers are easier to build and pass around Assuming we are using a deployment pipeline we might have a faster build upload time Even if storage is cheap today we might be able to save a few pennies on ECR storage Having a bunch of containers these savings might add up Ultimately the Dockerfile presented by this article adheres to AWS recommended best practices aside from being a base image not provided by AWS and general Docker best practices It relies on multi stage images with a build phase it uses caching of layers and build artifacts and it is small as it can be Final Thoughts Should we use distroless containers It depends on what our goals are In case we have a statically built executable like a Lambda function written in Rust Go C etc then I think it is a fantastic option Luckily storage is cheap nowadays and being able to save a few megs here and there can be still a good thing to do When not to use them Distroless containers are hard to work with in case we need to install additional dependencies pre compiled libraries etc Distroless images don t have a shell consequently they don t come with a package manager We can add something like a busybox shell if we really want to alter things inside of it but this kind of defies the purpose of using distroless images In certain cases we might want to have larger images with a bunch of tools an obvious example being when we are doing development In this case we should probably go with an image with a full operating system Links and ReferencesRunning Serverless Lambdas with Rust on AWS Distroless Container Images Distroless Docker Containerizing Apps not VMs Matthew Moore Optimizing Lambda functions packaged as container images Creating Effective Docker Images |
2022-09-14 16:20:38 |
| 海外TECH |
DEV Community |
Welcome Thread - v191 |
https://dev.to/thepracticaldev/welcome-thread-v191-3m5e
|
Welcome Thread v Welcome to DEV Leave a comment below to introduce yourself You can talk about what brought you here what you re learning or just a fun fact about yourself Reply to someone s comment either with a question or just a hello Great to have you in the community |
2022-09-14 16:08:33 |
| Apple |
AppleInsider - Frontpage News |
Daily deals Sept. 14: 10% off Parallels subscription, Arlo camera sale, 15% off Jackery power solutions, more |
https://appleinsider.com/articles/22/09/14/daily-deals-sept-14-10-off-parallels-subscription-arlo-camera-sale-15-off-jackery-power-solutions-more?utm_medium=rss
|
Daily deals Sept off Parallels subscription Arlo camera sale off Jackery power solutions moreWednesday s best deals include off Sonos Adventure set speaker pack for st gen Apple Pencil off Elegoo D printer and much more Best deals September Every day AppleInsider searches online retailers to find offers and discounts on items including Apple hardware upgrades smart TVs and accessories We compile the best deals we find into our daily collection which can help our readers save money Read more |
2022-09-14 16:53:55 |
| 海外TECH |
Engadget |
Northeastern University targeted by anti-VR bomber |
https://www.engadget.com/northeastern-university-vr-lab-bomb-attack-165059510.html?src=rss
|
Northeastern University targeted by anti VR bomberNortheastern University has found itself the victim of an unusual technology related bomb attack CNNreports that someone sent a bomb like package to the Boston university s virtual reality lab in Holmes Hall on September th causing hand injuries to the man that opened the container There were no indications of a greater threat and the school resumed classes after determining the campus was secure The currently unidentified attacker appears to have a grudge against VR and Meta in particular CNN sources claimed the quot rambling quot note in the package slammed Meta chief Mark Zuckerberg as well as the links between academia and VR developers There were no explosives in the container one of the sources said Instead it depressurized with violent force It also wasn t mailed to the university After the incident on the Boston campus multiple law enforcement agencies have determined that the campus is safe and secure Classes research and all other campus activities have resumed today The safety and well being of our community is our most important priority ーNortheastern U Northeastern September While there has been limited damage law enforcement is taking the case seriously The FBI which has been coordinating with local police has offered the full help of the Joint Terrorism Task Force and other units for the investigation Meta has faced some criticism over its decision to rebrand and focus on the metaverse It started shifting its attention to VR just as whistleblower Frances Haugen shared documents that she said highlighted Facebook s failures in handling misinformation and other social media problems VR may serve as a distraction from Meta s shortcomings in other words Privacy and safety have also been concerns in VR While it s not clear the attacker had any of these issues in mind there s little doubt Meta s approach to VR already had its detractors |
2022-09-14 16:50:59 |
| 海外TECH |
Engadget |
Google updates Photos with redesigned Memories and a new collage editor |
https://www.engadget.com/google-photos-memories-redesign-sharing-163017688.html?src=rss
|
Google updates Photos with redesigned Memories and a new collage editorGoogle is rolling out some changes to the stories style Memories feature in Photos Until now these automatically generated highlights have been private but Google is adding some sharing options Starting today you ll have a way to natively share memories with others if you have an Android device Friends and family will be able to view your memories on any device through Google Photos The sharing option is coming to iOS and the web soon The update is part of broader changes to Memories which will mostly be available starting today The redesigned feature will offer up more videos including what Google believes are your best clips from longer videos that you have captured Photos will automatically grab what appear to be the most meaningful moments from longer videos and add them to a memory Starting in October Google will append instrumental music to some memories as well Google says there will be a subtle zoom effect on still photos it includes in memories to make them feel less static On that note there s a new type of memory called Cinematic Memories This will build on cinematic photos one of the most used effects in Memories which creates moving D representations of still images Google says that Cinematic Memories which will be available soon will turn quot multiple still photos into an end to end cinematic experience quot Those memories will feature music too When it comes to viewing your memories there will be a welcome new way to navigate through them Along with tapping on the left or right of the screen to move between photos in an individual memory you can switch between memories by swiping up or down You ll still be able to omit certain people or time periods from showing up in Memories too Elsewhere there s a new feature called Styles This will automatically add graphic art to your memories to perhaps make them more vibrant Google will offer multiple designs at the outset including limited time options from artists Shantell Martin and Lisa CongdonAs of today Photos users on Android and iOS will gain access to a new collage editor You ll be able to choose images pick a design and rearrange the layout as you wish There s the option to tweak photos from the collage editor too ーyou can adjust the contrast and brightness add filters and make other changes If you have a Pixel or a Google One membership you ll have access to more editing tools including Portrait Light and HDR options You ll have a broader selection of designs too These collages will also be sharable Google says that Memories is one of the most loved features in Photos as users view more than billion of them every month These updates could make it even easier to create more dynamic highlight clips While the sharing options are still limited you d still be able to record a memory with your phone and post it on the likes of Instagram or Snapchat if you desire |
2022-09-14 16:30:17 |
| 海外TECH |
Engadget |
Zoom is reportedly developing email and calendar apps |
https://www.engadget.com/zoom-reportedly-developing-email-calendar-apps-160556413.html?src=rss
|
Zoom is reportedly developing email and calendar appsZoom may have ambitions to expand its business beyond video calling According to The Information the company has spent much of the past two years developing its own email and calendar clients Known internally as Zmail and Zcal Zoom could announce the apps at its annual Zoomtopia conference in November Zoom did not immediately respond to Engadget s request for comment You re probably asking yourself does the world need another productivity suite Looking at it from Zoom s perspective The Information suggests the company may see the apps as essential to its survival At first glance Zoom is doing better than most pandemic darlings having recently recorded billion in quarterly revenue But beneath those results the company has seen growth slow and its stock price drop to pre pandemic levels It also finds itself in the same situation a lot of companies competing against Google and Microsoft have had to tackle recently One significant weakness of Zoom is that many businesses use the app in conjunction with Workspace and Office Those are comprehensive suites that can cover the majority of a company s productivity needs In a market where businesses are constantly looking to cut costs that s not a good position to be in At the same time it s hard to see how email and calendar clients help Zoom beat back its competitors when Google and Microsoft have spent years polishing Gmail and Outlook and those products dominate the market |
2022-09-14 16:05:56 |
| Cisco |
Cisco Blog |
Break glass in case of emergency: How a SASE approach can solve remote network outages |
https://blogs.cisco.com/ciscoit/break-glass-in-case-of-emergency-how-a-sase-approach-can-solve-remote-network-outages
|
Break glass in case of emergency How a SASE approach can solve remote network outagesAs much as we d love to write an article on how Cisco IT has perfected a network that never breaks we re not there yet It s a fact of life that networks and systems do ーand will continue to ーbreak In fact my home ISP went down as I was writing this piece You |
2022-09-14 16:48:18 |
| Cisco |
Cisco Blog |
ISE Cold Security Resilience |
https://blogs.cisco.com/networking/ise-cold-security-resilience
|
cisco |
2022-09-14 16:00:43 |
| 海外TECH |
WIRED |
9 Great Headphone Deals to Find Your Autumn Groove |
https://www.wired.com/story/headphone-deals-september-2022/
|
wired |
2022-09-14 16:44:21 |
| 金融 |
金融庁ホームページ |
「JFSA's approach to climate-related financial risk management」の Eurofiマガジンへの寄稿について公表しました。 |
https://www.fsa.go.jp/inter/etc/20220914-1/20220914.html
|
dfinancialriskmanagement |
2022-09-14 17:00:00 |
| 金融 |
金融庁ホームページ |
「Three major policy perspectives for financial regulators regarding crypto-assets」の Eurofiマガジンへの寄稿について公表しました。 |
https://www.fsa.go.jp/inter/etc/20220914-2/20220914.html
|
eurofi |
2022-09-14 17:00:00 |
| 金融 |
金融庁ホームページ |
プレス・リリース「中央銀行総裁・銀行監督当局長官グループは、バーゼルⅢを完全かつ可能な限り速やかに実施することへの期待を再確認するとともに、気候関連金融リスクと暗号資産に関する今後の作業の方向性を提示」を公表しました。 |
https://www.fsa.go.jp/inter/bis/20220914/20220914.html
|
中央銀行 |
2022-09-14 17:00:00 |
| ニュース |
BBC News - Home |
BBC streaming Queen Elizabeth II lying in state |
https://www.bbc.co.uk/news/uk-62900500?at_medium=RSS&at_campaign=KARANGA
|
london |
2022-09-14 16:34:56 |
| ニュース |
BBC News - Home |
Ukraine war: President Zelensky visits city recaptured in rapid counter-offensive |
https://www.bbc.co.uk/news/world-europe-62899474?at_medium=RSS&at_campaign=KARANGA
|
invasion |
2022-09-14 16:24:58 |
| ニュース |
BBC News - Home |
Royals follow Queen's coffin on sombre final journey - in pictures |
https://www.bbc.co.uk/news/in-pictures-62905962?at_medium=RSS&at_campaign=KARANGA
|
buckingham |
2022-09-14 16:49:01 |
| ニュース |
BBC News - Home |
Queen's lying-in-state: What to know before you join the queue |
https://www.bbc.co.uk/news/uk-62872323?at_medium=RSS&at_campaign=KARANGA
|
queen |
2022-09-14 16:42:44 |
| ニュース |
BBC News - Home |
In Pictures: The people waiting to pay respects |
https://www.bbc.co.uk/news/in-pictures-62900732?at_medium=RSS&at_campaign=KARANGA
|
buckingham |
2022-09-14 16:24:50 |
| ニュース |
BBC News - Home |
Queen's lying-in-state begins after sombre procession |
https://www.bbc.co.uk/news/uk-62878294?at_medium=RSS&at_campaign=KARANGA
|
coffin |
2022-09-14 16:10:10 |
| サブカルネタ |
ラーブロ |
中華そば 翔々や@門前仲町 醤油チャーシューメン |
http://ra-blog.net/modules/rssc/single_feed.php?fid=202719
|
中華そば |
2022-09-14 17:10:02 |
| 北海道 |
北海道新聞 |
新型コロナ「終わり」視野に WHOトップ、拡大防止継続訴え |
https://www.hokkaido-np.co.jp/article/731240/
|
事務局長 |
2022-09-15 01:08:29 |
| 北海道 |
北海道新聞 |
四球、拙守…日本ハム完敗(14日) |
https://www.hokkaido-np.co.jp/article/731250/
|
日本ハム |
2022-09-15 01:16:00 |
| 北海道 |
北海道新聞 |
1日30本限定「プレミアムあげいも」 中山峠の道の駅 |
https://www.hokkaido-np.co.jp/article/731247/
|
喜茂別町 |
2022-09-15 01:08:00 |
コメント
コメントを投稿