By Nic Jansma and Charles Vazac (Akamai)
Fluent 2018
http://www.youtube.com/watch?v=L3LKtFh1HkQ
Would you give the Amazon Prime delivery robot the key to your house, just because it stops by to deliver delicious packages every day? Even if you would, do you still have 100% confidence that it wouldn’t accidentally drag in some mud, let the neighbor in, steal your things, or burn your house down? Worst-case scenarios such as these are what you should be planning for when deciding whether or not to include third-party libraries and services on your website. While most libraries have good intentions, by including them on your site, you have given them complete control over the kingdom. Once on your site, they can provide all of the great services you want—or they can destroy everything you’ve worked so hard to build.
It’s prudent to be cautious: we’ve all heard stories about how third-party libraries have caused slowdowns, broken websites, and even led to downtime. But how do you evaluate the actual costs and potential risks of a third-party library so you can balance that against the service it provides? Every library requires nonzero overhead to provide the service it claims. In many cases, the overhead is minimal and justified, but we should quantify it to understand the real cost. In addition, libraries need to be carefully crafted so they can avoid causing additional pain when the stars don’t align and things go wrong.
Nic Jansma and Charles Vazac perform an honest audit of several popular third-party libraries to understand their true cost to your site, exploring loading patterns, SPOF avoidance, JavaScript parsing, long tasks, runtime overhead, polyfill headaches, security and privacy concerns, and more. From how the library is loaded, to the moment it phones home, you’ll see how third-parties can affect the host page and discover best practices you can follow to ensure they do the least potential harm.
With all of the great performance tools available to developers today, we’ve gained a lot of insight into just how much third-party libraries are impacting our websites. Nic and Charles detail tools to help you decide if a library’s risks and unseen costs are worth it. While you may not have the time to perform a deep dive into every third-party library you want to include on your site, you’ll leave with a checklist of the most important best practices third-parties should be following for you to have confidence in them.
This document discusses HTTP/2 support in Go 1.6. It notes that the net/http package now supports HTTP/2 out of the box. It provides code samples showing how a server can be configured with and without HTTP/2 support. It also describes how HTTP/2 functionality like HPACK header compression, server push, flow control, and priority are implemented in Go net/http. Finally, it summarizes the current level of HTTP/2 specification compliance and areas still in development.
This document summarizes Stas Zozulja's presentation on building real-time web applications with WebSockets and related technologies. The presentation covered transport mechanisms for real-time applications like WebSockets, long polling and HTTP streaming. It also discussed tools for building real-time PHP applications like Ratchet and Pushpin, a reverse proxy that allows using WebSockets over HTTP. Example code was provided for implementing a real-time chat application with these tools.
The document discusses Chromium's caching system. It describes the overall network stack and cache flow, including the disk cache which stores web resources on disk. It then focuses on the "simple cache" implementation, a new backend for disk cache that uses one file per cache entry and an index file for faster lookups. The simple cache aims to be more resilient to corruption, reduce delays, and have lower memory and disk usage than the existing blockfile backend.
How to write a well-behaved Python command line application
Tutorial #1 from PyCon AU 2012
Python is a fantastic scripting language. It is easy to hack up quick scripts for all sorts of problems - without a lot more effort, that hack can become a robust, easily maintained command line application that your users love.
This tutorial covers how to write useful, well-behaved command line applications that are a joy to use:
* Easily process command line options
* Write a script that can be used interactively or as a filter
* Display help to the user
* Gracefully handle and report errors, to the user and the shell
* Trap and process signals in a robust manner
* Create an easily configured application
* Use a range of the Python standard library modules for easier command line scripting
* Test your application
* Set up the supporting files that any well-behaved application should have, eg. a man page
* How to package your application for other people to use
This tutorial will assume a very basic knowledge of Python and some familiarity with the command line environment of your choice.
Moving from Jenkins 1 to 2 declarative pipeline adventures
T-Dose 2017 presentation, Sunday 19 November 2017. Adventures building a declarative pipeline script for a traditional (non-java/non-cloud) installable windows/Linux application. Video will hopefully be available later.
This company transitioned their highly-threaded scalable server software to the Go programming language two years ago after facing issues with C++ like memory management problems and uncontrolled code growth. They created a prototype in Go that had 26% less code, was fully garbage collected, and had a smooth learning curve. They rewrote their entire server software in Go, resulting in 42% less code and no memory issues. While dependencies and language changes have caused some problems, overall Go has worked well for their needs and their developers now prefer Go for some projects.
The CFEngine Roadshow is a multi-platform configuration management training that started in 2007 and is now in its fifth edition. It uses CFEngine to demonstrate how to automate configuration of virtual machines for tasks like installing Java, Tomcat, and deploying applications. A past success story showed how CFEngine was implemented at DirecTV to manage over 3,500 servers, improving quality, enabling patching, and providing an automated CMDB. Key CFEngine concepts covered include desired state configuration, convergence, policy-based versus imperative configuration, and CFEngine's small footprint and ability to manage diverse platforms.
NanoCloud provides a way to deploy Java applications across multiple servers and nodes in a cloud-like manner using only SSH and Java. It handles classpath replication, remote execution, and bidirectional communication between nodes in a transparent way without heavy infrastructure requirements. The document outlines NanoCloud's capabilities and goals to simplify distributed testing and deployment of Java applications at scale.
This document provides an overview of server-side JavaScript using Node.js in 3 sentences or less:
Node.js allows for the development of server-side applications using JavaScript and non-blocking I/O. It introduces some theory around event loops and asynchronous programming in JavaScript. The document includes examples of building HTTP and TCP servers in Node.js and connecting to MongoDB, as well as when Node.js may and may not be suitable.
Front End performance as a Continuous Integration - Part1
This document discusses making front-end performance (FEP) testing an automated part of the continuous integration (CI) process. It outlines several tools that can be used to automate FEP reporting, including Browser-Perf, PerfJankie, SauceLabs, Google Closure Compiler, Spy JS, Phantomas, and others. These tools can measure metrics like page load times, repaint times, and JavaScript execution times. Integrating these tools into the CI process would help catch performance regressions early and ensure code meets best practices for performance.
This presentation provides a brief overview of the history of JavaScript and its ecosystem and highlights the excellent JS support provided by the latest NetBeans IDE. You can find the examples on github: https://github.com/saikos/NetBeansES6Support
This document discusses debugging CPython processes with gdb. It begins by stating the goals of making gdb a useful option for debugging and highlighting common issues. It then discusses why debugging is important for large open source projects like OpenStack. Several typical problems that gdb can help with are described, such as hung processes, stepping into native code, and interpreter crashes. Advantages of gdb over pdb are outlined. Prerequisites for using gdb to debug Python are covered, including ensuring gdb has Python support and obtaining CPython debugging symbols. Various gdb commands for debugging Python processes are demonstrated, such as attaching to a process, printing tracebacks and locals, and executing Python code in the debugged process. Finally, some common gotchas are highlighted around virtual environments
This document discusses the past, present, and future of the PHP development environment. In the past, setting up PHP environments was difficult and environments often differed from production. Currently, Vagrant helps address these issues by providing an easy way to configure and provision consistent development environments. It allows specifying environments using configuration files and provisioning them using tools like Chef. Going forward, Vagrant aims to support more providers like AWS and improve collaboration features.
Fluent 2018: When third parties stop being polite... and start getting real
At Fluent Conference 2018, Nic Jansma and Charles Vazac perform an honest audit of several popular third-party libraries to understand their true cost to your site, exploring loading patterns, SPOF avoidance, JavaScript parsing, long tasks, runtime overhead, polyfill headaches, security and privacy concerns, and more. They also share tools to help you decide if a library’s risks and unseen costs are worth it.
When Third Parties Stop Being Polite... and Start Getting Real
By Nic Jansma and Charlie Vazac (Akamai)
Fluent 2018
Would you give the Amazon Prime delivery robot the key to your house, just because it stops by to deliver delicious packages every day? Even if you would, do you still have 100% confidence that it wouldn’t accidentally drag in some mud, let the neighbor in, steal your things, or burn your house down? Worst-case scenarios such as these are what you should be planning for when deciding whether or not to include third-party libraries and services on your website. While most libraries have good intentions, by including them on your site, you have given them complete control over the kingdom. Once on your site, they can provide all of the great services you want—or they can destroy everything you’ve worked so hard to build.
It’s prudent to be cautious: we’ve all heard stories about how third-party libraries have caused slowdowns, broken websites, and even led to downtime. But how do you evaluate the actual costs and potential risks of a third-party library so you can balance that against the service it provides? Every library requires nonzero overhead to provide the service it claims. In many cases, the overhead is minimal and justified, but we should quantify it to understand the real cost. In addition, libraries need to be carefully crafted so they can avoid causing additional pain when the stars don’t align and things go wrong.
Nic Jansma and Charles Vazac perform an honest audit of several popular third-party libraries to understand their true cost to your site, exploring loading patterns, SPOF avoidance, JavaScript parsing, long tasks, runtime overhead, polyfill headaches, security and privacy concerns, and more. From how the library is loaded, to the moment it phones home, you’ll see how third-parties can affect the host page and discover best practices you can follow to ensure they do the least potential harm.
With all of the great performance tools available to developers today, we’ve gained a lot of insight into just how much third-party libraries are impacting our websites. Nic and Charles detail tools to help you decide if a library’s risks and unseen costs are worth it. While you may not have the time to perform a deep dive into every third-party library you want to include on your site, you’ll leave with a checklist of the most important best practices third-parties should be following for you to have confidence in them.
Check Yourself Before You Wreck Yourself: Auditing and Improving the Performa...
Boomerang is an open-source Real User Monitoring (RUM) JavaScript library used by thousands of websites to measure their visitor's experiences. The developers behind Boomerang take pride in building a reliable and performant third-party library that everyone can use without being concerned about its measurements affecting their site. We recently performed and shared an audit of Boomerang's performance, to help communicate its "cost of doing business", and in doing so we found several areas of code that we wanted to improve. We'll discuss how we performed the audit, some of the improvements we've made, how we're testing and validating our changes, and the real-time telemetry we capture for our library to ensure we're having as little of an impact as possible on the sites we're included on.
Boomerang is an open-source Real User Monitoring (RUM) JavaScript library used by thousands of websites to measure their visitor's experiences.
Boomerang runs on billions of page loads a day, either via the open-source library or as part of Akamai's mPulse RUM service. The developers behind Boomerang take pride in building a reliable and performant third-party library that everyone can use without being concerned about its measurements affecting their site.
Recently, we performed and shared an audit of Boomerang's performance, to help communicate the "cost of doing business" of including Boomerang on a page while it takes its measurements. In doing the audit, we found several areas of code that we wanted to improve and have been making continuous improvements ever since. We've taken ideas and contributions from the OSS community, and have built a Performance Lab that helps "lock in" our improvements by continuously measuring the metrics that are important to us.
We'll discuss how we performed the audit, some of the improvements we've made, how we're testing and validating our changes, and the real-time telemetry we capture on our library to ensure we're having as little of an impact as possible on the sites we're included on.
Measuring Front-End Performance - What, When and How?
This document discusses front-end performance measurement. It recommends measuring performance at every stage of a project's lifecycle using both synthetic and real user monitoring tools. Key metrics to measure include time to first byte, speed index, user timings. Both types of tools provide valuable but different insights and should be used together. Performance data should be reported visually through dashboards to make it relevant and actionable. The goal is to establish a "culture of performance" and catch problems early.
Prometheus and Docker (Docker Galway, November 2015)
Brian Brazil is an engineer passionate about reliable systems who has worked at Google SRE and Boxever. He discusses Prometheus, an open source monitoring system he helped create. Prometheus offers inclusive monitoring of services, is manageable and reliable, integrates easily with other tools, and provides powerful querying and dashboards. It is efficient, scalable, and helps provide visibility into systems through its data model and labeling.
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
In the realm of real-time applications, Large Language Models (LLMs) have long dominated language-centric tasks, while tools like OpenCV have excelled in the visual domain. However, the future (maybe) lies in the fusion of LLMs and deep learning, giving birth to the revolutionary concept of Large Action Models (LAMs).
Imagine a world where AI not only comprehends language but mimics human actions on technology interfaces. For example, the Rabbit r1 device presented at CES 2024, driven by an AI operating system and LAM, brings this vision to life. It executes complex commands, leveraging GUIs with unprecedented ease.
In this presentation, join me on a journey as a software engineer tinkering with WebRTC, Janus, and LLM/LAMs. Together, we’ll evaluate the current state of these AI technologies, unraveling the potential they hold for shaping the future of real-time applications.
Website Monitoring with Distributed Messages/Tasks Processing (AMQP & RabbitM...
Here are the key steps to integrate Facebook login into a Django website:
1. Register your website with Facebook Developers and create an app. This will give you an App ID and App Secret.
2. Install the Python social auth app: `pip install social-auth-app-django`
3. Add 'social_django' to INSTALLED_APPS in settings.py
4. Configure the Facebook backend:
```python
SOCIAL_AUTH_FACEBOOK_KEY = '<your app id>'
SOCIAL_AUTH_FACEBOOK_SECRET = '<your app secret>'
```
5. Add the Facebook login URL to your URLs:
```python
url(r'^social
Metrics, metrics everywhere (but where the heck do you start?)
This document discusses various metrics for measuring website performance and user experience. It outlines different types of metrics including:
- Network metrics like DNS resolution, TCP connection times, and time to first byte.
- Browser metrics like start render time, DOM loading/ready times, and page load times.
- Resource-level metrics obtained from the Resource Timing API like individual asset load times and response sizes.
- User-centric metrics like Speed Index, time to visible content, and metrics for single-page applications without traditional page loads.
It emphasizes the importance of measuring real user monitoring data alongside synthetic tests, and looking at higher percentiles rather than just averages due to variability in user environments and network conditions
Velocity NYC: Metrics, metrics everywhere (but where the heck do you start?)
This document discusses various metrics for measuring website performance. It begins by noting that there are many metrics to consider and no single metric tells the whole story. It then discusses several key metrics for measuring different aspects of performance, including:
- Front-end metrics like start render, DOM loading/ready, and page load that can isolate front-end from back-end performance.
- Network metrics like DNS and TCP timings that provide insight into connectivity issues.
- Resource timing metrics that measure individual assets to understand impacts of third parties and CDNs.
- User timing metrics like measuring above-the-fold content that capture user experience.
It emphasizes the importance of considering real user monitoring data alongside
Metrics, metrics everywhere (but where the heck do you start?)
There’s no one-size-fits-all approach to metrics. In this session, Cliff Crocker and I walk through various metrics that answer performance questions from multiple perspectives — from designer and DevOps to CRO and CEO. You’ll walk away with a better understanding of your options, as well as a clear understanding of how to choose the right metric for the right audience.
This document discusses profiling PHP applications to improve performance. It recommends profiling during development to identify inefficiencies. The document introduces Xdebug for profiling PHP code and Webgrind, a PHP frontend for visualizing Xdebug profiles. It provides an example of profiling a sample PHP application, identifying issues, making code changes, and verifying performance improvements through re-profiling.
The document provides guidance on developing reliable load test scripts and scenarios. It discusses test data requirements, parameterizing dynamic values, proper use of HTTP protocol versus GUI-level scripting, handling asynchronous requests, implementing think time and pacing, validating scripts, and best practices for load scenario configuration. The goal is to explore main points around scripting best practices, validating load scripts thoroughly, and configuration best practices to build effective performance tests.
This workshop introduces to WebRTC and how you can utilize its open API to develop Rich Communication services in your web applications. It describes a general Java gateway to allow the translation of WebRTC to SIP, the protocol used internally in the majority of VoIP networks and how Groovy is used to empower the process. In the end of the workshop, the assistants will be able to develop and deploy a basic webpage and they will have the knowledge to customize the example and develop more complex features, adding audio, video or data to HTML5, iOS or Android applications.
Monitoring in Big Data Platform - Albert Lewandowski, GetInData
Did you like it? Check out our blog to stay up to date: https://getindata.com/blog
The webinar was organized by GetinData on 2020. During the webinar we explaned the concept of monitoring and observability with focus on data analytics platforms.
Watch more here: https://www.youtube.com/watch?v=qSOlEN5XBQc
Whitepaper - Monitoring ang Observability for Data Platform: https://getindata.com/blog/white-paper-big-data-monitoring-observability-data-platform/
Speaker: Albert Lewandowski
Linkedin: https://www.linkedin.com/in/albert-lewandowski/
___
Getindata is a company founded in 2014 by ex-Spotify data engineers. From day one our focus has been on Big Data projects. We bring together a group of best and most experienced experts in Poland, working with cloud and open-source Big Data technologies to help companies build scalable data architectures and implement advanced analytics over large data sets.
Our experts have vast production experience in implementing Big Data projects for Polish as well as foreign companies including i.a. Spotify, Play, Truecaller, Kcell, Acast, Allegro, ING, Agora, Synerise, StepStone, iZettle and many others from the pharmaceutical, media, finance and FMCG industries.
https://getindata.com
Talk given at the London AICamp meet up on the 13 July 2023. It's an introduction on building open-source ChatGPT-like chat bots and some of the considerations to have while training/tuning them using Airflow.
This document provides an overview of the tools available in Chrome Dev Tools for web development and performance analysis. It describes the Elements, Styles, and Resources panels for inspecting and editing pages. It also covers the Network panel for analyzing resource loading, the Timeline for performance profiling, and the Audits and PageSpeed panels for optimization suggestions. Tips are provided on using these various Dev Tools to debug issues, optimize pages, and remotely debug on devices.
Ten practical ways to improve front-end performance
Conference talk presented at PHP South Coast 2017. Ten concrete ways to improve web performance, split between quick tactical wins and longer-term overarching strategies.
This document discusses benchmarking HTTP/2 using the h2load tool. It provides examples of using h2load to test various HTTP/2 configurations and protocols. The document also summarizes several experiments comparing performance of HTTP/2 with different settings, such as with or without domain sharding, combo handling, and different servers like ATS and nghttpx. It concludes that we need to consider server capacity for HTTP/2 deployments and that h2load is not perfect, providing opportunities for contribution.
How RPA Help in the Transportation and Logistics Industry.pptx
Revolutionize your transportation processes with our cutting-edge RPA software. Automate repetitive tasks, reduce costs, and enhance efficiency in the logistics sector with our advanced solutions.
Advanced Techniques for Cyber Security Analysis and Anomaly Detection
Cybersecurity is a major concern in today's connected digital world. Threats to organizations are constantly evolving and have the potential to compromise sensitive information, disrupt operations, and lead to significant financial losses. Traditional cybersecurity techniques often fall short against modern attackers. Therefore, advanced techniques for cyber security analysis and anomaly detection are essential for protecting digital assets. This blog explores these cutting-edge methods, providing a comprehensive overview of their application and importance.
Mitigating the Impact of State Management in Cloud Stream Processing Systems
Stream processing is a crucial component of modern data infrastructure, but constructing an efficient and scalable stream processing system can be challenging. Decoupling compute and storage architecture has emerged as an effective solution to these challenges, but it can introduce high latency issues, especially when dealing with complex continuous queries that necessitate managing extra-large internal states.
In this talk, we focus on addressing the high latency issues associated with S3 storage in stream processing systems that employ a decoupled compute and storage architecture. We delve into the root causes of latency in this context and explore various techniques to minimize the impact of S3 latency on stream processing performance. Our proposed approach is to implement a tiered storage mechanism that leverages a blend of high-performance and low-cost storage tiers to reduce data movement between the compute and storage layers while maintaining efficient processing.
Throughout the talk, we will present experimental results that demonstrate the effectiveness of our approach in mitigating the impact of S3 latency on stream processing. By the end of the talk, attendees will have gained insights into how to optimize their stream processing systems for reduced latency and improved cost-efficiency.
Kief Morris rethinks the infrastructure code delivery lifecycle, advocating for a shift towards composable infrastructure systems. We should shift to designing around deployable components rather than code modules, use more useful levels of abstraction, and drive design and deployment from applications rather than bottom-up, monolithic architecture and delivery.
To help you choose the best DiskWarrior alternative, we've compiled a comparison table summarizing the features, pros, cons, and pricing of six alternatives.
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...
Jindong Gu, Zhen Han, Shuo Chen, Ahmad Beirami, Bailan He, Gengyuan Zhang, Ruotong Liao, Yao Qin, Volker Tresp, Philip Torr "A Systematic Survey of Prompt Engineering on Vision-Language Foundation Models" arXiv2023
https://arxiv.org/abs/2307.12980
Best Practices for Effectively Running dbt in Airflow.pdf
As a popular open-source library for analytics engineering, dbt is often used in combination with Airflow. Orchestrating and executing dbt models as DAGs ensures an additional layer of control over tasks, observability, and provides a reliable, scalable environment to run dbt models.
This webinar will cover a step-by-step guide to Cosmos, an open source package from Astronomer that helps you easily run your dbt Core projects as Airflow DAGs and Task Groups, all with just a few lines of code. We’ll walk through:
- Standard ways of running dbt (and when to utilize other methods)
- How Cosmos can be used to run and visualize your dbt projects in Airflow
- Common challenges and how to address them, including performance, dependency conflicts, and more
- How running dbt projects in Airflow helps with cost optimization
Webinar given on 9 July 2024
Choose our Linux Web Hosting for a seamless and successful online presence
Our Linux Web Hosting plans offer unbeatable performance, security, and scalability, ensuring your website runs smoothly and efficiently.
Visit- https://onliveserver.com/linux-web-hosting/
The DealBook is our annual overview of the Ukrainian tech investment industry. This edition comprehensively covers the full year 2023 and the first deals of 2024.
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...
Today’s digitally connected world presents a wide range of security challenges for enterprises. Insider security threats are particularly noteworthy because they have the potential to cause significant harm. Unlike external threats, insider risks originate from within the company, making them more subtle and challenging to identify. This blog aims to provide a comprehensive understanding of insider security threats, including their types, examples, effects, and mitigation techniques.
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - Mydbops
This presentation, delivered at the Postgres Bangalore (PGBLR) Meetup-2 on June 29th, 2024, dives deep into connection pooling for PostgreSQL databases. Aakash M, a PostgreSQL Tech Lead at Mydbops, explores the challenges of managing numerous connections and explains how connection pooling optimizes performance and resource utilization.
Key Takeaways:
* Understand why connection pooling is essential for high-traffic applications
* Explore various connection poolers available for PostgreSQL, including pgbouncer
* Learn the configuration options and functionalities of pgbouncer
* Discover best practices for monitoring and troubleshooting connection pooling setups
* Gain insights into real-world use cases and considerations for production environments
This presentation is ideal for:
* Database administrators (DBAs)
* Developers working with PostgreSQL
* DevOps engineers
* Anyone interested in optimizing PostgreSQL performance
Contact info@mydbops.com for PostgreSQL Managed, Consulting and Remote DBA Services
Transcript: Details of description part II: Describing images in practice - T...
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and slides: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
An invited talk given by Mark Billinghurst on Research Directions for Cross Reality Interfaces. This was given on July 2nd 2024 as part of the 2024 Summer School on Cross Reality in Hagenberg, Austria (July 1st - 7th)
Are you interested in dipping your toes in the cloud native observability waters, but as an engineer you are not sure where to get started with tracing problems through your microservices and application landscapes on Kubernetes? Then this is the session for you, where we take you on your first steps in an active open-source project that offers a buffet of languages, challenges, and opportunities for getting started with telemetry data.
The project is called openTelemetry, but before diving into the specifics, we’ll start with de-mystifying key concepts and terms such as observability, telemetry, instrumentation, cardinality, percentile to lay a foundation. After understanding the nuts and bolts of observability and distributed traces, we’ll explore the openTelemetry community; its Special Interest Groups (SIGs), repositories, and how to become not only an end-user, but possibly a contributor.We will wrap up with an overview of the components in this project, such as the Collector, the OpenTelemetry protocol (OTLP), its APIs, and its SDKs.
Attendees will leave with an understanding of key observability concepts, become grounded in distributed tracing terminology, be aware of the components of openTelemetry, and know how to take their first steps to an open-source contribution!
Key Takeaways: Open source, vendor neutral instrumentation is an exciting new reality as the industry standardizes on openTelemetry for observability. OpenTelemetry is on a mission to enable effective observability by making high-quality, portable telemetry ubiquitous. The world of observability and monitoring today has a steep learning curve and in order to achieve ubiquity, the project would benefit from growing our contributor community.
LCU14 201- Binary Analysis Tools
---------------------------------------------------
Speaker: C. Lyon & O. Javaid
Date: September 16, 2014
---------------------------------------------------
★ Session Summary ★
This session will be a presentation about currently available binary analysis tools, including: Sanitizers, perf (a performance counter and tracing profiling tool), record/replay (a reverse debugging facility in GDB) and prelink rootfs.
---------------------------------------------------
★ Resources ★
Zerista: http://lcu14.zerista.com/event/member/137726
Google Event: https://plus.google.com/u/0/events/ca2pdo9sn9r8n81l5vrbiibvcts
Video: https://www.youtube.com/watch?v=QIu601HYwSA&list=UUIVqQKxCyQLJS6xvSmfndLA
Etherpad: http://pad.linaro.org/p/lcu14-201
---------------------------------------------------
★ Event Details ★
Linaro Connect USA - #LCU14
September 15-19th, 2014
Hyatt Regency San Francisco Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
The document discusses CPU pipeline optimization techniques, including both hardware and software branch prediction. It describes two main ways for compilers to provide better branch prediction hints to hardware: 1) Using explicit builtin_expect hints to indicate the likely branch direction; and 2) Leveraging profile information collected from representative runs to determine branch likelihoods and optimize compilation accordingly. Profile-guided optimization (PGO) generalizes this approach to further optimizations beyond just branch prediction.
Real-Time Web Apps & Symfony. What are your options?Phil Leggetter
This document discusses options for building real-time web applications with Symfony. It covers existing solutions like ReactPHP, Ratchet, Faye and Pusher that provide real-time functionality. It also considers factors like programming language, application functionality, architecture, and whether to use a self-hosted or hosted solution. Example architectures are presented using Symfony with Ratchet and Faye. The document aims to help developers choose the right real-time solution for their needs.
This document discusses HTTP/2 support in Go 1.6. It notes that the net/http package now supports HTTP/2 out of the box. It provides code samples showing how a server can be configured with and without HTTP/2 support. It also describes how HTTP/2 functionality like HPACK header compression, server push, flow control, and priority are implemented in Go net/http. Finally, it summarizes the current level of HTTP/2 specification compliance and areas still in development.
This document summarizes Stas Zozulja's presentation on building real-time web applications with WebSockets and related technologies. The presentation covered transport mechanisms for real-time applications like WebSockets, long polling and HTTP streaming. It also discussed tools for building real-time PHP applications like Ratchet and Pushpin, a reverse proxy that allows using WebSockets over HTTP. Example code was provided for implementing a real-time chat application with these tools.
The document discusses Chromium's caching system. It describes the overall network stack and cache flow, including the disk cache which stores web resources on disk. It then focuses on the "simple cache" implementation, a new backend for disk cache that uses one file per cache entry and an index file for faster lookups. The simple cache aims to be more resilient to corruption, reduce delays, and have lower memory and disk usage than the existing blockfile backend.
How to write a well-behaved Python command line applicationgjcross
Tutorial #1 from PyCon AU 2012
Python is a fantastic scripting language. It is easy to hack up quick scripts for all sorts of problems - without a lot more effort, that hack can become a robust, easily maintained command line application that your users love.
This tutorial covers how to write useful, well-behaved command line applications that are a joy to use:
* Easily process command line options
* Write a script that can be used interactively or as a filter
* Display help to the user
* Gracefully handle and report errors, to the user and the shell
* Trap and process signals in a robust manner
* Create an easily configured application
* Use a range of the Python standard library modules for easier command line scripting
* Test your application
* Set up the supporting files that any well-behaved application should have, eg. a man page
* How to package your application for other people to use
This tutorial will assume a very basic knowledge of Python and some familiarity with the command line environment of your choice.
Moving from Jenkins 1 to 2 declarative pipeline adventuresFrits Van Der Holst
T-Dose 2017 presentation, Sunday 19 November 2017. Adventures building a declarative pipeline script for a traditional (non-java/non-cloud) installable windows/Linux application. Video will hopefully be available later.
This company transitioned their highly-threaded scalable server software to the Go programming language two years ago after facing issues with C++ like memory management problems and uncontrolled code growth. They created a prototype in Go that had 26% less code, was fully garbage collected, and had a smooth learning curve. They rewrote their entire server software in Go, resulting in 42% less code and no memory issues. While dependencies and language changes have caused some problems, overall Go has worked well for their needs and their developers now prefer Go for some projects.
The CFEngine Roadshow is a multi-platform configuration management training that started in 2007 and is now in its fifth edition. It uses CFEngine to demonstrate how to automate configuration of virtual machines for tasks like installing Java, Tomcat, and deploying applications. A past success story showed how CFEngine was implemented at DirecTV to manage over 3,500 servers, improving quality, enabling patching, and providing an automated CMDB. Key CFEngine concepts covered include desired state configuration, convergence, policy-based versus imperative configuration, and CFEngine's small footprint and ability to manage diverse platforms.
NanoCloud provides a way to deploy Java applications across multiple servers and nodes in a cloud-like manner using only SSH and Java. It handles classpath replication, remote execution, and bidirectional communication between nodes in a transparent way without heavy infrastructure requirements. The document outlines NanoCloud's capabilities and goals to simplify distributed testing and deployment of Java applications at scale.
This document provides an overview of server-side JavaScript using Node.js in 3 sentences or less:
Node.js allows for the development of server-side applications using JavaScript and non-blocking I/O. It introduces some theory around event loops and asynchronous programming in JavaScript. The document includes examples of building HTTP and TCP servers in Node.js and connecting to MongoDB, as well as when Node.js may and may not be suitable.
Front End performance as a Continuous Integration - Part1Tarence DSouza
This document discusses making front-end performance (FEP) testing an automated part of the continuous integration (CI) process. It outlines several tools that can be used to automate FEP reporting, including Browser-Perf, PerfJankie, SauceLabs, Google Closure Compiler, Spy JS, Phantomas, and others. These tools can measure metrics like page load times, repaint times, and JavaScript execution times. Integrating these tools into the CI process would help catch performance regressions early and ensure code meets best practices for performance.
This presentation provides a brief overview of the history of JavaScript and its ecosystem and highlights the excellent JS support provided by the latest NetBeans IDE. You can find the examples on github: https://github.com/saikos/NetBeansES6Support
This document discusses debugging CPython processes with gdb. It begins by stating the goals of making gdb a useful option for debugging and highlighting common issues. It then discusses why debugging is important for large open source projects like OpenStack. Several typical problems that gdb can help with are described, such as hung processes, stepping into native code, and interpreter crashes. Advantages of gdb over pdb are outlined. Prerequisites for using gdb to debug Python are covered, including ensuring gdb has Python support and obtaining CPython debugging symbols. Various gdb commands for debugging Python processes are demonstrated, such as attaching to a process, printing tracebacks and locals, and executing Python code in the debugged process. Finally, some common gotchas are highlighted around virtual environments
The future of the php development environmentJeremy Quinton
This document discusses the past, present, and future of the PHP development environment. In the past, setting up PHP environments was difficult and environments often differed from production. Currently, Vagrant helps address these issues by providing an easy way to configure and provision consistent development environments. It allows specifying environments using configuration files and provisioning them using tools like Chef. Going forward, Vagrant aims to support more providers like AWS and improve collaboration features.
At Fluent Conference 2018, Nic Jansma and Charles Vazac perform an honest audit of several popular third-party libraries to understand their true cost to your site, exploring loading patterns, SPOF avoidance, JavaScript parsing, long tasks, runtime overhead, polyfill headaches, security and privacy concerns, and more. They also share tools to help you decide if a library’s risks and unseen costs are worth it.
When Third Parties Stop Being Polite... and Start Getting RealNicholas Jansma
By Nic Jansma and Charlie Vazac (Akamai)
Fluent 2018
Would you give the Amazon Prime delivery robot the key to your house, just because it stops by to deliver delicious packages every day? Even if you would, do you still have 100% confidence that it wouldn’t accidentally drag in some mud, let the neighbor in, steal your things, or burn your house down? Worst-case scenarios such as these are what you should be planning for when deciding whether or not to include third-party libraries and services on your website. While most libraries have good intentions, by including them on your site, you have given them complete control over the kingdom. Once on your site, they can provide all of the great services you want—or they can destroy everything you’ve worked so hard to build.
It’s prudent to be cautious: we’ve all heard stories about how third-party libraries have caused slowdowns, broken websites, and even led to downtime. But how do you evaluate the actual costs and potential risks of a third-party library so you can balance that against the service it provides? Every library requires nonzero overhead to provide the service it claims. In many cases, the overhead is minimal and justified, but we should quantify it to understand the real cost. In addition, libraries need to be carefully crafted so they can avoid causing additional pain when the stars don’t align and things go wrong.
Nic Jansma and Charles Vazac perform an honest audit of several popular third-party libraries to understand their true cost to your site, exploring loading patterns, SPOF avoidance, JavaScript parsing, long tasks, runtime overhead, polyfill headaches, security and privacy concerns, and more. From how the library is loaded, to the moment it phones home, you’ll see how third-parties can affect the host page and discover best practices you can follow to ensure they do the least potential harm.
With all of the great performance tools available to developers today, we’ve gained a lot of insight into just how much third-party libraries are impacting our websites. Nic and Charles detail tools to help you decide if a library’s risks and unseen costs are worth it. While you may not have the time to perform a deep dive into every third-party library you want to include on your site, you’ll leave with a checklist of the most important best practices third-parties should be following for you to have confidence in them.
Check Yourself Before You Wreck Yourself: Auditing and Improving the Performa...Nicholas Jansma
Boomerang is an open-source Real User Monitoring (RUM) JavaScript library used by thousands of websites to measure their visitor's experiences. The developers behind Boomerang take pride in building a reliable and performant third-party library that everyone can use without being concerned about its measurements affecting their site. We recently performed and shared an audit of Boomerang's performance, to help communicate its "cost of doing business", and in doing so we found several areas of code that we wanted to improve. We'll discuss how we performed the audit, some of the improvements we've made, how we're testing and validating our changes, and the real-time telemetry we capture for our library to ensure we're having as little of an impact as possible on the sites we're included on.
Boomerang is an open-source Real User Monitoring (RUM) JavaScript library used by thousands of websites to measure their visitor's experiences.
Boomerang runs on billions of page loads a day, either via the open-source library or as part of Akamai's mPulse RUM service. The developers behind Boomerang take pride in building a reliable and performant third-party library that everyone can use without being concerned about its measurements affecting their site.
Recently, we performed and shared an audit of Boomerang's performance, to help communicate the "cost of doing business" of including Boomerang on a page while it takes its measurements. In doing the audit, we found several areas of code that we wanted to improve and have been making continuous improvements ever since. We've taken ideas and contributions from the OSS community, and have built a Performance Lab that helps "lock in" our improvements by continuously measuring the metrics that are important to us.
We'll discuss how we performed the audit, some of the improvements we've made, how we're testing and validating our changes, and the real-time telemetry we capture on our library to ensure we're having as little of an impact as possible on the sites we're included on.
Measuring Front-End Performance - What, When and How?Gareth Hughes
This document discusses front-end performance measurement. It recommends measuring performance at every stage of a project's lifecycle using both synthetic and real user monitoring tools. Key metrics to measure include time to first byte, speed index, user timings. Both types of tools provide valuable but different insights and should be used together. Performance data should be reported visually through dashboards to make it relevant and actionable. The goal is to establish a "culture of performance" and catch problems early.
Prometheus and Docker (Docker Galway, November 2015)Brian Brazil
Brian Brazil is an engineer passionate about reliable systems who has worked at Google SRE and Boxever. He discusses Prometheus, an open source monitoring system he helped create. Prometheus offers inclusive monitoring of services, is manageable and reliable, integrates easily with other tools, and provides powerful querying and dashboards. It is efficient, scalable, and helps provide visibility into systems through its data model and labeling.
In the realm of real-time applications, Large Language Models (LLMs) have long dominated language-centric tasks, while tools like OpenCV have excelled in the visual domain. However, the future (maybe) lies in the fusion of LLMs and deep learning, giving birth to the revolutionary concept of Large Action Models (LAMs).
Imagine a world where AI not only comprehends language but mimics human actions on technology interfaces. For example, the Rabbit r1 device presented at CES 2024, driven by an AI operating system and LAM, brings this vision to life. It executes complex commands, leveraging GUIs with unprecedented ease.
In this presentation, join me on a journey as a software engineer tinkering with WebRTC, Janus, and LLM/LAMs. Together, we’ll evaluate the current state of these AI technologies, unraveling the potential they hold for shaping the future of real-time applications.
Website Monitoring with Distributed Messages/Tasks Processing (AMQP & RabbitM...Jimmy DeadcOde
Here are the key steps to integrate Facebook login into a Django website:
1. Register your website with Facebook Developers and create an app. This will give you an App ID and App Secret.
2. Install the Python social auth app: `pip install social-auth-app-django`
3. Add 'social_django' to INSTALLED_APPS in settings.py
4. Configure the Facebook backend:
```python
SOCIAL_AUTH_FACEBOOK_KEY = '<your app id>'
SOCIAL_AUTH_FACEBOOK_SECRET = '<your app secret>'
```
5. Add the Facebook login URL to your URLs:
```python
url(r'^social
Metrics, metrics everywhere (but where the heck do you start?) SOASTA
This document discusses various metrics for measuring website performance and user experience. It outlines different types of metrics including:
- Network metrics like DNS resolution, TCP connection times, and time to first byte.
- Browser metrics like start render time, DOM loading/ready times, and page load times.
- Resource-level metrics obtained from the Resource Timing API like individual asset load times and response sizes.
- User-centric metrics like Speed Index, time to visible content, and metrics for single-page applications without traditional page loads.
It emphasizes the importance of measuring real user monitoring data alongside synthetic tests, and looking at higher percentiles rather than just averages due to variability in user environments and network conditions
Velocity NYC: Metrics, metrics everywhere (but where the heck do you start?)Cliff Crocker
This document discusses various metrics for measuring website performance. It begins by noting that there are many metrics to consider and no single metric tells the whole story. It then discusses several key metrics for measuring different aspects of performance, including:
- Front-end metrics like start render, DOM loading/ready, and page load that can isolate front-end from back-end performance.
- Network metrics like DNS and TCP timings that provide insight into connectivity issues.
- Resource timing metrics that measure individual assets to understand impacts of third parties and CDNs.
- User timing metrics like measuring above-the-fold content that capture user experience.
It emphasizes the importance of considering real user monitoring data alongside
Metrics, metrics everywhere (but where the heck do you start?)Tammy Everts
There’s no one-size-fits-all approach to metrics. In this session, Cliff Crocker and I walk through various metrics that answer performance questions from multiple perspectives — from designer and DevOps to CRO and CEO. You’ll walk away with a better understanding of your options, as well as a clear understanding of how to choose the right metric for the right audience.
This document discusses profiling PHP applications to improve performance. It recommends profiling during development to identify inefficiencies. The document introduces Xdebug for profiling PHP code and Webgrind, a PHP frontend for visualizing Xdebug profiles. It provides an example of profiling a sample PHP application, identifying issues, making code changes, and verifying performance improvements through re-profiling.
The document provides guidance on developing reliable load test scripts and scenarios. It discusses test data requirements, parameterizing dynamic values, proper use of HTTP protocol versus GUI-level scripting, handling asynchronous requests, implementing think time and pacing, validating scripts, and best practices for load scenario configuration. The goal is to explore main points around scripting best practices, validating load scripts thoroughly, and configuration best practices to build effective performance tests.
Using Groovy to empower WebRTC Network Systemsantonry
This workshop introduces to WebRTC and how you can utilize its open API to develop Rich Communication services in your web applications. It describes a general Java gateway to allow the translation of WebRTC to SIP, the protocol used internally in the majority of VoIP networks and how Groovy is used to empower the process. In the end of the workshop, the assistants will be able to develop and deploy a basic webpage and they will have the knowledge to customize the example and develop more complex features, adding audio, video or data to HTML5, iOS or Android applications.
Monitoring in Big Data Platform - Albert Lewandowski, GetInDataGetInData
Did you like it? Check out our blog to stay up to date: https://getindata.com/blog
The webinar was organized by GetinData on 2020. During the webinar we explaned the concept of monitoring and observability with focus on data analytics platforms.
Watch more here: https://www.youtube.com/watch?v=qSOlEN5XBQc
Whitepaper - Monitoring ang Observability for Data Platform: https://getindata.com/blog/white-paper-big-data-monitoring-observability-data-platform/
Speaker: Albert Lewandowski
Linkedin: https://www.linkedin.com/in/albert-lewandowski/
___
Getindata is a company founded in 2014 by ex-Spotify data engineers. From day one our focus has been on Big Data projects. We bring together a group of best and most experienced experts in Poland, working with cloud and open-source Big Data technologies to help companies build scalable data architectures and implement advanced analytics over large data sets.
Our experts have vast production experience in implementing Big Data projects for Polish as well as foreign companies including i.a. Spotify, Play, Truecaller, Kcell, Acast, Allegro, ING, Agora, Synerise, StepStone, iZettle and many others from the pharmaceutical, media, finance and FMCG industries.
https://getindata.com
Talk given at the London AICamp meet up on the 13 July 2023. It's an introduction on building open-source ChatGPT-like chat bots and some of the considerations to have while training/tuning them using Airflow.
This document provides an overview of the tools available in Chrome Dev Tools for web development and performance analysis. It describes the Elements, Styles, and Resources panels for inspecting and editing pages. It also covers the Network panel for analyzing resource loading, the Timeline for performance profiling, and the Audits and PageSpeed panels for optimization suggestions. Tips are provided on using these various Dev Tools to debug issues, optimize pages, and remotely debug on devices.
Ten practical ways to improve front-end performanceAndrew Rota
Conference talk presented at PHP South Coast 2017. Ten concrete ways to improve web performance, split between quick tactical wins and longer-term overarching strategies.
This document discusses benchmarking HTTP/2 using the h2load tool. It provides examples of using h2load to test various HTTP/2 configurations and protocols. The document also summarizes several experiments comparing performance of HTTP/2 with different settings, such as with or without domain sharding, combo handling, and different servers like ATS and nghttpx. It concludes that we need to consider server capacity for HTTP/2 deployments and that h2load is not perfect, providing opportunities for contribution.
Similar to When third parties stop being polite... and start getting real (20)
How RPA Help in the Transportation and Logistics Industry.pptxSynapseIndia
Revolutionize your transportation processes with our cutting-edge RPA software. Automate repetitive tasks, reduce costs, and enhance efficiency in the logistics sector with our advanced solutions.
Advanced Techniques for Cyber Security Analysis and Anomaly DetectionBert Blevins
Cybersecurity is a major concern in today's connected digital world. Threats to organizations are constantly evolving and have the potential to compromise sensitive information, disrupt operations, and lead to significant financial losses. Traditional cybersecurity techniques often fall short against modern attackers. Therefore, advanced techniques for cyber security analysis and anomaly detection are essential for protecting digital assets. This blog explores these cutting-edge methods, providing a comprehensive overview of their application and importance.
Mitigating the Impact of State Management in Cloud Stream Processing SystemsScyllaDB
Stream processing is a crucial component of modern data infrastructure, but constructing an efficient and scalable stream processing system can be challenging. Decoupling compute and storage architecture has emerged as an effective solution to these challenges, but it can introduce high latency issues, especially when dealing with complex continuous queries that necessitate managing extra-large internal states.
In this talk, we focus on addressing the high latency issues associated with S3 storage in stream processing systems that employ a decoupled compute and storage architecture. We delve into the root causes of latency in this context and explore various techniques to minimize the impact of S3 latency on stream processing performance. Our proposed approach is to implement a tiered storage mechanism that leverages a blend of high-performance and low-cost storage tiers to reduce data movement between the compute and storage layers while maintaining efficient processing.
Throughout the talk, we will present experimental results that demonstrate the effectiveness of our approach in mitigating the impact of S3 latency on stream processing. By the end of the talk, attendees will have gained insights into how to optimize their stream processing systems for reduced latency and improved cost-efficiency.
Kief Morris rethinks the infrastructure code delivery lifecycle, advocating for a shift towards composable infrastructure systems. We should shift to designing around deployable components rather than code modules, use more useful levels of abstraction, and drive design and deployment from applications rather than bottom-up, monolithic architecture and delivery.
Comparison Table of DiskWarrior Alternatives.pdfAndrey Yasko
To help you choose the best DiskWarrior alternative, we've compiled a comparison table summarizing the features, pros, cons, and pricing of six alternatives.
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...Toru Tamaki
Jindong Gu, Zhen Han, Shuo Chen, Ahmad Beirami, Bailan He, Gengyuan Zhang, Ruotong Liao, Yao Qin, Volker Tresp, Philip Torr "A Systematic Survey of Prompt Engineering on Vision-Language Foundation Models" arXiv2023
https://arxiv.org/abs/2307.12980
Best Practices for Effectively Running dbt in Airflow.pdfTatiana Al-Chueyr
As a popular open-source library for analytics engineering, dbt is often used in combination with Airflow. Orchestrating and executing dbt models as DAGs ensures an additional layer of control over tasks, observability, and provides a reliable, scalable environment to run dbt models.
This webinar will cover a step-by-step guide to Cosmos, an open source package from Astronomer that helps you easily run your dbt Core projects as Airflow DAGs and Task Groups, all with just a few lines of code. We’ll walk through:
- Standard ways of running dbt (and when to utilize other methods)
- How Cosmos can be used to run and visualize your dbt projects in Airflow
- Common challenges and how to address them, including performance, dependency conflicts, and more
- How running dbt projects in Airflow helps with cost optimization
Webinar given on 9 July 2024
Choose our Linux Web Hosting for a seamless and successful online presencerajancomputerfbd
Our Linux Web Hosting plans offer unbeatable performance, security, and scalability, ensuring your website runs smoothly and efficiently.
Visit- https://onliveserver.com/linux-web-hosting/
The DealBook is our annual overview of the Ukrainian tech investment industry. This edition comprehensively covers the full year 2023 and the first deals of 2024.
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...Bert Blevins
Today’s digitally connected world presents a wide range of security challenges for enterprises. Insider security threats are particularly noteworthy because they have the potential to cause significant harm. Unlike external threats, insider risks originate from within the company, making them more subtle and challenging to identify. This blog aims to provide a comprehensive understanding of insider security threats, including their types, examples, effects, and mitigation techniques.
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsMydbops
This presentation, delivered at the Postgres Bangalore (PGBLR) Meetup-2 on June 29th, 2024, dives deep into connection pooling for PostgreSQL databases. Aakash M, a PostgreSQL Tech Lead at Mydbops, explores the challenges of managing numerous connections and explains how connection pooling optimizes performance and resource utilization.
Key Takeaways:
* Understand why connection pooling is essential for high-traffic applications
* Explore various connection poolers available for PostgreSQL, including pgbouncer
* Learn the configuration options and functionalities of pgbouncer
* Discover best practices for monitoring and troubleshooting connection pooling setups
* Gain insights into real-world use cases and considerations for production environments
This presentation is ideal for:
* Database administrators (DBAs)
* Developers working with PostgreSQL
* DevOps engineers
* Anyone interested in optimizing PostgreSQL performance
Contact info@mydbops.com for PostgreSQL Managed, Consulting and Remote DBA Services
Transcript: Details of description part II: Describing images in practice - T...BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and slides: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
An invited talk given by Mark Billinghurst on Research Directions for Cross Reality Interfaces. This was given on July 2nd 2024 as part of the 2024 Summer School on Cross Reality in Hagenberg, Austria (July 1st - 7th)
Are you interested in dipping your toes in the cloud native observability waters, but as an engineer you are not sure where to get started with tracing problems through your microservices and application landscapes on Kubernetes? Then this is the session for you, where we take you on your first steps in an active open-source project that offers a buffet of languages, challenges, and opportunities for getting started with telemetry data.
The project is called openTelemetry, but before diving into the specifics, we’ll start with de-mystifying key concepts and terms such as observability, telemetry, instrumentation, cardinality, percentile to lay a foundation. After understanding the nuts and bolts of observability and distributed traces, we’ll explore the openTelemetry community; its Special Interest Groups (SIGs), repositories, and how to become not only an end-user, but possibly a contributor.We will wrap up with an overview of the components in this project, such as the Collector, the OpenTelemetry protocol (OTLP), its APIs, and its SDKs.
Attendees will leave with an understanding of key observability concepts, become grounded in distributed tracing terminology, be aware of the components of openTelemetry, and know how to take their first steps to an open-source contribution!
Key Takeaways: Open source, vendor neutral instrumentation is an exciting new reality as the industry standardizes on openTelemetry for observability. OpenTelemetry is on a mission to enable effective observability by making high-quality, portable telemetry ubiquitous. The world of observability and monitoring today has a steep learning curve and in order to achieve ubiquity, the project would benefit from growing our contributor community.
4. Why are we here today?
3rd parties are a necessary component of most
websites.
We depend on 3rd party software to help us
build websites with blazing speed.
They (theoretically) add value to our sites.
But do they come at a cost?
We’ll cover:
● Performance
● Compatibility
● Privacy & Security
● How to:
○ Evaluate
○ Monitor
○ Protect
5. Examples of 3rd parties:
● Frameworks
● Social media widgets
● Analytics
● A/B testing
● RUM
● Utility libraries
● Polyfills
● Ads
● Chat
● Marketing
● Fonts
● CSS
A 3rd Party library is any library you
didn’t write.
They might be packaged in your
application’s JavaScript bundle,
included via a cross-origin <script>
tag, or injected via a tag manager.
What is a 3rd Party?
6. This is the true story... of 14 strangers...This is the true story... of 14 third parties...
13. <script async src="//cdn.remarketing.com/js/foo.min.js"></script>
That one little line can:
● Cause your page to stop loading
● Slow down other components
● Create incompatibilities with other libraries
● Change from underneath you
● Take total control of your site
What can go wrong?
14. <script async src="//cdn.remarketing.com/js/foo.min.js"></script>
But it says async!
async allows the browser to continue parsing the HTML
instead of waiting for that script to load.
The browser still waits to fire the load event until all
async scripts are loaded. SPOF!
A slow async script will make your visitors think your site
is still loading (slowly!)
15. “Everything should have a value, because everything has a cost” - @tkadlec
How can we judge the cost of a script?
$ ls -al modernizr.js*
-rw-r--r--@ 1 nicjansma staff 92,475 May 30 20:20 modernizr.js
-rw-r--r-- 1 nicjansma staff 32,599 May 30 20:21 modernizr.js.gz
… it’s... cheap???
Evaluating the Cost of a 3rd Party
16. A third-party’s size (bytes) contributes to the overall Page Weight.
Page Weight is important - it has an effect on how long the page takes to load,
especially on lower-end devices or slower connections.
Lowering the Page Weight can improve load times, so you want to factor the
byte cost of a third-party into your overall Performance Budget.
… but while it’s the easiest way to judge a third party, it’s just one aspect of the
overall cost.
Resource Weight
18. A task is work the browser is doing to build the page, such as parsing HTML,
executing JavaScript, or performing layout. This happens on the main thread.
The browser cannot respond to user input (clicking, scrolling, etc) while
executing a task.
Long Tasks are due to complex work that requires more than 50ms of
execution time. i.e. parsing or executing complex JavaScript.
Long Tasks will delay Time to Interactive - the point at which your app is
responsive.
Long Tasks and Time to Interactive
19. LongTasks and Time to Interactive
Navigate First Paint Page Load
Time to
Interactive
Framework
Parse / Init
Task
Long Task
(>50ms) Click (delayed)
Onload
Handlers
busy idle busy idle
network
main thread
Click
(responsive!)
Click
(responsive!)
20. 1. Loader Snippet / <script>
2. Download
3. Parse + Compile
4. Initialize
5. Runtime / events
A 3rd-Party Script’s Lifecycle
Critical path!
Script tag itself has no cost: <script src="..."></script>
Snippets have a cost (2-10ms on desktop Chrome):
<script type="text/javascript">
(function() {
var po = document.createElement('script');
po.type = 'text/javascript'; po.async = true;
po.src = 'https://.../foo.js';
var s = document.getElementsByTagName('script')[0];
s.parentNode.insertBefore(po, s);
})();
</script>
21. Tag Manager
● Extra connection (parallel
loads)
● Extra connection (DNS / TCP
time)
● Manager has to load first
● Manager is a third-party script
too!
● A good way to get the script
into your app without a code
review
External <script src="...">
● Extra connection (parallel
loads)
● Extra connection (DNS / TCP
time)
● You don’t control the version
● You don’t control load order
● Can cause SPOF
App Bundle
● Loaded with the rest of your
libraries
● You control of the version
● You control the load order
● Will slow down the loading of
anything behind it in the bundle
Many ways to load
22. A 3rd-Party Script’s Lifecycle
1. Loader Snippet / <script>
2. Download
3. Parse + Compile
4. Initialize
5. Runtime / event handlers
Every byte affects overall page weight.
Critical path?
● External <script> / tag: no (unless sharing domain)
● Bundled with other components: yes?
Load from a CDN!
The script may load additional resources.
25. 1. Loader Snippet / <script>
2. Download
3. Parse + Compile
4. Initialize
5. Runtime / event handlers
A 3rd-Party Script’s Lifecycle
Critical path!
After being fetched, the browser must parse / compile the
(decompressed) JavaScript before it’s executed.
Less bytes = less parse / compile.
● Moment 5 ms 143 KB
● Boomerang 10 ms 188 KB
● Twitter Widget 10 ms 227 KB
● jQuery 11 ms 265 KB
● Angular 22 ms 1291 KB
26. 1. Loader Snippet / <script>
2. Download
3. Parse + Compile
4. Initialize
5. Runtime / event handlers
A 3rd-Party Script’s Lifecycle
Critical path!
Many scripts will initialize (do some work) at startup - create
structures, globals, hook events, etc.
● moment 2 ms
● jQuery 9 ms
● Boomerang 10 ms
● Angular 12 ms
● Twitter Widget 20 ms
27. Critical path!
The library should be there for a reason.
This reason will do work periodically or based on user
interactions.
● SPA framework updating the view after a route change
● Analytics scripts sending beacons at onload
● Charting library responding to user interactions
All will be done on the main thread can can cause Long Tasks.
1. Loader Snippet / <script>
2. Download
3. Parse + Compile
4. Initialize
5. Runtime / event handlers
A 3rd-Party Script’s Lifecycle
28. Boomerang’s Performance Audit
https://nicj.net/an-audit-of-boomerangs-performance/
TL;DR boomerang’s cost (high-end to low-end devices):
1. Loader Snippet 2 - 40 ms
2. Download 164 KB raw / 47 KB gzip (non-blocking)
3. Parse 6 - 47 ms
4. Initialize 10 - 80 ms
5. @onload 10 - 300 ms
6. Beacon 2 - 20 KB
7. Runtime minimal
Tracking improvements @ https://github.com/SOASTA/boomerang/issues
30. What 3rd Party Scripts Should be Doing...
They should:
● Use a CDN
● Compress resources
● Set caching headers
● Set Timing-Allow-Origin
● Set Access-Control-Allow-
Origin
● Support HTTPS
● Support HTTP/2
● Minify
● Have ~100% uptime
Minimal:
● JavaScript size
● Work without yielding
● Network latency
● CPU
● Requests
● Cookies
● DOM changes / additions
● Event hooks
● Global variables
● Patching
● Changes without your permission
No:
● document.write()
● alert() or prompt()
● eval()
● debugger;
● Console messages
● JavaScript errors
● Including other libs
● Redirects
● Known vulnerabilities
33. ● Resource Hints
● 3rd-Party <script> tag vs. self-hosting (bundling) vs. tag manager
● Lazy loading, and only load tags when they’re needed, not globally
● ServiceWorker
Every third-party should have an owner or “internal champion”.
Protecting your Performance
35. I’m not sure one
analytics script
is enough.
I’m going to
need you to add
two more over
the weekend,
mm’k?
You Bossman
36. WHO?
Compatibility
TL;DR - When bringing third-party code or integrating widgets into your
page, you need to pay special attention to how scripts can unknowingly
affect each other. The two major friction points are polyfills and built-
in patching.
WHAT? WHEN?
Very hard 🐞🐞🐞 to triage!
37. WHO?
Compatibility
● Rarely tested together
● Loading order is not always guaranteed
● Opaque release cycle
● Patched browser APIs ☠
● Polyfills ☠
WHAT? WHEN?
Very hard 🐞🐞🐞 to triage!
41. // lazy loading package
window.requestAnimationFrame = window.requestAnimationFrame || setTimeout
Polyfills - Script Errors
// in-page feature detection
if (typeof requestAnimationFrame === 'function') {
var requestId = requestAnimationFrame(function() {
/* fancy animation codez */
})
// sometime later
cancelAnimationFrame(requestId) // throws Uncaught ReferenceError: cancelAnimationFrame is not defined
}
42. var performance = (function() {
var perf = window.performance || {};
if (!Object.prototype.hasOwnProperty.call(perf, 'now')) {
var nowOffset = perf.timing && perf.timing.domComplete ? perf.timing.domComplete : (new Date()).getTime();
perf.now = function() {
return (new Date()).getTime() - nowOffset;
};
}
return perf;
})();
Polyfills - Data Corruption
43. var performance = (function() {
var perf = window.performance || {};
if (!Object.prototype.hasOwnProperty.call(perf, 'now')) {
var nowOffset = perf.timing && perf.timing.domComplete ? perf.timing.domComplete : (new Date()).getTime();
perf.now = function() {
return (new Date()).getTime() - nowOffset;
};
}
return perf;
})();
Polyfills - Data Corruption
44. Polyfills - Loading Strategy
On developers wanting to use the new hotness while maintaining backwards
compat:
“The problem with this approach is it prioritizes developer
convenience over user experience, and it unnecessarily
penalizes users on modern browsers by forcing them to
download a lot of code they don’t need.” - @philwalton
61. You Bossman
Is it normal for
the fan in my
computer to go
into overdrive
every time I
open up our
webapp?
62. TL;DR - New browser APIs like Content Security Policy (CSP) and
Subresource Integrity (SRI) are great, but they are not the silver bullet.
Because of code obfuscation and other tactics, you also need code-
level monitoring.
Privacy & Security
70. Content Security Policy
CSPs allow you to whitelist the domains that you permit to:
● Execute script (script-src)
● Include images (image-src)
● Make network requests (connect-src)
● Be form targets (form-action)
● Include IFRAMEs (frame-ancestors)
CSP is hard to get perfect, so take advantage of these tools.:
● CSP policy generator wizard - https://report-uri.com/home/generate
● CSP evaluator - https://csp-evaluator.withgoogle.com/
71. Subresource Integrity
Subresource Integrity allows you to make sure that the script you pull down
from a third-party is EXACTLY what you are expecting - or it will not execute.
<script
src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"
integrity="sha384-tsQFqpEReu7ZLhBV2VZlAu7zcOV+rXbYlF2cqB8txI/8aZajjp4Bqd+V6D5IgvKT"
crossorigin="anonymous">
</script>
Downside: it does complicate upgrading libraries.