Videos uploaded by user “USENIX”
USENIX Security '18-Q: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible?
James Mickens, Harvard University Q: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible? A: Because Keynote Speakers Make Bad Life Decisions and Are Poor Role Models Some people enter the technology industry to build newer, more exciting kinds of technology as quickly as possible. My keynote will savage these people and will burn important professional bridges, likely forcing me to join a monastery or another penance-focused organization. In my keynote, I will explain why the proliferation of ubiquitous technology is good in the same sense that ubiquitous Venus weather would be good, i.e., not good at all. Using case studies involving machine learning and other hastily-executed figments of Silicon Valley’s imagination, I will explain why computer security (and larger notions of ethical computing) are difficult to achieve if developers insist on literally not questioning anything that they do since even brief introspection would reduce the frequency of git commits. At some point, my microphone will be cut off, possibly by hotel management, but possibly by myself, because microphones are technology and we need to reclaim the stark purity that emerges from amplifying our voices using rams’ horns and sheets of papyrus rolled into cone shapes. I will explain why papyrus cones are not vulnerable to buffer overflow attacks, and then I will conclude by observing that my new start-up papyr.us is looking for talented full-stack developers who are comfortable executing computational tasks on an abacus or several nearby sticks. View the full USENIX Security '18 program at https://www.usenix.org/usenixsecurity18/technical-sessions
Views: 108630 USENIX
Fork Yeah! The Rise and Development of illumos
Fork Yeah! The Rise and Development of illumos Bryan M. Cantrill, Joyent In August 2010, illumos, a new OpenSolaris derivative, was born. While not at the time intended to be a fork, Oracle sealed the fate of illumos when it elected to close OpenSolaris: by choosing to cease its contributions, Oracle promoted illumos from a downstream repository to the open source repository of record for such revolutionary technologies as ZFS, DTrace, and Zones. This move accelerated the diaspora of kernel engineers from the former Sun Microsystems, many of whom have landed in the illumos community, where they continue to innovate. We will discuss the history of illumos but will focus on its promising future.
Views: 155130 USENIX
Overcoming My Biggest Roadblock, Myself. From USENIX Women in Advanced Computing Summit (WiAC'12)
Sabrina Farmer, Site Reliabiity Engineer, Google Inc. From the 2012 USENIX Women in Advanced Computing Summit Sabrina Farmer is an engineering manager at Google responsible for Gmail. In this role she leads the development and operations of Gmail's production software infrastructure, network configurations, and the user experience. She has worked in both the private and public sectors at companies in California ranging in size from large, through medium, to startup, including NASA, WebMD, [email protected], and Netsuite. She earned her BS in Computer Science from University of New Orleans (UNO) and lives in Silicon Valley with her husband and two young children. She has been a strong advocate for women in engineering and currently leads a Diversity effort for Site Reliability Engineering at Google. She founded the Scholarship for Women in Computer Science at UNO in 1996 as a way to give back and encourage women to work through their fears of what might happen and instead focus on their ability to bring their talents to an industry that will only be successful with diverse points of view and perspectives.
Views: 2608 USENIX
A Security Analysis of the APCO Project 25 Two-Way Radio System
Why (Special Agent) Johnny (Still) Can't Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System Refereed Paper presented by Matt Blaze (University of Pennsylvania) at the 20th USENIX Security Symposium (USENIX Security '11), held August 8--12, 2011, in San Francisco, CA. Awarded Outstanding Paper Authors: Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu, and Matt Blaze, University of Pennsylvania Abstract: APCO Project 25 ("P25") is a suite of wireless communications protocols used in the US and elsewhere for public safety two-way (voice) radio systems. The protocols include security options in which voice and data traffic can be cryptographically protected from eavesdropping. This paper analyzes the security of P25 systems against both passive and active adversaries. We found a number of protocol, implementation, and user interface weaknesses that routinely leak information to a passive eavesdropper or that permit highly efficient and difficult to detect active attacks. We introduce new selective subframe jamming attacks against P25, in which an active attacker with very modest resources can prevent specific kinds of traffic (such as encrypted messages) from being received, while emitting only a small fraction of the aggregate power of the legitimate transmitter. We also found that even the passive attacks represent a serious practical threat. In a study we conducted over a two year period in several US metropolitan areas, we found that a significant fraction of the "encrypted" P25 tactical radio traffic sent by federal law enforcement surveillance operatives is actually sent in the clear, in spite of their users' belief that they are encrypted, and often reveals such sensitive data as the names of informants in criminal investigations.
Views: 23904 USENIX
Keys to SRE
Ben Treynor Presented at SREcon14
Views: 20937 USENIX
SRE@Google: Thousands of DevOps Since 2004
Thomas A. Limoncelli, Google NYC Tom will describe technologies and policies that Google uses to do what is (now) called DevOps. Google doesn't just empower developers and operations to work together; we have a system that empowers every group to be their own DevOps team.
Views: 11846 USENIX
Comprehensive Experimental Analyses of Automotive Attack Surfaces
Refereed Paper presented by Stephen Checkoway (University of California, San Diego) at the 20th USENIX Security Symposium (USENIX Security '11), held August 8--12, 2011, in San Francisco, CA. Authors: Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage, University of California, San Diego; Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno, University of Washington Abstract: Modern automobiles are pervasively computerized, and hence potentially vulnerable to attack. However, while previous research has shown that the internal networks within some modern cars are insecure, the associated threat model — requiring prior physical access — has justifiably been viewed as unrealistic. Thus, it remains an open question if automobiles can also be susceptible to remote compromise. Our work seeks to put this question to rest by systematically analyzing the external attack surface of a modern automobile. We discover that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft. Finally, we discuss the structural characteristics of the automotive ecosystem that give rise to such problems and highlight the practical challenges in mitigating them.
Views: 24552 USENIX
SREcon18 Asia/Australia - Doing Things the Hard Way
Chris Sinjakli, SRE at GoCardless Our discipline is one of tropes and maxims—the commoditisation of infrastructure, the golden signals of monitoring, the breaking down of barriers spurred by DevOps. Surely there are mistakes we won't make again. Surely we've left the bad times behind. Some mistakes are just too tempting to avoid. Motivated by examples from GoCardless—a company founded in 2011—we'll explore three failure modes: dividing product and infrastructure teams early in the company's life pinning our hopes on the big rework that never arrives forgetting the basics of SRE while seeking out hard problems We'll explore what makes each failure mode so tempting, what it might look like if you're experiencing it, and approaches to dig yourself out. View the full SREcon18 Asia/Australia Program at https://www.usenix.org/conference/srecon18asia/program Sign up to find out more about SREcon at https://srecon.usenix.org
Views: 807 USENIX
f4: Facebook's Warm BLOB Storage System
Subramanian Muralidhar, Facebook, Inc.; Wyatt Lloyd, University of Southern California and Facebook, Inc.; Sabyasachi Roy, Cory Hill, Ernest Lin, Weiwen Liu, Satadru Pan, Shiva Shankar, and Viswanath Sivakumar, Facebook, Inc.; Linpeng Tang, Princeton University and Facebook, Inc.; Sanjeev Kumar, Facebook, Inc. Presented at OSDI '14
Views: 2188 USENIX
USENIX Security ’17 - Understanding the Mirai Botnet
Manos Antonakakis, Georgia Institute of Technology; Tim April, Akamai; Michael Bailey, University of Illinois, Urbana-Champaign; Matt Bernhard, University of Michigan, Ann Arbor; Elie Bursztein, Google; Jaime Cochran, Cloudflare; Zakir Durumeric and J. Alex Halderman, University of Michigan, Ann Arbor; Luca Invernizzi, Google; Michalis Kallitsis, Merit Network, Inc.; Deepak Kumar, University of Illinois, Urbana-Champaign; Chaz Lever, Georgia Institute of Technology; Zane Ma and Joshua Mason, University of Illinois, Urbana-Champaign; Damian Menscher, Google; Chad Seaman, Akamai; Nick Sullivan, Cloudflare; Kurt Thomas, Google; Yi Zhou, University of Illinois, Urbana-Champaign The Mirai botnet, composed primarily of embedded and IoT devices, took the Internet by storm in late 2016 when it overwhelmed several high-profile targets with massive distributed denial-of-service (DDoS) attacks. In this paper, we provide a seven-month retrospective analysis of Mirai’s growth to a peak of 600k infections and a history of its DDoS victims. By combining a variety of measurement perspectives, we analyze how the botnet emerged, what classes of devices were affected, and how Mirai variants evolved and competed for vulnerable hosts. Our measurements serve as a lens into the fragile ecosystem of IoT devices. We argue that Mirai may represent a sea change in the evolutionary development of botnets—the simplicity through which devices were infected and its precipitous growth, demonstrate that novice malicious techniques can compromise enough low-end devices to threaten even some of the best-defended targets. To address this risk, we recommend technical and nontechnical interventions, as well as propose future research directions. View the full program: https://www.usenix.org/sec17/program
Views: 5448 USENIX
SREcon18 Asia/Australia - Interviewing for Systems Design Skills
Sebastian Kirsch, Google Switzerland GmbH Google SRE has developed a special interview format called "Non-Abstract Large Systems Design" or NALSD. The focus of this interview is developing a credible approach for solving a specific problem at large scale. Going beyond coding and algorithm skills, candidates demonstrate their skills in designing for scalability, reliability and robustness, estimating provisioning needs, and managing change. All candidates for SRE positions at Google participate in one NALSD interview as part of their recruiting process. Attendees will learn why Google has developed this interview format and which aspects of a candidate's skill set are covered in the format. They will see an example of this interview type, and learn how to come up with their own interview questions. Tips and tricks derived from practical experience in conducting this interview type will help attendees avoid common pitfalls when interviewing candidates. View the full SREcon18 Asia/Australia Program at https://www.usenix.org/conference/srecon18asia/program Sign up to find out more about SREcon at https://srecon.usenix.org
Views: 1578 USENIX
SREcon16 - Performance Checklists for SREs
Brendan Gregg, Netflix There's limited time for performance analysis in the emergency room. When there is a performance-related site outage, the SRE team must analyze and solve complex performance issues as quickly as possible, and under pressure. Many performance tools and techniques are designed for a different environment: an engineer analyzing their system over the course of hours or days, and given time to try dozens of tools: profilers, tracers, monitoring tools, benchmarks, as well as different tunings and configurations. But when Netflix is down, minutes matter, and there's little time for such traditional systems analysis. As with aviation emergencies, short checklists and quick procedures can be applied by the on-call SRE staff to help solve performance issues as quickly as possible.
Views: 9409 USENIX
LISA17 - Managing SSH Access without Managing SSH Keys
Niall Sheridan, Intercom Everyone uses SSH to manage their production infrastructure, but it's really difficult to do a good job of managing SSH keys. Many organisations don't know how many SSH keys have access to production systems or how protected those keys are. A trusted SSH private key can be years old, unprotected by passphrase, and shared among multiple people who may not even work for you. With some tooling and configuration SSH keys can be replaced with limited-use ephemeral certificates, issued centrally and with better access controls and automatic key expiration, solving many of the shortcomings of using SSH keys. This talk will cover: Managing SSH keys: The bad parts Replacing SSH keys with ephemeral certificates: how & why Discussion of an implementation of a CA for SSH certificates Call for participation, showing github source View the full LISA17 program: https://www.usenix.org/lisa17/program
Views: 1707 USENIX
Continuous Deployment with Ansible
Tim Gerla, AnsibleWorks Presented at the 2013 USENIX Configuration Management Summit (UCMS '13) Continuous Deployment is the natural extension of Continuous Integration: immediately deploying tested and validated code to a production environment. To achieve this goal, you'll have to use best-of-breed tools and practices. In this talk, we'll show about how to use Ansible to achieve continuous deployment of software infrastructure with zero downtime (on a multi-tier application stack), integrating with tools like Jenkins, monitoring systems, and load balancers to accomplish seamless rolling updates. Ansible is an open source configuration management, software deployment, and IT orchestration framework. It is used to eliminate manual IT processes of all kinds. Ansible uses SSH by default to manage remote machines, requiring no agent installation, bootstrapping, or root level network daemons. Ansible uses a data driven automation language called playbooks, which are intended to be easy to audit and write for users of all technical levels.
Views: 77315 USENIX
The DevOps Transformation
Keynote Address at the 25th Large Installation System Administration Conference (LISA '11), by Ben Rockwood, Joyent. **Disclaimer: The views and opinions expressed in this video are those of the speaker(s) and do not necessarily reflect the views of the USENIX Association.** DevOps may be a new term, but it's not a new idea. in this session we'll deconstruct it into its three transformation phases, look back at the often referenced but rarely explained history that influences it, and see how it is a catalyst that is changing the craft of system administration.
Views: 29710 USENIX
USENIX ATC '17: Visualizing Performance with Flame Graphs
Brendan Gregg, Senior Performance Architect, Netflix Flame graphs are a simple stack trace visualization that helps answer an everyday problem: how is software consuming resources, especially CPUs, and how did this change since the last software version? Flame graphs have been adopted by many languages, products, and companies, including Netflix, and have become a standard tool for performance analysis. They were published in "The Flame Graph" article in the June 2016 issue of Communications of the ACM, by their creator, Brendan Gregg. This talk describes the background for this work, and the challenges encountered when profiling stack traces and resolving symbols for different languages, including for just-in-time compiler runtimes. Instructions will be included generating mixed-mode flame graphs on Linux, and examples from our use at Netflix with Java. Advanced flame graph types will be described, including differential, off-CPU, chain graphs, memory, and TCP events. Finally, future work and unsolved problems in this area will be discussed. View the entire USENIX ATC '17 program at https://www.usenix.org/conference/atc17/program
Views: 7679 USENIX
SREcon16 - Putting Together Great SRE Teams
Kripa Krishnan, Google What kinds of people make up a great SRE team? This talk explores whether SRE just means software/systems engineers, and what value other roles bring to a team. How can you fully utilize specialist roles and diverse skills in your SRE organization?
Views: 5031 USENIX
I Am SysAdmin (And So Can You!)
Ben Rockwood, Joyent Presented at LISA14
Views: 11227 USENIX
Phone Phreaks: What We Can Learn From the First Network Hackers?
Phil Lapsley, Hacker, Consultant, Entrepreneur, and Author of Exploding The Phone: The Untold Story of the Teenagers and Outlaws Who Hacked Ma Bell Presented at USENIX Security '14
Views: 3830 USENIX
SREcon18 Americas - Real World SLOs and SLIs: A Deep Dive
Matthew Flaming and Elisa Binette, New Relic If you've read almost anything about SRE best practices, you've probably come across the idea that clearly defined and well-measured Service Level Objectives (SLOs) and Service Level Indicators (SLIs) are a key pillar of any reliability program. SLOs allow organizations and teams to make smart, data-driven decisions about risk and the right balance of investment between reliability and product velocity. But in the real world, SLOs and SLIs can be challenging to define and implement. In this talk, we’ll dive into the nitty-gritty of how to define SLOs that support different reliability strategies and modalities of service failure. We’ll start by looking at key questions to consider when defining what “reliability” means for your organization and platform. Then we'll dig into how those choices translate into specific SLI/SLO measurement strategies in the context of different architectures (for example, hard-sharded vs. stateless random-workload systems) and availability goals. Sign up to find out more about SREcon at https://srecon.usenix.org
Views: 1006 USENIX
SREcon17 Europe/Middle East/Africa - OK Log: Distributed and Coördination-Free Logging
Peter Bourgon, Fastly This talk explores the motivation, design, prototype, and optimization of OK Log, a distributed and coördination-free log system for big ol' (cloud-native) clusters. We first motivate the need for a such a system, setting it apart from existing products like Elasticsearch. Then, we carve out a solution in the distributed systems space, paying due homage to the old gremlins of consistency and coördination. Finally, we review the component and architecture model, and demonstrate how it copes with typical operations and failure modes. This talk is about an open-source product, but it is not a product pitch. Instead, it's meant to be a case study of a learning exercise: approaching a deceptively subtle problem domain from first principles, and using methodological software engineering to derive a solution. I hope it inspires others to reach for something more self-actualizing than the plumbing together of databases and message busses. Sign up to find out more about SREcon at https://srecon.usenix.org
Views: 2097 USENIX
Apache Traffic Server: More Than Just a Proxy
"Apache Traffic Server: More Than Just a Proxy", by Leif Hedstrom, GoDaddy **Disclaimer: The views and opinions expressed in this video are those of the speaker(s) and do not necessarily reflect the views of the USENIX Association.** Apache Traffic Server is an Apache Software Foundation open project, implementing a fast, scalable, and feature-rich HTTP proxy caching server. This presentation will give a solid introduction to the software, its features and capabilities, and how to successfully deploy and use it in your applications. We will discuss several typical use cases, with example setup and configurations.
Views: 9931 USENIX
NSDI '18 - Prophecy: Accelerating Mobile Page Loads Using Final-state Write Logs
James Mickens, Harvard University Web browsing on mobile devices is expensive in terms of battery drainage and bandwidth consumption. Mobile pages also frequently suffer from long load times due to high-latency cellular connections. In this paper, we introduce Prophecy, a new acceleration technology for mobile pages. Prophecy simultaneously reduces energy costs, bandwidth consumption, and page load times. In Prophecy, web servers precompute the JavaScript heap and the DOM tree for a page; when a mobile browser requests the page, the server returns a write log that contains a single write per JavaScript variable or DOM node. The mobile browser replays the writes to quickly reconstruct the final page state, eliding unnecessary intermediate computations. Prophecy’s server-side component generates write logs by tracking low-level data flows between the JavaScript heap and the DOM. Using knowledge of these flows, Prophecy enables optimizations that are impossible for prior web accelerators; for example, Prophecy can generate write logs that interleave DOM construction and JavaScript heap construction, allowing interactive page elements to become functional immediately after they become visible to the mobile user. Experiments with real pages and real phones show that Prophecy reduces median page load time by 53%, energy expenditure by 36%, and bandwidth costs by 21%. View the full NSDI '18 program: https://www.usenix.org/conference/nsdi18/technical-sessions
Views: 1290 USENIX
SREcon16 - The Realities of the Job of Delivering Reliability
Rachel Kroll, Facebook
Views: 3817 USENIX
Lessons of Scale at Facebook
From the 2010 USENIX Annual Technical Conference Keynote Address, Bobby Johnson, Director of Engineering, Facebook, Inc. discusses how in just over six years Facebook has grown from an idea in a dorm room to one of the most visited sites on the Internet. This explosive growth has created enormous technical challenges. He talks about some specific technical challenges Facebook has faced and the general principles they employ when addressing problems of scale. He also discusses how they structure their engineering process and culture to stay on top of unceasing growth while still moving fast to build new products.
Views: 28899 USENIX
Operations at Twitter: Scaling Beyond 100 Million Users
Talk given by John Adams of Twitter at the 24th Large Installation System Administration Conference (LISA '10). John covered many aspects of Twitter's scaling efforts, including: * Finding the weak points in Ruby on Rails and repairing them * In-house peer-to-peer: High-speed deploys across thousands of machines in no time at all * Managing thousands of machines: Why you need a central machine database, now * User management: How do you onboard many new developers and still remain fault-tolerant? * Caching methodologies and Twitter's open source efforts * Asynchronous versus synchronous processing during request lifetime * Life after syslog: What do you do when it won't work anymore?
Views: 23277 USENIX
Capsicum: Practical Capabilities for UNIX
Awarded Best Student Paper! Paper presented by Robert N.M. Watson, University of Cambridge, at the 19th USENIX Security Symposium (USENIX Security '10). Paper authors: Robert N.M. Watson and Jonathan Anderson, University of Cambridge; Ben Laurie and Kris Kennaway, Google UK Ltd.
Views: 9648 USENIX
Programming Style and Your Brain
Douglas Crockford, PayPal Computer programs are the most complicated things humans make. They must be perfect, which is hard for us because we are not perfect. Programming is thought to be a "head" activity, but there is a lot of "gut" involved. Indeed, it may be the gut that gives us the insight necessary for solving hard problems. But gut messes us up when it come to matters of style.The systems in our brains that make us vulnerable to advertising and propaganda also influence our programming styles. This talk looks systematically at the development of a programming style that specifically improves the reliability of programs. The examples are given in JavaScript, a language with an uncommonly large number of bad parts, but the principles are applicable to all languages. Douglas Crockford was born in the wilds of Minnesota, but left when he was only six months old because it was just too damn cold. He turned his back on a promising career in television when he discovered computers. He has worked in learning systems, small business systems, office automation, games, interactive music, multimedia, location-based entertainment, social systems, and programming languages. He is the inventor of Tilton, the ugliest programming language that was not specifically designed to be an ugly programming language. He is best known for having discovered that there are good parts in JavaScript. This was an important and unexpected discovery. He also discovered the JSON Data Interchange Format, the world's best loved data format.
Views: 3577 USENIX
GameDay: Creating Resiliency Through Destruction
GameDay: Creating Resiliency Through Destruction Jesse Robbins, Opscode, LLC
Views: 2284 USENIX
SREcon16 - SRE at a Start-Up: Lessons from LinkedIn
Craig Sebenik, Matterport Many large companies have strong SRE teams that are a great example to follow. But, applying the techniques seen at larger companies to a smaller company has many challenges. Bringing about change is a combination of culture shifts as well as technical challenges. In this talk, I will discuss many of the concepts that worked at LinkedIn and how I have gradually implemented them over the past year and a half at a start-up.
Views: 1859 USENIX
NSDI '18 - Andromeda: Performance, Isolation, and Velocity at Scale in Cloud Network Virtualization
David Schultz, Google, Inc. This paper presents our design and experience with Andromeda, Google Cloud Platform’s network virtualization stack. Our production deployment poses several challenging requirements, including performance isolation among customer virtual networks, scalability, rapid provisioning of large numbers of virtual hosts, bandwidth and latency largely indistinguishable from the underlying hardware, and high feature velocity combined with high availability. Andromeda is designed around a flexible hierarchy of flow processing paths. Flows are mapped to a programming path dynamically based on feature and performance requirements. We introduce the Hoverboard programming model, which uses gateways for the long tail of low bandwidth flows, and enables the control plane to program network connectivity for tens of thousands of VMs in seconds. The on-host dataplane is based around a high-performance OS bypass software packet processing path. CPU-intensive per packet operations with higher latency targets are executed on coprocessor threads. This architecture allows Andromeda to decouple feature growth from fast path performance, as many features can be implemented solely on the coprocessor path. We demonstrate that the Andromeda datapath achieves performance that is competitive with hardware while maintaining the flexibility and velocity of a software-based architecture. View the full NSDI '18 program: https://www.usenix.org/conference/nsdi18/technical-sessions
Views: 1370 USENIX
A Study of Practical Deduplication
This refereed paper was presented by Dutch T. Meyer of Microsoft Research and the University of British Columbia and William J. Bolosky of Microsoft Research at the 9th USENIX Conference on File and Storage Technologies (FAST '11). Recipient of the Best Paper Award. Abstract: We collected file system content data from 857 desktop computers at Microsoft over a span of 4 weeks. We analyzed the data to determine the relative efficacy of data deduplication, particularly considering whole-file versus block-level elimination of redundancy. We found that whole-file deduplication achieves about three quarters of the space savings of the most aggressive block-level deduplication for storage of live file systems, and 87% of the savings for backup images. We also studied file fragmentation finding that it is not prevalent, and updated prior file system metadata studies, finding that the distribution of file sizes continues to skew toward very large unstructured files.
Views: 3305 USENIX
NewSQL vs. NoSQL for New OLTP
"NewSQL vs. NoSQL for New OLTP", by Michael Stonebraker, MIT ** Disclaimer The views and opinions expressed in this video are those of the speaker(s) and do not necessarily reflect the views of the USENIX Association. ** Enterprises once used RDBMs for online transaction processing (OLTP) applications, which we affectionately call OldSQL. New OLTP applications have greater performance requirements; in many modern applications—multiplayer games, gambling, social networks, etc.—OldSQL is cracking under the volume of interactions. I contrast two alternatives to OldSQL: NoSQL, where SQL and ACID are jettisoned for better performance; and NewSQL, where SQL and ACID are retained, and innovative architectures improve performance.
Views: 15553 USENIX
LISA18 - Solving All the Problems with systemd
Alvaro Leiva Geisse, Instagram Abstract: Often system administrators have to choose one of two options: On one end, traditional service management has a service starting with all privileges, and a full view of your system, and on the other end we have containers, with a restrictive, more controlled view of your system. But, with a modern kernel and systemd, it is no longer one or the other, but you can actually take the best of both approaches and decide which components to apply to your service. Do you like the concept of packaging dependencies of containers, but also like the idea of sharing the network with your server from a traditional service manager? Do you want to restrict the access to the files on your system from containers, but also want to be able to manage your service from your server like traditional service management allows you? It turns out that you can have it all. In this presentation I will show all the service techniques to deploy services in Linux that use and abuse systemd, from spinning up a simple service, to actually running your service isolated on a systemd container, and everything in the middle. I'll also show you how to use these features with other traditional techniques, like socket and path activation, service watchdog. scheduling tasks to be executed later on, and what happens when a service goes down. You already have systemd installed on your server...Why not take full advantage of its capacities? I love Python, I grew up in a small town in Chile and one weekend, 16 years ago, I had the flu and could not go out. I decided to learn how to code in Python and that was the beginning of the road that would move us all to Northern California so that I could join the Production Engineering team at Instagram. I also like eating and cooking (in that order). Follow: @aleivag
Views: 1327 USENIX
Blazing Performance with Flame Graphs
Brendan Gregg, Joyent Presented at the 27th Large Installation System Administration Conference (LISA '13)
Views: 14294 USENIX
SREcon16 - The Art of Performance Monitoring
Brian Smith, Facebook In this talk, we share our experience monitoring production performance for Facebook and the services that back the site. We will go over what makes performance monitoring effective and how to produce more useful results. You will learn how to think about monitoring holistically during the design and development of new services and applications.
Views: 1498 USENIX
LISA17 - Scalability Is Quantifiable: The Universal Scalability Law
Baron Schwartz, VividCortex @xaprb Do you know what scalability really is? It's a mathematical function that's simple, precise, and useful. REALLY useful. It describes the relationship between system performance and load. In this talk you'll learn the function (the Universal Scalability Law), how it describes and predicts system behavior you see every day, and how to use it in practice. I'll show you how to understand the function, how to capture the data you need to measure your own system's behavior (you probably already have that), and how to analyze the data with the USL. You'll leave this talk knowing exactly what scalability is and what causes non-linear scaling. There are two factors, and you'll start seeing those everywhere, too. As a result, when systems don't scale you'll know what kind of problem to look for, and you'll avoid building bottlenecks into your systems in the first place. Final note: this talk requires zero mathematical skill. View the full LISA17 program: https://www.usenix.org/lisa17/program
Views: 1338 USENIX
SREcon18 Europe - The Myth of Cloud Agnosticism
Corey Quinn, Last Week in AWS In theory, the idea of having infrastructure that can seamlessly deploy between different cloud providers is a wonderful concept. Who wouldn't love to migrate workloads seamlessly between providers for a variety of reasons? In theory, a tiger with an anger management problem is just a scaled up house-cat. This talk explores the practical reality of cloud agnosticism, with all of its warts. The financial, technical, and operational complexities introduced by multiple providers can take companies by surprise. Come explore the basic truth of "however much you hate your cloud provider, you will hate the migration process far more." View the full SREcon18 Europe Program at: https://www.usenix.org/conference/srecon18europe/program Sign up to find out more about SREcon at https://srecon.usenix.org
Views: 461 USENIX
SREcon17 Europe/Middle East/Africa - Building an On-Premise Kubernetes...
Building an On-Premise Kubernetes Cluster For a Large Web Application Daniel Turner, Shopify Recently, Shopify began migrating from our custom container management system to Kubernetes. This switch will makes us more efficient at running our large Rails monolith, as well as the current and future microservices that run alongside. The first step in migrating was building a cluster using our own hardware. Running Kubernetes on-premise requires building services that cloud providers hide from their customers: Etcd, high-availability master nodes, scalable networking, Ingress, and persistent storage. We believe that understanding the challenges and tradeoffs in providing these services is beneficial to not only those who run their own cluster, but also to those who use cloud providers. Beyond building the cluster, we also had to modify our core application and tooling to fit Kubernetes’ container-centric framework. We expect that most applications currently on homegrown deployment systems will have to similarly overcome host-based assumptions. In our case: unbounded jobs, hard coded assumptions about hosts, and services exposed to external monitoring tools via global DNS. Attendees will leave this talk equipped to decide if running their own Kubernetes cluster is right for them and how to make the shift as successful as possible. Sign up to find out more about SREcon at https://srecon.usenix.org
Views: 1488 USENIX
SREcon18 Europe - SRE Theory vs. Practice: A Song of Ice and TireFire
Corey Quinn, Last Week in AWS, and John Looney, Facebook In many technical talks, you see a speaker from a renowned tech company stand up and describe a perfect utopia of an environment. You look at the perfect environment and dedicated hordes of senior engineers they describe, and you despair of ever getting to that point. Your environment looks nothing like that. Surprise—their environment doesn't really look like that either! In this talk, a speaker from an unnamed tech unicorn describes their amazing environment—and then what they just said gets translated from "thought leader" into plain English for you by an official SREcon translator. Stop feeling sad—everything is secretly terrible! View the full SREcon18 Europe Program at: https://www.usenix.org/conference/srecon18europe/program Sign up to find out more about SREcon at https://srecon.usenix.org
Views: 1314 USENIX
SREcon17 Europe/Middle East/Africa - Monitoring Cloudflare's Planet-Scale Edge Network
Matt Bostock, Cloudflare Cloudflare operates a global anycast edge network serving content for 6 million web sites. This talk explains how we monitor our network, how we migrated from Nagios to Prometheus and the architecture we chose to provide maximum reliability for monitoring. We'll also discuss the impact of alert fatigue and how we reduced alert noise by analysing data, making alerts more actionable and alerting on symptoms rather than causes. This talk will cover: The challenges of monitoring a high volume, anycast, edge network across 100+ locations The architecture we chose to maximise the reliability of our monitoring Why Prometheus excels as the new industry standard for modern monitoring Approaches reducing alert noise and alert fatigue Triaging alerts into a ticket system Analysing past alert data for continuous improvement The pain points we endured Effecting change across engineering teams Sign up to find out more about SREcon at https://srecon.usenix.org
Views: 1149 USENIX
Keynote Address: A Brief History of the BSD Fast Filesystem
Dr. Marshall Kirk McKusick, Author and Consultant Presented at FAST '15
Views: 2089 USENIX
Design, Implementation and Evaluation of Congestion Control for Multipath TCP
Paper presented by Damon Wischik, Costin Raiciu, Adam Greenhalgh, and Mark Handley of University College London at the 8th USENIX Symposium on Networked Systems Design and Implementation (NSDI '11). Recipient of the Best Paper Award. Abstract: Multipath TCP, as proposed by the IETF working group mptcp, allows a single data stream to be split across multiple paths. This has obvious benefits for reliability, and it can also lead to more efficient use of networked resources. We describe the design of a multipath congestion control algorithm, we implement it in Linux, and we evaluate it for multihomed servers, data centers and mobile clients. We show that some 'obvious' solutions for multipath congestion control can be harmful, but that our algorithm improves throughput and fairness compared to single-path TCP. Our algorithm is a drop-in replacement for TCP, and we believe it is safe to deploy.
Views: 4644 USENIX
Open Compute Project and the Changing Data Center
Ken Patchett, Facebook Presented at LISA14
Views: 28807 USENIX
LISA17 - Distributed Tracing: From Theory to Practice
Stella Cotton, Heroku @practice_cactus Application performance monitoring is great for debugging inside a single app. However, as a system expands into multiple services, how can you understand the health of the system as a whole? Distributed tracing can help! You’ll learn the theory behind how distributed tracing works. But we’ll also dive into other practical considerations you won’t get from a README, like choosing libraries for your polyglot systems, infrastructure considerations, and security. View the full LISA17 program: https://www.usenix.org/lisa17/program
Views: 525 USENIX
Project Adam: Building an Efficient and Scalable Deep Learning Training System
Trishul Chilimbi, Yutaka Suzue, Johnson Apacible, and Karthik Kalyanaraman, Microsoft Research Presented at OSDI '14
Views: 1404 USENIX
USENIX Security '17 - The Loopix Anonymity System
Ania M. Piotrowska and Jamie Hayes, University College London; Tariq Elahi, KU Leuven; Sebastian Meiser and George Danezis, University College London We present Loopix, a low-latency anonymous communication system that provides bi-directional ‘third-party’ sender and receiver anonymity and unobservability. Loopix leverages cover traffic and Poisson mixing—brief independent message delays—to provide anonymity and to achieve traffic analysis resistance against, including but not limited to, a global network adversary. Mixes and clients self-monitor and protect against active attacks via self-injected loops of traffic. The traffic loops also serve as cover traffic to provide stronger anonymity and a measure of sender and receiver unobservability. Loopix is instantiated as a network of Poisson mix nodes in a stratified topology with a low number of links, which serve to further concentrate cover traffic. Service providers mediate access in and out of the network to facilitate accounting and off-line message reception. We provide a theoretical analysis of the Poisson mixing strategy as well as an empirical evaluation of the anonymity provided by the protocol and a functional implementation that we analyze in terms of scalability by running it on AWS EC2. We show that mix nodes in Loopix can handle upwards of 300 messages per second, at a small delay overhead of less than 1.5ms on top of the delays introduced into messages to provide security. Overall message latency is on the order of seconds – which is relatively low for a mix-system. Furthermore, many mix nodes can be securely added to the stratified topology to scale throughput without sacrificing anonymity. View the full program: https://www.usenix.org/sec17/program
Views: 1475 USENIX
SRE Hiring
Andrew Fong, Dropbox Presented at SREcon15
Views: 1783 USENIX
LISA18 - Serverless Ops: What to Do / This is What We Do, When the Server Goes Away
Tom McLaughlin, ServerlessOps Abstract: With the rise of serverless architecture, many of the common day-to-day operations tasks will change dramatically, if not disappear completely. We as Operations professionals will be challenged to redefine our roles and responsibilities within the technology organization as serverless abstracts away the server and its respective OS to cloud service providers. No stranger to this scenario, we will not only be tasked with solving these engineering obstacles introduced by the new serverless paradigm, but we will also need to prove our value to the business in the face of a changing technology landscape… again. This is a combination professional/cultural and technical talk. We’ll start by discussing the disruption that serverless presents to operations and why. While DevOps and public cloud are becoming commonplace, serverless is the beginning of a new disruption cycle. We need to understand why serverless is disruptive and learn from the lessons of the past. The talk will continue on to discuss the value of operations work and understanding the relationship between work and value. Not all work has the same value and we need to understand this so we prioritize the best use of our time. Finally I will walk through the current state of serverless engineering and tools, and show how and where we fit in. For our career longevity and security we need to understand how we fit. A few areas I’ll discuss include: DevOps and public cloud… And how serverless is starting a new disruption cycle 10 years later. Understanding and determining the value of your work Moving up the value chain and closer to customer success metrics. Team reorganization to better align with business success. Serverless architectural decision making Performance management and cost containment Failure monitoring and service handling Security risk and concerns If you’re an Operations engineer and you had all your host and OS related work removed from you, would you know what to do to stay busy and demonstrate your value to your organization? View the full LISA18 Program at https://www.usenix.org/lisa18/conference-program
Views: 423 USENIX
NSDI '18 - zkLedger: Privacy-Preserving Auditing for Distributed Ledgers
Neha Narula, MIT Media Lab Distributed ledgers (e.g. blockchains) enable financial institutions to efficiently reconcile cross-organization transactions. For example, banks might use a distributed ledger as a settlement log for digital assets. Unfortunately, these ledgers are either entirely public to all participants, revealing sensitive strategy and trading information, or are private but do not support third-party auditing without revealing the contents of transactions to the auditor. Auditing and financial oversight are critical to proving institutions are complying with regulation. This paper presents zkLedger, the first system to protect ledger participants’ privacy and provide fast, provably correct auditing. Banks create digital asset transactions that are visible only to the organizations party to the transaction, but are publicly verifiable. An auditor sends queries to banks, for example “What is the outstanding amount of a certain digital asset on your balance sheet?” and gets a response and cryptographic assurance that the response is correct. zkLedger has two important benefits over previous work. First, zkLedger provides fast, rich auditing with a new proof scheme using Schnorr-type non-interactive zero-knowledge proofs. Unlike zk-SNARKs, our techniques do not require trusted setup and only rely on widely-used cryptographic assumptions. Second, zkLedger provides completeness; it uses a columnar ledger construction so that banks cannot hide transactions from the auditor, and participants can use rolling caches to produce and verify answers quickly. We implement a distributed version of zkLedger that can produce provably correct answers to auditor queries on a ledger with a hundred thousand transactions in less than 10 milliseconds. View the full NSDI '18 program: https://www.usenix.org/conference/nsdi18/technical-sessions
Views: 633 USENIX

Enterprise san marcos texas
Johnston typeface download free
Pisasu songs free download tamilanda
Buffalo bills joke
Vancouver canada points of interest