Pull to refresh


Show first
  • New
  • Top
Rating limit
  • All
  • ≥0
  • ≥10
  • ≥25
  • ≥50
  • ≥100

Enhancing security of containers in Linux

Huawei corporate blog Configuring Linux *Open source *Cloud services Kubernetes *

In any history textbooks, the modern time has already been called the time of the next change of the industrial structure or the fourth industrial revolution (Industry 4.0). The main role, in this case, is given to information and IT systems. In an attempt to reduce the cost of IT infrastructure, unify and accelerate the process of developing IT solutions, humanity first invented "clouds" in order to replace traditional data centers, and then containers to replace virtual machines.

Clearly, containers appear more vulnerable from a security point of view. What are the advantages of containerization over virtualization? In fact, there are quite a lot of them:

the possibility of more flexible use of available resources (no need to backup them as in the case of virtual machines);

the ability to save resources (no need to spend them on many copies of the OS for each virtual machine);

no delays at startup (just start of the process is almost instantaneous compared to the time needed to load the virtual machine);

 the interaction between processes, even if isolated, is much easier to implement when needed than between virtual machines. That is how, by the way, came the concept of microservices, which has recently become very popular.

All of the above led to the very rapid development of container technologies, despite the recurring problems with the security of already deployed container cloud systems, their hacks, and data leaks. Accordingly, the work on strengthening container security is also continuing. This is what will be discussed further in this article.

Read more
Total votes 3: ↑3 and ↓0 +3
Views 651
Comments 0

New botnet with lots of cameras and some routers

Qrator Labs corporate blog Information Security *IT Infrastructure *Network technologies *

DDoS attacks send ripples on the ocean of the Internet, produced by creations of various sizes - botnets. Some of them feed at the top of the ocean, but there also exists a category of huge, deep water monstrosities that are rare and dangerous enough they could be seen only once in a very long time.

November 2021 we encountered, and mitigated, several attacks from a botnet, that seems to be unrelated to one described and/or well-known, like variants of Mirai, Bashlite, Hajime or Brickerbot.

Although our findings are reminiscent of Mirai, we suppose this botnet is not based purely on propagating Linux malware, but a combination of brute forcing and exploiting already patched CVEs in unpatched devices to grow the size of it. Either way, to confirm how exactly this botnet operates, we need to have a sample device to analyze, which isn’t our area of expertise.

This time, we won’t give it a name. It is not 100% clear what we are looking at, what are the exact characteristics of it, and how big this thing actually is. But there are some numbers, and where possible, we have made additional reconnaissance in order to better understand what we’re dealing with.

But let us first show you the data we’ve gathered, and leave conclusions closer to the end of this post.

Read more
Total votes 12: ↑12 and ↓0 +12
Views 470
Comments 0

LVM Thinpool Restore

Configuring Linux **nix *

Hi everyone, today I will tell how I restored a defunct LVM thinpool. Unfortunately I could not find any howtos or manuals on the internet, so maybe this one will help someone in a similar situation.

Read more
Total votes 2: ↑2 and ↓0 +2
Views 478
Comments 0

Jira CLI: Interactive Command-line Tool for Atlassian Jira

Open source *Shells *Go *

JiraCLI is an interactive command line tool for Atlassian Jira that will help you avoid Jira UI to some extent. This tool is not yet considered complete but has all the essential features required to improve your workflow with Jira.

The tool started with the idea of making issue search and navigation as straightforward as possible. However, the tool now includes all necessary features like issue creation, cloning, linking, ticket transition, and much more.

The tool supports both jira cloud and on-premise jira installation since the latest release.

Read more
Total votes 3: ↑3 and ↓0 +3
Views 793
Comments 0

Extending and moving a ZooKeeper ensemble

Database Administration *Big Data *

    Once upon a time our DBA team had a task. We had to move a ZooKeeper ensemble which we had been using for Clickhouse cluster. Everyone is used to moving an ensemble by moving its data files. It seems easy and obvious but our Clickhouse cluster had more than 400 TB replicated data. All replication information had been collected in ZooKeeper cluster from the very beginning. At the end of the day we couldn’t miss even a row of data. Then we looked for information on the internet. Unfortunately there was a good tutorial about 3.4.5 and didn’t fit our version 3.6.2. So we decided to use “the extending” for moving our ensemble.

Read more
Rating 0
Views 253
Comments 0

Best warnings of static analyzer

PVS-Studio corporate blog Visual Studio *DevOps *Development for Windows *

Everyone who runs the static analyzer on a project for the first time is slightly shocked by hundreds, thousands or even tens of thousands of warnings. It may be frustrating. Is my code so terrible? Or is the analyzer lying? In any case, filtering by the severity changes the situation, not completely though. That's why we thought about how we could improve the first experience with the analyzer. Let me show you the new feature step by step...

Read more
Total votes 2: ↑2 and ↓0 +2
Views 345
Comments 0

Q3 2021 DDoS attacks and BGP incidents

Qrator Labs corporate blog Information Security *IT Infrastructure *Network technologies *

The third quarter of 2021 brought a massive upheaval in the scale and intensity of DDoS attacks worldwide.

It all led to September when together with Yandex, we uncovered one of the most devastating botnets since the Mirai and named it Meris, as it was held accountable for a series of attacks with a very high RPS rate. And as those attacks were aimed all over the world, our quarterly statistics also changed.

This quarter, we've also prepared for your consideration a slice of statistics on the application layer (L7) DDoS attacks. Without further ado, let us elaborate on the details of DDoS attacks statistics and BGP incidents for Q3, 2021.

Read more
Total votes 17: ↑17 and ↓0 +17
Views 2.9K
Comments 0

Millions of orders per second matching engine testing

C++ *Data Mining *Big Data *Data Engineering *

I had some experience in the matching engine development for cryptocurrency exchange some time ago. That was an interesting and challenging experience. I developed it in clear C++ from scratch. The testing of it is also quite a challenging task. You need to get data for testing, perform testing, collect some statistics, and at last, analyze collected data to find weak points and bottlenecks. I want to focus on testing the C++ matching engine and show how testing can give insights for optimizations even without the need to change the code. The matching engine I developed can do more than 1’000’000 TPS (transactions per second) and is 10x times faster than the matching engine of the Binance cryptocurrency exchange (see one post on Binance Blog).

Read more
Total votes 5: ↑5 and ↓0 +5
Views 2.1K
Comments 1

Big Data Tools with IntelliJ IDEA Ultimate, PyCharm Professional, DataGrip 2021.3 EAP, and DataSpell Support

JetBrains corporate blog Programming *Big Data *Data Engineering *

Recently we released a new build of the Big Data Tools plugin that is compatible with the 2021.3 versions of IntelliJ IDEA and PyCharm. DataGrip 2021.3 support will be available immediately after the release in October. The plugin also supports our new data science IDE – JetBrains DataSpell. If you still use previous versions, now is the perfect time to upgrade both your IDE and the plugin. 

This year, we introduced a number of new features as well as some features that have been there for a while, for example, running Spark Submit with a run configuration.

Here’s a list of the key improvements:

Read more
Rating 0
Views 763
Comments 0

Mēris botnet, climbing to the record

Яндекс corporate blog Qrator Labs corporate blog Information Security *IT Infrastructure *Network technologies *


For the last five years, there have virtually been almost no global-scale application-layer attacks.

During this period, the industry has learned how to cope with the high bandwidth network layer attacks, including amplification-based ones. It does not mean that botnets are now harmless.

End of June 2021, Qrator Labs started to see signs of a new assaulting force on the Internet – a botnet of a new kind. That is a joint research we conducted together with Yandex to elaborate on the specifics of the DDoS attacks enabler emerging in almost real-time.

Read more
Total votes 28: ↑28 and ↓0 +28
Views 14K
Comments 0

In-Memory Showdown: Redis vs. Tarantool

VK corporate blog High performance *Database Administration *Tarantool *

In this article, I am going to look at Redis versus Tarantool. At a first glance, they are quite alike — in-memory, NoSQL, key value. But we are going to look deeper. My goal is to find meaningful similarities and differences, I am not going to claim that one is better than the other.

There are three main parts to my story:

  • We’ll find out what is an in-memory database, or IMDB. When and how are they better than disk solutions?
  • Then, we’ll consider their architecture. What about their efficiency, reliability, and scaling?
  • Then, we’ll delve into technical details. Data types, iterators, indexes, transactions, programming languages, replication, and connectors.

Feel free to scroll down to the most interesting part or even the summary comparison table at the very bottom and the article.
Read more →
Total votes 18: ↑17 and ↓1 +16
Views 2K
Comments 3

Load test of WebRTC recording on AWS

Flashphoner corporate blog System administration *Working with video *IT Infrastructure *DevOps *

Do you remember how just a few years ago it was a disaster to lose a camera at the end of a vacation? All memorable pictures and videos then disappeared along with the lost device. Probably, this fact prompted the great minds to invent cloud storage, so that the safety of records no longer depends on the presence of the devices on which these records are made.

Read more
Rating 0
Views 969
Comments 0

WebRTC face to face video chat. Load test

Flashphoner corporate blog System administration *Working with video *IT Infrastructure *DevOps *

We continue to review variants of load tests. In this article we will go over the testing methodology and conduct a load test that we will use to try and determine the number of users that could watch and stream at the same time, meaning the users will simultaneously publish and view the streams.

Read more
Rating 0
Views 744
Comments 0

Load testing for WebRTC mixer

Flashphoner corporate blog System administration *Working with video *IT Infrastructure *DevOps *

This article is a continuation of our series of write-ups about load tests for our server. We have already discussed how to compile metrics and how to use them to choose the equipment, and we also provided an overview of various load testing methods. Today we shall look at how the server handles stream mixing.

Read more
Total votes 1: ↑1 and ↓0 +1
Views 432
Comments 0