Volume 22, Issue 3

You Don't Know Jack about Bandwidth

  David Collier-Brown

If you're an ISP and all your customers hate you, take heart. This is now a solvable problem.

Bandwidth probably isn't the problem when your employees or customers say they have terrible Internet performance. Once they have something in the range of 50 to 100 Mbps, the problem is latency, how long it takes for the ISP's routers to process their traffic. If you're an ISP and all your customers hate you, take heart. This is now a solvable problem, thanks to a dedicated band of individuals who hunted it down, killed it, and then proved out their solution in home routers.

Networks, Performance

Transactions and Serverless are Made for Each Other

  Qian Li, Peter Kraft

If serverless platforms could wrap functions in database transactions, they would be a good fit for database-backed applications.

Database-backed applications are an exciting new frontier for serverless computation. By tightly integrating application execution and data management, a transactional serverless platform enables many new features not possible in either existing serverless platforms or server-based deployments.

Databases, Distributed Computing

The Soft Side of Software
Working Models for Tackling Tech Debt

  Kate Matsudaira

Understand the options to tailor an approach that suits your needs

Remember that not all debt is bad, and sometimes, in fact, strategic tech debt can even be used as a valuable tool to achieve certain business goals?just as financial debt can be taken on to obtain capital that can be invested in other profitable ventures. For example, taking a shortcut to get a product to market quickly could prove to be a wise decision if it allows the company to learn from customer feedback and then iterate accordingly on the product. But like barnacles on a ship, too much tech debt can slow you down, so be vigilant about managing it.

Business/Management The Soft Side of Software

Kode Vicious
Repeat, Reproduce, Replicate

The pressure to publish versus the will to defend scientific claims

Unless a result relies on a specific hardware trick, such as a proprietary accelerator or modified instruction set, it is possible to reproduce the results of one group by a different one. Unlike the physicists we don't have to build a second Hadron Collider to verify the result of the first. We have millions of similar, and sometimes identical, devices, on which to reproduce our results. All that is required is the will to do so.

Education, Kode Vicious

The Bikeshed
The Expense of Unprotected Free Software

It's high time FOSS maintainers got a bit of appreciation

  Poul-Henning Kamp

Until the big guns manage to sort things out, we're just going to need to take care of things however we can. The best we can hope for, of course, is to convince companies, institutions, and governments that it would be a really good idea to cut monthly checks for those people who maintain the software that these organizations absolutely depend upon.

The Bikeshed, Open Source


Volume 22, Issue 2

Drill Bits
Zero Tolerance for Bias

  Terence Kelly

From gambling to military conscription, randomization makes crucial real-world decisions. With blood and treasure at stake, fairness is not negotiable. Unfortunately, bad advice and biased methods abound. We'll learn how to navigate around misinformation, develop sound methods, and compile checklists for design and code reviews.

Drill Bits, Code, Development, Performance

Kode Vicious
Structuring Success

The problem with software structure is people don't really learn it until they really need it.

Dear KV, In teaching an algorithms course this semester, I discovered my students had received very little instruction about how to divide their code into functions. So, I spent a weekend trolling various programming handbooks and discovered most of them are silent on this topic. I ended up writing a quick handbook to help my students, but was struck more by the advice gap. We just don't give people guidance!

Development, Education, Kode Vicious

Trustworthy AI using Confidential Federated Learning

  Jinnan Guo, Peter Pietzuch, Andrew Paverd, Kapil Vaswani

Federated learning and confidential computing are not competing technologies.

The principles of security, privacy, accountability, transparency, and fairness are the cornerstones of modern AI regulations. Classic FL was designed with a strong emphasis on security and privacy, at the cost of transparency and accountability. CFL addresses this gap with a careful combination of FL with TEEs and commitments. In addition, CFL brings other desirable security properties, such as code-based access control, model confidentiality, and protection of models during inference. Recent advances in confidential computing such as confidential containers and confidential GPUs mean that existing FL frameworks can be extended seamlessly to support CFL with low overheads. For these reasons, CFL is likely to become the default mode for deploying FL workloads.

AI, Security

Confidential Computing or Cryptographic Computing?

  Raluca Ada Popa

Tradeoffs between cryptography and hardware enclaves

Secure computation via MPC/homomorphic encryption versus hardware enclaves presents tradeoffs involving deployment, security, and performance. Regarding performance, it matters a lot which workload you have in mind. For simple workloads such as simple summations, low-degree polynomials, or simple machine-learning tasks, both approaches can be ready to use in practice, but for rich computations such as complex SQL analytics or training large machine-learning models, only the hardware enclave approach is at this moment practical enough for many real-world deployment scenarios.

Hardware, Security

Confidential Container Groups

  Matthew A. Johnson, Stavros Volos, Ken Gordon, Sean T. Allen, Christoph M. Wintersteiger, Sylvan Clebsch, John Starks, Manuel Costa

Implementing confidential computing on Azure container instances

The experiments presented here demonstrate that Parma, the architecture that drives confidential containers on Azure container instances, adds less than one percent additional performance overhead beyond that added by the underlying TEE (i.e., AMD SEV-SNP). Importantly, Parma ensures a security invariant over all reachable states of the container group rooted in the attestation report. This allows external third parties to communicate securely (via remote attestation) with containers, enabling a wide range of containerized workflows that require confidential access to secure data. Companies obtain the advantages of running their most confidential workflows in the cloud without having to compromise on their security requirements. Tenants gain flexibility, efficiency, and reliability; CSPs get more business; and users can trust that their data is private, confidential, and secure.

Architecture, Security

Operations and Life:
Make Two Trips

  Thomas A. Limoncelli

Larry David's New Year's resolution works for IT too.

Whether your project is as simple as carrying groceries into the house or as complex as a multiyear engineering project, "make two trips" can simplify the project, reduce the chance of error, improve the probability of success, and lead to easier explanations.

Business and Management, Development, Operations and Life, Systems Administration

Elevating Security with Arm CCA

  Charles Garcia-Tobin, Mark Knight

Attestation and verification are integral to adopting confidential computing.

Confidential computing has great potential to improve the security of general-purpose computing platforms by taking supervisory systems out of the TCB, thereby reducing the size of the TCB, the attack surface, and the attack vectors that security architects must consider. Confidential computing requires innovations in platform hardware and software, but these have the potential to enable greater trust in computing, especially on devices that are owned or controlled by third parties. Early consumers of confidential computing will need to make their own decisions about the platforms they choose to trust. As confidential computing becomes mainstream, however, it's possible that certifiers and regulators will share this burden, enabling customers to make informed choices without having to undertake their own evaluations.

Privacy and Rights, Security



Older Issues