• This is how you deal with route leaks

      That, we must say, is the unique story so far.

      Here’s the beginning: for approximately an hour, starting at 19:28 UTC on April 1, 2020, the largest Russian ISP — Rostelecom (AS12389) — was announcing prefixes belonging to prominent internet players: Akamai, Cloudflare, Hetzner, Digital Ocean, Amazon AWS, and other famous names.

      Before the issue was resolved, paths between the largest cloud networks were somewhat disrupted — the Internet blinked. The route leak was distributed quite well through Rascom (AS20764), then Cogent (AS174) and in a couple of minutes through Level3 (AS3356) to the world. The issue suddenly became bad enough that it saturated the route decision-making process for a few Tier-1 ISPs.

      It looked like this:


      With that:

      Read more →
    • COVID-19 and Internet

        СOVID-19 and Internet

        Recent events caused by coronavirus spread have highlighted quite a few problem areas in society, economics, technology… And it’s not only about the panic, which is inevitable and will come back with any following global issue. But it is really about the consequences: crowded hospitals, empty shelves in supermarkets, people having to stay at home and use up the Internet which turns out to not be enough for everyone who’s going through the hard days and nights of #stayathome.

        What already happened

        Read more →
      • How to develop and publish a smart-contract in the Telegram Open Network (TON)

          What is this article about?

          In this article, I will tell about my participation in the first (out of two so far) Telegram blockchain contest. I didn't win any prize. However, decided to combine and share the unique experience from the start to finish line, so my observations could help anyone who is interested.

          Since I didn't want to write some abstract code, instead make something useful. I created instant lottery smart-contract and website which shows smart-contract data directly from Telegram Open Network (TON) avoiding transitional storage.

          The article will be particularly useful for those, who want to write their first smart-contract in TON but has difficulties where to start.

          Using the lottery smart-contract as an example, I will show the path from the environment set up till publication of the smart-contract and its interaction. Moreover, I will create a website that will show smart-contract data. This website can be used to extract and publish data.

          Read more →
        • Implementing Fault-Tolerance PostgreSQL Cluster with Patroni

            I'm a DevOps Teamlead at Miro. Our service is a high-load one: it is used by 4 million users worldwide, daily active users - 168,000. Our servers are hosted by Amazon and located in a single Ireland region. We have more than 200 active servers, with almost 70 of them being database servers.

            The service's backend is a monolith stateful Java application that maintains a persistent WebSocket connection for each client. When several users collaborate using the same whiteboard, they see changes on the whiteboard in real-time. That's because we write every change to a database, resulting in ~20,000 requests per second to the databases. During peak hours, the data is written to Redis at ~80,000–100,000 RPS.

            I am going to speak about why it is important to us to maintain PostgreSQL high availability, what methods we've applied to solve the problem, and what results we've achieved so far.

            Read more →
          • Why Enterprise Chat Apps isn’t built on Server-side Database like Hangouts, Slack, & Hip chat?

            One of the most significant tools for any organization to smoothen their collaborative world is only through a real-time chat application whether the conversation takes place on mobile or desktop. Hangouts, Slack and Hipchat have been in action for businesses to establish a decent conversation between their internal employees and clients right from small-scale to enterprises.

            Those big players come into play where there requires team collaboration. The big players are built on a server-side database where the messages shared from one device to another is stored in their server database. Ultimately, this results in storing a huge amount of data within the server-side database (Cloud-database).

            The consumption of cloud storage will be pretty high. The client-side database is more efficient where the messages relayed is stored in the client device. The messages will be queued to minimize the consumption of data in the server.
            Read more →
          • Build apps for free with Azure Cosmos DB Free Tier

              Looking to build a new app, develop and test, or run small production workloads with Azure Cosmos DB? Our new Free Tier makes it easy to get started with no cost and save money as you build and grow new apps.

              With Azure Cosmos DB Free Tier enabled, you’ll get the first 400 RU/s throughput and 5 GB storage in your account for free each month, for the lifetime of the account. That means that you can start small and grow with confidence, knowing your app will be running on a high-performance database service. You’ll only pay if your account exceeds 400 RU/s and 5 GB. Additionally, if your app has a lot of containers you can create up to 25 containers in a shared throughput database and have them all share the free 400 RU/s. You can have up to one free tier Azure Cosmos DB account per Azure subscription.
              Read more →
            • AdBlock has stolen the banner, but banners are not teeth — they will be back

            • New action to disrupt world’s largest online criminal network

                Today, Microsoft and partners across 35 countries took coordinated legal and technical steps to disrupt one of the world’s most prolific botnets, called Necurs, which has infected more than nine million computers globally. This disruption is the result of eight years of tracking and planning and will help ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyberattacks.

                A botnet is a network of computers that a cybercriminal has infected with malicious software, or malware. Once infected, criminals can control those computers remotely and use them to commit crimes. Microsoft’s Digital Crimes Unit, BitSight and others in the security community first observed the Necurs botnet in 2012 and have seen it distribute several forms of malware, including the GameOver Zeus banking trojan.
                Read more →
              • Announcing Universal Print: a cloud-based print solution

                  Commercial and educational customers moving to the cloud with Microsoft 365 have long needed a simple, easy print experience for their employees. Today we are happy to announce a private preview of Universal Print, a Microsoft cloud-based print infrastructure that will enable a simple, rich and secure print experience for users and help reduce time and effort for IT.

                  Read more →
                • Announcing PowerShell 7.0

                    Today, we’re happy to announce the Generally Available (GA) release of PowerShell 7.0! Before anything else, we’d like to thank our many, many open-source contributors for making this release possible by submitting code, tests, documentation, and issue feedback. PowerShell 7 would not have been possible without your help.

                    What is PowerShell 7?

                    For those unfamiliar, PowerShell 7 is the latest major update to PowerShell, a cross-platform (Windows, Linux, and macOS) automation tool and configuration framework optimized for dealing with structured data (e.g. JSON, CSV, XML, etc.), REST APIs, and object models. PowerShell includes a command-line shell, object-oriented scripting language, and a set of tools for executing scripts/cmdlets and managing modules.
                    Read more →
                  • buildroot — my own experience with multi-platform distro creation


                      In my previous article (Monitor linux) I wrote, what is this distro and how it works. Now i will write how to do it. It's may be interesting for everyone, who want to study buildroot.

                      Target goals

                      The result we get from article is the following:

                      • Firmware (non-volatile image with restorable config)
                      • Easy management via web-interface
                      • Cross-platform (qemu x86_64, arm-based SBC like rasberry 4, beagle bone black and asus tinker board)
                      • Support without extra effort
                      Read more →
                    • Are my open-source libraries vulnerable? (2 min reading to make your life more secure)

                        The explosion of open source and issues related to it

                        The amount of open source or other third party code used in a software project is estimated as 60-90% of a codebase. Components, such as libraries, frameworks, and other software modules, almost always run with full privileges. If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover. Applications using components with known vulnerabilities may undermine application defences and enable a range of possible attacks and impacts.

                        Conclusion: even if you perform constant security code reviews, you still might be vulnerable because of third-party components.

                        Some have tried to do this manually, but the sheer amount of work and data is growing and is time consuming, difficult, and error prone to manage. It would require several full time employees and skilled security analysts to constantly monitor all sources to stay on top.
                        Read more →
                      • Fault Tolerance Web Architecture for Our Cloud Solutions


                          Hi Habr,

                          I'm Artyom Karamyshev, a system administration team leader at Mail.Ru Cloud Solutions (MCS). We launched many products in 2019. We've aimed to make API services easily scalable, fault-tolerant, and ready to accommodate rapid growth. Our platform is running on OpenStack, and in this article, I describe all the component fault tolerance issues that we've resolved.

                          The overall fault tolerance of the platform is consists of its components fault tolerance. So, I'm going to show you step by step tutorial about all levels where we've found the risks.
                          Read more →
                        • PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps

                            Рисунок 1

                            We continue making the use of PVS-Studio more convenient. Our analyzer is now available in Chocolatey, the package manager for Windows. We believe this will make it easier to deploy PVS-Studio, particularly in cloud services. So right off the bat, we also checked the source code of the same Chocolatey. Azure DevOps took on the role of the CI system.
                            Read more →
                          • Monitor linux — cross platform firmware with zabbix server


                              This is small cross-platform linux-distro with zabbix server. It's a simple way to deploy powerful monitoring system on ARM platfornms and x86_64.

                              Worked as firmware (non-changeable systemd image with config files), have web-interface for system management like network settings, password and other.

                              Who is interested

                              • System admins/engineers who need to fast deploy of zabbix server.
                              • Everyone, who want to deploy zabbix on ARM.
                              • Enthusiasts
                              Read more →
                            • A Brief Comparison of the SDS Architectures for Virtualization

                              • Translation

                              The search for a suitable storage platform: GlusterFS vs. Ceph vs. Virtuozzo Storage

                              This article outlines the key features and differences of such software-defined storage (SDS) solutions as GlusterFS, Ceph, and Virtuozzo Storage. Its goal is to help you find a suitable storage platform.


                              Let’s start with GlusterFS that is often used as storage for virtual environments in open-source-based hyper-converged products with SDS. It is also offered by Red Hat alongside Ceph.
                              GlusterFS employs a stack of translators, services that handle file distribution and other tasks. It also uses services like Brick that handle disks and Volume that handle pools of bricks. Next, the DHT (distributed hash table) service distributes files into groups based on hashes.
                              Note: We’ll skip the sharding service due to issues related to it, which are described in linked articles.


                              When a file is written onto GlusterFS storage, it is placed on a brick in one piece and copied to another brick on another server. The next file will be placed on two or more other bricks. This works well if the files are of about the same size and the volume consists of a single group of bricks. Otherwise the following issues may arise:
                              Read more →
                            • Full disclosure: 0day vulnerability (backdoor) in firmware for Xiaongmai-based DVRs, NVRs and IP cameras

                                This is a full disclosure of recent backdoor integrated into DVR/NVR devices built on top of HiSilicon SoC with Xiaongmai firmware. Described vulnerability allows attacker to gain root shell access and full control of device. Full disclosure format for this report has been chosen due to lack of trust to vendor. Proof of concept code is presented below.
                                Read more →
                              • Introducing One Ring — an open-source pipeline for all your Spark applications

                                  If you utilize Apache Spark, you probably have a few applications that consume some data from external sources and produce some intermediate result, that is about to be consumed by some applications further down the processing chain, and so on until you get a final result.

                                  We suspect that because we have a similar pipeline with lots of processes like this one:

                                  A process flowchart with more than 50 applications and about 70 datasets
                                  Click here for a bit larger version

                                  Each rectangle is a Spark application with a set of their own execution parameters, and each arrow is an equally parametrized dataset (externally stored highlighted with a color; note the number of intermediate ones). This example is not the most complex of our processes, it’s fairly a simple one. And we don’t assemble such workflows manually, we generate them from Process Templates (outlined as groups on this flowchart).

                                  So here comes the One Ring, a Spark pipelining framework with very robust configuration abilities, which makes it easier to compose and execute a most complex Process as a single large Spark job.

                                  And we just made it open source. Perhaps, you’re interested in the details.

                                  We got you covered!
                                • Blockchain Is Changing The Way Rail Industry Works


                                  Railways had made our transportation very easy since 1830 when the first railway began in England. From 1830 to 2020, the development in the railways has been quite significant. The concept of blockchain is expanding widely; hence the public interests are also growing on a vast scale. Major enthusiasts about blockchain are the investors and businessmen who wish for transparency and equity in the transaction. Now since blockchain is no more just a concept its application in railways is expected to smoothen the transportation.
                                  Read more →