Performance Optimizations

Question 1

How to load your website at lightning speeds? Provide 8 tips to boost front end performance

Answer 1

1. Compress files - compress files & minimise data size before transmission to reduce network load.
2. Selective rendering/windowing - display only visible elements to optimise rendering performance. Eg in a dynamic list only render visible items.
3. Modular architecture with code splitting - split a bigger app bundle into multiple smaller bundles for efficient loading.
4. Priority-based loading - prioritise essential resources & visible (or above the field) content for a better user experience.
5. Pre-loading - fetch resources in advance before they’re requested to improve loading speed.
6. Tree shaking or dead code removal - optimise the final JS bundle by removing dead code that’ll never be used.
7. Pre-fetching - proactively fetch or cache resources that are likely to be needed soon.
8. Dynamic imports - load code modules dynamically based on user actions to optimise the initial loading times

Question 2

12 Tips for API Security

Answer 2

1. Use HTTPS
2. Use OAuth2
3. Use WebAuthn
4. Use levelled API keys
5. Authorization (can view, cannot modify)
6. Rate limiting (rate limiting rules based on IP, user, action group etc)
7. API versioning (GET /v1/users/123)
8. Whitelisting (design allowlist rules based on IP, user etc)
9. Check OWASP API Security risks
10. Use API gateway
11. Error handling (descriptive helpful error messages)
12. Input validation

Question 3

Session, cookie, JWT, token, SSO and oauth2.0.

When you login, your identity needs to be managed. What are the differences?

Answer 3

1. Session - the server stores your identity & gives the browser a session ID cookie. This allows the server to track login state. But cookies don’t work well across devices.
2. Token - your identity is encoded in a token sent to the browser. The browser sends this token on future requests for authentication. No server session storage is required. But tokens need encryption/decryption.
3. JWT - JSON web tokens standardise identity tokens using digital signatures for trust. The signature is contained in the token so no server session is needed.
4. SSO - single sign on uses a central authentication scheme. This allows a single login to work across multiple sites.
5. OAuth2 - allows limited access to your data on one site by another site, without giving away the passwords.
6. QR code - encodes a random token into a QR code for mobile login. Scanning the code logs you in without typing a password.

Question 4

Top 9 website performance metrics you cannot ignore

Answer 4

1. Load Time: This is the time taken by the web browser to download and display the webpage. It’s measured in milliseconds.
2. Time to First Byte (TTFB): It’s the time taken by the browser to receive the first byte of data from the web server. TTFB is crucial because it indicates the general ability of the server to handle traffic.
3. Request Count: The number of HTTP requests a browser has to make to fully load the page. The lower this count, the faster a website will feel to the user.
4. DOMContentLoaded (DCL): This is the time it takes for the full HTML code of a webpage to be loaded. The faster this happens, the faster users can see useful functionality. This time doesn’t include loading CSS and other assets
5. Time to above-the-fold load: “Above the fold” is the area of a webpage that fits in a browser window without a user having to scroll down. This is the content that is first seen by the user and often dictates whether they’ll continue reading the webpage.
6. First Contentful Paint (FCP): This is the time at which content first begins to be “painted” by the browser. It can be a text, image, or even background color.
7. Page Size: This is the total file size of all content and assets that appear on the page. Over the last several years, the page size of websites has been growing constantly. The bigger the size of a webpage, the longer it will take to load.
8. Round Trip Time (RTT): This is the amount of time a round trip takes. A round trip constitutes a request traveling from the browser to the origin server and the response from the server going to the browser. Reducing RTT is one of the key approaches to improving a website’s performance.
9. Render Blocking Resources: Some resources block other parts of the page from being loaded. It’s important to track the number of such resources. The more render-blocking resources a webpage has, the greater the delay for the browser to load the page.

Question 5

Top 5 common ways to improve API performance.

Answer 5

Result Pagination:
This method is used to optimize large result sets by streaming them back to the client, enhancing service responsiveness and user experience.

Asynchronous Logging:
This approach involves sending logs to a lock-free buffer and returning immediately, rather than dealing with the disk on every call. Logs are periodically flushed to the disk, significantly reducing I/O overhead.

Data Caching:
Frequently accessed data can be stored in a cache to speed up retrieval. Clients check the cache before querying the database, with data storage solutions like Redis offering faster access due to in-memory storage.

Payload Compression:
To reduce data transmission time, requests and responses can be compressed (e.g., using gzip), making the upload and download processes quicker.

Connection Pooling:
This technique involves using a pool of open connections to manage database interaction, which reduces the overhead associated with opening and closing connections each time data needs to be loaded. The pool manages the lifecycle of connections for efficient resource use.

Question 6

Rest API cheatsheet
1. Client server
2. Stateless
3. Cacheable
4. Layered system
5. Code on demand
6. Uniform interface

Answer 6

1. Client server - emphasize the separation of user interface concerns (client) from data storage & processing concerns (server) to enhance portability & scalability.
2. Stateless - dictates that each request from a client to server must contain all the necessary information for processing, ensuring no session state is stored on the server between requests.
3. Cacheable - ensures that responses can be explicitly marked as cacheable or non-cacheable, allowing clients to reuse previously fetched responses to enhance efficiency and reduce load.
4. Layered system - architecture may have multiple layers, and a client interacts without knowing if it communicated with the end server or an intermediary layer, promoting scalability and security.
5. Code on demand - servers can temporarily extend or customize a client’s functionality by transferring executable code, enhancing flexibility and adaptability.
6. Uniform interface - a consistent and standardised interface simplifies and decouples interactions, making systems independent and easier to evolve.

GET https://api.example.com/v1/users?age=25&gender=male&page=2&limit=10

HTTPS methods
- GET (for retrieving)
- PUT (for updating)
- POST (for creating)
- PATCH (for patching)
- DELETE (for deleting)

Protocols - always use HTTPS :// for API calls to ensure security and data privacy.
Sub domain (“api”) - use clear & consistent domain naming conventions. Sub domains like “api” are often used for API endpoints.
Versioning - version your API to manage changes & maintain backwards compatibility.
Endpoint - use nouns to represent resources. Paths should be intuitive and follow RESTful principles.
Filtering - divide large data sets into pages for manageable chunk retrieval.
Pagination - specify criteria to retrieve relevant data subset, refine search results.

Question 7

Top 8 programming paradigms

Answer 7

1. Imperative programming - describes a sequence of steps that change the program’s state. Languages like C, C++, Java, Python& many others support imperative programming styles.
2. Declarative Programming - emphasizes expressing logic and functionalities without describing the control flow explicitly. Functional programming is a popular form of declarative programming.
3. Object-Oriented Programming (OOP) - revolves around the concept of objects, which
   encapsulate data (attributes) and behavior (methods or functions). Common OOP languages include Java, C++, Python, Ruby, and C#.
4. Aspect-Oriented Programming (AOP) - aims to modularize concerns that cut across multiple parts of a software system. AspectJ is one of the most well-known AOP frameworks that extends Java with AOP capabilities.
5. Functional Programming (FP) - treats computation as the evaluation of mathematical functions & emphasizes the use of immutable data and declarative expressions. Languages like Haskell, Lisp, Erlang, and some features in languages like JavaScript, Python, and Scala support functional programming paradigms.
6. Reactive Programming - deals with asynchronous data streams and the propagation of changes. Event-driven applications, and streaming data processing applications benefit from reactive programming.
7. Generic Programming - aims at creating reusable, flexible, and type-independent code by allowing algorithms and data structures to be written without specifying the types they will
   operate on. Generic programming is extensively used in libraries and frameworks to create data structures like lists, stacks, queues, & algorithms like sorting, searching.
8. Concurrent Programming - deals with the execution of multiple tasks or processes
   simultaneously, improving performance and resource utilization. Concurrent programming is utilized in various applications, including multi-threaded servers, parallel processing,
   concurrent web servers, & high-performance computing.

Question 8

Data Pipelines Overview

Data pipelines are a fundamental component of managing and processing data efficiently within modern systems. These pipelines typically encompass 5 predominant phases

Answer 8

Collect, Ingest, Store, Compute, and Consume.

1. Collect: Data is acquired from data stores, data streams, and applications, sourced remotely from devices, applications, or business systems.
2. Ingest: During the ingestion process, data is loaded into systems and organized within event queues.
3. Store: Post ingestion, organized data is stored in data warehouses, data lakes, and data lakehouses, along with various systems like databases, ensuring post-ingestion storage.
4. Compute:
   Data undergoes aggregation, cleansing, and manipulation to conform to company standards,
   including tasks such as format conversion, data compression, and partitioning. This phase
   employs both batch and stream processing techniques.
5. Consume: Processed data is made available for consumption through analytics and visualization tools, operational data stores, decision engines, user-facing applications, dashboards, data science, machine learning services, business intelligence, and self-service analytics.

The efficiency and effectiveness of each phase contribute to the overall success of data-driven operations within an organization.

Question 9

Things Every Developer Should Know: Concurrency is NOT
parallelism.

Answer 9

In system design, it is important to understand the difference between concurrency and parallelism. As Rob Pyke(one of the creators of GoLang) stated:“ Concurrency is about 𝐝𝐞𝐚𝐥𝐢𝐧𝐠 𝐰𝐢𝐭𝐡 lots of things at once. Parallelism is about 𝐝𝐨𝐢𝐧𝐠 lots of things at once.” This distinction emphasizes that concurrency is more about the 𝐝𝐞𝐬𝐢𝐠𝐧 of a program, while parallelism is about the 𝐞𝐱𝐞𝐜𝐮𝐭𝐢𝐨𝐧.

Concurrency is about dealing with multiple things at once. It involves structuring a program to handle multiple tasks simultaneously, where the tasks can start, run, and complete in overlapping time periods, but not necessarily at the same instant.

Concurrency is about the composition of independently executing processes and describes a program’s ability to manage multiple tasks by making progress on them without necessarily completing one before it starts another.

Parallelism, on the other hand, refers to the simultaneous execution of multiple computations. It is the technique of running two or more tasks or computations at the same time, utilizing multiple processors or cores within a computer to perform several operations concurrently. Parallelism requires hardware with multiple processing units, and its primary goal is to increase the throughput and computational speed of a system.

In practical terms, concurrency enables a program to remain responsive to input, perform background tasks, and handle multiple operations in a seemingly simultaneous manner, even on a
single-core processor. It’s particularly useful in I/O-bound and high-latency operations where
programs need to wait for external events, such as file, network, or user interactions.
Parallelism, with its ability to perform multiple operations at the same time, is crucial in CPU-bound tasks where computational speed and throughput are the bottlenecks. Applications that require heavy mathematical computations, data analysis, image processing, and real-time processing can
significantly benefit from parallel execution.

Question 10

Popular interview question: how to diagnose a mysterious process that’s taking too much CPU, memory, IO, etc?

Answer 10

The diagram below illustrates helpful tools in a Linux system.
🔹‘vmstat’ - reports information about processes, memory, paging, block IO, traps, and CPU activity.
🔹‘iostat’ - reports CPU and input/output statistics of the system.
🔹‘netstat’ - displays statistical data related to IP, TCP, UDP, and ICMP protocols.
🔹‘lsof’ - lists open files of the current system.
🔹‘pidstat’ - monitors the utilization of system resources by all or specified processes, including CPU, memory, device IO, task switching, threads, etc.

Question 11

Top 9 Cases Behind 100% CPU Usage.

Answer 11

The diagram below shows common culprits that can lead to 100% CPU usage. Understanding these can help in diagnosing problems and improving system efficiency.

1. Infinite Loops
2. Background Processes
3. High Traffic Volume
4. Resource-Intensive Applications
5. Insufficient Memory
6. Concurrent Processes
7. Busy Waiting
8. Regular Expression Matching
9. Malware and Viruses