關於 point group space group ，我們在網路上蒐集到這些相關的討論、資訊與評價

本文延續前篇效能校正的經驗談，上篇文章探討了關於應用程式本身可以最佳化的部分，包含了應用程式以及框架兩個部分。本篇文章將繼續剩下最佳化步驟的探討。

Speculative Execution Mitigations
接下來探討這個最佳化步驟對於效能有顯著的提升，但是本身卻是一個非常具有爭議性的步驟，因為其涉及到整個系統的安全性問題。
如果大家對前幾年非常著名的安全性漏洞 Spectre/Meltdown 還有印象的話，本次這個最佳化要做的就是關閉這類型安全性漏洞的處理方法。
標題的名稱 Speculative Execution Migitations 主要跟這漏洞的執行概念與 Pipeline 有關，有興趣理解這兩種漏洞的可以自行研究。

作者提到，大部分情況下這類型的防護能力都應該打開，不應該關閉。不過作者認為開關與否應該是一個可以討論的空間，特別是如果已經確認某些特別情境下，關閉防護能力帶來的效能如果更好，其實也是一個可以考慮的方向。

舉例來說，假設今天你運行了基於 Linux 使用者權限控管與 namespaces 等機制來建立安全防護的多使用者系統，那這類型的防護能力就不能關閉，必須要打開來防護確保整體的 Security Boundary 是完整的。 但是如果今天透過 AWS EC2 運行一個單純的 API Server，假設整個機器不會運行任何不被信任的程式碼，同時使用 AWS Nitro Enclaves 來保護任何的機密資訊，那這種情況下是否有機會可以關閉這類型的檢查?

作者根據 AWS 對於安全性的一系列說明認為 AWS 本身針對記憶體的部分有很強烈的保護，包含使用者之間沒有辦法存取 Hyperviosr 或是彼此 instance 的 Memory。
總之針對這個議題，有很多的空間去討論是否要關閉，以下就單純針對關閉防護能力帶來的效能提升。

作者總共關閉針對四種攻擊相關的處理能力，分別是

Spectre V1 + SWAPGS
Spectre V2
Spectre V3/Meltdown
MDS/Zombieload, TSX Anynchronous Abort
與此同時也保留剩下四個，如 iTLB multihit, SRBDS 等
這種設定下，整體的運作效能再次提升了 28% 左右，從 347k req/s 提升到 446k req/s。

註: 任何安全性的問題都不要盲從亂遵循，都一定要評估判斷過

Syscall Auditing/Blocking
大部分的情況下，Linux/Docker 處理關於系統呼叫 Auditing/Blocking 兩方面所帶來的效能影響幾乎微乎其微，不過當系統每秒執行數百萬個系統呼叫時，這些額外的效能負擔則不能忽視，如果仔細觀看前述的火焰圖的話就會發線 audit/seccomp 等數量也不少。

Linux Kernel Audit 子系統提供了一個機制來收集與紀錄任何跟安全性有關的事件，譬如存取敏感的機密檔案或是呼叫系統呼叫。透過這些內容可以幫助使用者去除錯任何不被預期的行為。
Audit 子系統於 Amazon Linux2 的環境下預設是開啟，但是本身並沒有被設定會去紀錄系統呼叫的資訊。

即使 Audit 子系統沒有真的去紀錄系統呼叫的資訊，該子系統還是會對每次的系統呼叫產生一點點的額外處理，所以作者透過 auditctl -a never,task 這個方式來將整體關閉。

註: 根據 Redhat bugzilla issue #1117953, Fedora 預設是關閉這個行為的

Docker/Container 透過一連串 Linux Kernel 的機制來隔離與控管 Container 的執行權限，譬如 namespace, Linux capabilities., cgroups 以及 seccomp。
Seccomp 則是用來限制這些 Container 能夠執行的系統呼叫類型

大部分的容器化應用程式即使沒有開啟 Seccomp 都能夠順利的執行，執行 docker 的時候可以透過 --security-opt seccomp=unconfined 這些參數告訴系統運行 Container 的時候不要套用任何 seccomp 的 profile.

將這兩個機制關閉後，系統帶來的效能提升了 11%，從 446k req/s 提升到 495k req/s。

從火焰圖來看，關閉這兩個設定後，syscall_trace_enter 以及 syscall_slow_exit_work 這兩個系統呼叫也從火焰圖中消失，此外作者發現 Amazon Linux2 預設似乎沒有啟動 Apparmor 的防護，因為不論有沒有關閉效能都沒有特別影響。

Disabling iptables/netfilter
再來的最佳化則是跟網路有關，大名鼎鼎的 netfilter 子系統，其中非常著名的應用 iptables 可以提供如防火牆與 NAT 相關功能。根據前述的火焰圖可以觀察到，netfilter 的進入 function nf_hook_slow 佔據了大概 18% 的時間。

將 iptables 關閉相較於安全性來說比較沒有爭議，反而是功能面會不會有應用程式因為 iptables 關閉而不能使用。預設情況下 docker 會透過 iptables 來執行 SNAT與 DNAT(有-p的話)。
作者認為現在環境大部分都將 Firewall 的功能移到外部 Cloud 來處理，譬如 AWS Security Group 了，所以 Firewall 的需求已經減少，至於 SNAT/DNAT 這類型的處理可以讓容器與節點共享網路來處理，也就是運行的時候給予 “–network=host” 的模式來避免需要 SNAT/DNAT 的情境。

作者透過修改腳本讓開機不會去預設載入相關的 Kernel Module 來達到移除的效果，測試起來整體的效能提升了 22%，從 495k req/s 提升到 603k req/s

註: 這個議題需要想清楚是否真的不需要，否則可能很多應用都會壞掉

作者還特別測試了一下如果使用 iptables 的下一代框架 nftables 的效能，發現 nftables 的效能好非常多。載入 nftables 的kernel module 並且沒有規則的情況下，效能幾乎不被影響(iptables 則相反，沒有規則也是會影響速度)。作者認為採用 nftables 似乎是個更好的選擇，能夠有效能的提升同時也保有能力的處理。

不過 nftables 的支援相較於 iptables 來說還是比較差，不論是從 OS 本身的支援到相關第三方工具的支援都還沒有這麼完善。就作者目前的認知， Debian 10, Fedora 32 以及 RHEL 8 都已經轉換到使用 nftables 做為預設的處理機制，同時使用 iptables-nft 這一個中介層的轉換者，讓所有 user-space 的規則都會偷偷的轉換為底層的 nftables。
Ubuntu 似乎要到 20.04/20.10 的正式版本才有嘗試轉移到的動作，而 Amazon Linux 2 依然使用 iptables 來處理封包。

下篇文章會繼續從剩下的五個最佳化策略繼續介紹

https://talawah.io/blog/extreme-http-performance-tuning-one-point-two-million/

I met artist Jonathan Chomko when I was in Montreal for the Bach Project.

Jonathan works with digital systems to create collective choreographies; hearing about his work, I asked if these systems might be used to guide a large group of people to create a heart that would be visible from space.

Working from this inspiration, Jonathan created A Heart from Space, a website that enables groups of people to collectively create shapes together.

Each user’s GPS position holds one point on the line, allowing the group to collaboratively draw by moving in space.

To make your own heart, visit www.a-heart-from-space.com.

#cultureconnectsus

Hari ini saya telah menghadiri majlis pecah tanah yang diadakan untuk TUNKU MAHKOTA ISMAIL YOUTH CENTRE (TMIYC) kedua yang akan dibangunkan di Muar.

Pembinaan TMIYC MUAR adalah idea dan visi saya untuk memperkasakan pembangunan golongan belia dengan pembinaan sebuah YOUTH CENTRE di setiap daerah di Johor. TMIYC MUAR akan dilengkapi dengan pelbagai kemudahan bagi manfaat golongan belia dan bakal menjadi titik tumpuan belia tempatan untuk perkembangan diri dan aktiviti kumpulan.

Matlamat TMIYC MUAR adalah untuk membuka ruang yang kondusif bagi membolehkan belia Johor mencungkil bakat untuk perkembangan diri mereka dengan kemudahan yang sempurna dan penganjuran aktiviti-aktiviti yang sesuai.

Pada masa yang akan datang, belia di Muar dan daerah yang lain tidak perlu berjalan jauh untuk menikmati kemudahan seperti padang bola sepak sintetik, gelanggang sukan extreme, hab e-sports, dan gelanggang futsal serta asrama untuk penginapan pengunjung. Ini adalah hasrat dan azam saya untuk membawa pembangunan kepada seluruh negeri dan warga Johor, terutamanya golongan belia.

Selain daripada membina YOUTH CENTRE di Muar, saya juga memberi sumbangan sebanyak RM300,000 untuk disalurkan kepada pelajar-pelajar miskin dari 96 buah kampung di sekitar daerah Muar. Semoga bantuan ini dapat memenuhi keperluan pembelajaran mereka.

Matlamat saya adalah untuk membina YOUTH CENTRE di setiap daerah di Johor. Kini sudah ada TMIYC JOHOR BAHRU yang telah dirasmikan pada 21 Disember 2020, dan pada hari ini majlis pecah tanah diadakan untuk TMIYC MUAR.

Saya akan terus berusaha untuk membangunkan YOUTH CENTRE ini demi membangkitkan belia dan membentuk modal insan yang telus, berakhlak mulia dan bertanggungjawab. Inilah visi saya untuk Johor dan inilah yang akan saya jadikan sebuah realiti.

Saya juga ingin mengucapkan terima kasih kepada Menteri Belia & Sukan, YB Dato' Sri Reezal Merican Naina Merican dan Kementerian Belia & Sukan atas sokongan mereka dalam merealisasikan impian TMIYC.

DYAM Mejar Jeneral Tunku Ismail Ibni Sultan Ibrahim, Tunku Mahkota Johor

———

Today, I attended the ground-breaking ceremony for the second TUNKU MAHKOTA ISMAIL YOUTH CENTRE (TMIYC), which will be built in Muar.

The TMIYC MUAR is my idea and vision to strengthen youth development by having a YOUTH CENTRE in every district in Johor. TMIYC MUAR will be equipped with various facilities for the benefit of youths and will be the focal point for personal development and group activities.

The aim of TMIYC MUAR is to provide a conducive space for the Johor youth to hone their talents for their personal development with complete facilities and group learning activities.

In the future, the youth community in Muar and nearby districts would not need to travel far to enjoy facilities such as a fully synthetic football pitch, extreme sports venue, futsal courts and dormitories for short stays. It is my hope and desire to bring development to the entire state as well as Johoreans, especially the youth community.

Besides building the YOUTH CENTRE in Muar, I also made a RM300,000 contribution to poor students from 96 villages around Muar. I hope the assistance will help meet their educational needs.

My target is to build the YOUTH CENTRE in every district in Johor. We now have the TMIYC JOHOR BAHRU that was officially opened on 21 December 2020, and today the ground-breaking ceremony was held for the TMIYC MUAR.

I will continue to work hard to develop the YOUTH CENTRE in order to build up the youth community to form role models who are honest, responsible and compassionate. This is my vision for Johor and I will make it a reality.

I would also like to thank Youth & Sports Minister YB Dato' Sri Reezal Merican Naina Merican and the Youth & Sports Ministry for their support in realising the TMIYC dream.

HRH Major General Tunku Ismail Ibni Sultan Ibrahim, Crown Prince of Johor

Dikembe Mutombo looked as if he'd been playing with the Philadelphia 76ers for years instead of hours.

Mutombo had 17 points, 13 rebounds and five blocked shots in his debut with Philadelphia as the 76ers beat the Detroit Pistons 99-78 Friday night.
"He changed the whole game with his defense and rebounding," said Philadelphia's Allen Iverson, who had 43 points and 10 rebounds.
Mutombo was traded along with Roshown McLeod from Atlanta to Philadelphia on Thursday for Theo Ratliff, Nazr Mohammed and Pepe Sanchez in the most-significant deal of the NBA season.
After the game, Mutombo looked relieved to be sitting in a folding chair with ice packs surrounding both knees.
He flew from Atlanta to Philadelphia late Thursday night, had a physical at 7 a.m., then arrived in Detroit at about 5 p.m. Friday.
"I need some sleep," Mutombo said. "But really, I'm so excited to be with this group of guys. They're all about winning and we have a great coach."
Philadelphia coach Larry Brown was glad that Mutombo was able to provide a lot of the same things as Ratliff.
"He rebounded and defended like he has his whole career," Brown said. "I thought he was terrific ... I think it's pretty remarkable what he was able to do under those circumstances."
Philadelphia has the best record in the NBA at 42-14. The Sixers extended their winning streak to six games.
Detroit's Jerry Stackhouse scored 22 points. Chucky Atkins had 12 points and Dana Barros added 10. The Pistons made just 37.1 percent of their shots.
Mutombo's status for the game was much more in doubt than the outcome.
The Sixers jumped out to a 16-4 lead and cruised to the win. Philadelphia led by nine points after one quarter, 12 at halftime and 17 after three quarters.
Philadelphia did not know whether Mutombo would be cleared to play until an hour before the game.
Minutes after Philadelphia Brown was informed that Mutombo was able to play, Mutombo walked into Philadelphia's locker room.
When Brown told Mutombo that he could play, the nine-year veteran asked "What do you want me to do?"
Brown left the decision whether or not to play up to Mutombo. He nodded his head to indicate that he wanted to play, and then turned to look for a uniform and basketball shoes to replace his brown suit and dress shoes.
On defense, Mutombo, the three-time defensive player of the year, hung around the lane to block and alter shots.
He ignited Philadelphia's fastbreak with 10 defensive rebounds and crisp outlet passes. There were times that Iverson was so far down the court that Mutombo didn't make it to halfcourt.
On offense, he set space-creating screens with his 7-foot-2, 265-pound frame. When Mutombo got the ball, his sky hooks and deliberate low-post moves gave the Sixers an option on the interior.
Mutombo started and played 36 minutes. He made 7-of-12 shots and 3-of-4 free throws.
"There is not much difference between the Sixers with Theo Ratliff and with Mutombo," said Detroit's Ben Wallace, who had 17 rebounds. "They both clog the middle and block a lot of shots. Theo is a little more athletic and Mutombo is a little bigger."
The game also marked the debut of Detroit's Corliss Williamson, who scored six points and grabbed four rebounds.
Williamson was traded by Toronto along with Kornell David, Tyrone Corbin and a conditional first-round pick to Detroit for Jerome Williams and Eric Montross. Detroit released Corbin and put David on the injured list.
"It was unfair to play him, but once Ben (Wallace) got those two quick fouls, I didn't have much choice," Detroit's George Irvine said. "It's been a whirlwind for him, but he'll be fine. He did a nice job out there."

In this video we are going to look at the different file storage mediums we can use with the Blackmagic Pocket Cinema Camera 4k, as there are many option available from SDXC, CFast cards and record onto an external SSD via the USB-C port. As each media have a different price point we are going to look at which be more affordable.

The Sandisk Extreme Pro 128GB 300MB/s SDXC card is expensive for the amount of storage, but also the cards are not as fast as the CFast cards and SSD drives. https://amzn.to/2MLFfZw

Sandisk Extreme Pro 128GB CFast card can write 450MB/s and easily record internal RAW and keep the camera more compact, but the price for this card alone is 339usd which is cheaper than the SDXC.
https://amzn.to/2PxGji2

The most affordable medium is with Samsung Portable SSD T5, which the smallest size it comes in is 250GB for the price of 99usd, while the 1TB version cost only 279usd and still cost less than the CFast card while giving you much more storage space and with read and writing speeds up to 540MB/s. https://amzn.to/2MH5ro7

However the only downside of the Samsung T5 SSD is that it is not an memory you can put inside the camera and is recorded externally, but also there are currently no special mounts build for this SSD. So in this video we are going find a mount that would hold the this SSD giving us an option to mount it on top of the camera.

Phone Clamps used in this video to mount the SSD(Prizes might have change over time)
$4 Phone U-Clip - http://rover.ebay.com/rover/1/711-53200-19255-0/1?icep_ff3=2&pub=5575082006&toolid=10001&campid=5337600174&customid=pclip&icep_item=162801580845&ipn=psmain&icep_vectorid=229466&kwid=902099&mtid=824&kw=lg
$5 Phone Clamp - http://rover.ebay.com/rover/1/711-53200-19255-0/1?icep_ff3=2&pub=5575082006&toolid=10001&campid=5337600174&customid=pclip&icep_item=253796055689&ipn=psmain&icep_vectorid=229466&kwid=902099&mtid=824&kw=lg
$10 Ulanzi - https://amzn.to/2wf4tF0

#chungdha #bmpcc4k #blackmagicdesign

Edited with Adobe Premiere Pro - http://goo.gl/k2EagF

If you appreciate what I do, you can support me by donating any amount here on paypal:
http://paypal.me/ChungDha

? Facebook: http://www.facebook.com/chungdha
? Website: http://www.chungdha.nl
? Instagram: https://www.instagram.com/chungdha/
? Twitter https://twitter.com/chungdha

For any Question Please Join our Facebook Group: https://www.facebook.com/groups/chungdhagroup

Business Inquiries, Sponsors & Collaboration email contact@chungdha.com

Chung Dha © 2018 Tsuen Wan, Hong Kong

Marketing is storytelling. Watch the whole series here: https://www.youtube.com/playlist?list=PLEmTTOfet46PW8WqOKkfLTtNjuMmGQDmt
In this video, Dan explains to you why you should tell your story to make a point.
★☆★BONUS FOR A LIMITED TIME★☆★
You can download Dan Lok's best-selling book F.U. Money for FREE:
http://bestadvice.danlok.link

★☆★ SUBSCRIBE TO DAN'S YOUTUBE CHANNEL NOW ★☆★
http://bit.ly/DanLokSubscribe
Dan Lok, a.k.a. The King of High-Ticket Sales, is one of the highest-paid and most respected consultants in the luxury and “high-ticket” space.

Dan is the creator of High-Ticket Millions Methodology™, the world's most advanced system for getting high-end clients and commanding high fees with no resistance.

Dan works exclusively with coaches, consultants, thought leaders and other service professionals who want a more sustainable, leveraged lifestyle and business through High-Ticket programs and Equity Income.

Dan is one of the rare keynote speakers and business consultants that actually owns a portfolio of highly profitable business ventures.

Not only he is a two times Tedx opening speaker, he's also an international best-selling author of over 12 books and the host of Shoulders of Titans show.

Dan's availability is extremely limited. As such, he's very selective and he is expensive (although it will be FAR less expensive than staying where you are).

Many of his clients are seeing positive return from their investments in days, not months.

But if you think your business might benefit from one-on-one interaction with Dan, visit http://danlok.com

Or consider becoming a member of his high-level mastermind for experts: http://www.danlokinnercircle.com

★☆★ WANT TO OWN DAN'S BOOKS? ★☆★
http://www.amazon.com/Dan-Lok/e/B002BLXW1K

★☆★ NEED SOLID ADVICE? ★☆★

Request a call with Dan:
https://clarity.fm/danlok

★☆★ JOIN DAN'S PRIVATE FB GROUP FOR CONSULTANTS & COACHES ★☆★

Apply here:
https://www.facebook.com/groups/highticketconsulting/

Dan hangs out there quite a bit.

★☆★ CONNECT WITH DAN ON SOCIAL MEDIA ★☆★

Blog: http://www.danlok.com/blog/
Podcast: http://www.shouldersoftitans.com/
FB Group: https://www.facebook.com/groups/highticketconsulting/
Twitter: https://twitter.com/danthemanlok
Instagram: https://www.instagram.com/danlok/
YouTube: https://www.youtube.com/user/vanentrepreneurgroup
Linkedin: https://www.linkedin.com/in/danlok
Meetup: http://www.meetup.com/Vancouver-Entrepreneurs-Group-Business-Network/
Amazon: http://www.amazon.com/Dan-Lok/e/B002BLXW1K



This video is about: The Best Advice I've Ever Heard About Personal Branding - Personal Branding Ep. 16
https://youtu.be/tAh9jL2IsLA
https://youtu.be/tAh9jL2IsLA