Sunday, January 28, 2018

Howto fix the Spectre and Meltdown exploits

In prod, use bare metal servers which you completely control. Anytime there is a chance of someone running a VM on the same physical server as yourself, which is out of your control, the threat surface exists. Keep it simple, and ensure you have complete control of the bare metal server. AWS is in the process of providing bare metal options. And www.packet.net has already been doing this for quite some time.

Friday, January 5, 2018

Performance workaround for Meltdown and Spectre exploits/vulerabilities

Those of us familiar with kernel-bypass techniques are keenly aware of the overhead in the user/kernel transition, especially when multiplexing many thousands of tcp sockets.

Believe it or not, Windows already has the pieces needed to recover the lost performance, due to the new security fix overhead found in the user/kernel transition when doing socket i/o. We can create what is essentially a user-mode tcpip stack using Windows RIO (aka Registered i/o) to batch many tcpip packets into a single user/kernel transition. Combine with the User Mode Scheduler (UMS), which basically intercepts i/o calls, before incurring the overhead of the user/kernel transition, and batches these calls into our RIO based tcpip engine.

This infrastructure could then be a shim layer within windows docker containers running both windows and linux.

What we need now is a UMS concept on the linux side so the same can be done.

BTW, Intel CEO Brian Krzanich needs to go asap. Given the stock sale, he is doing more harm than good.

Friday, April 14, 2017

Diagnose sleep apnea for cheap

Over a year ago I did the take home sleep study, cost around $300. It came back negative for sleep apnea. Turns out the study was wrong.

The more reliable, high-end sleep studies which can detect sleep apnea and UARS (upper airway restriction syndrome), cost thousands of dollars. Most CPAP machines these days track AHI (sleep apnea index) and cost roughly $300. So, I asked my doctor for a CPAP prescription, paying cash for the machine. Best choice I ever made. After using CPAP for a couple months the measurements showed I have mild to moderate sleep apnea. And I'm now getting twice as much sleep.

I'm 6-2, weighing 190 lbs. Not an overweight person. But, I have a narrow neck and crowded teeth. Both markers for UARS. UARS is very expensive/challenging to diagnose. So, if you're tired all the time and suspect the doc is missing something, might be time to get with your ENT and just buy a cpap machine. Mine is a REMStar Auto (System One 60 Series). Best purchase I ever made. Granted, acclimating to CPAP is no small task, took me a couple months, but well worth the struggle. Also finding a mask can take time, I settled on the Simplus mask.

Another amazing thing has happened in the last few weeks. The high-end sleep study I mentioned earlier is now done every night in your fitbit with the latest software update. All sleep stages can now be tracked. Yet another great way to track/measure if you have UARS or sleep apnea. Incredible times we live in, such a great time to be alive!



Many thanks to Doctor Steven Park, his blogging on UARS and sleep apnea have changed my life.

Monday, April 10, 2017

Excellent H1B article from the IEEE

What the U.S. desperately needs right now is inflation. Inflation cannot get a foothold until wages start going up. Reigning in the H1B program and cutting down on abuse fostered by large corporations is the key to getting wage inflation. Otherwise, we need to start talking about UBI, Universal Basic Income. See IEEE article here.

Saturday, April 8, 2017

Federal H1B abuse tip line

This should get interesting ... Article here. Long way to report bad companies here. Fast way to report bad companies here.

Tuesday, April 4, 2017

Low latency, high throughput TCP

For C++ devs looking to push the envelope with respect to latency and throughput when using TCP, checkout mTCP! https://github.com/eunyoung14/mtcp

Tech wages continue to be depressed thanks to Steve Jobs wage fixing pact

The damages awarded thus far come nowhere close to addressing the damage done to the tech industry overall. Add in H1B's to enforce cheap labor, and the future still looks dim for techies. Will Trump keep his promise? https://www.theregister.co.uk/2017/02/02/disney_pixar_lucasfilm_wage_fixing/ http://www.breitbart.com/big-government/2016/11/28/obama-expands-h1b-program/