Promises in JavaScript can seem a bit daunting at first, but understanding what's happening under the hood can make them much more approachable. In this blog post, we'll dive deep into some of the inner workings of promises and explore how they enable non-blocking asynchronous tasks in JavaScript. I'm still working on making this blog better on mobile devices, mobile browsers don't always render t
In association with the release of curl 8.4.0, we publish a security advisory and all the details for CVE-2023-38545. This problem is the worst security problem found in curl in a long time. We set it to severity HIGH. While the advisory contains all the necessary details. I figured I would use a few additional words and expand the explanations for anyone who cares to understand how this flaw work
Async Rust Is A Bad Language
But to get at whatever the hell I mean by that, we need to talk about why async Rust exists in the first place. Let’s talk about: Modern Concurrency: They’re Green, They’re Mean, & They Ate My Machine Suppose we want our code to go fast. We have two big problems to solve: We want to use the whole computer. Code runs on CPUs, and in 2023, even my phone has eight of the damn things. If I want to use
I've found that one of the best ways to understand a new concept is to start from the very beginning. Start from a place where it doesn't exist yet and recreate it yourself, learning in the process not just how it works, but why it was designed the way it was. This isn't a practical guide to async, but hopefully some of the background knowledge it covers will help you think about asynchronous prob
GitHub - microsoft/garnet: Garnet is a remote cache-store from Microsoft Research that offers strong performance (throughput and latency), scalability, storage, recovery, cluster sharding, key migration, and replication features. Garnet can work with exis
Garnet is a new remote cache-store from Microsoft Research, that offers several unique benefits: Garnet adopts the popular RESP wire protocol as a starting point, which makes it possible to use Garnet from unmodified Redis clients available in most programming languages of today, such as StackExchange.Redis in C#. Garnet offers much better throughput and scalability with many client connections an
GitHub - sxyazi/yazi: 💥 Blazing fast terminal file manager written in Rust, based on async I/O.
Yazi (means "duck") is a terminal file manager written in Rust, based on non-blocking async I/O. It aims to provide an efficient, user-friendly, and customizable file management experience. 💡 A new article explaining its internal workings: Why is Yazi Fast? 🚀 Full Asynchronous Support: All I/O operations are asynchronous, CPU tasks are spread across multiple threads, making the most of available
Back in 2008, most people thought of JavaScript as just a client-side language. But when Google's V8 appeared, young developer Ryan Dahl made the connection between non-blocking servers, V8, and JavaScript. It was by combining these key elements that he was able to create the now hugely popular Node.js. What young Ryan Dahl probably didn't expect was how much forking drama would follow. Join us
Today, AWS announces the general availability of the AWS SDK for Rust, allowing customers to now use this for production workloads. The AWS SDK for Rust empowers developers to interact with AWS services and enjoy APIs that follow Rust idioms and best practices. AWS SDK for Rust provides idiomatic, type-safe API and supports modern Rust language features like async/await, non-blocking IO, and build
Johan Brandhorst-Satzkorn, Julien Fabre, Damian Gryski, Evan Phoenix, and Achille Roussel 13 September 2023 Go 1.21 adds a new port targeting the WASI preview 1 syscall API through the new GOOS value wasip1. This port builds on the existing WebAssembly port introduced in Go 1.11. What is WebAssembly? WebAssembly (Wasm) is a binary instruction format originally designed for the web. It represents a
Introduction to Go 1.21 The latest Go release, version 1.21, arrives six months after Go 1.20. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility; in fact, Go 1.21 improves upon that promise. We expect almost all Go programs to continue to compile and run as before. Go 1.21 introduces a small ch
eC Programming Language
import "EDA" import "genericEditor" enum MediaType { unknown, tape, dvd, bluRay }; dbtable "Borrowers" Borrower { Borrower id "ID"; String name "Name"; String phoneNumber "Phone Number"; }; dbtable "Movies" Movie { Movie id "ID"; String name "Name"; MediaType mediaType "Media Type"; Date dateAdded "Date Added"; Borrower borrower "Borrower"; Date dateBorrowed "Date Borrowed"; }; DataSource ds; Data
Introducing Solid Queue
We’ve just open-sourced Solid Queue, a new backend for Active Job that we use in HEY to run about 1/3 of our roughly 18 million jobs per day. We’ll be moving more jobs in the coming days until we run HEY exclusively using Solid Queue. Besides regular job enqueuing and processing, Solid Queue supports delayed jobs, concurrency controls, pausing queues, numeric priorities per job, and priorities by
jQuery Attack Hits NPM and GitHub; Can Extract Web Form Data
jQuery Attack Hits NPM and GitHub; Can Extract Web Form Data The trojanized jQuery attack has been spread on npm, GitHub and elsewhere since May. A trojanized version of jQuery has been spreading on the npm JavaScript package manager, GitHub and elsewhere, for use in a jQuery attack, security researchers have discovered. Phylum researchers said they have been monitoring the “persistent supply chai
Garnet–open-source faster cache-store speeds up applications, services
Researchers at Microsoft have been working for nearly a decade to address the increasing demand for data storage mechanisms to support the rapid advances in interactive web applications and services. Our new cache-store system called Garnet, which offers several advantages over legacy cache-stores, has been deployed in multiple use cases at Microsoft, such as those in the Windows & Web Experiences
SOCKS5 heap buffer overflow Project curl Security Advisory, October 11 2023 - Permalink VULNERABILITY This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that hostname can be is 255 bytes. If the hostname i
JJUG CCC 2024 Spring ( #jjug_ccc ) - セッション資料の一覧 - 地平線に行く
JJUG CCC 2024 Spring に参加しました! JJUG CCC への登壇も3回目。今回は、なんと桜庭さんと二人でのセッションでした。1 登壇中は、だんだん余裕がなくなってだいぶテンパってしまい、会場の反応を見れていなかったのですが、その後の反応を伺う限り二人での話が良かったということを聞いて安心しました。また次も登壇できるようにネタを考えます! セッションは色々聞いた中でも、FFMでJITコンパイラを作ってみたがとても面白かったです。アセンブラはほとんど理解できなかったのですが、わからないけどやってみたいと思ったそんな内容でした。Java 関連のセッションなのに機械語やアセンブラの話がメインになるなんて、本当にすごい…。 さて、最後にいつものを。 今回、残念ながら時間がかぶってしまって参加できなかったセッションがいっぱいあったので、あとで読むために現時点で発表者の方が公開され
仮想スレッド/ネイティブイメージ/CRaC/ノンブロッキングにも対応! msで起動しオンプレからサーバレスまで幅広く利用できる 軽量OSSフレームワークQuarkus
Keywords : Virtual Threads / Native Image / CRaC / Non Blocking / Loom / GraalVM / Reactive / Eclipse MicroProfile / Jakarta EE / Spring Boot
Since May 26, 2024, Phylum has been monitoring a persistent supply chain attacker involving a trojanized version of jQuery. We initially discovered the malicious variant on npm, where we saw the compromised version published in dozens of packages over a month. After investigating, we found instances of the trojanized jQuery on other platforms, such as GitHub, and even as a CDN-hosted resource on j
Welcome to Claro! - The Claro Programming Language (DRAFT)
Welcome to Claro! Claro is a statically typed JVM language that provides a well-lit path to building simple, highly concurrent, and scalable applications. Dependency Management Done Right Claro was designed with modern build tooling in mind: Swap any dependency without changing a single line of source code Runtime "Dependency Injection" frameworks are a thing of the past First class Module system
Why async Rust?
Async/await syntax in Rust was initially released to much fanfare and excitement. To quote Hacker News at the time: This is going to open the flood gates. I am sure lot of people were just waiting for this moment for Rust adoption. I for one was definitely in this boat. Also, this has all the goodness: open-source, high quality engineering, design in open, large contributors to a complex piece of
Database Migrations
Table of Contents I consider database migrations one of the most annoying problems to deal with during a software engineer’s life. Not only that, if it goes wrong, as it often does, people tend to develop anxiety related to any schema changes. So why is it so annoying? It looks simple at first glance but is deceptively tricky when you start thinking about it. My primary framework of choice is the
Async Rust in a Nutshell
Computers are just as fast as they can be. One way to speed up our programs is to do things in parallel, or concurrently. There is a fine distinction between those two terms. Parallel execution means that we execute two different tasks at the same time, on two different CPUs. Concurrent execution means that a single CPU makes progress on more than one task at the same time, by interleaving the exe
NodeJS and GraphQL are popular technologies for building web applications, but in my experience, they come with certain scaling and performance tradeoffs to be aware of. tl;dr: GraphQL's modular structure generally leads to code that instantiates excessive promises, which degrades request performance. Benchmarks show a 2-3x latency increase. Thanks for reading Software at Scale! Subscribe for free
Introduction The journey towards efficient parallelization in library development has often been based on using threads. As Karafka celebrates its eighth anniversary, it's become clear that while threads have served us well for many tasks, there's room to explore further. That's why I've decided to introduce forking capabilities into Karafka, aiming to offer another dimension of parallelization to
この記事は? @cosmeを運用するistyleでは、業務でNode.jsを積極的に活用しています。私、村田がいるメディア開発グループにおいても積極的に使っており、BFFのような中間層の実現、バッチの処理、API実装、フロントエンドの実行環境などなど使われ方は多岐に渡ります。この記事では、Node.jsの導入を考えている組織や、Node.jsの基本を振り返りたいエンジニアに向け言語環境の特性と活用を考えてみます。 Node.jsの特性 Node.jsはサーバー上で動き、ブラウザでJavaScriptが動く機構とは異なります。近年、サーバー開発はもちろん、Next.js, RemixなどのNode.jsを利用する各種フロントエンドフレームワークが、サーバーに処理を寄せる流れになってきていることから、フロント開発者にとってもNode.jsの理解は重要でしょう。高性能なv8エンジンを搭載している
Serverless API Gateway Ingress for AWS Fargate, in CloudFormation | Containers on AWS
About AWS Fargate provides serverless capacity to run your container images. Amazon Elastic Container Service launches and orchestrates containers that run in Fargate. AWS Cloud Map is a cloud resource discovery service. Cloud Map provides a way to lookup a list of your dynamically changing resources, such as containers. Amazon API Gateway is a serverless ingress for your web traffic. It has no m
jQuery Attack Hits NPM and GitHub; Can Extract Web Form Data
jQuery Attack Hits NPM and GitHub; Can Extract Web Form Data The trojanized jQuery attack has been spread on npm, GitHub and elsewhere since May. A trojanized version of jQuery has been spreading on the npm JavaScript package manager, GitHub and elsewhere, for use in a jQuery attack, security researchers have discovered. Phylum researchers said they have been monitoring the “persistent supply chai
Scheduling Internals
A sneak peek to what's coming! I remember when I first learned that you can write a server handling millions of clients running on just a single thread, my mind was simply blown away 🤯 I used Node.js while knowing it is single threaded, I used async / await in Python, and I used threads, but never asked myself "How is any of this possible?". This post is written to spread the genius of concurrenc
I discovered strace somewhere between my first part time web development part time job in 2005 and my first full time “software engineering” job in 2008, and it seemed like a superpower giving me x-ray vision into running infrastructure. When a process was stuck, or existing after a cryptic error message, instead of grepping around I could get a pretty good timeline of what the process was up to.
PHP libraries and tools
PHP possesses a rich ecosystem, with plenty of libraries and tools. Here is a list of them that I consider interesting, beyond any framework. At the end, I included some useful checks for Composer and Symfony to execute on a CI pipeline. Libraries brick/math: Arbitrary-precision arithmetic library for PHP openspout/openspout: Read and write spreadsheet files (CSV, XLSX and ODS), in a fast and scal
Here is a list of common JavaScript interview questions with detailed answers to help you prepare for the interview as a JavaScript developer. JavaScript continues to be a cornerstone of web development, powering dynamic and interactive experiences across the web. As the language evolves, so does the complexity and scope of interview questions for JavaScript developers. Whether you’re a fresher de
GitHub - panjf2000/gnet: 🚀 gnet is a high-performance, lightweight, non-blocking, event-driven networking framework written in pure Go./ gnet 是一个高性能、轻量级、非阻塞的事件驱动 Go 网络框架。
gnet is an event-driven networking framework that is ultra-fast and lightweight. It is built from scratch by exploiting epoll and kqueue and it can achieve much higher performance with lower memory consumption than Go net in many specific scenarios. gnet and net don't share the same philosophy about network programming. Thus, building network applications with gnet can be significantly different f
Matrix 2.0: The Future of Matrix
TL;DR: If you want to play with a shiny new Matrix 2.0 client, head over to Element X. Matrix has been going for over 9 years now, providing an open standard for secure, decentralised communication for the open Web - and it’s been quite the journey to get to where we are today. Right now, according to Synapse’s opt-in usage reporting, in total there are 111,873,374 matrix IDs on the public network
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
JavaScript Visualized - Promise Execution
How I made a heap overflow in curl | daniel.haxx.se
Learning Async Rust With Entirely Too Many Web Servers
Node.js: The Documentary | An origin story
AWS SDK for Rust is now generally available
WASI support in Go - The Go Programming Language
Go 1.21 Release Notes - The Go Programming Language
curl - SOCKS5 heap buffer overflow - CVE-2023-38545
Persistent npm Campaign Shipping Trojanized jQuery
The Hidden Performance Cost of NodeJS and GraphQL
The Art of Forking: Unlocking Scalability in Ruby
Node.js/TypeScriptの特性と現場での活用 - Qiita
Backtraces with strace
JavaScript Interview Questions