DEV Community

Discussion on: What dev topic do you think you should understand, but don't?

 
rhymes profile image
rhymes • Edited

What does it mean to be performant?

This is the million dollar question. If you can't answer it maybe the system is already performant enough. You'll know if the performance is not satisfactory (user frustration in case the system has a UI or slow processing time to obtain a response from an inquiry).

How do you know if it can scale well?

You measure it, you'll never know with 100% certainty but, for example, if you have a 1000 users per minute and your system is at peak CPU most of that time and the RAM baseline isn't great either, you know it's not going to perform well if you double that.

I think vaguely in my current project (2 years) we're now starting to look at benchmarking our current database (x1) and x2, x5, and x10 by making those data sets and letting JMeter run loose on all our endpoints. But it's not like we have a goal of being able to get back all the responses in under 500ms with the x10 set.

You also obviously need to be realistic, especially if you control how many users use your system (if it has a subscription model and you know the subscription rate). Yeah, one day you might be hit with 10x lots of traffic but if you optimize for 2, 3, 4 or 5x you are already learning something about your system.

I don't know if this system we are talking about is a webapp or something else but you need to figure out the correct metrics and decide what's acceptable for you. This is a good intro:

Aside from hearing something like OWASP once, I have no clue how to check that an app is secure against common attacks or how to prevent that.

If you're using a decent ORM you already protected by a few of those vulnerabilities (mainly sql injection).

The OWASP Top Ten PDF is the most boring thing ever to read but you're lucky (😂): Troy Hunt, a security specialist and the author of have i been pwned? has a 1-hour course on the OWASP top 10. His blog, troyhunt.com, is also quite interesting.

I haven't watched it but Hunt knows his stuff.

Also check this "checklist" out:

Thread Thread
 
itsasine profile image
ItsASine (Kayla)

Oh man, awesome response! Lots of things I can look into the next time I get a chance.

Though I just found out I need to stopwatch every call in our app because the CEO complained during a demo that it was slow, so... yeah... performance? :P But manual testing is both my least favorite thing and a huge timesink, so I won't have time for a while.

Thread Thread
 
rhymes profile image
rhymes

But manual testing is both my least favorite thing and a huge timesink, so I won't have time for a while.

That's why you need to start automating this stuff :)

Thread Thread
 
itsasine profile image
ItsASine (Kayla)

The timeline for when this needs to be done is Tuesday, apparently, to prioritize performance fixes. And they already barely approve of me reading my JMeter book.

And even though it literally has "testing" in the name, the project manager is making the devs do the automated testing of it. Maybe so the "real" engineers will do it right? Whatever. But when shit breaks, I suddenly need to drop all the real work and manually click things for a week.

Thread Thread
 
rhymes profile image
rhymes

What's the easiest thing to do that can give you some value? Going through the whole JMeter book is going to take time.

What about employing a third party load testing tool or a tool like wrk to have a baseline of a few endpoints?

Maybe you can also use Cypress to record those use cases you usually do manually...