Internals of replication in mongodb. These internals cover replication selection, the replication process, elections (and the rules), and oplog transformation.
This presentation was given at the MongoDB San Francisco conference.
MongoDB 2.8 Replication Internals: Fitting it all togetherScott Hernandez
MongoDB replication internal architecture for 2.8
Abstract:
Replication in MongoDB requires deep integration with almost every part of the codebase, and has important hooks in various systems like storage, indexing, command processing and querying. Most of the replication components have seen a major overhaul recently in order to make further improvements. In this talk we will address what those pieces are, how they interact, and interesting choices made during their design. In this talk we get into the interaction of the replication protocols, commands really, writes and write concern enforcement, consensus (elections/ leader/follower/ majority) behaviors, and down into the depths of oplog generation and application on replicas. While a large part of the talk will be a technical overview of the big pieces we will dive into many important areas in order to ensure better understanding. The audience will be able to greatly affect which areas we focus on during the session, so come with ideas and a focus.
This document summarizes the key changes and new features in PHP 5.6, which was released in August 2014. It provides details on the release process and timeline. Some major additions in 5.6 included constant scalar expressions, variadic functions, argument unpacking, and the power operator. Other improvements included better SSL/TLS support, the new phpdbg debugging tool, and performance enhancements. The document also outlines some backwards incompatible changes and deprecated features.
This document provides an overview and agenda for a presentation on Full Stack Clojure. It introduces Clojure and why it was designed, discusses some of its core principles like immutability and functional programming, and provides examples of basic Clojure concepts like data literals, syntax, and persistent data structures. The presentation aims to explain Clojure and demonstrate how to build full stack applications with it.
Flowchart - Building next gen malware behavioural analysis environment isc2-hellenic
The document describes the behavior of a ransomware sample. It unpacks files, checks system requirements like CPU cores and Windows version, decrypts decoy files using XOR, identifies a .NET binary, writes registry keys for persistence, checks for security software and debuggers, downloads and executes updates, and includes keylogging and screenshot capturing functionality before deleting logs and persisting on the system.
ClojureScript loves React, DomCode May 26 2015Michiel Borkent
This document provides an overview of ClojureScript and compares it to ReactJS. It discusses the current status of JavaScript, how ClojureScript targets JavaScript using Google Closure libraries and optimizations. The core features of ClojureScript are summarized, including its use of persistent immutable data structures, functional programming, sequence abstraction, and isolation of mutable state with atoms. Syntax differences between JavaScript and ClojureScript are shown through examples.
Specializing the Data Path - Hooking into the Linux Network StackKernel TLV
Ever needed to add your custom logic into the network stack?
Ever hacked the network stack but wasn't certain you're doing it right?
Shmulik Ladkani talks about various mechanisms for customizing packet processing logic to the network stack's data path.
He covers covering topics such as packet sockets, netfilter hooks, traffic control actions and ebpf. We will discuss their applicable use-cases, advantages and disadvantages.
Shmulik Ladkani is a Tech Lead at Ravello Systems.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
51966 coffees and billions of forwarded packets later, with millions of homes running his software, Shmulik left his position as Jungo’s lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud service. He's now focused around virtualization systems, network virtualization and SDN.
The document describes a simulated hacking game scenario involving a compromised POS terminal infected with malware. It details the components of the botnet architecture including bot nodes, command and control infrastructure, and social media propagation. Diagrams show the network layout and communication channels. The document also examines the bot's components, capabilities, and protection mechanisms such as bytecode encryption and anti-debugging techniques. Hints are provided to help players progress in the game by bypassing defenses and achieving objectives over multiple days.
MongoDB 2.8 Replication Internals: Fitting it all togetherScott Hernandez
MongoDB replication internal architecture for 2.8
Abstract:
Replication in MongoDB requires deep integration with almost every part of the codebase, and has important hooks in various systems like storage, indexing, command processing and querying. Most of the replication components have seen a major overhaul recently in order to make further improvements. In this talk we will address what those pieces are, how they interact, and interesting choices made during their design. In this talk we get into the interaction of the replication protocols, commands really, writes and write concern enforcement, consensus (elections/ leader/follower/ majority) behaviors, and down into the depths of oplog generation and application on replicas. While a large part of the talk will be a technical overview of the big pieces we will dive into many important areas in order to ensure better understanding. The audience will be able to greatly affect which areas we focus on during the session, so come with ideas and a focus.
This document summarizes the key changes and new features in PHP 5.6, which was released in August 2014. It provides details on the release process and timeline. Some major additions in 5.6 included constant scalar expressions, variadic functions, argument unpacking, and the power operator. Other improvements included better SSL/TLS support, the new phpdbg debugging tool, and performance enhancements. The document also outlines some backwards incompatible changes and deprecated features.
This document provides an overview and agenda for a presentation on Full Stack Clojure. It introduces Clojure and why it was designed, discusses some of its core principles like immutability and functional programming, and provides examples of basic Clojure concepts like data literals, syntax, and persistent data structures. The presentation aims to explain Clojure and demonstrate how to build full stack applications with it.
Flowchart - Building next gen malware behavioural analysis environment isc2-hellenic
The document describes the behavior of a ransomware sample. It unpacks files, checks system requirements like CPU cores and Windows version, decrypts decoy files using XOR, identifies a .NET binary, writes registry keys for persistence, checks for security software and debuggers, downloads and executes updates, and includes keylogging and screenshot capturing functionality before deleting logs and persisting on the system.
ClojureScript loves React, DomCode May 26 2015Michiel Borkent
This document provides an overview of ClojureScript and compares it to ReactJS. It discusses the current status of JavaScript, how ClojureScript targets JavaScript using Google Closure libraries and optimizations. The core features of ClojureScript are summarized, including its use of persistent immutable data structures, functional programming, sequence abstraction, and isolation of mutable state with atoms. Syntax differences between JavaScript and ClojureScript are shown through examples.
Specializing the Data Path - Hooking into the Linux Network StackKernel TLV
Ever needed to add your custom logic into the network stack?
Ever hacked the network stack but wasn't certain you're doing it right?
Shmulik Ladkani talks about various mechanisms for customizing packet processing logic to the network stack's data path.
He covers covering topics such as packet sockets, netfilter hooks, traffic control actions and ebpf. We will discuss their applicable use-cases, advantages and disadvantages.
Shmulik Ladkani is a Tech Lead at Ravello Systems.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
51966 coffees and billions of forwarded packets later, with millions of homes running his software, Shmulik left his position as Jungo’s lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud service. He's now focused around virtualization systems, network virtualization and SDN.
The document describes a simulated hacking game scenario involving a compromised POS terminal infected with malware. It details the components of the botnet architecture including bot nodes, command and control infrastructure, and social media propagation. Diagrams show the network layout and communication channels. The document also examines the bot's components, capabilities, and protection mechanisms such as bytecode encryption and anti-debugging techniques. Hints are provided to help players progress in the game by bypassing defenses and achieving objectives over multiple days.
The document discusses new features introduced in Java 7 including:
1) The addition of null-safe and exception-chaining operators to safely handle null values and exceptions.
2) Automatic resource management using try-with-resources to ensure open resources are closed.
3) Inference of generic types for collections to simplify declarations.
4) Allowing strings in switch statements.
5) Underscores in numeric literals for improved readability.
The document appears to be a sequence diagram showing the process of a request in Tomcat. It shows various components involved including threads, protocols, engines, pipelines, valves and filters. The diagram shows the components interacting and methods being invoked as the request is processed through each component until it reaches the servlet and response is returned.
This document discusses common C++ bugs and tools to find them. It describes various types of memory access bugs like buffer overflows on the stack, heap, and globals that can lead to crashes or security vulnerabilities. Threading bugs like data races, deadlocks, and race conditions on object destruction are also covered. Other undefined behaviors like initialization order issues, lack of sequence points, and integer overflows are explained. The document provides examples of each type of bug and quizzes the reader to find bugs in a code sample. It recommends resources for further reading on debugging techniques and thread sanitizers that can detect races and data races.
Swug July 2010 - windows debugging by sainathDennis Chung
The document provides an overview of basic debugging terms and tools like process, thread, registers, exceptions, memory dumps, and AdPlus. It discusses setting up a debugger, understanding assembly code, using important CPU registers and variables, reading memory types, and examining stacks. The document also asks questions to check understanding of debugging concepts.
Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine. It introduces events and an event queue to handle asynchronous and non-blocking operations. Everything runs as a callback from the event loop. Node.js wraps OS operations in modules to make file, network, and other operations non-blocking and event-driven. It also introduces a module system where each module gets its own private scope. Common patterns in Node.js include using the listener/emitter pattern to handle events and building applications with streams of data.
This document discusses symbolic execution and the Triton framework. It begins with an introduction to symbolic execution and why it is useful for tasks like static and dynamic analysis. Triton is then introduced as a dynamic binary analysis framework that uses symbolic execution. Key components of Triton like the symbolic execution engine and AST representations are described. Finally, SymGDB is presented as a way to combine Triton with GDB to simplify symbolic execution debugging workflows. Examples analyzing crackme programs are provided to demonstrate SymGDB.
The document describes decompiled source code from two programs. The VB decompiler produced source code for two .NET programs, showing properties and method signatures. The Java decompiler produced well-formatted source code for two Java programs, showing package declarations, imports, classes, methods and comments.
Asynchronous single page applications without a line of HTML or Javascript, o...Robert Schadek
AngularJS, together with Node.js, is an extremely powerful combination for building single page applications. Unfortunately, its development requires writing HTML and Javascript, which is tedious and error prone. By using vibe.d, HTML is no longer necessary, and the developers can use the full power of a static-typed language for the development of the backend. Substituting Javascript with Typescript in addition to a little bit of CTFE D magic then removes the need for redundant data type declarations, and makes everything statically typed. At the end of the talk, the attendee will have witnessed the creation of a statically typed, asynchronous single page application that required little extra typing than its dynamically typed equivalent. Additionally, the attendees will be motivated to explore the presented combination of frameworks as a viable desktop application UI framework.
Embed perl allows a C program to use Perl code and features by adding a Perl interpreter to the C program. It allows calling Perl subroutines from C, evaluating Perl statements, and performing Perl regular expressions. Using embed perl provides access to CPAN modules and Perl's powerful regex engine without needing PCRE. The basic steps are to initialize an interpreter, parse Perl code, run the code, and destruct the interpreter. Output can be captured by overriding Perl's filehandle layers to write to C variables instead of files. Embed perl is not difficult and provides a way to leverage Perl in C and C++ programs.
Capture the Flag (CTF) are information security challenges. They are fun, but they also provide a opportunity to practise for real-world security challenges.
In this talk we present the concept of CTF. We focus on some tools used by our team, which can also be used to solve real-world problems.
This document discusses software obfuscation techniques using C++ metaprogramming. It presents several implementations of string obfuscation using templates to encrypt strings at compile-time. It also discusses obfuscating function calls using finite state machines generated with metaprogramming. Debugger detection is added to fight dynamic analysis. The techniques aim to make reverse engineering and static/dynamic analysis more difficult without changing program semantics.
The document summarizes the D programming language compiler, including its organization with one front end and three back ends, major changes including converting the front end to D and using Dwarf exception handling. It describes the source code organization, types of compiles, memory allocation, strings, arrays, parsing, semantic analysis, lowering, constant folding, templates, inlining, and challenges in improving encapsulation, reducing complexity and memory usage.
OSMC 2014: Monitoring VoIP Systems | Sebastian DammNETWAYS
While delivering VoIP solutions to customers for more than ten years, at sipgate we have gained experience in monitoring our VoIP setup. The talk will give an insight on how to monitor Asterisk, Kamailio, Yate and other vital parts of our setup through standard checks and own scripts. We will not only show how to monitor standard SIP, but also how to detect bottlenecks and misfunctions.
This document introduces Hideaki Ohno and his work with foreign data wrappers. It discusses using foreign data wrappers with PostgreSQL to access data from other systems like MySQL, Twitter, and IMAP. It also describes the Perl foreign data wrapper module he created called perl_fdw that allows querying external Perl modules from PostgreSQL using foreign tables.
TestR is a tool for automatically generating unit tests for R internals written in C. It works by instrumenting GNU-R to capture calls to built-in functions along with their arguments and return values. These calls are then used to generate test cases. Test cases are filtered to only include those that increase code coverage as measured by gcov. Experimental results found TestR was able to generate a test suite covering 80% of the GNU R test suite with only 4695 tests, and also uncovered errors in other R virtual machines.
This event is part of our ongoing series about IT Security. In this session, Carl Svensson, a security professional working in the Google Offensive Security team, gives us an introduction to Binary Exploitation. Watch the recording at https://dscmunich.de/binexp
This document summarizes the steps taken to install and configure MySQL 5.1.50 and MySQL 5.5.8 on the same machine for performance testing purposes. It describes preparing the testing environment, installing each MySQL version, and configuring various parameters like the InnoDB storage engine settings. Tests were run using Sysbench to compare the performance of each version for operations like inserting 1 million records with and without concurrency. The results are presented in tables showing the time taken for each operation on each MySQL configuration.
This document provides an overview of MySQL Handler Socket, including why it is used, how to build and configure the Handler Socket plugin, and how to create a Java client program to interface with Handler Socket. Key points covered include improving query performance by offloading processing to Handler Socket, configuration parameters for Handler Socket, important Java methods for opening sessions and performing operations, and best practices for the Java client such as reusing sessions. Code examples are also provided.
This document discusses the design and goals of advanced replication in MongoDB. The goals are high availability, consistent data, automatic failover across multiple regions/data centers, and dynamic reads. The design includes replicating all databases to each node, using quorum and elections for consistency, smart clients, source selection awareness, recording operations in an oplog, and asynchronous replication with write acknowledgements.
Profilers find performance bottlenecks in your app but provide confusing information. Let's give you insights into how your profiler and your app are really interacting. What profiling APIs are available, how they work, and what their implementation on the JVM (OpenJDK) side looks like:
Stack sampling profilers: stop motion view of your app
GetCallTrace(JVisualVM case study): The official stack sampling API
Safepoints and safepoint sampling bias
AsyncGetCallTrace(Honest Profiler Case Study): The unofficial API
JVM Profilers vs System Profilers: No API needed?
Enroll Here --> https://goo.gl/xBJMA5 (50% OFF) Video Course
Do you know that all the web client frameworks are based on JavaScript?
Like AngularJS, ReactJS, NodeJS, etc., So, now it is the time for you to not only build a strong base in JavaScript basic programming but also to understand the basics of object oriented programming using JavaScript.
Yes, the buzzword of the market that is TypeScript and AngularJS2+ are completely based on oops through the JavaScript.
When it comes to the passing data from a client to the server then JSON formatted data is the hero, which again reminds the object or collection of objects of JavaScript.
Now no way to escape from learning JavaScript, if you want to stick to web technology with any platform whether it is Microsoft or Java or PHP or anything else.
So, no worries! we made it dam simple for you to master it :)
Enroll Here --> https://goo.gl/xBJMA5 (50% OFF) Video Course
The document discusses new features introduced in Java 7 including:
1) The addition of null-safe and exception-chaining operators to safely handle null values and exceptions.
2) Automatic resource management using try-with-resources to ensure open resources are closed.
3) Inference of generic types for collections to simplify declarations.
4) Allowing strings in switch statements.
5) Underscores in numeric literals for improved readability.
The document appears to be a sequence diagram showing the process of a request in Tomcat. It shows various components involved including threads, protocols, engines, pipelines, valves and filters. The diagram shows the components interacting and methods being invoked as the request is processed through each component until it reaches the servlet and response is returned.
This document discusses common C++ bugs and tools to find them. It describes various types of memory access bugs like buffer overflows on the stack, heap, and globals that can lead to crashes or security vulnerabilities. Threading bugs like data races, deadlocks, and race conditions on object destruction are also covered. Other undefined behaviors like initialization order issues, lack of sequence points, and integer overflows are explained. The document provides examples of each type of bug and quizzes the reader to find bugs in a code sample. It recommends resources for further reading on debugging techniques and thread sanitizers that can detect races and data races.
Swug July 2010 - windows debugging by sainathDennis Chung
The document provides an overview of basic debugging terms and tools like process, thread, registers, exceptions, memory dumps, and AdPlus. It discusses setting up a debugger, understanding assembly code, using important CPU registers and variables, reading memory types, and examining stacks. The document also asks questions to check understanding of debugging concepts.
Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine. It introduces events and an event queue to handle asynchronous and non-blocking operations. Everything runs as a callback from the event loop. Node.js wraps OS operations in modules to make file, network, and other operations non-blocking and event-driven. It also introduces a module system where each module gets its own private scope. Common patterns in Node.js include using the listener/emitter pattern to handle events and building applications with streams of data.
This document discusses symbolic execution and the Triton framework. It begins with an introduction to symbolic execution and why it is useful for tasks like static and dynamic analysis. Triton is then introduced as a dynamic binary analysis framework that uses symbolic execution. Key components of Triton like the symbolic execution engine and AST representations are described. Finally, SymGDB is presented as a way to combine Triton with GDB to simplify symbolic execution debugging workflows. Examples analyzing crackme programs are provided to demonstrate SymGDB.
The document describes decompiled source code from two programs. The VB decompiler produced source code for two .NET programs, showing properties and method signatures. The Java decompiler produced well-formatted source code for two Java programs, showing package declarations, imports, classes, methods and comments.
Asynchronous single page applications without a line of HTML or Javascript, o...Robert Schadek
AngularJS, together with Node.js, is an extremely powerful combination for building single page applications. Unfortunately, its development requires writing HTML and Javascript, which is tedious and error prone. By using vibe.d, HTML is no longer necessary, and the developers can use the full power of a static-typed language for the development of the backend. Substituting Javascript with Typescript in addition to a little bit of CTFE D magic then removes the need for redundant data type declarations, and makes everything statically typed. At the end of the talk, the attendee will have witnessed the creation of a statically typed, asynchronous single page application that required little extra typing than its dynamically typed equivalent. Additionally, the attendees will be motivated to explore the presented combination of frameworks as a viable desktop application UI framework.
Embed perl allows a C program to use Perl code and features by adding a Perl interpreter to the C program. It allows calling Perl subroutines from C, evaluating Perl statements, and performing Perl regular expressions. Using embed perl provides access to CPAN modules and Perl's powerful regex engine without needing PCRE. The basic steps are to initialize an interpreter, parse Perl code, run the code, and destruct the interpreter. Output can be captured by overriding Perl's filehandle layers to write to C variables instead of files. Embed perl is not difficult and provides a way to leverage Perl in C and C++ programs.
Capture the Flag (CTF) are information security challenges. They are fun, but they also provide a opportunity to practise for real-world security challenges.
In this talk we present the concept of CTF. We focus on some tools used by our team, which can also be used to solve real-world problems.
This document discusses software obfuscation techniques using C++ metaprogramming. It presents several implementations of string obfuscation using templates to encrypt strings at compile-time. It also discusses obfuscating function calls using finite state machines generated with metaprogramming. Debugger detection is added to fight dynamic analysis. The techniques aim to make reverse engineering and static/dynamic analysis more difficult without changing program semantics.
The document summarizes the D programming language compiler, including its organization with one front end and three back ends, major changes including converting the front end to D and using Dwarf exception handling. It describes the source code organization, types of compiles, memory allocation, strings, arrays, parsing, semantic analysis, lowering, constant folding, templates, inlining, and challenges in improving encapsulation, reducing complexity and memory usage.
OSMC 2014: Monitoring VoIP Systems | Sebastian DammNETWAYS
While delivering VoIP solutions to customers for more than ten years, at sipgate we have gained experience in monitoring our VoIP setup. The talk will give an insight on how to monitor Asterisk, Kamailio, Yate and other vital parts of our setup through standard checks and own scripts. We will not only show how to monitor standard SIP, but also how to detect bottlenecks and misfunctions.
This document introduces Hideaki Ohno and his work with foreign data wrappers. It discusses using foreign data wrappers with PostgreSQL to access data from other systems like MySQL, Twitter, and IMAP. It also describes the Perl foreign data wrapper module he created called perl_fdw that allows querying external Perl modules from PostgreSQL using foreign tables.
TestR is a tool for automatically generating unit tests for R internals written in C. It works by instrumenting GNU-R to capture calls to built-in functions along with their arguments and return values. These calls are then used to generate test cases. Test cases are filtered to only include those that increase code coverage as measured by gcov. Experimental results found TestR was able to generate a test suite covering 80% of the GNU R test suite with only 4695 tests, and also uncovered errors in other R virtual machines.
This event is part of our ongoing series about IT Security. In this session, Carl Svensson, a security professional working in the Google Offensive Security team, gives us an introduction to Binary Exploitation. Watch the recording at https://dscmunich.de/binexp
This document summarizes the steps taken to install and configure MySQL 5.1.50 and MySQL 5.5.8 on the same machine for performance testing purposes. It describes preparing the testing environment, installing each MySQL version, and configuring various parameters like the InnoDB storage engine settings. Tests were run using Sysbench to compare the performance of each version for operations like inserting 1 million records with and without concurrency. The results are presented in tables showing the time taken for each operation on each MySQL configuration.
This document provides an overview of MySQL Handler Socket, including why it is used, how to build and configure the Handler Socket plugin, and how to create a Java client program to interface with Handler Socket. Key points covered include improving query performance by offloading processing to Handler Socket, configuration parameters for Handler Socket, important Java methods for opening sessions and performing operations, and best practices for the Java client such as reusing sessions. Code examples are also provided.
This document discusses the design and goals of advanced replication in MongoDB. The goals are high availability, consistent data, automatic failover across multiple regions/data centers, and dynamic reads. The design includes replicating all databases to each node, using quorum and elections for consistency, smart clients, source selection awareness, recording operations in an oplog, and asynchronous replication with write acknowledgements.
Profilers find performance bottlenecks in your app but provide confusing information. Let's give you insights into how your profiler and your app are really interacting. What profiling APIs are available, how they work, and what their implementation on the JVM (OpenJDK) side looks like:
Stack sampling profilers: stop motion view of your app
GetCallTrace(JVisualVM case study): The official stack sampling API
Safepoints and safepoint sampling bias
AsyncGetCallTrace(Honest Profiler Case Study): The unofficial API
JVM Profilers vs System Profilers: No API needed?
Enroll Here --> https://goo.gl/xBJMA5 (50% OFF) Video Course
Do you know that all the web client frameworks are based on JavaScript?
Like AngularJS, ReactJS, NodeJS, etc., So, now it is the time for you to not only build a strong base in JavaScript basic programming but also to understand the basics of object oriented programming using JavaScript.
Yes, the buzzword of the market that is TypeScript and AngularJS2+ are completely based on oops through the JavaScript.
When it comes to the passing data from a client to the server then JSON formatted data is the hero, which again reminds the object or collection of objects of JavaScript.
Now no way to escape from learning JavaScript, if you want to stick to web technology with any platform whether it is Microsoft or Java or PHP or anything else.
So, no worries! we made it dam simple for you to master it :)
Enroll Here --> https://goo.gl/xBJMA5 (50% OFF) Video Course
PostgreSQL Replication describes PostgreSQL Replicator, an open source solution for replicating PostgreSQL databases. Key features include asynchronous replication from a master to multiple slaves, supporting various replication types like role, grant, and large object replication without triggers. Replicator uses a Master Control Process to manage replication between nodes. It allows unlimited slaves without impacting the master and operates on any server.
PostgreSQL Replication describes PostgreSQL Replicator, an open source solution for replicating PostgreSQL databases. Key features include asynchronous replication from a master to multiple slaves, supporting various replication types like role, grant, and large object replication without triggers. Replicator uses a Master Control Process to manage replication between nodes. It allows unlimited slaves without impacting the master and operates on any server.
"Sharding - patterns & antipatterns". Доклад Алексея Рыбака (Badoo) и Констан...Badoo Development
This document discusses sharding patterns and antipatterns for scalable databases. It covers selecting good shard keys like user IDs, routing types like using smart clients or proxies, and approaches for re-sharding like moving data instead of redistributing it. The key topics are sharding functions, routing, and re-sharding strategies to minimize disruption when updating shard configurations.
Sharding - patterns & antipatterns, Константин Осипов, Алексей РыбакOntico
This document discusses sharding patterns and antipatterns for scalable databases. It covers selecting good shard keys like user IDs, routing types like using smart clients or proxies, and approaches for re-sharding like moving data instead of redistributing it. The key topics are sharding functions, routing, and re-sharding strategies to minimize disruption when updating shard configurations.
How To Get The Most Out Of Your Hibernate, JBoss EAP 7 Application (Ståle Ped...Red Hat Developers
The fifth major release of Hibernate sports contains many internal changes developed in collaboration between the Hibernate team and the Red Hat middleware performance team. Efficient access to databases is crucial to get scalable and responsive applications. Hibernate 5 received much attention in this area. You’ll benefit from many of these improvements by merely upgrading. But it's important to understand some of these new, performance-boosting features because you will need to explicitly enable them. We'll explain the development background on all of these powerful new features and the investigation process for performance improvements. Our aim is to provide good guidance so you can make the most of it on your own applications. We'll also peek at other performance improvements made on JBoss EAP 7, like on the caching layer, the connection manager, and the web tier. We want to make sure you can all enjoy better-performing applications—that require less power and less servers—without compromising on your developer’s productivity.
Hidden in Plain Sight: DUAL_EC_DRBG 'n stuffWhiskeyNeon
- DUAL_EC_DRBG was a random number generator standardized by NIST that was designed and promoted by the NSA and contained a backdoor. It used elliptic curve points to generate random numbers but the NSA knew the private key, allowing them to determine the internal state.
- While difficult to demonstrate on real-world implementations, the attack works by observing the random output, brute forcing short bits, and using scalar multiplication with the private key to recover the internal state.
- A weaker demonstration version was created to help explain the concepts using a smaller finite field and elliptic curve parameters that could be cracked with modest computing power to find the private key and demonstrate the attack.
This document contains a presentation on MongoDB replication and replica sets. It discusses:
- The benefits of replication for avoiding downtime, data loss and handling failures.
- The lifecycle of a replica set including creation, initialization, failure and recovery of nodes.
- Different roles nodes can have like primary, secondary or arbiter.
- Configuration options for replica sets including priority, hidden nodes and tags.
- Considerations for developing applications using replica sets including write concerns, read preferences and consistency levels.
This talk explores why HTTP is not the best fit for a micro-service architecture and how it results in the need for complex cloud infrastructure components. We present a different alternative using Redis pubsub and some other synchronisation facilities of redis. We will present a demo of the simplicity and extensibility of the solution and how it enables the development team focus on the core logic, rather than worry about the deployment, operations and orchestration overhead.
This document discusses dynamic program analysis techniques for finding data races. It describes race detection theory including happens-before ordering and locksets. It then summarizes ThreadSanitizer, a dynamic race detector tool, and discusses techniques used to improve its performance, including a fast path state machine, parallelization, compiler instrumentation, and sampling. It also introduces AddressSanitizer, a new tool for detecting memory errors like use-after-free and out-of-bounds accesses using shadow memory and instrumentation.
Константин Серебряный "Быстрый динамичекский анализ программ на примере поиск...Yandex
20 мая 2011, научный семинар
Константин Серебряный "Быстрый динамичекский анализ программ на примере поиска гонок (data races)"
Доклад посвящен динамическому анализу программ и, в частности, поиску гонок (data races). В рамках семинара будут рассмотрены следующие темы:
• Динамический анализ программ. Введение в теорию поиска гонок. Анализ потока событий программы. Требования по производительности.
• Базовый алгоритм инструмента ThreadSanitizer. Анализ производительности или почему алгоритм медленный?
• Ускорение и параллелизация базового алгоритма ThreadSanitizer.
• War stories: опыт внедрения регулярного тестирования для поиска гонок в Google Russia.
Finding Xori: Malware Analysis Triage with Automated DisassemblyPriyanka Aash
"In a world of high volume malware and limited researchers we need a dramatic improvement in our ability to process and analyze new and old malware at scale. Unfortunately what is currently available to the community is incredibly cost prohibitive or does not rise to the challenge. As malware authors and distributors share code and prepackaged tool kits, the corporate sponsored research community is dominated by solutions aimed at profit as opposed to augmenting capabilities available to the broader community. With that in mind, we are introducing our library for malware disassembly called Xori as an open source project. Xori is focused on helping reverse engineers analyze binaries, optimizing for time and effort spent per sample.
Xori is an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and provides triage analysis data. This Rust library emulates the stack, register states, and reference tables to identify suspicious functionality for manual analysis. Xori extracts structured data from binaries to use in machine learning and data science pipelines.
We will go over the pain-points of conventional open source disassemblers that Xori solves, examples of identifying suspicious functionality, and some of the interesting things we've done with the library. We invite everyone in the community to use it, help contribute and make it an increasingly valuable tool for researchers alike."
Modern computationally intensive tasks are rarely bottlenecked on the absolute performance of your processor cores, the real bottleneck in 2012 is getting data out of memory. CPU Caches are designed to alleviate the difference in performance between CPU Core Clockspeed and main memory clockspeed, but developers rarely understand how this interaction works or how to measure or tune their application accordingly.
This Talk aims to solve that by:
1. Describing how the CPU caches work in the latest Intel Hardware.
2. Showing people what and how to measure in order to understand the caching behaviour of their software.
3. Giving examples of how this affects Java Program performance and what can be done to address things.
Scaling Search at Lendingkart discusses how Lendingkart scaled their search capabilities to handle large increases in data volume. They initially tried scaling databases vertically and horizontally, but searches were still slow at 8 seconds. They implemented ElasticSearch for its near real-time search, high scalability, and out-of-the-box functionality. Logstash was used to seed data from MySQL and MongoDB into ElasticSearch. Custom analyzers and mappings were developed. Searches then reduced to 230ms and aggregations to 200ms, allowing the business to scale as transactional data grew 3000% and leads 250%.
Hyperparameter optimization landscape Berlin ML Group meetup 8/2019Jakub Czakon
The document discusses various methods and libraries for hyperparameter optimization, including surrogate models to speed up evaluations, bandid methods to estimate scores with lower fidelity runs, and pruning runs that show little promise; it provides an overview of the Scikit-Optimize, Optuna, and HpBandster libraries for hyperparameter optimization, comparing their algorithms, APIs, documentation, speed/parallelization, and visualization capabilities.
This talk was delivered on FOSDEM PGDay 2016, on 29th of January. It discusses the options to stream consistent snapshot of the data existing in a database prior to creating a logical replication slot.
Implementation and analysis of search algorithms in single player connect fou...Anmol Rajpurohit
The document discusses the implementation and analysis of search algorithms in a single-player Connect Four game. It outlines the game rules and previous work analyzing strategies. It then describes the problem statement, algorithms implemented including minimax and alpha-beta pruning, heuristics to evaluate board positions, and a comparative analysis of the algorithms. Exponential heuristics were found to explore more nodes than linear heuristics but require less than 1 second to search to a depth of 10. Alpha-beta pruning reduced the number of nodes explored by 10 to 100 times compared to not using pruning.
Realtime Analytics with MongoDB Counters (mongonyc 2012)Scott Hernandez
This document discusses pre-aggregating data with counters in MongoDB to enable dashboard-style reports. It involves defining metrics and aggregations upfront, and using the $inc operator to increment values in aggregation collections during write operations. This allows generating real-time aggregated data without requiring map-reduce or the aggregation framework, providing better performance for dashboard queries.
MongoDB Operational Best Practices (mongosf2012)Scott Hernandez
The document outlines operational best practices learned from analyzing real support cases. It describes 3 scenarios where performance issues were identified: 1) response time timeouts due to disk monitoring and instrumentation issues, 2) high CPU usage due to poorly indexed queries, and 3) general slowdowns due to large disk read-ahead size. Key learnings include monitoring logs and systems, performance testing before deployments, using database profilers and indexes, and planning rollouts and configurations.
The document discusses strategies for managing data across multiple online data centers, including using replication to provide high availability and distribute data across regions, implementing sharding with replica sets to partition and distribute data while taking advantage of replication, and new features in MongoDB like read preferences and tagged balancing to help optimize reads and distribution of data locally among data centers.
This document provides an overview of Morphia, a Java object mapping library for MongoDB. It discusses Morphia's advantages over using raw MongoDB drivers, including type safety and the ability to work with POJOs rather than generic maps. Key features covered include annotation-based mapping of entities to collections, lifecycle callbacks, queries, updates, and support for relationships and object graphs. The document aims to demonstrate how Morphia reduces boilerplate and provides a more object-oriented interface for working with MongoDB in Java applications.
This document provides an overview of Morphia, a Java object mapping library for MongoDB. It discusses Morphia's advantages over using raw MongoDB drivers, including type safety and the ability to work with POJOs rather than generic maps. Key features covered include annotation-based mapping of entities to collections, lifecycle callbacks, queries, updates, and support for relationships and object graphs. The document aims to demonstrate how Morphia simplifies common data access patterns while retaining performance.
The document discusses using the MongoDB shell for debugging queries, testing, and administration. It notes some limitations of using JavaScript in the shell, like number and date handling. It then demonstrates various shell commands like insert, find, runCommand, and profiling. Finally it discusses additional shell features like loading scripts, exposing functions, and printing indexes.
This document discusses backup, restore, and disaster recovery options for MongoDB databases. It covers topics such as mongodump for backups, filesystem snapshots, replication for disaster recovery, and restoration procedures for both online and offline servers. Tips are provided for mongodump/restore operations and cleaning up snapshots.
The document discusses MongoDB as a scalable, open-source NoSQL database that provides agility, scalability, and high performance. It supports document-oriented data with dynamic schemas, horizontal scaling through autosharding and replication for high availability. MongoDB provides a simple interface that is similar to but more flexible than SQL.
1) The MongoDB 2.5 Java driver includes improvements to URI handling, replica set support, map/reduce functionality, and error handling.
2) Notable updates include better replica set member detection, inline map/reduce results, merge and re-reduce options for map/reduce, and checking for max document size directly from the server.
3) There are some breaking changes as well, such as map/reduce now using a temporary collection by default and changes to GridFS metadata fields.
This document provides an overview of MongoDB and the Morphia object-document mapper for Java. It discusses MongoDB concepts like document storage, indexing, and concurrency model. It then covers Morphia's annotations for mapping Java objects to MongoDB documents, including entity configuration, relationships, and common data access patterns using queries and updates. Code examples are provided for mapping object graphs, querying, and updating documents.
This document provides tips and explanations for various MongoDB concepts and operations. It discusses basic expectations of MongoDB including indexing order, write and query threads, and memory mapped data files. It also summarizes indexes, shell functions, connections, getLastError commands, profiling, log configuration, limiting and sorting queries, bulk data loading, collection statistics, backups, and the mongostat monitoring tool.
The document discusses using the MongoDB shell for debugging, testing, and administration tasks. It notes some limitations of using JavaScript in the shell, such as number and date handling. It provides examples of common shell commands like insert, update, remove, loading scripts, running commands, and profiling. Useful shell functions are also demonstrated like printjson and forEach. The document concludes by showing how to print indexes, find the largest document, use cursors, define aliases, and work with DBRefs.
This document summarizes options for using MongoDB with Java, including raw drivers, object mapping libraries like Morphia, and examples of common operations. It discusses using the MongoDB Java driver to directly encode data to BSON format, as well as higher-level libraries that allow working with Java objects like with Morphia annotations and queries. Examples demonstrate basic CRUD operations, embedding vs referencing relationships, and updating documents.
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/how-axelera-ai-uses-digital-compute-in-memory-to-deliver-fast-and-energy-efficient-computer-vision-a-presentation-from-axelera-ai/
Bram Verhoef, Head of Machine Learning at Axelera AI, presents the “How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-efficient Computer Vision” tutorial at the May 2024 Embedded Vision Summit.
As artificial intelligence inference transitions from cloud environments to edge locations, computer vision applications achieve heightened responsiveness, reliability and privacy. This migration, however, introduces the challenge of operating within the stringent confines of resource constraints typical at the edge, including small form factors, low energy budgets and diminished memory and computational capacities. Axelera AI addresses these challenges through an innovative approach of performing digital computations within memory itself. This technique facilitates the realization of high-performance, energy-efficient and cost-effective computer vision capabilities at the thin and thick edge, extending the frontier of what is achievable with current technologies.
In this presentation, Verhoef unveils his company’s pioneering chip technology and demonstrates its capacity to deliver exceptional frames-per-second performance across a range of standard computer vision networks typical of applications in security, surveillance and the industrial sector. This shows that advanced computer vision can be accessible and efficient, even at the very edge of our technological ecosystem.
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
8. Replication Process
● Record oplog entry on write
● Idempotent entries
● Pulled by replicas
1. Read over network
2. Buffer locally
3. Apply in batch
4. Repeat
9. Read + Apply Decoupled
● Background oplog reader thread
● Pool of oplog applier threads (by collection)
Repl Source
Applier
Thread
Pool
16
Buffer
DB4
DB3
DB1 DB2
Local Oplog
Network
Batch
Com
plete
11. Good Replication States
● Initial Sync
○ Record oplog start position
○ Clone/copy all dbs
○ Set minvalid, apply oplog since start
○ Build indexes
● Replication Batch: MinValid
15. Election Nomination
Disqualifications
A replica will nominate itself unless:
● Priority:0 or arbiter
● Not freshest
● Just stepped down (in unelectable state)
● Would be vetoed by anyone because
○ There is a Primary already
○ They don't have us in their config
○ Higher priority member out there
● Higher config version out there
16. The Election
Nomination:
● If it looks like a tie, sleep random time
(unless first node)
Voting:
● If all goes well, only one nominee
● All voting members vote for one nominee
● Majority of votes wins
22. Replication Source Select'n
● Select closest source
○ Limit to non-hidden or slave delayed
○ If nothing, try again with hidden/slave delayed
○ Select node with fastest "ping" time
○ Must be fresher
● Choose source when
○ Starting
○ Any error with existing source (network, query)
○ Any member is 30s ahead of current source
● Manual override
○ replSetSyncSource -- good until we choose again
24. Goal: Dynamic Reads
Controls for consistency
● Default to Primary
● Non-primary allowed
● Based on
○ Locality (ping/tags)
○ Tags
Client
S
P
S
Tags: A,
B
Tags: B, C