Opera Software is mainly known for its web browser, but Opera also created and develops a growing set of web applications like its own community dedicated to the browser, my.opera.com, started in 2001.
Since then, the community grew bigger and bigger, and had the "usual" scalability problems. The application has been rewritten 3 times and the current developers team is at a turning point now.
How to make the application and systems scalable with the growing amount of traffic and users?
Trivadis TechEvent 2017 ACFS Replication as of 12 2 by Mathias ZarickTrivadis
A replication for the ASM cluster file system was introduced already with version 11.2.0.2. Oracle database version 12.2 comes along with fundamental alteration in architecture of ACFS replication. The talk brings in some light into this change, and explains setup and operating aspects. Possible use cases for application are discussed.
OpenZFS novel algorithms: snapshots, space allocation, RAID-Z - Matt AhrensMatthew Ahrens
Guest lecture at Brown University's Computer Science Operating Systems class, CS167, by Matt Ahrens, co-creator of ZFS. Introduction by professor Tom Doeppner. Recording, March 2017: https://youtu.be/uJGkyMxdNFE
Topics:
- Data structures and algorithms used by ZFS snapshots
- Overview of ZFS on-disk structure
- Data structures used for ZFS space allocation
- RAID-Z compared with traditional RAID-4/5/6
Class website: http://cs.brown.edu/courses/cs167/
OSDC 2016 - Interesting things you can do with ZFS by Allan Jude&Benedict Reu...NETWAYS
ZFS is the next generation filesystem originally developed at Sun Microsystems. Available under the CDDL, it uniquely combines volume manager and filesystem into a powerful storage management solution for Unix systems. Regardless of big or small storage requirements. ZFS offers features, for free, that are usually found only in costly enterprise storage solutions. This talk will introduce ZFS and give an overview of its features like snapshots and rollback, compression, deduplication as well as replication. We will demonstrate how these features can make a difference in the datacenter, giving administrators the power and flexibility to adapt to changing storage requirements.
Real world examples of ZFS being used in production for video streaming, virtualization, archival, and research are shown to illustrate the concepts. The talk is intended for people considering ZFS for their data storage needs and those who are interested in the features ZFS provides.
An introduction and evaluations of a wide area distributed storage systemHiroki Kashiwazaki
A presentation on Storage Developer Conference (SDC) 2014 in Santa Clara, California. General overview of distcloud until now and the future.
米カリフォルニア州サンタクララで開催された Storage Developer Conference 2014 での発表資料です。distcloud のこれまでとこれからの総括。
OpenNebulaConf2017EU: One (Windows) Image to Rule them All by Paul Batchelor,...OpenNebula Project
Describes a fully-automated system for building fully-patched windows gold images on-demand or on a schedule. It is possible to build and use the same image on OpenNebula, as well as public clouds such as Azure and AWS (with appropriate changes to handle the different contextualization methods in the target clouds). Uses Microsoft MDT to build the image, and Jenkins build server to manage the orchestration in OpenNebula, monitoring the build process, and publishing the completed images to the OpenNebula marketplace and the public clouds.
YouTube: https://youtu.be/owUpj8WHMQo
Opera Software is mainly known for its web browser, but Opera also created and develops a growing set of web applications like its own community dedicated to the browser, my.opera.com, started in 2001.
Since then, the community grew bigger and bigger, and had the "usual" scalability problems. The application has been rewritten 3 times and the current developers team is at a turning point now.
How to make the application and systems scalable with the growing amount of traffic and users?
Trivadis TechEvent 2017 ACFS Replication as of 12 2 by Mathias ZarickTrivadis
A replication for the ASM cluster file system was introduced already with version 11.2.0.2. Oracle database version 12.2 comes along with fundamental alteration in architecture of ACFS replication. The talk brings in some light into this change, and explains setup and operating aspects. Possible use cases for application are discussed.
OpenZFS novel algorithms: snapshots, space allocation, RAID-Z - Matt AhrensMatthew Ahrens
Guest lecture at Brown University's Computer Science Operating Systems class, CS167, by Matt Ahrens, co-creator of ZFS. Introduction by professor Tom Doeppner. Recording, March 2017: https://youtu.be/uJGkyMxdNFE
Topics:
- Data structures and algorithms used by ZFS snapshots
- Overview of ZFS on-disk structure
- Data structures used for ZFS space allocation
- RAID-Z compared with traditional RAID-4/5/6
Class website: http://cs.brown.edu/courses/cs167/
OSDC 2016 - Interesting things you can do with ZFS by Allan Jude&Benedict Reu...NETWAYS
ZFS is the next generation filesystem originally developed at Sun Microsystems. Available under the CDDL, it uniquely combines volume manager and filesystem into a powerful storage management solution for Unix systems. Regardless of big or small storage requirements. ZFS offers features, for free, that are usually found only in costly enterprise storage solutions. This talk will introduce ZFS and give an overview of its features like snapshots and rollback, compression, deduplication as well as replication. We will demonstrate how these features can make a difference in the datacenter, giving administrators the power and flexibility to adapt to changing storage requirements.
Real world examples of ZFS being used in production for video streaming, virtualization, archival, and research are shown to illustrate the concepts. The talk is intended for people considering ZFS for their data storage needs and those who are interested in the features ZFS provides.
An introduction and evaluations of a wide area distributed storage systemHiroki Kashiwazaki
A presentation on Storage Developer Conference (SDC) 2014 in Santa Clara, California. General overview of distcloud until now and the future.
米カリフォルニア州サンタクララで開催された Storage Developer Conference 2014 での発表資料です。distcloud のこれまでとこれからの総括。
OpenNebulaConf2017EU: One (Windows) Image to Rule them All by Paul Batchelor,...OpenNebula Project
Describes a fully-automated system for building fully-patched windows gold images on-demand or on a schedule. It is possible to build and use the same image on OpenNebula, as well as public clouds such as Azure and AWS (with appropriate changes to handle the different contextualization methods in the target clouds). Uses Microsoft MDT to build the image, and Jenkins build server to manage the orchestration in OpenNebula, monitoring the build process, and publishing the completed images to the OpenNebula marketplace and the public clouds.
YouTube: https://youtu.be/owUpj8WHMQo
Operating CloudStack: Sharing My Tool Box @ApacheCon NA'15Remi Bergsma
Remi Bergsma presents the CloudStack toolbox. It was used to migrate 1K+ VMs to new storage and to automate operations of CloudStack at Schuberg Philis. It is now freely available to anyone that wants to ease operations. Check it out!
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007)Nate Lawson
Analysis of virtualized rootkit detection methods. Introduces "Samsara", our framework for detecting virtualization and an implementation of data/instruction TLB sizing, HPET timer, and VT errata tests. We predict the future will be cat-and-mouse, where each side analyzes and responds to the behavior of their opponent, ad infinitum. Joint talk given with Thomas Ptacek and Peter Ferrie.
VMware ESXi - Intel and Qlogic NIC throughput difference v0.6David Pasek
We are observing different network throughputs on Intel X710 NICs and QLogic FastLinQ QL41xxx NIC. ESXi hardware supports NIC hardware offloading and queueing on 10Gb, 25Gb, 40Gb and 100Gb NIC adapters. Multiple hardware queues per NIC interface (vmnic) and multiple software threads on ESXi VMkernel is depicted and documented in this paper which may or may not be the root cause of the observed problem. The key objective of this document is to clearly document and collect NIC information on two specific Network Adapters and do a comparison to find the difference or at least root cause hypothesis for further troubleshooting.
Static partitioning is used to split an embedded system into multiple domains, each of them having access only to a portion of the hardware on the SoC. It is key to enable mixed-criticality scenarios, where a critical application, often based on a small RTOS, runs alongside a larger non-critical app, typically based on Linux. The two domains cannot interfere with each other.
This talk will explain how to use Xen for static partitioning. It will introduce dom0-less, a new Xen feature written for the purpose. Dom0-less allows multiple VMs to start at boot time directly from the Xen hypervisor, decreasing boot times drastically. It makes it very easy to partition the system without virtualization overhead. Dom0 becomes unnecessary.
This presentation will go into details on how to setup a Xen dom0-less system. It will show configuration examples and explain device assignment. The talk will discuss its implications for latency-sensitive and safety-critical environments.
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...The Linux Foundation
TrenchBoot is a cross-community OSS integration project for hardware-rooted, late launch integrity of open and proprietary systems. It provides a general purpose, open-source DRTM kernel for measured system launch and attestation of device integrity to trust-centric access infrastructure. TrenchBoot closes the UEFI Measurement Gap and reduces the need to trust system firmware. This talk will introduce TrenchBoot architecture and a recent collaboration with Oracle to launch the Linux kernel directly with Intel TXT or AMD SVM Secure Launch. It will propose mechanisms for integrating the Xen hypervisor into a TrenchBoot system launch. DRTM-enabled capabilities for client, server and embedded platforms will be presented for consideration by the Xen community.
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...The Linux Foundation
Artem will briefly cover what has been done since the first talk on Xen in Automotive domain back in 2013, what is going on now and what is still missing for broad adaptation of Xen in vehicles. The following topics will be covered:
Embedded/automotive features of Xen
Collaboration with AGL and GENIVI organizations for standardization
Efforts on Functional Safety compliance
Artem will also go over typical automotive use scenarios for Xen which may not be the same as generic computing use of hypervisor.
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...The Linux Foundation
In this keynote talk, we will give an overview of the state of the Xen Project, trends that impact the project, see whether challenges that surfaced last year have been addressed and how we did it, and highlight new challenges and solutions for the coming year.
In recent years unikernels have shown immense performance potential (e.g., boot times of only a few ms, image sizes of only hundreds of KBs).The fundamental drawback of unikernels is that they require that applications be manually ported to the underlying minimalistic OS, needing both expert work and often considerable amount of time.
The Unikraft project provides a unikernel code base and build system that significantly simplifies the building of unikernels. In addition to support for a number CPU architectures, languages and frameworks, Unikraft provides debugging and tracing features that are generally sorely missing from unikernel projects. In this talk we will talk about these features, show a set of preliminary performance numbers, and provide a roadmap for the project's future.
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...The Linux Foundation
The idea of making Xen secret-free has been floating since Spectre and Meltdown came into light. In this talk we will discuss what is being done and what needs to be done next.
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
This talk will introduce Dom0-less: a new way of using Xen to build mixed-criticality solutions. Dom0-less is a Xen feature that adds a novel approach to static partitioning based on virtualization. It allows multiple domains to start at boot time directly from the Xen hypervisor, decreasing boot times dramatically. Xen userspace tools, such as xl and libvirt, become optional.
Dom0-less extends the existing device tree based Xen boot protocol to cover information required by additional domains. Binaries, such as kernels and ramdisks, are loaded by the bootloader (u-boot) and advertised to Xen via new device tree bindings.
The audience will learn how to use Dom0-less to partition the system. Uboot and device tree configuration details will be explained to enable the audience to get the most out of this feature. The talk will include a status update and details on future plans.
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...The Linux Foundation
As the number of contributions grow, reviewer bandwidth becomes a bottleneck; and maintainers are always asking for more help. However, ultimately maintainers must at least Ack every patch that goes in; so if you're not a maintainer, how can you contribute? Why should anyone care about your opinion?
This talk will try to lay out some advice and guidelines for non-maintainers, for how they can do code review in a way which will effectively reduce the load on maintainers when they do come to review a patch.
This talk is a follow-up to our Summit 2017 presentation in which we covered our plans for Intel VMFUNC and #VE, as well as related use-cases. This year, we will provide a report on what we have accomplished in Xen 4.12, and what remains to be addressed. We will also give a brief status update of VMI on AMD hardware. The session will end with some real-world numbers of the Hypervisor Introspection solution running on Citrix Hypervisor 8.0 with #VE enabled.
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...The Linux Foundation
Safety certification is one of the essential requirements for software to be used in highly regulated industries. Besides technical and compliance issues (such as ISO 26262 vs IEC 611508) transitioning an existing project to become more easily safety certifiable requires significant changes to development practices within an open source project.
In this session, we will lay out some challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the Xen Project has followed thus far and highlight lessons learned along the way. The talk will primarily focus on necessary process, tooling changes and community challenges that can prevent progress. We will be offering an in-depth review of how Xen Project is approaching this challenging goal and try to derive lessons for other projects and contributors.
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...The Linux Foundation
Safety certification is one of the essential requirements for software to be used in highly regulated industries. The Xen Project, a secure and stable hypervisor that is used in many different markets, has been exploring the feasibility of building safety certified products on top of Xen for a year, looking at key aspects of its code base and development practices.
In this session, we will lay out the motivation and challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the project has followed thus far and highlight lessons learned along the way. The talk will cover technical enablers, necessary process and tooling changes and community challenges offering an in-depth review of how Xen Project is approaching this exciting and and challenging goal.
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixThe Linux Foundation
2018 saw fundamental shifts in security boundaries which were previously taken for granted. A lot of work has been done in the past 2 years, and largely in secret under embargo, but there is plenty more work to be done to strengthen the existing mitigations and to try to recover some performance without reopening security holes.
This talk will look at speculative execution sidechannels, the work which has already been done to mitigate the security holes, and future work which hopes to bring some improvements.
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdThe Linux Foundation
The Arm architecture provides a set of guidelines that any software should abide by when accessing the memory with MMU off and update page-tables. Failing to do so may result in getting TLB conflicts or breaking coherency.
In a previous talk ("Keeping coherency on Arm"), we focused on updating safely the stage-2 (aka P2M) page-tables. This talk will focus on the boot code and Xen memory management.
During this session, we will introduce some of the guidelines and when they should be used. We will also discuss how Xen boot sequence needs to be reworked to avoid breaking the guidelines.
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...The Linux Foundation
For many years the QEMU codebase has contained PV backends for Xen guests, giving them paravirtual access to storage, network, keyboard, mouse, etc. however these backends have not been configurable as QEMU devices as their implementation did not fully adhere to the QEMU Object Model (QOM).
Particularly the PV storage backend not using proper QOM devices, or qdevs, meant that the QEMU block layer needed to maintain legacy code that was cluttering up the source. This was causing push-back from the maintainers who did not want to accept any patches relating to that Xen backend until it was 'qdevified'.
In this talk, I'll explain the modifications I made to QEMU to achieve 'qdevification' of the PV storage backend, how compatibility with the libxl toolstack was maintained, and what the next steps in both QEMU and libxl development should be.
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DThe Linux Foundation
PCI is a local computer bus for attaching hardware devices in a computer, and is the main peripheral bus on modern x86 systems. As such, having a proper way to emulate it is crucial for Xen to be able to expose both fully emulated devices or passthrough devices to guests.
This talk will focus on the current status of PCI emulation in Xen, how and where it is used, what are its main limitations and future plans to improve it in order to be more robust and modular.
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsThe Linux Foundation
Volodymyr will speak about TEE mediators. This is a new feature in Xen which allows multiple virtual machines to interact with Trusted Execution Environment available on platform. He developed mediator for one of TEEs, namely OP-TEE.
He will give background information on why TEE is needed at all and share some implementation details.
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...The Linux Foundation
Xen is a very powerful hypervisor with a talented and diverse developers community. Despite the fact it's almost everywhere (from the Cloud to the embedded world), it can be difficult to set up and manage as a system administrator. General purpose distros have Xen packages, but that's just a start in your Xen journey: you need some tooling and knowledge to have a working and scalable platform.
XCP-ng was built to overcome those issues: by bringing Xen to the masses with a fully turnkey distro with Xen as its core. It's the logical sequel to the XCP project, with a community focus from the start. We'll see how it happened, what we did, and what's next. Finally, we'll see the impact of XCP-ng on the Xen Project.
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...The Linux Foundation
Doug has long advocated for more CI/CD (Continuous Integration / Continuous Delivery) processes to be adopted by the Xen Project from the use of Travis CI and now GitLab CI. This talk aims to propose ideas for building upon the existing process and transforming the development process to provide users a higher quality with each release by the Xen Project.
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...The Linux Foundation
High level toolstacks for server and cloud virtualization are very mature with large communities using and supporting them. Client virtualization is a much more niche community with unique requirements when compared to those found in the server space. In this talk, we’ll introduce a client virtualization toolstack for Xen (redctl) that we are using in Redfield, a new open-source client virtualization distribution that builds upon the work done by the greater virtualization and Linux communities. We will present a case for maturing libxl’s Go bindings and discuss what advantages Go has to offer for high level toolstacks, including in the server space.
Today Xen is scheduling guest virtual cpus on all available physical cpus independently from each other. Recent security issues on modern processors (e.g. L1TF) require to turn off hyperthreading for best security in order to avoid leaking information from one hyperthread to the other. One way to avoid having to turn off hyperthreading is to only ever schedule virtual cpus of the same guest on one physical core at the same time. This is called core scheduling.
This presentation shows results from the effort to implement core scheduling in the Xen hypervisor. The basic modifications in Xen are presented and performance numbers with core scheduling active are shown.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
XS 2008 Boston Project Snowflock
1. H. Andrés Lagar-Cavilla
Joe Whitney, Adin Scannell, Steve Rumble,
Philip Patchin, Charlotte Lin,
Eyal de Lara, Mike Brudno, M. Satyanarayanan*
University of Toronto, *CMU
andreslc@cs.toronto.edu
http://www.cs.toronto.edu/~andreslc
2. (The rest of the presentation is one big appendix)
Virtual Machine cloning
Same semantics as UNIX fork()
All clones are identical, save for ID
Local modifications are not shared
API allows apps to direct parallelism
Sub-second parallel cloning time (32 VMs)
Negligible runtime overhead
Scalable: experiments with 128 processors
Xen Summit Boston ‘08
3. Impromptu Clusters: on-the-fly parallelism
Pop up VMs when going parallel
Fork-like: VMs are stateful
Near-Interactive Parallel Internet services
Parallel tasks as a service (bioinf, rendering…)
Do a 1-hour query in 30 seconds
Cluster management upside down
Pop up VMs in a cluster “instantaneously”
No idle VMs, no consolidation, no live migration
Fork out VMs to run un-trusted code
i.e. in a tool-chain
etc…
Xen Summit Boston ‘08
4. GATTACA GACATTA CATTAGA AGATTCA
Sequence to align: GACGATA
GATTACA GACATTA CATTAGA AGATTCA
Another sequence to align: CATAGTA
Xen Summit Boston ‘08
5. Embarrassing Parallelism
Throw machines at it: completion time shrinks
Big Institutions
Many machines
Near-interactive parallel Internet service
Do the task in seconds
NCBI BLAST
EBI ClustalW2
Xen Summit Boston ‘08
7. Embarrassing Parallelism
Throw machines at it: completion time shrinks
Big Institutions
Many machines
Near-interactive parallel Internet service
Do the task in seconds
NCBI BLAST
EBI ClustalW2
Not just bioinformatics
Render farm
Quantitative finance farm
Compile farm (SourceForge)
Xen Summit Boston ‘08
8. Dedicated clusters are expensive
Movement toward using shared clusters
Institution-wide, group-wide cluster
Utility Computing: Amazon EC2
Virtualization is a/the key enabler
Isolation, security
Ease of accounting
Happy sys admins
Happy users, no config/library clashes
I can be root! (tears of joy)
Xen Summit Boston ‘08
9. Impromptu: highly dynamic workload
Requests arrive at random times
Machines become available at random times
Need to swiftly span new machines
400
The goal is parallel speedup NFS
Multicast
300
Seconds
The target is tens of seconds 200
VM clouds: slow “swap in” 100
Resume from disk 0
0 4 8 12 16 20 24 28 32
Live migrate from consolidated host
Boot from scratch (EC2: “minutes”)
Xen Summit Boston ‘08
10. Fork copies of a VM
In a second, or less
With negligible runtime overhead
Providing on-the-fly parallelism, for this task
Nuke the Impromptu Cluster when done
Beat cloud slow swap in
Near-interactive services need to finish in seconds
Let alone get their VMs
Xen Summit Boston ‘08
12. SnowFlock API
Programmatically direct parallelism
sf_request_ticket
Talk to physical cluster resource manager (policy,
quotas…)
Modular: Platform EGO bindings implemented…
Hierarchical cloning
VMs span physical machines
Processes span cores in a machine
Optional in ticket request
Xen Summit Boston ‘08
13. sf_clone
Parallel cloning
Identical VMs save for ID
No shared memory, modifications remain local
Explicit communication over isolated network
sf_sync (slave) + sf_join (master)
Synchronization: like a barrier
Deallocation: slaves destroyed after join
Xen Summit Boston ‘08
15. VM descriptors
VM suspend/resume correct, but slooow
Distill to minimum necessary
Memtap: memory on demand
Copy-on-access
Avoidance Heuristics
Don’t fetch something I’ll immediately overwrite
Multicast distribution
Do 32 for the price of one
Implicit prefetch
Xen Summit Boston ‘08
16. Memory Mem ?
Virtual
State tap
Machine
Multicast
VM Descriptor
Metadata
Pages shared with Xen Mem ?
Page tables tap
GDT, vcpu
~1MB for 1GB VM
Xen Summit Boston ‘08
17. 900
800
700
Miliseconds
Clone set up
600
Xend (restore)
500
400 VM restore
300 Contact hosts
200 Xend (suspend)
100
VM suspend
0
2 4 8 16 32
Clones
Order of 100’s of miliseconds: fast cloning
Roughly constant: scalable cloning
Natural variance of waiting for 32 operations
Multicast distribution of descriptor also variant
Xen Summit Boston ‘08
19. Don’t fetch if overwrite is imminent
Guest kernel makes pages “present” in bitmap
Read from disk -> block I/O buffer pages
Pages returned by kernel page allocator
malloc()
New state by applications
Effect similar to balloon before suspend
But better
Non-intrusive
No OOM killer: try ballooning down to 20-40 MBs
Xen Summit Boston ‘08
20. Multicast
Sender/receiver logic
Domain-specific challenges:
Batching multiple page updates
Push mode
Lockstep
API implementation
Client library posts requests to XenStore
Dom0 daemons orchestrate actions
SMP-safety
Virtual disk
Same ideas as memory
Virtual network
Isolate Impromptu Clusters from one another
Yet allow access to select external resources
Xen Summit Boston ‘08
21. Fast cloning
VM descriptors
Memory-on-demand
Little runtime overhead
Avoidance Heuristics
Multicast (implicit prefetching)
Scalability
Avoidance Heuristics (less state transfer)
Multicast
Xen Summit Boston ‘08
22. Cluster of 32 Dell PowerEdge, 4 cores
128 total processors
Xen 3.0.3 1GB VMs, 32 bits, linux pv 2.6.16.29
Obvious future work
Macro benchmarks
Bioinformatics: BLAST, SHRiMP, ClustalW
Quantitative Finance: QuantLib
Rendering: Aqsis (RenderMan implementation)
Parallel compilation: distcc
Xen Summit Boston ‘08
24. Four concurrent Impromptu Clusters
BLAST , SHRiMP , QuantLib , Aqsis
Cycling five times
Ticket, clone, do task, join
Shorter tasks
Range of 25-40 seconds: near-interactive service
Evil allocation
Xen Summit Boston ‘08
25. 40
Ideal SnowFlock
35
30
Seconds
25
20
15
10
5
0
Aqsis BLAST QuantLib SHRiMP
Higher variances (not shown): up to 3 seconds
Need more work on daemons and multicast
Xen Summit Boston ‘08
26. >32 machine testbed
Change an existing API to use SnowFlock
MPI in progress: backwards binary compatibility
Big Data Internet Services
Genomics, proteomics, search, you name it
Another API: Map/Reduce
Parallel FS (Lustre, Hadoop) opaqueness+modularity
VM allocation cognizant of data layout/availability
Cluster consolidation and management
No idle VMs, VMs come up immediately
Shared Memory (for specific tasks)
e.g. Each worker puts results in shared array
Xen Summit Boston ‘08
27. SnowFlock clones VMs
Fast: 32 VMs in less than one second
Scalable: 128 processor job, 1-4 second overhead
Addresses cloud computing + parallelism
Abstraction that opens many possibilities
Impromptu parallelism → Impromptu Clusters
Near-interactive parallel Internet services
Lots of action going on with SnowFlock
Xen Summit Boston ‘08