This document summarizes Narihiro Nakamura's presentation on symbol garbage collection in Ruby. It describes the problem that symbols are currently uncollectable in Ruby and outlines an idea to make symbols collectable by differentiating between immortal symbols and mortal symbols. Immortal symbols would refer to symbols used in the C layer like method names, while mortal symbols like those generated from strings would be collectable. The implementation would involve separating symbols into static immortal symbols and dynamic mortal symbols (or immortal symbols) to allow mortal symbols to be garbage collected unless referenced from the C layer.
Why functional programming and category theory strongly mattersPiotr Paradziński
Abstractions of Category Theory to define abstractions (Functor, Applicative, Monad, Comonad, Coyoneda) commonly used in functional programming (FP). Using definitions from Category Theory to reason about modular and composable design. Examples based on Haskell papers: Functional pearls translated to Scala.
gRPC is a modern high performance RPC (Remote Procedure Call) framework that can run in any environment. gRPC is based on HTTP/2, Protocol Buffers and other modern standard-based technologies. Together with excellent tooling, it helps you create high throughput, low latency, real-time services.
Why functional programming and category theory strongly mattersPiotr Paradziński
Abstractions of Category Theory to define abstractions (Functor, Applicative, Monad, Comonad, Coyoneda) commonly used in functional programming (FP). Using definitions from Category Theory to reason about modular and composable design. Examples based on Haskell papers: Functional pearls translated to Scala.
gRPC is a modern high performance RPC (Remote Procedure Call) framework that can run in any environment. gRPC is based on HTTP/2, Protocol Buffers and other modern standard-based technologies. Together with excellent tooling, it helps you create high throughput, low latency, real-time services.
Professionnel informatisé orienté vers le détail avec quatre ans d'expérience en tant que spécialiste du support logiciel et système information et industrielle.
Compétence à fonctionner dans une large gamme de plates-formes. Excellentes compétences technique et en communication écrite et orale; Capable d'expliquer des problèmes logiciels complexes dans des termes faciles à comprendre
Slides for a presentation given at the Go MN meetup https://www.meetup.com/golangmn/ given on 4/15/2020.
The associated code is available at https://github.com/andreburgaud/meetup-golang-lua. The topic is about the interoperability between Go and Lua, or Lua and Go.
Professionnel informatisé orienté vers le détail avec quatre ans d'expérience en tant que spécialiste du support logiciel et système information et industrielle.
Compétence à fonctionner dans une large gamme de plates-formes. Excellentes compétences technique et en communication écrite et orale; Capable d'expliquer des problèmes logiciels complexes dans des termes faciles à comprendre
Slides for a presentation given at the Go MN meetup https://www.meetup.com/golangmn/ given on 4/15/2020.
The associated code is available at https://github.com/andreburgaud/meetup-golang-lua. The topic is about the interoperability between Go and Lua, or Lua and Go.
I will talk about some improvements of GC in Ruby 2.0.0. For instance, I will introduce about implementations of Bitmap Marking GC and so on, and show results of benchmarks after these are implemented.
Animation version is here: https://gumroad.com/l/xWCR (premium version)
SFO15-500: VIXL
Speaker: Amaury Le Leyzour
Date: September 25, 2015
★ Session Description ★
VIXL is dynamic code generation toolkit for ARMv8 that we hope will enable JIT creators to rapidly target the ARM instruction set.
Over the past few years we (the ARM JIT team) have worked on the code generators of many of the leading JIT compilers for the JavaScript and Java languages. During that time we built up a strong knowledge base on some of the pitfalls and time-sinks involved in creating a good JIT compiler backend. This led us to develop some tools to help improve our productivity. With ARM announcing the new Cortex-A range of processors supporting the AArch64 execution state we decided that we would focus our efforts on A64 tooling to enable developers to rapidly port programming language virtual machines for this new processor range. Soon after we decided to support Aarch32 as well.
This presentation will introduce you to what VIXL is, what’s new in VIXL and how to use it and take advantage of all its components that cover all the aspects of software development on ARM CPUs.
★ Resources ★
Video: https://www.youtube.com/watch?v=XxMTSO4clQY
Etherpad: pad.linaro.org/p/sfo15-500
Pathable: https://sfo15.pathable.com/meetings/303091
★ Event Details ★
Linaro Connect San Francisco 2015 - #SFO15
September 21-25, 2015
Hyatt Regency Hotel
http://www.linaro.org
http://connect.linaro.org
OSCON Presentation: Developing High Performance Websites and Modern Apps with...Doris Chen
Creating high performance sites and apps is crucial for every developer. In this session, we will explore the best practices and performance tricks, including startup time, UI responsiveness, and Memory efficiency to make your apps running faster and fluid. Come learn the tips, tricks, and tools for maximizing the performance of your sites and apps with JavaScript and HTML5.
Dip Your Toes in the Sea of Security (CoderCruise 2017)James Titcumb
Security is an enormous topic, and it’s really complicated. If you’re not careful, you’ll find yourself vulnerable to any number of attacks which you don’t want to be on the receiving end of. This talk will give you a taste of the vast array of things there is to know about security in modern web applications. Whether you are writing anything beyond a basic website, or even a complex web application, this talk will give you insights to some of the things you need to be aware of.
Deterministic Simulation - What modern online games can learn from the Game B...David Salz
The Nintendo Game Boy featured multiplayer games using a link cable with very low throughput. The trick was deterministic simulation and that is still a useful technique today. This talk will take a look at how different types of online games can use deterministic simulation to reduce network traffic and gives practical tips on implementation.
Dip Your Toes in the Sea of Security (ConFoo YVR 2017)James Titcumb
Security is an enormous topic, and it’s really, really complicated. If you’re not careful, you’ll find yourself vulnerable to any number of attacks which you definitely don’t want to be on the receiving end of. This talk will give you just a taster of the vast array of things there is to know about security in modern web applications, such as writing secure PHP web applications and securing a Linux server. Whether you are writing anything beyond a basic brochure website, or even developing a complicated business web application, this talk will give you insights to some of the things you need to be aware of.
Does your application transmit customer information? Are there fields of sensitive customer data stored in your DB? Can your application be used on insecure networks? If so, you need a working knowledge of encryption and how to leverage Open Source APIs and libraries to make securing your data as easy as possible. Encryption is quickly becoming a developer’s new frontier of responsibility in many data-centric applications.
In today’s data-sensitive and news-sensationalizing world, don’t become the next headline by an inadvertent release of private customer or company data. Secure your persisted, transmitted and in-memory data and learn the terminology you’ll need to navigate the ecosystem of symmetric and public/private key encryption.
MMT 29: "Hab Dich!" -- Wie Angreifer ganz ohne JavaScript an Deine wertvollen...MMT - Multimediatreff
Schon wieder einer dieser Cross-Site-Scripting-Talks? Mitnichten! Manipulationen oder Datenklau via JavaScript steht heutzutage stark im Fokus und so werden ständig neue Schutzwälle dagegen entwickelt und eingesetzt. Man nutzt Eingabefilter, Sandboxes, usw. Ganz Sicherheitsbewusste schalten JavaScript gleich vollständig ab. Was jedoch wäre, wenn auch das nicht vollständig schützt? Wenn es Angriffstechniken gäbe, welche ganz und gar ohne Scripting auskommen? OK, warm anziehen, denn der Hacker Mario Heiderich zeigt Euch, dass es sie gibt!
How is Rust able to enforce safety in your code?
The simple answer to this question is: the borrow checker.
This presentation is an overview on the language concepts that helps the developer to allocate and deallocate memory in an efficient way just like in C/C++, and also safe.
Rust learnt from C/C++ design patterns and included those in the language, adding the concept of Ownership and Borrowing.
Talk given at the April 2011 Boston.rb on using Redis to store serialized Ruby objects using Nest and Ohm.
Code here -- https://github.com/bkaney/redis-talk
Inspired by Arno Haases great talk at JAX 2012, I assembled some performance "tipps" and took a look at those. Arno's permission to use the same title as he did in his talk is very much appreciated. Thanks a lot!
Called “downcase” on nil? Forgot to return the right object in one of your logic branches? Called “first” on a String instead of an Array and spent half an hour trying to figure out why a single character was getting passed around everywhere?
At Grailed, these situations were not uncommon. We are the largest marketplace for luxury men's fashion, with over 7 million users, and a growing Rails codebase that spans hundreds of thousands of lines. Before typing, changes to core interfaces often required creative grepping, modification of type checking unit tests, and updating brittle type documentation.
Ever since we started gradually typing our codebase with Sorbet, we’ve been able to make intrusive changes faster and confidently. In this talk, we’ll walk you through our prior art, challenges, learnings, and big benefits of typing our codebase.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
11. A pitfall of Symbol
✔ All symbols are not garbage collected.
✔ Many beginners don't know this fact.
✔ Make a mistake even good rubyists.
✔ Prone to vulnerability
✔ User input → symbol
✔ Compress the memory
12. Simple cases
✖ if user.respond_to(params[:method].to_sym)
Is this method callable?
NG: params[:method] is user input
✖ params[params[:attr].to_sym]
Get a value of a hash via a symbol key.
NG: params[:attr] is user input.
25. ID
✔ ID: Used by C Level.
✔ Store ID to a method table or a variable table.
✔ An unique number that corresponds to a symbol.
✔ Created by rb_intern(“foo”) of C API.
✔ :sym == :sym → 1001 == 1001
28. For example, it stores ID to the static
area of the C extension
C Ruby
global_symbols
sym_id(hash)
“foo”
1001
・
・・
last_id(long)
1001
SYMBOL
(VALUE)
:foo
Ruby's C extension
static public ID id;
SYM2ID(:foo) 1001
29. If :foo is collected,
ID in sym_id will be deleted.
C Ruby
global_symbols
sym_id(hash)
“foo”
1001
・
・・
last_id(long)
1001
SYMBOL
(VALUE)
:foo
Ruby's C extension
static public ID id;
1001 GC START
30. Then “foo”.to_sym is called.
:foo == :foo but different ID
C Ruby
global_symbols
sym_id(hash)
“foo”
1002
・
・・
last_id(long)
1001
SYMBOL
(VALUE)
:foo
Ruby's C extension
static public ID id;
1001
1002
Different
SYM2ID(:foo) != id
31. Why can't collect
garbage symbols
✔ Problem: ID remaining in the C side.
✔ We can't detect and manage all IDs in C extension.
✔ Same symbol but different ID
✔ It will create an inconsistent ID.
32. In Ruby world
RRIIPP.. AA ssyymmbbooll iiss ddeeaadd......
Photo by MIKI Yoshihito, https://www.flickr.com/pphhoottooss//mmuujjiittrraa//77557711002222449900
33. In C world
WWRRRRRRYYYYYYYYYY!!!!!!
II''mm ssttiillll aalliivvee........!!
IIDD
Photo by Zufallsfaktor, https://www.flickr.com/photos/zzuuffaallllssffaakkttoorr//55991111333388995599
36. Separates into two types of symbols
Immortal
Symbol
Mortal
Symbol
CC WWoorrlldd RRuubbyy WWoorrlldd
37. Immortal Symbol
✔ These symbols have the ID corresponding
✔ e.g. method name, variable name, constant name, etc...
✔ use in C-level mainly
✔ Uncollectable
✔ Symbol stay alive after numbering the ID
once
✔ There is no transition to Mortal Symbol.
38. def foo; end
C Ruby
global_symbols
sym_id(hash)
“foo”
1001
・
・・
last_id(long)
1001
Frozen String
“foo”
39. Store an ID to the method table
C Ruby
global_symbols
sym_id(hash)
“foo”
1001
・
・・
last_id(long)
1001
Frozen String
“foo”
Method table
1001 def foo; end
40. ID2SYM(ID) → VALUE
C Ruby
global_symbols
sym_id(hash)
“foo”
1001
・
・・
last_id(long)
1001
“foo”
ID: 1001
ID2SYM(ID)
Immortal
Symbol
(VALUE)
:foo
Frozen String
Method table
1001 def foo; end
41. Mortal Symbol
✔ These symbols don't have ID
✔ “sym”.to_sym → Mortal Symbol
✔ use in Ruby-level mainly
✔ Collectable
✔ Unreachable symbols are collected.
✔ There is transition to Immortal Symbol.
46. def foo; end
C Ruby
global_symbols
sym_id(hash)
“foo”
1001
・
・・
last_id(long)
1001
“foo”
ID: 1001
ID2SYM(ID)
Immortal
Symbol
(VALUE)
:foo
Frozen String
47. “foo”.to_sym
C Ruby
global_symbols
sym_id(hash)
“foo”
1001
・
・・
last_id(long)
1001
“foo”
ID:1001
ID2SYM(ID)
Immortal
Symbol
(VALUE)
:foo
Frozen String
Mortal
Symbol
(VALUE)
:foo
Check
Use this one
53. Immortal Symbol
✔ All symbols are garbage collected.
✔ Immortal symbols are not garbage
collected.
✔ Mortal → Immortal symbol when
numbering an ID.
✔ This still lead to vulnerability!
54. A new pitfall
✔ Immortal Symbol is increase
unintentionally.
✔ For instance: Get a name from a symbol
✔ rb_id2str(SYM2ID(sym))
✔ Mortal → Immortal
✔ Please use rb_sym2str()
✔ Please attention to unconsidered SYM2ID().
55. Please keep to monitor
✔ Check Symbol.all_symbols.size
✔ Please report a bug to ruby-core or library author if
increase number of symbols.
✔ It's a transition period now.
✔ It will get better gradually.
57. Static Symbol,
Dynamic Symbol
✔ Static Symbol = Immediate value
✔ Immortal
✔ Dynamic Symbol = RVALUE
✔ Mortal or Immortal
✔ Change to immortal symbol when needs ID.
✔ Similar to Float and FLONUM
58. Details of RSymbol struct
struct RSymbol {
struct RBasic basic;
VALUE fstr;
ID type;
};
Frozen String
“foo”
ID_LOCAL 0b00000
ID_INSTANCE 0b00010
ID_GLOBAL 0b00110
ID_ATTRSET 0b01000
・・
・
59. ID Structure
0bxxx.....xxx 000
High-order 61 bits = Counter Low-order 3 bits = ID type
0bxxx.....xx 000
1
Low-order 1 bit = Static Symbol Flag
60. Fast recognize ID
✔ Low-order 1bit = 1 → Static Symbol
✔ Dynamic Symbol ID = RVALUE address
✔ Low order 1 bit = 0
✔ It's only check of the lower 1 bit.
62. Conclusion
✔ Most symbols will be garbage collected.
✔ But some symbols won't be garbage
collected.
✔ “sym”.to_sym → OK
✔ define_method(“sym”.to_sym){} → NG
63. Acknowledgments
✔ Sasada-san
✔ Teaches me an idea of Symbol GC.
✔ Refines code of Symbol GC.
✔ Nakada-san, Tsujimoto-san, U.Nakamura-san,
etc...
✔ Fixes many bugs.
✔ NaCl members