- Build an eBpf based implementation of Kubernetes Services (ClusterIP, NodePort, LoadBalancer) to replace Kube-proxy/ iptables and CNI based implementations of Kubernetes services.
- The goal is not "use as much eBpf" as possible but rather to use eBpf selectively and opportunistically and also to leverage standard kernel datapaths as much as possible unless there is a good reason to do otherwise.
- Since iptables packages are being deprecated in the Linux kernel and RHEL, it is necessary to have an implementation of kube-proxy that does not depend on iptables. See iptables deprecation
- Primary design requirement is to retain end user experience for stability and debuggability when replacing the kube-proxy/ iptables based datapath. This requirement is more important that flat out data plane performanc
/* Using a JavaScript proxy for a super low code REST client */ | |
// via https://dev.to/dipsaus9/javascript-lets-create-aproxy-19hg | |
// also see https://towardsdatascience.com/why-to-use-javascript-proxy-5cdc69d943e3 | |
// also see https://github.com/fastify/manifetch | |
// also see https://github.com/flash-oss/allserver | |
// and https://gist.github.com/v1vendi/75d5e5dad7a2d1ef3fcb48234e4528cb | |
const createApi = (url) => { | |
return new Proxy({}, { | |
get(target, key) { |
Latency Comparison Numbers (~2012) | |
---------------------------------- | |
L1 cache reference 0.5 ns | |
Branch mispredict 5 ns | |
L2 cache reference 7 ns 14x L1 cache | |
Mutex lock/unlock 25 ns | |
Main memory reference 100 ns 20x L2 cache, 200x L1 cache | |
Compress 1K bytes with Zippy 3,000 ns 3 us | |
Send 1K bytes over 1 Gbps network 10,000 ns 10 us | |
Read 4K randomly from SSD* 150,000 ns 150 us ~1GB/sec SSD |
name: HTTP security response headers test suites | |
# TOOLS | |
# VENOM HOME: https://github.com/ovh/venom | |
# VENOM RELEASE: https://github.com/ovh/venom/releases | |
# VENOM ASSERTION KEYWORDS: https://github.com/ovh/venom#assertion | |
# REF AND RUN | |
# REF BASE: https://owasp.org/www-project-secure-headers/ | |
# RUN CMD: venom run --var="target_site=https://righettod.eu" venom_security_headers_tests_suite.yml | |
# venom run --var="target_site=https://righettod.eu" --var="internet_facing=true" venom_security_headers_tests_suite.yml | |
# venom run --var="target_site=https://righettod.eu" --var="internet_facing=true" --var="logout_url=/logout" venom_security_headers_tests_suite.yml |
ContractAddress | TokenName | TokenSymbol | holder count | transfer count | # of times appears in list | notes | |
---|---|---|---|---|---|---|---|
0x420b595d8b648971b3bfcf46e66544c384860536 | VenmoCash | VMO | 1 | 6 | 2 | ||
0xdeeb40536e94be7226b77fb89d7d3cd65a82fb85 | Zoom Protocol | ZOM | 1 | 9 | 2 | ||
0xe670848d54788997942ecf938cd23b09550bae73 | TARO | TARO | 1 | 4 | 2 | ||
0xf28fec34928a1dc19b650104ae082665b66f720e | ETH/BTC Long-Only Alpha | XTF.SWCEBL | 1 | 4 | 2 | ||
0x030385efc63ebda6021d9098b1fcc422547d83d3 | Tacos @ Taconomics.io | $TACO | 2 | 5 | 2 | ||
0x03bb9bbf0423e44370e88ec5fc31eecf4e2b4ac2 | STVKE.Network | STV | 2 | 9 | 2 | ||
0x05e850909664a3cf926ca4777c3ec1577d36ec18 | OnFlow | Flow | 2 | 8 | 2 | ||
0x06ca771a689d6d5f5e435be2ef1d1ffc6bdb3b4c | Wing Token | WING | 2 | 8 | 2 | ||
0x08a958bdc9e0beb0c3ee2ec6e9c0013f14ce66e5 | Harold Returns | KEKW | 2 | 6 | 2 |
KataContainers | |
- image coupled with kernel | |
- light vm layer | |
- can run in nested virturalization environments if hardware supports and you can enable it in bios (ex. only bare metal EC2 instances, limits many cloud providers) | |
- slower startup time | |
- OCI compliant | |
- previously known as ClearContainers by Intel | |
gvisor | |
- kernel implemented in userspace |
At the beginning of 2030, I found this essay in my archives. From what I know today, I think it was very insightful at the moment of writing. And I feel it should be published because it can teach us, Rust developers, how to prevent that sad story from happening again.
What killed Haskell, could kill Rust, too
What killed Haskell, could kill Rust, too. Why would I even mention Haskell in this context? Well, Haskell and Rust are deeply related. Not because Rust is Haskell without HKTs. (Some of you know what that means, and the rest of you will wonder for a very long time). Much of the style of Rust is similar in many ways to the style of Haskell. In some sense Rust is a reincarnation of Haskell, with a little bit of C-ish like syntax, a very small amount.
Is Haskell dead?
Peter Naur's classic 1985 essay "Programming as Theory Building" argues that a program is not its source code. A program is a shared mental construct (he uses the word theory) that lives in the minds of the people who work on it. If you lose the people, you lose the program. The code is merely a written representation of the program, and it's lossy, so you can't reconstruct
gunicorn run:app --workers=9
gunicorn run:app --workers=9 --worker-class=meinheld.gmeinheld.MeinheldWorker
Macbook Pro 2015 Python 3.7
Framework | Server | Req/s | Max latency | +/- Stdev |
---|