Worth Reading: Building Trustworthy AI
Bruce Schneier wrote an excellent essay explaining why we need trustworthy AI and why we won’t get it as long the AI solutions are created by large tech companies with you are a product business model.
Worth Reading: Building Trustworthy AI
Bruce Schneier wrote an excellent essay explaining why we need trustworthy AI and why we won’t get it as long the AI solutions are created by large tech companies with you are a product business model.
Heavy Networking 681: Under The Hood Of Formula 1 Networking
Modern F1 racing is bathed in data. Real-time vehicle telemetry. In-car video feeds. More video from camera crews and drones. Live streaming. All of this and more needs a network. On today's Heavy Networking we speak with Formula 1's David Ramsden, Senior Network Engineer; and Lee Wright, Head of IT Operations, to get the inside track on building the networks that support F1 races.Heavy Networking 681: Under The Hood Of Formula 1 Networking
Modern F1 racing is bathed in data. Real-time vehicle telemetry. In-car video feeds. More video from camera crews and drones. Live streaming. All of this and more needs a network. On today's Heavy Networking we speak with Formula 1's David Ramsden, Senior Network Engineer; and Lee Wright, Head of IT Operations, to get the inside track on building the networks that support F1 races.
The post Heavy Networking 681: Under The Hood Of Formula 1 Networking appeared first on Packet Pushers.
Case study: Calico on AWS enables turnkey networking and security for Rafay’s enterprise-grade Kubernetes Operations Platform
Organizations are adopting Kubernetes on Amazon Web Services (AWS) to modernize their applications. But Kubernetes clusters and application lifecycles demand a considerable investment of cost and resources, especially for edge applications.
Rafay’s SaaS-based Kubernetes operations platform (KOP) helps platform teams deploy, scale, and manage their fleet without requiring anyone on the platform team to be a Kubernetes expert. Hosted on AWS Elastic Kubernetes Services (EKS), Rafay’s unified, enterprise-grade KOP supports Kubernetes and application lifecycle management through automation and self-service with the right standardization, control, and governance level. Rafay empowers organizations to accelerate their digital transformation while limiting operating costs.
In partnership with AWS and Tigera, Rafay shares the story of how it leveraged Calico on AWS to secure its turnkey offering in an exclusive case study. Here are the highlights.
Challenges
To secure its KOP and enable customers with little to no Kubernetes experience, Rafay required a scalable, Kubernetes-native security solution that could:
- Provide and enforce networking and security policy for multi-tenant environments through workload isolation with identify-aware microsegmentation
- Eliminate IP address exhaustion issues and deliver automated flexible IP address management (IPAM) to allow for agile scaling without increasing operational overhead
- Seamlessly integrate with Amazon EKS, where Rafay’s KOP is Continue reading
How Oxy uses hooks for maximum extensibility
We recently introduced Oxy, our Rust framework for building proxies. Through a YAML file, Oxy allows applications to easily configure listeners (e.g. IP, MASQUE, HTTP/1), telemetry, and much more. However, when it comes to application logic, a programming language is often a better tool for the job. That’s why in this post we’re introducing Oxy’s rich dependency injection capabilities for programmatically modifying all aspects of a proxy.
The idea of extending proxies with scripting is well established: we've had great past success with Lua in our OpenResty/NGINX deployments and there are numerous web frameworks (e.g. Express) with middleware patterns. While Oxy is geared towards the development of forward proxies, they all share the model of a pre-existing request pipeline with a mechanism for integrating custom application logic. However, the use of Rust greatly helps developer productivity when compared to embedded scripting languages. Having confidence in the types and mutability of objects being passed to and returned from callbacks is wonderful.
Oxy exports a series of hook traits that “hook” into the lifecycle of a connection, not just a request. Oxy applications need to control almost every layer of the OSI model: how Continue reading
Adaptive Applications Require Automation
Observability feeds the automation necessary to make the real-time changes required to deliver adaptive applications that deliver real value to enterprises.Network Security Vulnerabilities: the Root Causes
Sometime last autumn, I was asked to create a short “network security challenges” presentation. Eventually, I turned it into a webinar, resulting in almost four hours of content describing the interesting gotchas I encountered in the past (plus a few recent vulnerabilities like turning WiFi into a thick yellow cable).
Each webinar section started with a short “This is why we have to deal with these stupidities” introduction. You’ll find all of them collected in the Root Causes video starting the Network Security Fallacies part of the How Networks Really Work webinar.
Network Security Vulnerabilities: the Root Causes
Sometime last autumn, I was asked to create a short “network security challenges” presentation. Eventually, I turned it into a webinar, resulting in almost four hours of content describing the interesting gotchas I encountered in the past (plus a few recent vulnerabilities like turning WiFi into a thick yellow cable).
Each webinar section started with a short “This is why we have to deal with these stupidities” introduction. You’ll find all of them collected in the Root Causes video starting the Network Security Fallacies part of the How Networks Really Work webinar.
Isambard 3 To Put Nvidia’s “Grace” CPU Through The HPC Paces
Not all important supercomputers are on the twice-a-year Top500 rankings of machines. …
Isambard 3 To Put Nvidia’s “Grace” CPU Through The HPC Paces was written by Timothy Prickett Morgan at The Next Platform.
Hedge 180: Network Operations Survey with Josh S
What has been happening in the world of network automation—and more to the point, what is coming in the future? Josh Stephens from Backbox joins Tom Ammon, Eyvonne Sharp, and Russ White to discuss the current and future network operations and automation landscape.
Unbounded memory usage by TCP for receive buffers, and how we fixed it
At Cloudflare, we are constantly monitoring and optimizing the performance and resource utilization of our systems. Recently, we noticed that some of our TCP sessions were allocating more memory than expected.
The Linux kernel allows TCP sessions that match certain characteristics to ignore memory allocation limits set by autotuning and allocate excessive amounts of memory, all the way up to net.ipv4.tcp_rmem max (the per-session limit). On Cloudflare’s production network, there are often many such TCP sessions on a server, causing the total amount of allocated TCP memory to reach net.ipv4.tcp_mem thresholds (the server-wide limit). When that happens, the kernel imposes memory use constraints on all TCP sessions, not just the ones causing the problem. Those constraints have a negative impact on throughput and latency for the user. Internally within the kernel, the problematic sessions trigger TCP collapse processing, “OFO” pruning (dropping of packets already received and sitting in the out-of-order queue), and the dropping of newly arriving packets.
This blog post describes in detail the root cause of the problem and shows the test results of a solution.
TCP receive buffers are excessively big for some sessions
Our journey began when we started noticing a lot Continue reading
People Aren’t Stupid Just Because They Don’t Understand Tech
As technical people, we spend immense time and energy mastering the nuances of specific technologies. Esoteric knowledge is our currency, and we often measure our personal value against the yardstick of technical nuance. And sometimes (maybe lots of times) we gauge other people with the same yardstick, and dismiss those who don’t measure up. This […]
The post People Aren’t Stupid Just Because They Don’t Understand Tech appeared first on Packet Pushers.
Nvidia Hints At Upcoming AI-Focused Spectrum-4 Ethernet
It is no surprise at all that Nvidia’s datacenter business is making money hang over fist right now as generative AI makes machine learning a household word and is giving us something akin to a Dot Com Boom in the glass houses of the world. …
Nvidia Hints At Upcoming AI-Focused Spectrum-4 Ethernet was written by Timothy Prickett Morgan at The Next Platform.