recentpopularlog in
« earlier  
[no title]
This article is intended to serve as an introduction to the newest Linux IO interface, io_uring, and compare it to the
existing offerings. We'll go over the reasons for its existence, inner workings of it, and the user visible interface. The
article will not go into details about specific commands and the likes, as that would just be duplicating the information
available in the associated man pages. Rather, it will attempt to provide an introduction to io_uring and how it works,
with the goal hopefully being that the reader will have gained a deeper understanding of how it all ties together. That
said, there will be some overlap between this article and the man pages. It's impossible to provide a description of
io_uring without including some of those details.
linux  kernel  io  async  io_uring  data-structures  performance  overview  design  filetype:pdf 
4 weeks ago
Everything You Always Wanted to Know About Compiled and Vectorized Queries But Were Afraid to Ask
ract—Online programming discussion platforms such as
Stack Overflow serve as a rich source of information for software
developers. Available information include vibrant discussions
and oftentimes ready-to-use code snippets. Previous research
identified Stack Overflow as one of the most important information sources developers rely on. Anecdotes report that
software developers copy and paste code snippets from those
information sources for convenience reasons. Such behavior
results in a constant flow of community-provided code snippets
into production software. To date, the impact of this behaviour
on code security is unknown.
We answer this highly important question by quantifying
the proliferation of security-related code snippets from Stack
Overflow in Android applications available on Google Play.
Access to the rich source of information available on Stack
Overflow including ready-to-use code snippets provides huge
benefits for software developers. However, when it comes to
code security there are some caveats to bear in mind: Due
to the complex nature of code security, it is very difficult to
provide ready-to-use and secure solutions for every problem.
Hence, integrating a security-related code snippet from Stack
Overflow into production software requires caution and expertise.
Unsurprisingly, we observed insecure code snippets being copied
into Android applications millions of users install from Google
Play every day.
To quantitatively evaluate the extent of this observation, we
scanned Stack Overflow for code snippets and evaluated their
security score using a stochastic gradient descent classifier. In
order to identify code reuse in Android applications, we applied
state-of-the-art static analysis. Our results are alarming: 15.4%
of the 1.3 million Android applications we analyzed, contained
security-related code snippets from Stack Overflow. Out of these
97.9% contain at least one insecure code snippet.
paper  filetype:pdf  comp-sci  research  database  data-structures  compilers  optimisation 
6 weeks ago
Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security
Online programming discussion platforms such as
Stack Overflow serve as a rich source of information for software
developers. Available information include vibrant discussions
and oftentimes ready-to-use code snippets. Previous research
identified Stack Overflow as one of the most important information sources developers rely on. Anecdotes report that
software developers copy and paste code snippets from those
information sources for convenience reasons. Such behavior
results in a constant flow of community-provided code snippets
into production software. To date, the impact of this behaviour
on code security is unknown.
We answer this highly important question by quantifying
the proliferation of security-related code snippets from Stack
Overflow in Android applications available on Google Play.
Access to the rich source of information available on Stack
Overflow including ready-to-use code snippets provides huge
benefits for software developers. However, when it comes to
code security there are some caveats to bear in mind: Due
to the complex nature of code security, it is very difficult to
provide ready-to-use and secure solutions for every problem.
Hence, integrating a security-related code snippet from Stack
Overflow into production software requires caution and expertise.
Unsurprisingly, we observed insecure code snippets being copied
into Android applications millions of users install from Google
Play every day.
To quantitatively evaluate the extent of this observation, we
scanned Stack Overflow for code snippets and evaluated their
security score using a stochastic gradient descent classifier. In
order to identify code reuse in Android applications, we applied
state-of-the-art static analysis. Our results are alarming: 15.4%
of the 1.3 million Android applications we analyzed, contained
security-related code snippets from Stack Overflow. Out of these
97.9% contain at least one insecure code snippet.
filetype:pdf  paper  security  research  infosec  code  reuse 
6 weeks ago
Wrappers to the Rescue
Wrappers are mechanisms for introducing new behavior that is executed before and/or after, and perhaps even in lieu of, an existing method. This paper examines several ways to implement wrappers in Smalltalk, and compares their performance. Smalltalk programmers often use Smalltalk’s lookup failure mechanism to customize method lookup. Our focus is different. Rather than changing the method lookup process, we modify the method objects that the lookup process returns. We call these objects method wrappers. We have used method wrappers to construct several program analysis tools: a coverage tool, a class collaboration tool, and an interaction diagramming tool. We also show how we used method wrappers to construct several extensions to Smalltalk: synchronized methods, assertions, and multimethods. Wrappers are relatively easy to build in Smalltalk because it was designed with reflective facilities that allow programmers to intervene in the lookup process. Other languages differ in the degree to which they can accommodate change. Our experience testifies to the value, power, and utility of openness.
paper  comp-sci  reflection  smalltalk 
12 weeks ago
LSM-based Storage Techniques: A Survey
Recently, the Log-Structured Merge-tree (LSMtree) has been widely adopted for use in the storage layer of
modern NoSQL systems. Because of this, there have been
a large number of research efforts, from both the database
community and the operating systems community, that try
to improve various aspects of LSM-trees. In this paper, we
provide a survey of recent research efforts on LSM-trees so
that readers can learn the state-of-the-art in LSM-based storage techniques. We provide a general taxonomy to classify
the literature of LSM-trees, survey the efforts in detail, and
discuss their strengths and trade-offs. We further survey several representative LSM-based open-source NoSQL systems
and discuss some potential future research directions resulting from the survey
data-structures  lsm  nosql  storage  index  data  rocksdb  leveldb  cassandra  hbase  database  filetype:pdf  comp-sci  paper 
august 2019
The Unwritten Contract of Solid State Drives
We perform a detailed vertical analysis of application performance atop a range of modern file systems and SSD FTLs.
We formalize the “unwritten contract” that clients of SSDs
should follow to obtain high performance, and conduct our
analysis to uncover application and file system designs that
violate the contract. Our analysis, which utilizes a highly
detailed SSD simulation underneath traces taken from real
workloads and file systems, provides insight into how to better construct applications, file systems, and FTLs to realize
robust and sustainable performance.
ssd  filetype:pdf  paper  comp-sci  disk  performance  research 
august 2019
[no title]
how information operations have been carried out in the past to exploit divisions
filetype:pdf  cybersecurity  security  infosec 
july 2019
« earlier      
per page:    204080120160

Copy this bookmark:





to read