The initial comparison with XFS is somewhat unfair as well, though: does XFS provide the same data integrity features that ZFS does? It’s hard, really, to compare file systems with vastly different design centres and feature sets – which feels like the point they’re trying to make, really.

Author here.

For example, if the database is sharded then copying a single shard has limited utility, and copying all of them is going to get expensive quickly.

Our database is sharded. We have 10s of thousands of logical shards spread across a much smaller number of physical machines. Almost all the queries we care about are ran across every physical machine. For testing optimizations, copying a single physical machine is the 80/20. It allows us to tell whether the optimization does make the queries we expect to get faster do get faster, and that no other queries degrade. For this to miss regressions, there would need to be a high number of shards on other machines that behave differently under the optimization.

The other issue I had with using production data for testing is that sometimes it shouldn’t be made available to all and sundry due to privacy concerns, so there either needs to be a process for scrubbing it (error-prone) or we’re back to generating synthetic data.

Why would data in shadow prod “be made available to all”? We have the same restrictions on accessing the data in shadow prod as we do for production.

Finally, in a high write rate scenario there are additional load issues for the application server(s) if you’re trying to write both to the production DB and a copy.

For us, our writes do not need to show up instantaneously. Ideally they show up within a few seconds, but it’s okay for us if they periodically take longer. All our writes go through Kafka before they go into our database. Our service that reads from Kafka then writes to both databases. If shadow prod slows things down, all writes will be queued in Kafka. This way, we don’t drop any data. There will be latency between when data shows up in production, which while less than ideal, is acceptable. We’ve discussed having separate Kafka consumers, one that writes to production and one that writes to shadow prod. This would prevent shadow prod outages from causing latency in production. There hasn’t been need for doing so, so we haven’t implemented it yet.

I’ve had a similar experience to you with some bootcamps, but they’re not all created equal. The Recurse Center in particular has continually impressed me, for example; I don’t know if their teaching methodology is different or what, but we’ve gotten quite a few candidates who may not be ready for full-time, but who can definitely start at what I might call an advanced intern level, and who have a really good chance to progressing to a normal full-time position at the end of fur months.

That said, it’s worth noting that Khan Academy has a specific program for this situation (we call them fellowships), and our creation of that program was a very deliberate move to extend our education focus internally, in part by accomodating the bootcamps. I’m not sure if even some of the more liberal-minded places I’ve worked in the past would’ve been able to justify doing that, and I’m not sure if candidates from even the good bootcamps, like The Recurse Center, would do well otherwise.

I think the students are the biggest victims of this all. Coding isn’t a skill you can learn in twelve weeks, but many predatory camps, which have cachet as authorities and insiders, push that narrative to outsiders. And the rest of the tech industry tolerates it.

I’m not sure what kind of coding we speak about. General? No. Specialised? Yes. I know quite some people that learned the coding needed to support their current task (e.g. a statistical model) very fast. The problem is that a bootcamp rarely facilitats that, they have a one-size-fits-it-all curriculum.

In many cases, I have the impression a trusting employer and some individual coaching at that location would help much more.

Care to name names?

You can see the search path query here. I haven’t analyzed it yet to determine how efficient it is.

This is (A) documented behavior in the PostgreSQL manual, and (B) If you’re using a SQL database it is your responsibility to determine the level of isolation that your query should need.

While it is documented, I find most people aren’t familiar with it. I could see half of the examples being completely unexpected to someone who knows Postgres, but not in depth.

Also, I find the documentation in the Postgres manual around the different anomalies to be unclear. I believe this is due to historical issues such as the SQL standard being designed for lock based databases, as well as the SQL standard itself being fairly unclear. See A Critique of the ANSI SQL Isolation Levels.

the author left out that you can change the isolation level even as far as serializable, which removes all of these issues if you don’t mind paying the cost.

My next two posts are going to cover the main ways of avoiding these issues (row level locks and different transaction isolation levels), and how each of them affect the different examples in the post.

Serializable also doesn’t exactly solve all of the problems. For the lost updates, skipped updates, and serialization anomaly examples, serializable will abort one of the transactions, which is less than desirable behavior.

Yes, but it was unclear that was the case at the beginning. We had (incorrectly) assumed CPU was mostly spent on evaluating the partial index predicates. Based on that assumption, we thought batching wouldn’t have had much of an effect. It wasn’t until we actually examined what the CPU was being used for did we realize that our assumption about CPU usage was completely wrong and that batching would actually have a dramatic impact.

Does it count if I used Fractran instead?

There is a possibility someone can do this, somewhere on this planet. They probably wouldn’t be looking for work ever :)

Nah, they’re probably in that 150+ IQ set that struggles with corporate bullshit.

I’ve seen quite a few IMO medalists (at least five) get absolutely raped in the GoogFace companies. It’s at the point where I advise them, if they’re set on leaving academia, to go to finance where their talents will actually be appreciated. You put a legit 150+ in a hedge fund, and he’ll never be a “rainmaker” who goes out and gets new investors, but he’ll ease into a quant role and do it well. He might make “only” $500k/year as a senior quant, while smiling bullshitters make millions… but that’s better than getting PIP’d because you didn’t do enough “user story points”. You put a legit 150+ in a GoogFace, anywhere other than the research division, and it usually ends badly.

Of course, this phenomenon may exist because the 150+ who end up in regular engineering roles already have serious health problems (or, as in certain cases, had health problems in the past) or social deficits, because otherwise they’d be somewhere other than “mainstream eng” at a tech company.

GoogFace and VC startups are all about pedigree, not raw intelligence, because people who have the ability to detect the latter are extremely rare outside of the R&D divisions. In the tech industry, a legacy-admit Stanford kid will dominate a 150+ from Penn State. Whereas in the hedge fund world, the 150+ has a shot of getting spotted and fast tracked, while the legacy Stanford kid probably won’t get hired. Greed isn’t always good but it’s better than self-protecting corporate stupidity… which is why Wall Street is more hospitable to top talent than Silicon Valley.

100% agreed. Debugging from a stack trace is far more complicated than having good error handling through compiler enforced types.

WHERE’S MY STACKTRACE?

This is the one I disagree with quite a bit. If I am using exceptions then yes, I want stacktraces, because it’s a nearly unbounded GOTO. But the value result types give me is that I know, using the types, what errors a function can have and I have to handle it. This makes stacktraces much less valuable and the win of knowing what errors are possible and being forced to handle them. I’d much rather have this than stacktraces.

This is a case where you can eat your cake and have it too. Java has checked exceptions which the compiler enforces are handled. When call a function that can throw a checked exception, the calling a function either has to handle the exception in a try block, or include in its signature that it can throw an exception of the specified type.

You can also do the opposite and add the stack trace to the result type. Most languages provide some way to obtain a stack trace at runtime, so all you need to do is attach the stack trace to the error when it is instantiated.

Fwiw, part of his specification (a “crucial” part) seems to be exactly that *Y doesn’t outlive and that it compiles to mere pointer arithmetic. Not compelling for all use cases, but definitely Rust’s big rallying cry: “zero cost abstraction!”.

[Comment removed by author]

Oh, and I hadn’t noticed that DEFERRABLE could be used on foreign key constraints. :) The docs confirm:

Currently, only UNIQUE, PRIMARY KEY, REFERENCES (foreign key), and EXCLUDE constraints are affected by this setting.

Thanks for pointing that out!

I can’t quite figure out what the deal is with the “Avoid Full-Table Vacuum” bit but it certainly sounds useful.

Postgres periodically has to run what is called a “freeze vacuum”. Previously a freeze vacuum would require reading all of the data for a table. In 9.6, they changed it to read only a subset of the table.

Freeze vacuums are necessary because of how Postgres handles transactions. When processing a query, Postgres will ignore every row that was inserted after the query started, or deleted before the query started. To do this, in every row, Postgres keeps both the id of the transaction that inserted the row, and the id of the transaction that deleted the row. Since transaction ids come from a counter, the two transaction ids in the row, along with a list of transactions that were running when the query started allow you to determine whether a row should be visible to the query. If the transaction that inserted the row wasn’t running when the query started, and the id of the inserting transaction is smaller than the id of the transaction of the query, the row was inserted before the query started. Similarly logic is used to determine whether the row was deleted after the query started.

The problem with this scheme is that transaction ids are only 32 bits. To work around this limitation, Postgres will periodically cleanup old transaction ids, so it can reuse them. When the newest transaction id reaches 2^32, the transaction id will wrap back around to the smallest transaction id (I believe 3 is the smallest since 0-2 are reserved for special purposes). By the time this happens, Postgres will have already replaced everywhere the transaction id 3 is used with a special transaction id (I believe 2) that represents “a really old transaction”.

Making sure old transaction ids are no longer mentioned is done by the freeze vacuum. Once the difference between the oldest id still used in a table and the newest transaction id reaches some threshold, a vacuum freeze will be triggered on that table. The vacuum freeze will replace all transaction ids older than a certain point with the special transaction id.

The vacuum freeze used to read every single page for the table and check every single row on that page. This means if you ran a vacuum freeze twice, it would read all of the data for the table twice, even though the second freeze was a no-op. The way they fixed this in 9.6 is by externally keeping track of what pages have only frozen tuples (tuples with the special transaction id). When the freeze vacuum freezes every row on a page, it will set the bit for that page. When a new row is inserted onto that page, or a row from that page is deleted, the bit is unset. The freeze vacuum will then skip over pages for which the bit is set since it knows that all of the rows on those pages are already frozen. If the table is append-only, this means the freeze vacuum won’t redo any work previously done.

There’s an interesting aspect to this, though, in that while releasing safety-related software like autonomous vehicles before it’s mature and stable is capital-B Bad, the development itself of the software is not (as opposed to, e.g. creating databases of minority citizens so they can be tracked). The premature release could have been (and, if Uber’s software developers are anything like any of the ones I’ve worked with, probably was) demanded by management over the protests of developers.

Yes, this should be supported by ethical and community boundaries, but this is also why we have laws, I guess? The CA DMV wrote a letter telling them to stop, and I am expecting them to issue heavy fines if they try to keep driving.

In the event that someone actually does get hurt or killed by an poorly written self-driving car without the permit necessary to be on the road, I also expect the California legal system to look very poorly on Uber’s behavior.

Software can’t be “evil”. People can be evil, and they can create and use software to do evil things, but I don’t think that’s happening here.

Uber’s software is buggy and not very good at driving, but I’m willing to give the devs the benefit of the doubt that they were working in good faith, trying to make the software work correctly and safely for everybody on the road.

If anybody is “evil” in this situation, it’s the people who knew the software didn’t work or didn’t meet regulatory requirements, but insisted it be released anyway. I’m sure there were some developers involved, but it’s probably not all of them.

The people who work on evil software like this need to be ostracized by the rest of us.

How, when many of us insist on ignoring politics? Have you noticed how many yes-men were celebrating the “no politics” week on HN?

The odd thing is Uber’s self driving vehicles have been driving around SF for months (potentially not autonomously). I can’t understand why all of these things are becoming an issue after they start picking up riders with autonomous vehicles.

I didn’t want to call anyone in particular out. But since you asked, here are some instances:

• https://lobste.rs/s/yktsdu/practical_common_lisp/comments/vgcnoj#c_vgcnoj
• https://lobste.rs/s/g83zqt/amazon_employee_attempts_suicide_after/comments/atbldi#c_atbldi
• https://lobste.rs/s/3cjjml/european_union_wants_regulate/comments/0974hr#c_0974hr
• https://lobste.rs/s/kjfuvp/great_third_pound_burger_ripoff/comments/yiwezt#c_yiwezt
• https://lobste.rs/s/kfikya/julias_drawings/comments/jgaxcm#c_jgaxcm

Is there a reason why this isn’t the preferred strategy that Postgres query planner employs when performing a COUNT(DISTINCT ...) on a btree-indexed numerical column? Seems to be better in the vast majority of cases (except when the table has high cardinality relative to rows).

The truth about this massive lemon party is that no one has any real business need to make it better.

That’s not totally true. There’s a niche of companies that do high-integrity or high-security development of software. Some warranty the results. They charge a premium of at least 50% over other companies. All the ones I’ve seen stay growing with referral from clients. There’s companies that internally do something similar with IT either in general (rarest) or for specific teams on critical stuff (uncommon). So, there’s some demand that comes in many forms with serious money to be made. Not entirely lemons but mostly lemons.

Rest of your post is spot on. Curious, what did you mean by “Well, see my experience.”

Your comment is just a bunch of rhetoric without much content.

You’ll have a heard time convincing anyone that companies don’t care about the productivity of their engineers. Without productive engineers, they aren’t making money. Why would they go against their own self interests?

And of course there’s a cost to the company if they hire a lemon. Have you ever worked on a team with a bad developer? A single bad developer ruins the productivity of the entire team they are on. That’s why companies are so careful about avoiding bad hires. A single bad hire is equivalent to missing out on multiple good developers.

I believe there are a few other cases where table partitioning is useful. Since sequential scans are much faster than index scans, you get a large speedup if you can partition your data so you get sequential scans over some of the partitions. As an example, if you are running a query that touches all data over several days, partitioning by each day can help since you will get sequential scans over all of the tables the query touches except the boundary ones (alternatively, if you can keep your table clustered, you can use a BRIN index to accomplish the same thing). The only other case I can think of is for inheritance (as mentioned in the article).