IT Infrastructure – Infocenters + databases + communication systems / Habr

How to become an author

.NET Knowledge Base

Shapelez May 15, 2020 at 06:23 PM

Looking back at 3 months of the global traffic shapeshifting
There would be no TL;DR in this article, sorry.

Those have been three months that genuinely changed the world. An entire lifeline passed from February, 1, when the coronavirus pandemics just started to spread outside of China and European countries were about to react, to April, 30, when nations were locked down in quarantine measures almost all over the entire world. We want to take a look at the repercussions, cyclic nature of the reaction and, of course, provide DDoS attacks and BGP incidents overview on a timeframe of three months.

In general, there seems to be an objective pattern in almost every country’s shift into the quarantine lockdown.

Read more →
- +27
- 2.4k
- Comment
alexey_zz May 7, 2020 at 02:00 PM

Bcache against Flashcache for Ceph Object Storage
Fast SSDs are getting cheaper every year, but they are still smaller and more expensive than traditional HDD drives. But HDDs have much higher latency and are easily saturated. However, we want to achieve low latency for the storage system, and a high capacity too. There’s a well-known practice of optimizing performance for big and slow devices — caching. As most of the data on a disk is not accessed most of the time but some percentage of it is accessed frequently, we can achieve a higher quality of service by using a small cache.

Server hardware and operating systems have a lot of caches working on different levels. Linux has a page cache for block devices, a dirent cache and an inode cache on the filesystem layer. Disks have their own cache inside. CPUs have caches. So, why not add one more persistent cache layer for a slow disk?

Read more →
- +16
- 380
- Comment
ultral May 3, 2020 at 04:33 PM

How to test Ansible and don't go nuts
It is the translation of my speech at DevOps-40 2020-03-18:

After the second commit, each code becomes legacy. It happens because the original ideas do not meet actual requirements for the system. It is not bad or good thing. It is the nature of infrastructure & agreements between people. Refactoring should align requirements & actual state. Let me call it Infrastructure as Code refactoring.

Read more →
- +3
- 459
- Comment
dokshina April 13, 2020 at 02:34 PM

Deploying Tarantool Cartridge applications with zero effort (Part 2)
- Tutorial
We have recently talked about how to deploy a Tarantool Cartridge application. However, an application's life doesn't end with deployment, so today we will update our application and figure out how to manage topology, sharding, and authorization, and change the role configuration.

Feeling interested? Please continue reading under the cut.

Read more →
- +15
- 445
- Comment
parthiba March 24, 2020 at 01:05 PM

Why Enterprise Chat Apps isn’t built on Server-side Database like Hangouts, Slack, & Hip chat?
- From sandbox
One of the most significant tools for any organization to smoothen their collaborative world is only through a real-time chat application whether the conversation takes place on mobile or desktop. Hangouts, Slack and Hipchat have been in action for businesses to establish a decent conversation between their internal employees and clients right from small-scale to enterprises.

Those big players come into play where there requires team collaboration. The big players are built on a server-side database where the messages shared from one device to another is stored in their server database. Ultimately, this results in storing a huge amount of data within the server-side database (Cloud-database).

The consumption of cloud storage will be pretty high. The client-side database is more efficient where the messages relayed is stored in the client device. The messages will be queued to minimize the consumption of data in the server.

Read more →
- +3
- 978
- Comment
itmo March 23, 2020 at 12:31 AM

Quantum communications at ITMO University: building 100% secure data transfer systems
Quantum Communications LLC creates some hacker-proof quantum encryption systems.

Let’s take a look at how they do it, and why their work matters.

Read more →
- +3
- 764
- 1
msgeek March 16, 2020 at 10:00 AM

New action to disrupt world’s largest online criminal network
Today, Microsoft and partners across 35 countries took coordinated legal and technical steps to disrupt one of the world’s most prolific botnets, called Necurs, which has infected more than nine million computers globally. This disruption is the result of eight years of tracking and planning and will help ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyberattacks.

A botnet is a network of computers that a cybercriminal has infected with malicious software, or malware. Once infected, criminals can control those computers remotely and use them to commit crimes. Microsoft’s Digital Crimes Unit, BitSight and others in the security community first observed the Necurs botnet in 2012 and have seen it distribute several forms of malware, including the GameOver Zeus banking trojan.
Read more →
- +2
- 413
- Comment
AdBlock has stolen the banner, but banners are not teeth — they will be back

More
Ads
Boozlachu February 11, 2020 at 11:31 PM

Monitor linux — cross platform firmware with zabbix server
About

This is small cross-platform linux-distro with zabbix server. It's a simple way to deploy powerful monitoring system on ARM platfornms and x86_64.

Worked as firmware (non-changeable systemd image with config files), have web-interface for system management like network settings, password and other.

Who is interested
- System admins/engineers who need to fast deploy of zabbix server.
- Everyone, who want to deploy zabbix on ARM.
- Enthusiasts
Read more →
- +3
- 837
- Comment
mrospax February 10, 2020 at 02:36 PM

A Brief Comparison of the SDS Architectures for Virtualization
- Translation
The search for a suitable storage platform: GlusterFS vs. Ceph vs. Virtuozzo Storage

This article outlines the key features and differences of such software-defined storage (SDS) solutions as GlusterFS, Ceph, and Virtuozzo Storage. Its goal is to help you find a suitable storage platform.

Gluster

Let’s start with GlusterFS that is often used as storage for virtual environments in open-source-based hyper-converged products with SDS. It is also offered by Red Hat alongside Ceph.
GlusterFS employs a stack of translators, services that handle file distribution and other tasks. It also uses services like Brick that handle disks and Volume that handle pools of bricks. Next, the DHT (distributed hash table) service distributes files into groups based on hashes.
Note: We’ll skip the sharding service due to issues related to it, which are described in linked articles.

When a file is written onto GlusterFS storage, it is placed on a brick in one piece and copied to another brick on another server. The next file will be placed on two or more other bricks. This works well if the files are of about the same size and the volume consists of a single group of bricks. Otherwise the following issues may arise:
Read more →
- 0
- 470
- Comment
YourChief February 4, 2020 at 04:48 PM

Full disclosure: 0day vulnerability (backdoor) in firmware for Xiaongmai-based DVRs, NVRs and IP cameras
This is a full disclosure of recent backdoor integrated into DVR/NVR devices built on top of HiSilicon SoC with Xiaongmai firmware. Described vulnerability allows attacker to gain root shell access and full control of device. Full disclosure format for this report has been chosen due to lack of trust to vendor. Proof of concept code is presented below.

Read more →
- +17
- 54.9k
- 14
dokshina December 16, 2019 at 12:41 PM

Deploying Tarantool Cartridge applications with zero effort (Part 1)
We have already presented Tarantool Cartridge that allows you to develop and pack distributed applications. Now let's learn how to deploy and control these applications. No panic, it's all under control! We have brought together all the best practices of working with Tarantool Cartridge and wrote an Ansible role, which will deploy the package to servers, start and join instances into replica sets, configure authorization, bootstrap vshard, enable automatic failover and patch cluster configuration.

Interesting, huh? Dive in, check details under the cut.

Read more →
- +29
- 677
- Comment
emirochnik November 1, 2019 at 05:56 AM

Optimising server distribution across the racks
Recently, a colleague asked me in a chat:

— Is there an article how to pack servers into the racks properly?

I realised that I'm unaware of it. So, I decided to write my text.

Firstly, this is an article about bare metal servers in the data centre (DC) facilities. Secondly, we estimate that there are a lot of servers (hundreds or thousands); the article doesn't make sense for fewer quantities. Thirdly, we consider that there are three constraints in the racks: physical space, electric power per each one, and cabinets stay in the rows adjacent to each other, so we can use a single ToR switch to connect servers in them.

The answer to the original question depends significantly...
- +9
- 1.1k
- Comment
vasiliy-t October 21, 2019 at 07:09 PM

Tarantool Kubernetes Operator
Kubernetes has already become a de-facto standard for running stateless applications, mainly because it can reduce time-to-market for new features. Launching stateful applications, such as databases or stateful microservices, is still a complex task, but companies have to meet the competition and maintain a high delivery rate. So they create a demand for such solutions.

We want to introduce our solution for launching stateful Tarantool Cartridge clusters: Tarantool Kubernetes Operator, more under the cut.

Read more →
- +34
- 949
- Comment
ultral September 12, 2019 at 04:05 PM

Lessons learned from testing Over 200,000 lines of Infrastructure Code
IaC (Infrastructure as Code) is a modern approach and I believe that infrastructure is code. It means that we should use the same philosophy for infrastructure as for software development. If we are talking that infrastructure is code, then we should reuse practices from development for infrastructure, i.e. unit testing, pair programming, code review. Please, keep in mind this idea while reading the article.

Russian Version

Read more →
- +5
- 1.5k
- 4
ValeryKomarov September 11, 2019 at 10:04 AM

Configuration of the Warnings Next Generation plugin for integration with PVS-Studio
The PVS-Studio 7.04 release coincided with the release of the Warnings Next Generation 6.0.0 plugin for Jenkins. Right in this release Warnings NG Plugin added support of the PVS-Studio static code analyzer. This plugin visualizes data related to compiler warnings or other analysis tools in Jenkins. This article will cover in detail how to install and configure this plugin to use it with PVS-Studio, and will describe most of its features.

Read more →
- +32
- 767
- Comment
sashalisik September 6, 2019 at 01:27 PM

How we created IoT system for managing solar energy usage
- System Analysis and Design,
- IT Infrastructure,
- Big Data,
- Smart House,
- IOT
If you have no idea about the development architecture and mechanical/electrical design behind IoT solutions, they could seem like "having seemingly supernatural qualities or powers". For example, if you show a working IoT system to 18th century people, they'd think it's magic.This article is sort of busting such myth. Or, to put it more technically, about hints for fine-tuning the IoT development for an awesome project in solar energy management area.

Read more →
- +5
- 663
- Comment
Shapelez September 5, 2019 at 10:27 AM

2019 National Internet Segments Reliability Research & Report
This report explains how the outage of a single AS can affect the connectivity of the impacted region with the rest of the world, especially when it is the dominant ISP on the market. Internet connectivity at the network level is driven by interaction between autonomous systems (AS’s). As the number of alternate routes between AS’s increases, so goes the fault-resistance and stability of the internet across the network. Although some paths inevitably become more important than others, establishing as many alternate routes as possible is the only viable way to ensure an adequately robust system.

The global connectivity of any AS, regardless of whether it is a minor provider or an international giant, depends on the quantity and quality of its paths to Tier-1 ISPs. Usually, Tier-1 implies an international company offering global IP transit service over connections to other Tier-1 providers. But there is no guarantee that such connectivity will be maintained. Only the market can motivate them to peer with other Tier-1’s to deliver the highest quality service. Is that enough? We explore this question in the IPv6 section below. For many ISPs at all levels, losing connection to just one Tier-1 peer would likely render them unreachable in some parts of the world.

Measuring Internet Reliability

Let’s examine a case where an AS experiences significant network degradation. We want to answer the following question: “How many AS’s in the region would lose connectivity with Tier-1 operators and their global availability along with it?”

Read more →
- +35
- 2.7k
- Comment
Marger1 August 29, 2019 at 11:15 AM

Smart Manufacturing and Industry 4.0: Three Main Technological Trends
- IT Infrastructure
In recent years we've witnessed massive technological improvements and innovations that re-shaped how industrial objects look like and work. This shift was called an Industry 4.0, i.e., a new phase in the Industrial Revolution that focuses heavily on connectivity, automation, machine learning, and real-time data, all for increasing the productivity, fueling effectiveness of business processes and lifting up the level of security.
Read more →
- +2
- 255
- Comment
Shapelez August 15, 2019 at 12:22 AM

Qrator filtering network configuration delivery system
TL;DR: Client-server architecture of our internal configuration management tool, QControl.
At its basement, there’s a two-layered transport protocol working with gzip-compressed messages without decompression between endpoints. Distributed routers and endpoints receive the configuration updates, and the protocol itself makes it possible to install intermediary localized relays. It is based on a differential backup (“recent-stable,” explained further) design and employs JMESpath query language and Jinja templating for configuration rendering.

Qrator Labs operates on and maintains a globally distributed mitigation network. Our network is anycast, based on announcing our subnets via BGP. Being a BGP anycast network physically located in several regions across the Earth makes it possible for us to process and filter illegitimate traffic closer to the Internet backbone — Tier-1 operators.

On the other hand, being a geographically distributed network bears its difficulties. Communication between the network points-of-presence (PoP) is essential for a security provider to have a coherent configuration for all network nodes and update it in a timely and cohesive manner. So to provide the best possible service for customers, we had to find a way to synchronize the configuration data between different continents reliably.

In the beginning, there was the Word… which quickly became communication protocol in need of an upgrade.

Read more →
- +22
- 804
- Comment
ximaera May 21, 2019 at 09:34 PM

What is going to happen on February 1, 2020?
TL;DR: starting February 2020, DNS servers that don’t support DNS both over UDP and TCP may stop working.

Bangkok, in general, is a strange place to stay. Of course, it is warm there, rather cheap and some might find the cuisine interesting, along with the fact that about half of the world’s population does not need to apply for a visa in advance to get there. However, you still need to get acquainted with the smells, and the city streets are casting cyberpunk scenes more than anything else.

In particular, a photo to the left has been taken not far from the center of Thailand’ capital city, one street away from the Shangri-La hotel, where the 30th DNS-OARC organization meeting took place on May 12 and 13. It is a non-profit organization dedicated to security, stability, and overall development of the DNS — the Domain Name System.

Slides from the DNS-OARC 30 meeting are recommended for everyone interested in how the DNS works, though perhaps the most interesting is what is absent in those slides. Namely, a 45-minute round table with a discussion around the results of DNS Flag Day 2019, which occurred on February, 1, 2019.

And, the most impressive result of a round table is the decision to repeat DNS Flag Day once again.

Read more →
- +23
- 7.7k
- Comment

Audio over Bluetooth: most detailed information about profiles, codecs, and devices
+22 101k 10 8
PVS-Studio is now in Compiler Explorer
+1 120 0 0
Top 10 Chat, Audio & Video Calling API & SDK Providers for Enterprise Business
+5 21.4k 1 4
Technical analysis of the checkm8 exploit
+22 57k 5 4

Web server for Machine Learning 'VKF-solver'
+1 237 1 0
PVS-Studio Impressed by the Code Quality of ABBYY NeoML
+2 224 0 0
PVS-Studio is now in Compiler Explorer
+1 120 0 0
QA process at Miro
+1 83 0 0

Programmer VS Engineer
+5 2.4k 4 2
Applying for that overseas job: a checklist of CV things to worry about
+5 1.3k 10 1
Top 5 Reasons to Learn TensorFlow
+1 1.2k 0 0
The Code of the Command & Conquer Game: Bugs From the 90's. Volume one
+2 1.1k 2 0