• HDB++ TANGO Archiving System

    • Translation
    • Tutorial
    main

    What is HDB++?


    This is a TANGO archiving system, allows you to save data received from devices in the TANGO system.


    Working with Linux will be described here (TangoBox 9.3 on base Ubuntu 18.04), this is a ready-made system where everything is configured.


    What is the article about?


    • System architecture.
    • How to set up archiving.

    It took me ~ 2 weeks to understand the architecture and write my own scripts for python for this case.


    What is it for?


    Allows you to store the history of the readings of your equipment.


    • You don't need to think about how to store data in the database.
    • You just need to specify which attributes to archive from which equipment.
    Read more →
  • Agreements as Code: how to refactor IaC and save your sanity?


      Before we start, I'd like to get on the same page with you. So, could you please answer? How much time will it take to:


      • Create a new environment for testing?
      • Update java & OS in the docker image?
      • Grant access to servers?

      There is the spoiler from the TechLeadConf. Unfortunately, it's in Russian


      It will take longer than you expect. I will explain why.

      Read more →
    • The 2020 National Internet Segment Reliability Research


        The National Internet Segment Reliability Research explains how the outage of a single Autonomous System might affect the connectivity of the impacted region with the rest of the world. Most of the time, the most critical AS in the region is the dominant ISP on the market, but not always.

        As the number of alternate routes between AS’s increases (and do not forget that the Internet stands for “interconnected network” — and each network is an AS), so does the fault-tolerance and stability of the Internet across the globe. Although some paths are from the beginning more important than others, establishing as many alternate routes as possible is the only viable way to ensure an adequately robust network.

        The global connectivity of any given AS, regardless of whether it is an international giant or regional player, depends on the quantity and quality of its path to Tier-1 ISPs.

        Usually, Tier-1 implies an international company offering global IP transit service over connections with other Tier-1 providers. Nevertheless, there is no guarantee that such connectivity will be maintained all the time. For many ISPs at all “tiers”, losing connection to just one Tier-1 peer would likely render them unreachable from some parts of the world.
        Read more →
      • Looking back at 3 months of the global traffic shapeshifting

          image
          There would be no TL;DR in this article, sorry.

          Those have been three months that genuinely changed the world. An entire lifeline passed from February, 1, when the coronavirus pandemics just started to spread outside of China and European countries were about to react, to April, 30, when nations were locked down in quarantine measures almost all over the entire world. We want to take a look at the repercussions, cyclic nature of the reaction and, of course, provide DDoS attacks and BGP incidents overview on a timeframe of three months.

          In general, there seems to be an objective pattern in almost every country’s shift into the quarantine lockdown.
          Read more →
        • Bcache against Flashcache for Ceph Object Storage


            Fast SSDs are getting cheaper every year, but they are still smaller and more expensive than traditional HDD drives. But HDDs have much higher latency and are easily saturated. However, we want to achieve low latency for the storage system, and a high capacity too. There’s a well-known practice of optimizing performance for big and slow devices — caching. As most of the data on a disk is not accessed most of the time but some percentage of it is accessed frequently, we can achieve a higher quality of service by using a small cache.

            Server hardware and operating systems have a lot of caches working on different levels. Linux has a page cache for block devices, a dirent cache and an inode cache on the filesystem layer. Disks have their own cache inside. CPUs have caches. So, why not add one more persistent cache layer for a slow disk?
            Read more →
          • How to test Ansible and don't go nuts


              It is the translation of my speech at DevOps-40 2020-03-18:


              After the second commit, each code becomes legacy. It happens because the original ideas do not meet actual requirements for the system. It is not bad or good thing. It is the nature of infrastructure & agreements between people. Refactoring should align requirements & actual state. Let me call it Infrastructure as Code refactoring.

              Read more →
            • Why Enterprise Chat Apps isn’t built on Server-side Database like Hangouts, Slack, & Hip chat?

              One of the most significant tools for any organization to smoothen their collaborative world is only through a real-time chat application whether the conversation takes place on mobile or desktop. Hangouts, Slack and Hipchat have been in action for businesses to establish a decent conversation between their internal employees and clients right from small-scale to enterprises.

              Those big players come into play where there requires team collaboration. The big players are built on a server-side database where the messages shared from one device to another is stored in their server database. Ultimately, this results in storing a huge amount of data within the server-side database (Cloud-database).

              The consumption of cloud storage will be pretty high. The client-side database is more efficient where the messages relayed is stored in the client device. The messages will be queued to minimize the consumption of data in the server.
              image
              Read more →
            • Ads
              AdBlock has stolen the banner, but banners are not teeth — they will be back

              More
            • New action to disrupt world’s largest online criminal network



                Today, Microsoft and partners across 35 countries took coordinated legal and technical steps to disrupt one of the world’s most prolific botnets, called Necurs, which has infected more than nine million computers globally. This disruption is the result of eight years of tracking and planning and will help ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyberattacks.

                A botnet is a network of computers that a cybercriminal has infected with malicious software, or malware. Once infected, criminals can control those computers remotely and use them to commit crimes. Microsoft’s Digital Crimes Unit, BitSight and others in the security community first observed the Necurs botnet in 2012 and have seen it distribute several forms of malware, including the GameOver Zeus banking trojan.
                Read more →
              • Monitor linux — cross platform firmware with zabbix server

                  About


                  This is small cross-platform linux-distro with zabbix server. It's a simple way to deploy powerful monitoring system on ARM platfornms and x86_64.


                  Worked as firmware (non-changeable systemd image with config files), have web-interface for system management like network settings, password and other.


                  Who is interested


                  • System admins/engineers who need to fast deploy of zabbix server.
                  • Everyone, who want to deploy zabbix on ARM.
                  • Enthusiasts
                  Read more →
                • A Brief Comparison of the SDS Architectures for Virtualization

                  • Translation

                  The search for a suitable storage platform: GlusterFS vs. Ceph vs. Virtuozzo Storage


                  This article outlines the key features and differences of such software-defined storage (SDS) solutions as GlusterFS, Ceph, and Virtuozzo Storage. Its goal is to help you find a suitable storage platform.

                  Gluster



                  Let’s start with GlusterFS that is often used as storage for virtual environments in open-source-based hyper-converged products with SDS. It is also offered by Red Hat alongside Ceph.
                  GlusterFS employs a stack of translators, services that handle file distribution and other tasks. It also uses services like Brick that handle disks and Volume that handle pools of bricks. Next, the DHT (distributed hash table) service distributes files into groups based on hashes.
                  Note: We’ll skip the sharding service due to issues related to it, which are described in linked articles.

                  image

                  When a file is written onto GlusterFS storage, it is placed on a brick in one piece and copied to another brick on another server. The next file will be placed on two or more other bricks. This works well if the files are of about the same size and the volume consists of a single group of bricks. Otherwise the following issues may arise:
                  Read more →
                • Full disclosure: 0day vulnerability (backdoor) in firmware for Xiaongmai-based DVRs, NVRs and IP cameras


                    This is a full disclosure of recent backdoor integrated into DVR/NVR devices built on top of HiSilicon SoC with Xiaongmai firmware. Described vulnerability allows attacker to gain root shell access and full control of device. Full disclosure format for this report has been chosen due to lack of trust to vendor. Proof of concept code is presented below.
                    Read more →
                  • Deploying Tarantool Cartridge applications with zero effort (Part 1)



                      We have already presented Tarantool Cartridge that allows you to develop and pack distributed applications. Now let's learn how to deploy and control these applications. No panic, it's all under control! We have brought together all the best practices of working with Tarantool Cartridge and wrote an Ansible role, which will deploy the package to servers, start and join instances into replica sets, configure authorization, bootstrap vshard, enable automatic failover and patch cluster configuration.

                      Interesting, huh? Dive in, check details under the cut.
                      Read more →
                    • Optimising server distribution across the racks

                        Recently, a colleague asked me in a chat:

                        — Is there an article how to pack servers into the racks properly?

                        I realised that I'm unaware of it. So, I decided to write my text.

                        Firstly, this is an article about bare metal servers in the data centre (DC) facilities. Secondly, we estimate that there are a lot of servers (hundreds or thousands); the article doesn't make sense for fewer quantities. Thirdly, we consider that there are three constraints in the racks: physical space, electric power per each one, and cabinets stay in the rows adjacent to each other, so we can use a single ToR switch to connect servers in them.
                        The answer to the original question depends significantly...
                      • Lessons learned from testing Over 200,000 lines of Infrastructure Code


                          IaC (Infrastructure as Code) is a modern approach and I believe that infrastructure is code. It means that we should use the same philosophy for infrastructure as for software development. If we are talking that infrastructure is code, then we should reuse practices from development for infrastructure, i.e. unit testing, pair programming, code review. Please, keep in mind this idea while reading the article.


                          Russian Version

                          Read more →
                        • Configuration of the Warnings Next Generation plugin for integration with PVS-Studio

                            Picture 4


                            The PVS-Studio 7.04 release coincided with the release of the Warnings Next Generation 6.0.0 plugin for Jenkins. Right in this release Warnings NG Plugin added support of the PVS-Studio static code analyzer. This plugin visualizes data related to compiler warnings or other analysis tools in Jenkins. This article will cover in detail how to install and configure this plugin to use it with PVS-Studio, and will describe most of its features.
                            Read more →
                          • How we created IoT system for managing solar energy usage

                              If you have no idea about the development architecture and mechanical/electrical design behind IoT solutions, they could seem like "having seemingly supernatural qualities or powers". For example, if you show a working IoT system to 18th century people, they'd think it's magic.This article is sort of busting such myth. Or, to put it more technically, about hints for fine-tuning the IoT development for an awesome project in solar energy management area.

                              Read more →
                            • 2019 National Internet Segments Reliability Research & Report



                                This report explains how the outage of a single AS can affect the connectivity of the impacted region with the rest of the world, especially when it is the dominant ISP on the market. Internet connectivity at the network level is driven by interaction between autonomous systems (AS’s). As the number of alternate routes between AS’s increases, so goes the fault-resistance and stability of the internet across the network. Although some paths inevitably become more important than others, establishing as many alternate routes as possible is the only viable way to ensure an adequately robust system.

                                The global connectivity of any AS, regardless of whether it is a minor provider or an international giant, depends on the quantity and quality of its paths to Tier-1 ISPs. Usually, Tier-1 implies an international company offering global IP transit service over connections to other Tier-1 providers. But there is no guarantee that such connectivity will be maintained. Only the market can motivate them to peer with other Tier-1’s to deliver the highest quality service. Is that enough? We explore this question in the IPv6 section below. For many ISPs at all levels, losing connection to just one Tier-1 peer would likely render them unreachable in some parts of the world.

                                Measuring Internet Reliability


                                Let’s examine a case where an AS experiences significant network degradation. We want to answer the following question: “How many AS’s in the region would lose connectivity with Tier-1 operators and their global availability along with it?”
                                Read more →
                              • Smart Manufacturing and Industry 4.0: Three Main Technological Trends



                                  In recent years we've witnessed massive technological improvements and innovations that re-shaped how industrial objects look like and work. This shift was called an Industry 4.0, i.e., a new phase in the Industrial Revolution that focuses heavily on connectivity, automation, machine learning, and real-time data, all for increasing the productivity, fueling effectiveness of business processes and lifting up the level of security.
                                  Read more →
                                • Qrator filtering network configuration delivery system



                                    TL;DR: Client-server architecture of our internal configuration management tool, QControl.
                                    At its basement, there’s a two-layered transport protocol working with gzip-compressed messages without decompression between endpoints. Distributed routers and endpoints receive the configuration updates, and the protocol itself makes it possible to install intermediary localized relays. It is based on a differential backup (“recent-stable,” explained further) design and employs JMESpath query language and Jinja templating for configuration rendering.

                                    Qrator Labs operates on and maintains a globally distributed mitigation network. Our network is anycast, based on announcing our subnets via BGP. Being a BGP anycast network physically located in several regions across the Earth makes it possible for us to process and filter illegitimate traffic closer to the Internet backbone — Tier-1 operators.

                                    On the other hand, being a geographically distributed network bears its difficulties. Communication between the network points-of-presence (PoP) is essential for a security provider to have a coherent configuration for all network nodes and update it in a timely and cohesive manner. So to provide the best possible service for customers, we had to find a way to synchronize the configuration data between different continents reliably.
                                    In the beginning, there was the Word… which quickly became communication protocol in need of an upgrade.
                                    Read more →