Threads for alexforster

  1. 9

    I’m really excited about releases like these. It’s just “finishing” the language and not adding any new features conceptually, just making it all more cohesive. The lack of Enum default derive is one of those things I run into rarely, but adding it in now reduces the conceptual overhead of Rust since deriving default now works on both Enums and Structs.

    I also think this shows the benefit of Rust’s release model, which is that smaller fixes and stabilizations can be made over time, and don’t have to be part of a larger release. I’m curious how the potential Rust stabilization in GCC affects things, especially when smaller fixes in a release like this might be nice in older versions of Rust (and as far as I know GCC is targeting an older Rust version).

    1. 10

      Rust has a fixed 6-week release train model. Nobody decides which release is going to be small or not. When stuff is ready, it lands.

      Once in a while a large feature that took years to develop lands, and people freak out and proclaim that Rust is changing to fast and rushing things, as if it invented and implemented every feature in 6 weeks.

      In this release: cargo add feature request was filed 8 years ago. Implementation issue has been opened 4 years ago. It waited for a better TOML parser/serializer to be developed, and once that happened, the replacement work started 5 months ago.

      1.  

        a better TOML parser/serializer

        This piques my interest. What library is this? Does it maintain comments/formatting?

        1.  

          The crate is toml_edit, and it does preserve comments and (most) formatting.

          Maybe something to format Cargo.toml files could be helpful as well?

      2. 1

        I’m curious how the potential Rust stabilization in GCC affects things

        What do you mean? The gcc-rs project? I’d hope it doesn’t affect mainline Rust at all.

        1. 2

          Yeah the gcc-rs project. I wonder about certain stabilizations in later versions of Rust which are very easily added to earlier versions of Rust built by gcc-rs. I don’t think it will affect mainline Rust, but if certain nice-to-haves, or more importantly unsound fixes, are backported for gcc-rs that could cause an unfortunate schism in the ecosystem.

          I haven’t seen or heard of anything indicating this might happen, but with multiple implementations in-use I do think it is something that will eventually occur (especially for safety-related and unsound concerns)

        2. 1

          I have never liked the idea of a Default trait or typeclass. Default with respect to what operation? Most times people want defaulting, they seem to have some kind of monoidal operation in mind.

          1. 9

            Default with respect to what operation?

            Initialization right? I don’t see how one would use the trait for any other operation. To me it seems quite natural that a number has a “reasonable default” (0) as well as a string (""). It’s not like the language forces you to use Default in case you have other defaults in mind.

        1. 11

          Hi – I’m the author of the post that’s being subtweeted by Rachel.

          I definitely intended to grab some attention by framing “pipefail” as the Root Cause of this incident, but I thought I did an okay job of backing up the sensationalism with some deep technical content. I tweeted this as “the most convoluted outage that I have ever professionally witnessed.”

          1. 11

            Looking at the comments in https://lobste.rs/s/5ldmtp/pipefail_how_missing_shell_option_slowed it seems like there was a pretty widespread misinterpretation that pipefail is supposed to protect against running p2 in p1 | p2. Rachel’s article is good at explaining why that can’t work due to the nature of pipes. Of course any actual outage is going to have multiple levels of causal analysis, so it’s not totally fair to say pipefail was or wasn’t the root cause.

          1. 14

            I’ve never seen the bash pipefail option before, and what I’ve been able to read and try does not line up with what is in the blog post. Can someone clarify this for me?

            As I understand it, pipefail is about setting the exit status of the overall pipeline:

            $ false | true
            $ echo $?
            0
            $ set -o pipefail
            $ false | true
            $ echo $?
            1
            $ 
            

            But now if I do

            $ set -o pipefail
            $ false | sleep 2
            $ 
            

            That command runs for two seconds. In particular, the sleep does not seem to have been interrupted or have any indication that false failed. So if the problem was the command

            dos-make-addr-conf | dosctl set template_vars -
            

            Then yes, pipefail is going to make that shell script exit 1 now instead of exiting 0. But I don’t see what stops dosctl set template_vars - from taking the empty output from dos-make-addr-conf and stuffing it into template_vars. Is the whole shell script running in some kind of transaction, such that the exit value from the shell script prevents the writes from hitting production?

            Thanks for any clarifications. (I agree with the general rule here about never using shell to do these things in the first place, pipefail or not!)

            1. 14

              You’re absolutely right, pipefail is only about the return value of the entire pipeline and nothing else.

              From the article:

              Enabling this option [pipefail] changes the shell’s behavior so that, when any command in a pipeline series fails, the entire pipeline stops processing.

              Nope, wrong, nothing stops earlier.

              1. 5

                Author here – good catch! I tried to golf the example down to a one-liner for clarity, but it looks like I need to update the blog.

                Indeed, as @enpo mentioned in a sibling post, -e is also critical, and a more accurate reproduction would be something like…

                cat unformatted.json | jq . > formatted.json
                

                If unformatted.json does not exist, then, without -e and -o pipefail, you will clobber formatted.json.

                1. 8

                  If unformatted.json does not exist, then, without -e and -o pipefail, you will clobber formatted.json.

                  Even with errexit and pipefail, you will still clobber formatted.json

                  $ bash -c '
                   > set -o pipefail
                   > set -o errexit
                   > printf '{}\n' >formatted.json
                   > cat unformatted.json | jq . >formatted.json
                   > '
                  cat: unformatted.json: No such file or directory
                  $ cat formatted.json
                  

                  This is because bash starts each part of a pipeline in a subshell, and then waits for each part to finish.

                  Each command in a pipeline is executed as a separate process (i.e., in a subshell).

                  And before running the commands in the subshells bash handles the redirections, so formatted.json is truncated immediately, before the commands are run, which is why you get behavior like:

                  $ cp /etc/motd .
                  $ wc -l motd
                  7 motd
                  $ cat motd | wc -l > motd
                  $ cat motd
                  0
                  
                  
                  1. 7

                    Sigh. I’ve updated the post with a new (hopefully correct) contrived example:

                    (dos-make-addr-conf | tee config.toml) && dosctl set template_vars config.toml
                    
                    1. 7

                      Hm, no lobsters acknowledgments in the post? Kinda shame.

                      1. 4

                        This does have the desired effect of not running dosctl if dos-make-addr-conf fails, but it is a bit hard to read. Why are you using tee, do you want the config to go to stdout as well? One way to make the control flow easier to read is to use if/else/fi:

                        if dos-make-addr-conf >config.toml; then
                            dosctl set template_vars config.toml
                        else
                            printf 'Unable to create config.toml\n' >&2
                            exit 1
                        fi
                        

                        This way your intentions are clearer and you don’t even need to rely on pipefail being set.

                  2. 4

                    The article focused on set -o pipefail, but the fix presented also had set -e. According to the documentation, this makes all the difference.

                    The article should probably have been more clear in that regard.

                    1. 2

                      I took the theory for a test drive, and @lollipopman is entirely correct. Today I learned something new about shell scripting :)

                      $ cat failtest.bash
                      #!/bin/bash
                      set -euo pipefail
                      
                      false | sleep 2
                      
                      $ time ./failtest.bash
                      real    0m2.010s
                      user    0m0.000s
                      sys     0m0.008s
                      
                    2. 2

                      Just to get it out of the way first, pipefail in itself won’t stop the script from proceeding, so it only makes sense together with errexit or errtrace or an explicit check (à la if false | true; then …). As you say, it’s about the status of the pipeline.

                      man 1 bash:

                      If pipefail is set, the pipeline’s return status is the value of the rightmost command to exit with a non-zero status

                      But you seem to be right: Pipefail doesn’t propagate the error across the pipeline. Which isn’t surprising given the description above. Firstly, there is of course no waiting for each other’s exit statuses, because the processes in the pipeline are run concurrently. Secondly, it doesn’t kill the other processes either. Not as much as a sighup – your sleep command would evidently die if it got a sighup.

                      1. 1

                        @rsc, I am pretty sure you are correct that setting pipefail, errexit, or nounset has no effect on whether dosctl set template_vars - is run as part of the pipeline. Bash starts all the parts of the pipeline asynchronously, so whether dos-make-addr-conf produces an error or not, even with pipefail, has no effect on whether dosctl is run. I believe the correct solution is to break the pipeline apart into separate steps and check error codes appropriately.

                      1. 13
                        1. 12

                          It’s common for capability-oriented systems to need to not use C. seL4 has an ABI, Genode has an API, and Capn Proto has an IDL.

                          1. 7

                            Rather than capability-oriented, I’d say well designed.

                            Both being capability-centric and designing ABIs and RPC interfaces carefully are symptoms of good design.

                            While I do understand copying UNIX made sense at some point, these choices are obvious choices when designing a system today.

                        1. 6

                          The “Captured identifiers in format strings” is very nice.

                          1. 5

                            While that is pretty nice, I’m excited about:

                            • File::options
                            • Metadata::is_symlink
                            • Path::is_symlink

                            Being stabilized. They were some of the main reasons some of my projects used nightly.

                            1. 5

                              If, like me, you’re ever wondering what’s coming in the next release, you can check the relnotes tag: https://github.com/rust-lang/rust/issues?q=issue+label%3Arelnotes

                              Spoiler: 1.59 will be stabilization of inline assembly!

                              1. 3

                                What I really like is that you can also pass the formatting parameters like the field width without the awkward width=width.

                                I just changed format!("{:>width$}", s, width=count_len) into format!("{s:>count_len$}")

                              1. 3

                                I think the clever thing here is that it starts at the abbreviation and then builds a phrase. This makes it very easy to reason about the entropy while still using arbitrary logic to come up with the phrase to be memorized.

                                Of course when you generate 20 and let the user pick one you lose some entropy.

                                1. 2

                                  Of course when you generate 20 and let the user pick one you lose some entropy.

                                  Good point! This could be fixed by presenting different words for the same set of prefixes, rather than presenting different sets of prefixes. For example, if one of the randomly chosen prefixes was hin, one presentation could display Hinted and another Hindu.

                                  Of course, that won’t stop the user from just hitting refresh :)

                                  1. 1

                                    Of course when you generate 20 and let the user pick one you lose some entropy.

                                    Not of any significant value though. If the default security margin is 50 bits (as per the web implementation linked), then that’s 2^50 possible outputs. If 32 passwords are being generated per browser refresh, then that’s ~0.000000000003% of the full key space.

                                    Go ahead and refresh until you find something you like. You would have to refresh your browser ~17 trillion times before you reduced the keyspace by 1 bit, or 50%.

                                    1. 1

                                      Are you sure that math is right? I think you have to take into account that the user isn’t rejecting just those 31 phrases. They are using a rule to reject a huge portion of the search space. For example if you use an over-simplified rejection rule such as the user always picking the lexicographical first password out of the 32 choices the distribution is heavily skewed so guessing the password probably takes a fraction of the time on average.

                                      1. 1

                                        We probably need to clarify what we’re discussing, so there isn’t miscommunication or confusion. First, let me back up my math, then I’ll see if I understand your concern.

                                        The password generator generates 3-letter prefixes based on a random number of 0 through 1023, which provides each prefix with 10 bits security. It then uses those prefixes to pick words from a word list, and builds a mnemonic based on a massively large bigram DB.

                                        If five prefixes are generated uniformly at random, then the resulting password indeed has 50 bits security. The web interface allows you to change how many prefixes you want, resulting in the same number of words for your mnemonic. At every refresh, 32 passwords are generated.

                                        So, that’s 32 prefixes out of 2^50 possible = 32/1,125,899,906,842,624 = 0.000000000000028421709430404007434844970703125. 2^49 is half the size of 2^50. 2^49 possible prefixes = 562,949,953,421,312. If your browser is generating 32 prefixes per refresh, then you need to refresh your browser 562,949,953,421,312/32 = 17592186044416 times, or about 17.5 trillion times.

                                        At that point, odds switch to your favor that you will generate a duplicate prefix that has already been seen.

                                        They are using a rule to reject a huge portion of the search space. For example if you use an over-simplified rejection rule such as the user always picking the lexicographical first password out of the 32 choices the distribution is heavily skewed so guessing the password probably takes a fraction of the time on average.

                                        If I understand this correctly, you’re assuming the user would mentally pick a fixed point prefix such as “The first prefix must be see”. If so, then yes they lost a full 10 bits of security. However, they’ll have an 1-in-1024 chance that see is the first prefix, which is on average, 1,024 browser refreshes before they find it. If they make two fixed point prefixes, such as the first being see and the second being abs, then they have a 1-on-1024^2 or 1-in-1048576 chance of finding it. So, an average, 1 million browser refreshes.

                                        So while they have reduced their security margin greatly, they also increased their work load greatly, and I’m not seeing how that would be worth it. Of course, they could automate it with a script outside of the browser. Finding one prefix in 1,024 isn’t hard, nor is one in a million. Going beyond that might force them to wait it out though.

                                        Is this what your talking about?

                                        Edit: spelling/grammar

                                  1. 2

                                    The Anti-Grain Geometry library, a software 2D renderer like Cairo, Skia–

                                    http://agg.sourceforge.net/antigrain.com/index.html

                                    1. 11

                                      I think there was a great opportunity in the mid-nineties, when desktop computers were first becoming popular, for everyone to have a home server, and if that had happened we would live in a better world. It would be like having your own boiler or washing machine.

                                      I have a dream of making an all-in-one easy-install package for home server setup, complete with personal website, self-hosted email, and everything, but I’m not sure it’s doable.

                                      1. 6

                                        Microsoft published a real children’s book titled “Mommy, Why is There a Server in the House?” to promote a version of Windows 7 (“Windows Home Server”) which was intended to be something like this.

                                        https://www.betaarchive.com/wiki/images/6/67/Mommy%2C_Why_is_There_a_Server_in_the_House.pdf [1.5mb PDF]

                                        1. 3

                                          Wow this was hilarious, thank you for sharing!

                                          This feels like it came out of a bizarre alternate reality where Microsoft was actually cool.

                                        2. 4

                                          Dedicate those efforts to the FreedomBox project, they have built exactly that including hardware. And it’s backed by Debian.

                                          1. 1

                                            I have a dream of making an all-in-one easy-install package for home server setup, complete with personal website, self-hosted email, and everything, but I’m not sure it’s doable.

                                            That sounds really cool. But how do you make it visible on the wider internet? I’ve heard it’s hard to host things from home (because NAT? maybe also you don’t have a fixed IP?). Is that something the box could come pre-configured to overcome?

                                            1. 1

                                              I host some things from my home. You’d have to set up a fixed IP. I haven’t interacted with many routers other than the one at my home, so I don’t know how easy (or more specifically “automizable”) it is to set up things there. Another concern is making sure your server and network is secured, since your loved one’s devices and information can get affected because of your mistakes. So far I’ve been (hopefully) making it harder by only exposing things to the public on obscure ports as well as restricting permissions for users on my server.

                                              1. 1

                                                IP is definitely an issue, but there are solutions. One is dynamic DNS, another is paying for a fixed IP. If there had been wider IPv6 adoption back when it came out, it wouldn’t be an issue now.

                                              2. 1

                                                A lot of people just can’t really afford their own home server. Not everyone is a software dev with a cushy salary).

                                                It also sound like a security and management nightmare. Folk struggle with setting up WiFi, never mind the whole update/maintenance issue of a home server. Even with the best of efforts, this will be hard, and we all know that in reality people will buy cheap stuff from vendors who put less-than best effort in.

                                                People certainly don’t want to put any time in to this kind of stuff, which is reasonable as there are more important things in life than managing a home server.

                                                I don’t really see any way how “everyone having a home server” could work, both economically and operationally.

                                                1. 1

                                                  What I have in mind is cheaper than I think you’re imagining - you could run one on a Pi. Or people would take it out of their phone budget.

                                                  Making it dead simple for people to use is certainly very important, that’s why I specified plug-and-play, but there’s no reason we can’t have an android equivalent for home servers. We just don’t.

                                                  It’s complicated to set up a home server now because we’ve collectively not bothered to make it easy, because anyone who does is already tech-inclined and either knows all the knobs or is willing to put in the time to learn them, but it doesn’t have to be that way.

                                                  1. 1

                                                    There’s loads of projects are try to make it easy, but it’s not that simple as the technology and concepts aren’t easy.

                                                    You’d need a Pi, some reasonably sized disk, enclosure, software, support department, etc. It’ll easily be a €100 retail price, which is a lot of money for some people especially when the alternative is free.

                                                    And now everyone has everything those on their PiServer, so how do you back this up? You don’t really want all data to be lost when a fire breaks out, someone burgles your house, or the disk breaks, so you’d need some form of backup – preferably remote. This will cost money as well, and in practice a lot of people will simply not back up.

                                                    1. 2

                                                      If you have a point you’re trying to make beyond “it’s difficult” I don’t see it.

                                              1. 6

                                                I’m really excited to check out this library. Unfortunately, mio has been completely rewritten for the next 0.7 release, removing major functionality in the process and making it unsuitable for several of its current usecases. In the next year I expect that mio 0.6 will be unmaintained, so a replacement is desperately needed.

                                                Aside: I’m also disappointed that I’m still getting bitten by the “pre-1.0 crates” issue, especially when the crate is the ~70th most downloaded in history.

                                                1. 3

                                                  Feel free to reach out with ideas/feedback. I developed it for a fairly narrow use-case, but interested in making it work for more people if I can.

                                                1. 8

                                                  I think it’s important to build hardware with alternative input methods like this and explore new kinds of UX. The reason the iPhone SE is so popular is because if you make phones more than 4” tall people have trouble using them. The UX of a handheld touchscreen doesn’t hold up when you give people phablets. Who will invent “the mouse” for large format handheld screens?

                                                  1. 2

                                                    Recently I was captivated by the idea of replacing syscalls with lockfree messaging, and I wrote a library to experiment with the idea: https://libxchg.alexforster.com/

                                                    It’s a little like msgpack meets io_uring. Unfortunately, it couldn’t be fast enough without a way to explicitly yield the rest of our timeslice to another thread/process of our choosing. Such a thing was proposed at LPC in 2013, but nothing ever came of it.

                                                    1. 10

                                                      Wow that’s a remarkable amount of progress in one year.

                                                      1. 2

                                                        Déjà vu with that guy who made the closed source SkyOS in late 90s early 00s, the remarkable progress made in very short time.

                                                        Many interensting OS projects going on back then. AtheOS/Syllable, MenuetOS, SkyOS, OpenBeOS/Haiku…

                                                        1. 3

                                                          Back then, computers took forever to boot, apps were a pain to install, things kept getting slower, etc. All on hardware with a fraction of today’s resources. The SkyOS demo showed a fast boot, installing apps was right-click install, the system was snappy, and the author(s) redid everything including audio/video. I was hoping it made it or went out open source.

                                                          Most links are gone with only a few vids in Youtube. Although initially confused, I remembered that the demo vids were mpg’s on the web site. Archive has tons of scrapes. I picked a random one later in development. Here’s the About, Tour, some screenshots, and the last vid on Youtube from “Mom Tries…” channel.

                                                          Wonder what author is doing now. Might be worth trying another run at getting him to open-source it, dual-license it, or sell it for a reasonable fee to then open-source. For historical reasons and/or use on older boxes.

                                                          1. 3

                                                            Heh, a lot of the quotes in that youtube video are from the old Wikipedia SkyOS article I wrote. As a teenager I was obsessed with alternative operating systems and I was particularly active in the SkyOS community.

                                                            Szeleney is making mobile games now under a company he founded called Djinnworks. I would love to see the source released, and I’d love to have an archive of skyos.org, which had a decade of great blog content and a vibrant forum community.

                                                            1. 3

                                                              Well, your quotes are about all the made it to a video. So, thanks!

                                                              Djinnworks, eh? I’ll keep it bookmarked in case I see a chance to talk to him about it later.

                                                      1. 3

                                                        This kind of thinking is going to be incredibly important in the next 10 years with Optane-alike persistent RAM.

                                                        1. 3

                                                          Any time I see Homebrew now I think of the author flunking Google’s interview. Poor guy.

                                                          1. 3

                                                            Same. Actually, the discussion that happened around this was what made me generally swear off CS-trivia style interviews/interviewing.

                                                            Tweet: https://twitter.com/mxcl/status/608682016205344768

                                                            Follow-up: https://www.quora.com/Whats-the-logic-behind-Google-rejecting-Max-Howell-the-author-of-Homebrew-for-not-being-able-to-invert-a-binary-tree/answer/Max-Howell

                                                            1. 2

                                                              Wait, what? Link?

                                                            1. 7

                                                              I think the most interesting thing here is the exploit causes Safari to crash the whole OS but Chrome iOS (still webkit on ios) only crashes the app. This must mean safari has much deeper access than regular apps. Maybe there are some exploits to be found in safari or optimisations that other apps can’t use.

                                                              1. 4

                                                                That is probably the biggest takeaway in my opinion. Seeing a constant crash on a mobile browser isn’t too common (some of those WebGL demos can really kill some without any problem) but that it translates into a full OS reboot means that there is more to it, as you said. And I wouldn’t be too surprised that the current relationship between default mobile browsers and certain OS’s turns out to be not too dissimilar from the IE + Windows one was.

                                                                1. 4

                                                                  WKWebView probably explains this. The old browser widget (UIWebView) couldn’t use the jit because they couldn’t secure it, so Apple developed a new WKWebView that could execute jit’d code (css gets jit’d too) in a separate, heavily isolated process. Chrome for iOS uses WKWebView, whereas Safari presumably uses low-level WebKit.framework + JavaScriptCore primitives directly.

                                                                1. 3

                                                                  A question for anyone who might have context – from this piece it seems like they have a cluster per restaurant, which doesn’t make much sense in terms of complexity versus payoff to my mind. The thing that would make more sense and be very interesting is if they’re having these nodes join a global or regional k8s cluster. Am I misreading this?

                                                                  1. 2

                                                                    They seem to be using NUCs as their Kubernetes nodes, so the hardware cost isn’t going to be too great.

                                                                    I imagine it’s down to a desire to not be dependent on an internet connection to run their POS and restaurant management applications, I’m sure the costs of a connection with an actual SLA are obscene compared to the average “business cable” connection you can use if it doesn’t need to be super reliable.

                                                                    1. 3

                                                                      Still, restaurants have been using computers for decades. It looks as if they have a tech team that’s trying very hard to apply trendy tools and concepts (Kuberneetes, “edge computing”) to a solved problem. I’d love to be proven wrong, though.

                                                                      1. 3

                                                                        I’ve never been to one of these restaurants but I can’t imagine anything that needs a literal cluster to run its ordering and payments system.

                                                                        Sounds like an over engineered Rube Goldberg machine because of some resume/cv padding.

                                                                        1. 2

                                                                          While restaurants certainly have been using computers for decades the kind of per location ordering integrations needed for today’s market are pretty diverse:

                                                                          • Regular orders
                                                                          • Delivery services in area (Postmates, dd, caviar, eat24, ubereats)
                                                                          • Native app ordering
                                                                          • Coupons
                                                                          • App coupons

                                                                          If you run a franchise like Chick-fil-A, you don’t want a downtime in the central infrastructure to prevent internet orders at each location, as it would make your franchisees upset that their business was impacted. You also want your franchisees to have easy access to all the ordering methods available in their market. This hits both as it allows them to run general compute using the franchisee’s internet, and easily deploy new integrations, updates, etc w/o an IT person at the location.

                                                                          I have a strong suspicion that this is why I see so many Chick-fil-As on almost every food delivery service.

                                                                          Beyond that, it’s also easier and cheaper to deploy applications onto a functional k8s/nomad/mesos stack than VMS or other solutions because of available developer interest and commodity hw cost. Most instability I’ve seen in these setups is a function of how many new jobs or tasks are added. Typically if you have pretty stable apps you will have fewer worries than other deployment solutions. Not saying there aren’t risks, but this definitely simplifies things.

                                                                          As an aside I would say that while restaurants have been using computers for decades they haven’t necessarily been using them well and lots of the systems were proprietary all in one (hw/sw/support) ‘solutions.’ That’s changed a bit but you’ll still see lots of integrated POS systems that are just a tablet+app+accessories in a nice swivel stand. I’ve walked into places where they were tethering their POS system to someone’s cell phone because the internet was down and the POS app needed internet to checkout (even cash).

                                                                        2. 1

                                                                          Most retail stores like this use a $400/mo T1 which is 1.5mbit/sec (~185kb/sec) symmetrical – plenty for transaction processing but not much else. Their POS system is probably too chatty to run on such a low bandwidth link.

                                                                        3. 1

                                                                          It could just be a basic, HA setup or load balancing cluster on several, cheap machines. I recommended these a long time ago as alternatives to AS/400’s or VMS clusters which are highly reliable, but pricey. They can also handle extra apps, provide extra copies of data to combat bitrot, support rolling upgrades, and so on. Lots of possibilities.

                                                                          People can certainly screw them up. You want person doing setup to know what they’re doing. I’m just saying there’s benefits.

                                                                        1. 1

                                                                          Neat post. Do you have any custom or unusual (eg Cavium) hardware needed for your DDOS mitigation activities? Or is it 100% vanilla boxes from Intel/AMD with Linux running software solutions like in the article?

                                                                          1. 13

                                                                            In our architecture every server is identical both in hardware and software. The more servers we add, the larger DDoS capacity we have. The servers are pretty standard. We do use Solarflare network cards, and occasionally offload parts of iptables into userspace. We are working on replacing this custom piece of software with NIC-vendor agnostic XDP.

                                                                            1. 1

                                                                              Wow. Impressive how far things have come in not relying on custom stuff. Thanks for the reply!

                                                                              1. 1

                                                                                lovely ! any particular reason of moving away from or not choosing dpdk for this ?

                                                                                1. 1

                                                                                  DPDK is great, but it’s really meant to take over the whole NIC[1]. That puts a lot of constraints on what other functions each server can perform. Fortunately, the netdev guys are taking a lot of cues from DPDK and applying them to XDP and related kernel infrastructure. Comparable performance is coming to Linux sooner than you’d think!

                                                                                  [1] bifurcating & SR-IOV aren’t applicable for this particular usecase