Nikitux

🤯 The level of sophistication of the XZ attack is very impressive! I tried to make sense of the analysis in a single page (which was quite complicated)! I hope it helps to make sense of the information out there. Please treat the information "as is" while the analysis progresses! 🧐 #infosec #xz

Un equipo de investigadores chinos afirma haber roto el cifrado RSA-2048 con un ordenador cuántico de 372 qubits, usando un nuevo algoritmo de factorización y un método de optimización cuántica. Este avance podría poner en riesgo la seguridad de la mayoría de las comunicaciones online que se basan en este tipo de cifrado asimétrico.https://t.co/knd9w9WTFB

Its been a year and seriously this is one of the most interesting tech migrations stories. Cloudflare ditching NGINX At first glance I thought: what is wrong with NGINX? So let me summarize and I’ll link up the article and my full video coverage if you want to learn more NGINX is process based (like Postgres), processes are isolated and each have their own dedicated memory and having worker processes pinned to a CPU is valuable to avoid context switching. But I we have to remember what NGINX is used for. It is a reverse proxy. This means it needs to turn around and connect to the backend server. The worker process must do that. Which means it will create a connection, get a file descriptor and that process and that process only will be the one read and write to this backend connection. Other processes won’t see this connection. You might say so? whats bad about this. Imagine having 40 CPU cores mapped to 40 worker processes if you used defaults. The request running in a core must pick from existing connections established only from that process or create new ones from that process even though existing connections to that backend might already exist in other processes. This is how NGINX architecture work, this is regardless of SO_REUSEPORT or not. This means that backend connections are scattered and isolated and can’t be reused. Not only you are making more connections to the backend (more CPU) you can’t use connections across process workers as the file descriptors live in the worker process and those are dedicated. Cloudflare is building their own home grown reverese proxy (Pingora) to have a single connection pool to address this. I’m craving details on this beauty (white paper please). Could cloudflare fixed NGINX by creating a shared connection pool? probably but the cost of changing that architecture is so engraved into NGINX that a rewrite made better sense for them. Read full article here, https://t.co/Km1UiuZ2nM Watch my video Cloudflare is moving away from NGINX | The Backend Engineering Show https://t.co/R44eIxQvjT p.s.: Sounds like Envoy has the same problem as NGINX, connection pool per worker thread. https://t.co/uYIsi7hslp