> Enabling allocation sampling profiling with a sampling period of 4 MB leads to a maximum time overhead of 25% in our benchmarks, over un-profiled regular execution
25% is not low overhead, but perhaps this example is the worse case and other tunings actually are low overhead. There's no exact definition I don't think, but anything much over 3% starts to feel like a lot of overhead to me.
Reading on:
> Our main technical insight is that the check whether an allocation should be sampled can be made free. This is done by folding it into the bump-pointer allocator check that PyPy’s GC uses to find out if it should start a minor collection. In this way the fast path with and without memory sampling are exactly the same.
That is cool, and means you only pay for the samples you produce = something you could leave enabled confidently, with a low-enough sample rate at least.
It doesn't seem like a very fresh insight though. I did exactly that for sb-sprof in 2006 [0], and doubt it was the first time anyone had that idea. It falls out pretty much automatically from having both a bump allocator and a sampling profiler.
> He went to the Museum of Natural History to study sharks, and he had a model pose across a couple of stools for reference of what someone looks like swimming.
That explains why the swimmer, at least, looks a bit fake.
It's also unclear how the first graph, whose y-axis is labelled "req/s", is showing a latency spike. Latency is not visible on that graph, AFAICT, only throughput.
for the record, i can't find any combination of those words in my transcriptions of loveline shows, although i don't have them all, and it is possible there are up to 50% transcription errors. there is 1 reference to "Stinky Linky" but it appears unrelated, "what's the linky?" "freckles" - i got excited that i found it but looking at the context it was in vain.
i have five clean references to "as a mason jar" so my collection is fairly complete ;-)
Oh, then i concur with your prior statement that it "continues [...] today"; i define "LoveLine" differently. Someday i'll find the time to get "fills" - i only have 5.5 years fully transcribed.
Is the example meant to rhyme, or is it an example of a subtle category of "words that only rhyme in some English accents"? "Offle Woffle" is somewhat standard American English, while "Orful Warful" would be British English.
Checklists solve the problem of forgetting specific details. They work very well in situations where all possible problems have been enumerated and the only failure mode is forgetting to check for one.
They do not solve the problem of getting people to think things through and recognize novel issues.
There are some jobs you can't do well. You can do them adequately or screw them up. Checklists are helpful in those jobs.
Yea, the problem most often in computer security checklists is misapplication of the checklist.
I do cyber security related stuff for the finance and they have some of the dumbest checklists ever.
A more recent one I got was
"We only allow the HTTP verbs 'GET' and 'POST', your application can only use that and the verbs PUT, PATCH, and DELETE cannot be used.
After not replying 'are you fucking stupid' I said
"You do realize that you are using a RestAPI application and that these verbs can go to the same interface to modify the call in different way? Not only would we have to rewrite our application which would probably take months to years, you would have to rewrite tons of applications on your side to make this actually work."
You get these dipshit auditors from other firms that pick up some 'best practice' from 2003 and put it in a list then get a god complex about it needing to be implemented when they have absolutely zero clue why the original thing was called out in the first place.
For those who wonder, typically these verbs are disabled to prevent the accidental enablement of WebDAV on some platforms, especially Windows/IIS that had some issues with security around it. It makes zero sense for such a rule in a modern API application.
> For those who wonder, typically these verbs are disabled to prevent the accidental enablement of WebDAV on some platforms, especially Windows/IIS that had some issues with security around it. It makes zero sense for such a rule in a modern API application.
Thanks. One thing that's more interesting than the revealed stupidity of such rules is the actual (and often sensible) reason they were first created long ago.
"Temporary" hacks outliving both the problem they solved and the system they were built for seems to be a regular occurrence in bureaucracy as much as it is in software and hardware.
Most of this comes about because the talent pool for cyber is so small. Cyber Auditors, should understand what the risk is, and what controls should be in place, and how they operate.
Most don't because they lack the appropriate technical skills. Therefore we fall back on checklists, as less skilled people can do a compliance check to it.
In large organisations this can also happen between cyber and engineering teams, where the teams don't understand security and are just focussed on releasing features, and so cyber enforces checklists or non-negotiables or compliance assessments.
All of this comes down to skills and awareness. Not enough people have the skills/knowledge to cover all the roles out there.
ah, yes, the "memory is no object" way of obtaining a weighted distribution. If you need that sweet sweet O(1) selection time, maybe check out the Alias Method :)
25% is not low overhead, but perhaps this example is the worse case and other tunings actually are low overhead. There's no exact definition I don't think, but anything much over 3% starts to feel like a lot of overhead to me.
Reading on:
> Our main technical insight is that the check whether an allocation should be sampled can be made free. This is done by folding it into the bump-pointer allocator check that PyPy’s GC uses to find out if it should start a minor collection. In this way the fast path with and without memory sampling are exactly the same.
That is cool, and means you only pay for the samples you produce = something you could leave enabled confidently, with a low-enough sample rate at least.