HackerTrans
TopNewTrendsCommentsPastAskShowJobs

tagraves

no profile record

Submissions

RWX now supports Codeberg and Forgejo

rwx.com
1 points·by tagraves·2 months ago·0 comments

Zero Configuration CI/CD Observability on RWX Using OpenTelemetry

rwx.com
1 points·by tagraves·7 months ago·0 comments

comments

tagraves
·2 months ago·discuss
We just released support for Forgejo with RWX CI/CD: https://www.rwx.com/docs/getting-started/forgejo
tagraves
·3 months ago·discuss
shameless self plug, but please check out RWX! (rwx.com)
tagraves
·3 months ago·discuss
Well, check out RWX! We don't do exactly everything like CirrusCI did -- most notably, we aren't open source and we are still managing all of our own infrastructure for running CI right now -- but we have a great "local" story and a validation CLI (`rwx lint`), and a lot of fundamental changes that make us better than other CI systems too :)
tagraves
·5 months ago·discuss
There's three main things we do to solve this, all of which relate to the fact that we have our own (OCI-compatible) container runtime under the hood instead of using Docker.

1. We don't gzip layers like Docker does. Gzip is really slow, and it's much slower than the network. Storage is cheap. So it's much faster to transmit uncompressed layers than to transmit compressed layers and decompress them.

2. We've heavily tuned our agents for pulling layers fast. Disk throughput and IOPS are really important so we provision those higher than you typically would for running workloads in the cloud. When pulling layers we modify kernel parameters like the dirty_ratio to values that we've empirically found with layer pulls. We make sure we completely exhaust our network bandwidth and throughput when pulling layers. And so on.

3. This third one is experimental and something we're actively working on improving, but we have our own underlying filesystem which lazily loads the files from a layer instead of pulling tons of (potentially unneeded) files up front. This is similar to AWS's [Seekable OCI](https://github.com/awslabs/soci-snapshotter) but tuned for our particular needs.

I've been slowly working on improving our documentation to explain these kinds of differentiators that our architecture and container runtime provide, but most of it is unpublished so far. We definitely need to do a much better job of explaining _how_ we are faster and better rather than just stating it :).

The other side of this is that we also made _building_ those layers much much faster. We blogged a little bit about it at https://www.rwx.com/blog/we-deleted-our-dockerfiles but just to hit some quick notes: in RWX you can vary the compute by task, and it turns out throwing a big machine at (e.g.) `npm install` is quite effective. Plus we make using an incremental cache very easy, and layers generated from an incremental cache are only the incremental parts, so they tend to be smaller. And we're a DAG, so you can parallelize your setup in a way that is very painful to do with Docker, even when using multi-stage builds. And our cache registry is global and very hard to mess up, whereas a lot of people misconfigure their Docker caches and have cache misses all over their docker builds. And we have miss-then-hit semantics for caching. Okay, I'm rambling now! But happy to go into more depth on any of this!
tagraves
·5 months ago·discuss
I hope the author will check out RWX -- they say they've checked out most CI systems, but I don't think they've tried us out yet. We have everything they praise Buildkite for, except for managing your own compute (and that's coming, soon!). But we also built our own container execution model with CI specifically in mind. We've seen one too many Buildkite pipelines that have a 10 minute Docker build up front (!) and then have to pull a huge docker container across 40 parallel steps, and the overhead is enormous.
tagraves
·6 months ago·discuss
This is one of the big problems we solved with the RWX CI platform (RWX.com). You can use ‘rwx run’ and it automatically syncs your local changes, so no need to push — and with our automated caching, steps like setting up the environment cache hit so you don’t have to execute the same stuff over and over again while writing your workflow. Plus with our API or MCP server you can get the results directly in your terminal so no need to open the UI at all unless you want to do some in-depth spelunking.
tagraves
·7 months ago·discuss
I appreciate the follow up! I think it looks great now and doesn’t read as defensively anymore!
tagraves
·7 months ago·discuss
It's really concerning that the biggest, most eye-grabbing part of this posting is the note with the following: "It’s common for critical CVEs to uncover follow‑up vulnerabilities."

Trying to justify the CVE before fully explaining the scope of the CVE, who is affected, or how to mitigate it -- yikes.
tagraves
·9 months ago·discuss
I had the same experience -- it was way easier for me to find it with the rainbow highlighting (even though I already knew where to look when it came to the monochrome highlighting!).

The author later asks what color class definitions were. I think this fundamentally gets wrong how syntax highlighting helps humans. I don't have a clue what color anything is in my favored highlighting, but my brain does incredible pattern recognition to help me digest code in it without me consciously knowing what color does what.

So his arguments for why there's a problem don't hold up, but that doesn't mean there is not in fact a problem.
tagraves
·12 months ago·discuss
Not on iOS, as I understand it. If you "Ask app not to track" on iOS then the app cannot access your IDFA, which was the ID that previously was used to track a device across apps.