HackerTrans
TopNewTrendsCommentsPastAskShowJobs

_vvhw

no profile record

Submissions

Online card payments still suck

fynbos.app
75 points·by _vvhw·قبل 4 سنوات·114 comments

Blockchain Is Stuck in the '80s

contenthub.coil.com
2 points·by _vvhw·قبل 4 سنوات·0 comments

Let's remix distributed database design

youtube.com
2 points·by _vvhw·قبل 4 سنوات·0 comments

Let's Remix Distributed Database Design — TigerBeetle, Recurse Center [video]

youtube.com
2 points·by _vvhw·قبل 4 سنوات·0 comments

O_DSYNC on Darwin is completely broken for the last 15 years

twitter.com
20 points·by _vvhw·قبل 4 سنوات·9 comments

TigerStyle – TigerBeetle's coding style guide

github.com
5 points·by _vvhw·قبل 4 سنوات·0 comments

O_DSYNC on macOS is also broken

twitter.com
4 points·by _vvhw·قبل 4 سنوات·0 comments

TigerBeetle's LSM-Forest (HYTRADBOI '22)

youtube.com
1 points·by _vvhw·قبل 4 سنوات·0 comments

How to Write Cross-Platform Software for Different Filesystems

nodejs.org
2 points·by _vvhw·قبل 4 سنوات·0 comments

Building SQLite with CGo for (almost) every OS

zig.news
3 points·by _vvhw·قبل 4 سنوات·0 comments

How does your database recover from bit rot?

twitter.com
1 points·by _vvhw·قبل 4 سنوات·0 comments

Consensus in Four Words

twitter.com
1 points·by _vvhw·قبل 4 سنوات·1 comments

From Write-Ahead Log to LSM-Tree to LSM-Forest in 10 Minutes

youtube.com
1 points·by _vvhw·قبل 4 سنوات·0 comments

What Is a Database?

scattered-thoughts.net
2 points·by _vvhw·قبل 4 سنوات·0 comments

Have you tried rubbing a database on it?

hytradboi.com
2 points·by _vvhw·قبل 4 سنوات·0 comments

Etcd v3.5.[0-2] is not recommended for production

groups.google.com
1 points·by _vvhw·قبل 4 سنوات·0 comments

Flexible Quorums for Better SuperBlock Resiliency

twitter.com
1 points·by _vvhw·قبل 4 سنوات·0 comments

Database functions to wrap logic and SQL queries

sive.rs
4 points·by _vvhw·قبل 4 سنوات·1 comments

Wasm4nia

jerwuqu.itch.io
3 points·by _vvhw·قبل 4 سنوات·0 comments

How to Prevent the Next Heartbleed (2020)

dwheeler.com
36 points·by _vvhw·قبل 4 سنوات·12 comments

comments

_vvhw
·قبل 4 سنوات·discuss
Joran from TigerBeetle here!

Awesome to hear that you're excited about Zig.

Thanks for sharing the link to our repo also—would love to take you on a 1-on-1 tour of the codebase sometime if you'd be up for that!
_vvhw
·قبل 4 سنوات·discuss
Anecdotally again, but I've been coding in Zig since 2020 and have hit I think 2-3 compiler bugs in all that time?

The first was fixed within 24 hours, in fact just before I reported it. The others had clear TODO error messages in the panic, and there were easy enough workarounds.
_vvhw
·قبل 4 سنوات·discuss
Yes, we're planning also to add a kill switch to the allocator that we switch on if anything allocates after init().
_vvhw
·قبل 4 سنوات·discuss
Ah, missed that, thanks! I've updated the comment.
_vvhw
·قبل 4 سنوات·discuss
We're aware of this, in fact, and do have a plan to address virtual memory. To be fair, it's really the kernel being dynamic here, not TigerBeetle.
_vvhw
·قبل 4 سنوات·discuss
Static allocation has also made TigerBeetle's code cleaner, by eliminating branching at call sites where before a message might not always have been available. With static allocation, there's no branch because a message is always guaranteed to be available.

It's also made TigerBeetle's code more reliable, because tests can assert that limits are never exceeded. This has detected rare leaks that might otherwise have only been detected in production.
_vvhw
·قبل 4 سنوات·discuss
Joran from the TigerBeetle team here.

The limit of 70 lines is actually a slight increase beyond the 60 line limit imposed by NASA's Power of Ten Rules for Safety Critical Software.

In my experience, in every instance where we've refactored an overlong function, the result has almost always been safer.
_vvhw
·قبل 4 سنوات·discuss
It's defense-in-depth.

We use what we have available, according to the context: checksums, assertions, hash chains. You can't always use every technique. But anything that can possibly be verified online, we do.

Buffer bleeds also terrify me. In fact, I worked on static analysis tooling to detect zero day buffer bleed exploits in the Zip file format [1].

However, to be clear, the heart of a bleed is a logic error, and therefore even memory safe languages such as JavaScript can be vulnerable.

[1] https://news.ycombinator.com/item?id=31852389
_vvhw
·قبل 4 سنوات·discuss
Sure!

Here's an overview with references to the simulator source, and links to resources from FoundationDB and Dropbox: https://github.com/tigerbeetledb/tigerbeetle/blob/main/docs/...

We also have a $20k bounty that you can take part in, where you can run the simulator yourself.
_vvhw
·قبل 4 سنوات·discuss
Thanks!

Joran from the TigerBeetle team here.

Appreciate your balanced comment.

To be fair, we're certainly concerned about logic errors and buffer bleeds. The philosophy in TigerBeetle is always to downgrade a worse bug to a lesser. For example, if it's a choice between correctness and liveness, we'll downgrade the potential correctness bug to a crash.

In the specific case of message buffer reuse here, our last line of defense then is also TigerBeetle's assertions, hash chains and checksums. These exhaustively check all function pre/post-conditions, arguments, processing steps and return values. The assertion-function ratio is then also tracked for coverage, especially in critical sections like our consensus or storage engine.

So—apologies for the wince! I feel it too, this would certainly be a nasty bug if it were to happen.
_vvhw
·قبل 4 سنوات·discuss
Joran from the TigerBeetle team here!

We have a secret plan for this too. ;)
_vvhw
·قبل 4 سنوات·discuss
Good to be back—Joran from the TigerBeetle team here!

Static allocation does make for some extremely hard guarantees on p100 latency. For example, for a batch of 8191 queries, the performance plot is like Y=10ms, i.e. a flat line.

And memory doesn't increase as throughput increases—it's just another flat line.

I personally find it also to be a fun way of coding, everything is explicit and limits are well-defined.
_vvhw
·قبل 4 سنوات·discuss
Thanks!

Data Oriented Design runs like a river through TigerBeetle—it's always on our mind.

By the way, have you seen Andrew Kelley's Handmade Seattle talk on Practical DOD? [1]

[1] https://vimeo.com/649009599
_vvhw
·قبل 4 سنوات·discuss
Thanks!

Joran from the TigerBeetle team here.

> I would imagine this would be potentially more efficient than having conventional mallocs.

Yes, in our experience, static allocation means we use sometimes 10x less memory. For example, TigerBeetle's storage engine can theoretically address up to 100 TiB with less than 1 GiB of RAM for the LSM in-memory manifest, which is efficient.

Because we think about memory so much upfront, in the design phase, we tend not to waste it.
_vvhw
·قبل 4 سنوات·discuss
Thanks!

Joran from the TigerBeetle team here.

TigerBeetle's storage engine is designed also for range queries, and we have some interesting ideas for our query engine in the works.

To be sure, there are some tricky things that crop up, such as pipeline blockers for queries. However, we do have limits on literally everything, so that makes it easier—static allocation is best when it's done viral.

We wanted to go into so much more detail on all this but there was only space for so much. Stay tuned.
_vvhw
·قبل 4 سنوات·discuss
Joran from the TigerBeetle team here!

TigerBeetle uses Deterministic Simulation Testing to test and keep testing these paths. Fuzzing and static allocation are force multipliers when applied together, because you can now flush out leaks and deadlocks in testing, rather than letting these spillover into production.

Without static allocation, it's a little harder to find leaks in testing, because the limits that would define a leak are not explicit.
_vvhw
·قبل 4 سنوات·discuss
Thanks!

Joran from the TigerBeetle team here.

This was in fact one of our motivations for static allocation—thinking about how best to handle overload from the network, while remaining stable. The Google SRE book has a great chapter on this called "Handling Overload" and this had an impact on us. We were thinking, well, how do we get this right for a database?

We also wanted to make explicit what is often implicit, so that the operator has a clear sense of how to provision their API layer around TigerBeetle.
_vvhw
·قبل 4 سنوات·discuss
Basically, and we're huge fans of FoundationDB!

As you zoom in, you will see differences. For example, TigerBeetle's data structures are all cache line aligned, and we use static allocation etc. The storage fault model is significantly different.

We use the same testing techniques though. FDB are pioneers in the space.
_vvhw
·قبل 4 سنوات·discuss
Thanks, it's a pleasure! Yes, with packed structs it's important to keep things carefully aligned.

Have you seen this post [1] about struct packing? This is what we did for TB's structures, so that we can switch them to `extern struct` for C ABI compatibility. It also helped side step the packed struct bugs.

[1] http://www.catb.org/esr/structure-packing/
_vvhw
·قبل 4 سنوات·discuss
Thanks @eternalban!

Awesome to read your comment here—appreciate the well wishes!