> I can't deploy as often as I want because some Sidekiq jobs run for several days, and deploying code means disrupting those jobs
Sounds like a use case for Cadence/Temporal-style fault-oblivious stateful execution with workflows. At last job, we did Unreal Engine deployments with pixel streaming at scale on a huge fleet of GPU servers, and the way we could persist execution state so hassle-free that the code would magically resume at the line right where it got interrupted was so astounding.
Only partly, the argument that OVPN put forward had two parts:
1. They have no information to hand over as they do not keep logs.
2. There is no law that requires them to keep logs.
They proved the first part in court, but there wasn't anything in the torrentfreak article about the second point. The second point is the relevant one here as Mullvad are making both of the same claims. While they have a legal for the first one (case law) the second is still untried as far as I could tell (only made a quick search).
For the second part to be proven, somebody would need to take them to court on the second point. Nobody has tried to do that (yet) and so the question still open, and it depends on how you interpret the wording of the law https://lagen.nu/2022:482. In particular, is the definition strict enough that it applies to the operators of the hardware that makes up the network, or does it apply to a virtual service over the top.
I'm not a lawyer, there is a lot of subtlety in how §7 is written that I do not claim to be aware of, and my swedish is quite basic.
Tangentially related: what do you use today to make authn/z work for your web sites/applications where you only do first party login (i.e. you don't do social login etc.)? Create a `users` table in your database and implement the logic on your own? Or proxy to stuff like Ory Kratos and act as a translation layer through a network call?
If possible, collect fingerprint information through a side channel such as WebRTC or WebTransport, and use the info to correlate payments. Or, if the attack is executed from a non-browser environment, you can pattern match the order of TLS cipher suite to that sent by the attacker and block them straight away.
Does anybody know about the current status of SR-IOV for graphics cards? It is highlighted for NICs but I want to know if there is anything upcoming for GPUs too.
The C++ code is a simple list type, and also a bunch of tests for that type to confirm that it works as intended. The crucial trick here is that because static asserts are used, the test values are computed during compilation, such computations are forbidden (by the standard) from having any leaks or Undefined Behaviour. Anything allocated must be freed by the time the tests complete, and no language Undefined Behaviour is permitted.
The latter is pretty normal for other languages but is a big deal in C++ where UB is a constant plague. However many languages have either forbid or have strict limits on compile time heap allocation - after all that heap isn't going to still exist at runtime. Requiring that you free everything allocated fixes that hole and means you get free leak detection.
The compiler is doing a bunch of complicated stuff at compile time. In fact it's both a C++ compiler and a C++ interpreter.
static_assert is a compile-time check.
[] { ... }(); is an immediately executed lambda function (IIFE in javascript parlance).
list<int> list{} is a linked list of integers (double-linked, forward and backward). push_back() allocates more memory. pop() / clean() deallocates memory.
It is creating a bunch of objects, modifying them, then asserting their value all at compile time. For example the first example creates a list and asserts its size is 0. List normally allocated on heap, so I am guessing they have made changes in thay area in c++20 by making it Constexpr, which is a fancy way to say an expression can be known at compile time.
You can be able to identify those requests by inspecting the TLS cipher. Cloudflare Workers has that value in `request.cf.tlsCipher`[0]. Keep in mind the collateral damage it may have, though.
reply