共找到 20 条结果
Flash and RDMA (Remote Direct Memory Access) provide extremely high performance in storage and network hardware. However, a gap between distributed system and new hardware exists. Although RDMA speeds up memory access between two nodes, there are many serious problems to be solved when sending data or command from one flash to another flash. In this paper, we propose a distributed system on flash and RDMA, and implement a User-space Sendfile verb based on it. Experimental results show that the RPC in DSFR outperforms the traditional RPC mechanism by dozens of times, and the uSendfile reduces time overhead significantly.
The UNH Extended Sockets Library (UNH EXS) was developed at the University of New Hampshire Interoperability Laboratory to provide an interface to extend the features of the Extended Sockets API (ES-API) specification published by the Open Group to better utilize the asynchronous I/O and memory registration features of Remote Direct Memory Access (RDMA) and provide the programmer with the option to perform operations synchronously as well as asynchronously. This thesis is focused on building a rigorous testing framework to verify conformance to the published ES-API standards, existing manual pages, and documented UNH extensions of the Extended Sockets Library, and to facilitate regression testing of the software library as a whole. Furthermore, the additional functionality of synchronous and asynchronous sendfile transfer over RDMA with UNH EXS will be implemented, verified, evaluated, and integrated into the existing documentation and testing framework. The goal of this new capability is to establish a clear process by which new features to UNH EXS can be verified in the future and changes to the library will be properly vetted. The new sendfile transfer functionality is focused on improving the usability and effectiveness of the UNH EXS Library for programmers.
Edge cloud computing is a promising programming and deployment paradigm to empower delay-sensitive applications. By executing close to the network edge, distributed applications can have quicker reactions to event occurrence and consequently prompter dynamic adaptations. In addition, recent improvements in connectivity support allow developers to benefit from heterogeneous and alternative communication technologies (e.g., RDMA, DPDK, XDP, etc.) to meet the requirements of network-intensive edge applications. However, exploiting these technologies makes applications statically tailored to a specific network interface; this significantly limits the potential of edge cloud computing, where application components should be able to migrate seamlessly at runtime. INSANE aims at solving that issue by exposing a technology-agnostic middleware API that lets developers simply specify their QoS communication requirements; the dynamic selection of the most appropriate technology on the currently hosting edge node is delegated to INSANE. The paper also presents how it is possible to develop two different INSANE-based applications (a decentralized messaging system and an image streaming framework) with a few lines of code. Finally, an extensive performance evaluation shows that our middleware adds very limited ns-scale overhead to the raw acceleration technologies.
Using remote direct memory access (RDMA) to ship data is becoming a very popular technique in network architectures. As these networks are adopted by the broader computing market, new challenges arise in transitioning existing code to use RDMA APIs. One particular class of applications that map poorly to RDMA are those that act as servers of file data. In order to access file data and send it over the network, an application must copy it to user-space buffers, and the operating system must register those buffers with the network adapter. Ordinary sockets-based networks can achieve higher performance by using the "sendfile" mechanism to avoid copying file data into user-space buffers. In this work we revisit time-honored approaches to sending file data, but adapted to RDMA networks. In particular, both pipelining and sendfile can be used, albeit with modifications to handle memory registration issues. However, memory registration is not well- integrated in current operating systems, leading to difficulties in adapting the sendfile mechanism. These two techniques make it feasible to create RDMA-based applications that serve file data and still maintain a high level of performance.
This thesis examines web-server architectures for static workloads on both uniprocessor and multiprocessor systems to determine the key factors affecting their performance. The architectures examined are event-driven (userver) and pipeline (WatPipe). As well, a thread-per-connection (Knot) architecture is examined for the uniprocessor system. Various workloads are tested to determine their effect on the performance of the servers. Significant effort is made to ensure a fair comparison among the servers. For example, all the servers are implemented in C or C++, and support sendfile and edge-triggered epoll. \nThe existing servers, Knot and userver, are extended as necessary, and the new pipeline-server, WatPipe, is implemented using userver as its initial code base. Each web server is also tuned to determine its best configuration for a specific workload, which is shown to be critical to achieve best server performance. Finally, the server experiments are verified to ensure each is performing within reasonable standards. \n \nThe performance of the various architectures is examined on a uniprocessor system. Three workloads are examined: no disk-I/O, moderate disk-I/O and heavy disk-I/O. These three workloads highlight the differences among the architectures. As expected, the experiments show the amount of disk I/O is the most significant factor in determining throughput, and once there is memory pressure, the memory footprint of the server is the crucial performance factor. The peak throughput differs by only 9-13% among the best servers of each architecture across the various workloads. Furthermore, the appropriate configuration parameters for best performance varied based on workload, and no single server performed the best for all workloads. The results show the event-driven and pipeline servers have equivalent throughput when there is moderate or no disk-I/O. The only difference is during the heavy disk-I/O experiments where WatPipe's smaller memory footprint for its blocking server gave it a performance advantage. The Knot server has 9% lower throughput for no disk-I/O and moderate disk-I/O and 13% lower for heavy disk-I/O, showing the extra overheads incurred by thread-per-connection servers, but still having performance close to the other server architectures. \nAn unexpected result is that blocking sockets with sendfile outperforms non-blocking sockets with sendfile when there is heavy disk-I/O because of more efficient disk access. \n \nNext, the performance of the various architectures is examined on a multiprocessor system. Knot is excluded from the experiments as its underlying thread library, Capriccio, only supports uniprocessor execution. For these experiments, it is shown that partitioning the system so that server processes, subnets and requests are handled by the same CPU is necessary to achieve high throughput. Both N-copy and new hybrid versions of the uniprocessor servers, extended to support partitioning, are tested. While the N-copy servers performed the best, new hybrid versions of the servers also performed well. \nThese hybrid servers have throughput within 2% of the N-copy servers but offer benefits over N-copy such as a smaller memory footprint and a shared address-space. \nFor multiprocessor systems, it is shown that once the system becomes disk bound, the throughput of the servers is drastically reduced. To maximize performance on a multiprocessor, high disk throughput and lots of memory are essential.
We propose APTHunter, a system for prompt detection of Advanced and Persistent Threats (APTs) in early stages. We provide an approach for representing the indicators of compromise that appear in the cyber threat intelligence reports and the relationships among them as provenance queries that capture the attacker’s malicious behavior. We use the kernel audit log as a reliable source for system activities and develop an optimized whole system provenance graph that provides the causal relationships and information flows among system entities in a compact format. Then, we model the threat hunting as a behavior match problem by applying provenance queries to the optimized provenance graph to find any hits as indicators of an APT attack. We evaluate APTHunter on adversarial engagements from DARPA over different OS platforms, as well as real-world APT campaigns. Based on our experimental results, APTHunter promptly and reliably detects attack artifacts in early stages.
Importance: Fruit drinks are widely consumed by young children, and many parents mistakenly believe that these drinks are healthy, potentially due to front-of-package claims and imagery. Research is needed on the influence of this marketing and how labeling regulations could change behavior. Objective: To assess the effects of a front-of-package 100% vitamin C claim, fruit imagery, percentage juice and teaspoons of added sugar disclosures, and high-added sugar warnings on parents' choices, knowledge, and perceptions of beverages. Design, Setting, and Participants: This randomized clinical trial was conducted May to July 2021 as a single-exposure (no follow-up) online survey of primary caregivers of children ages 0 to 5 years throughout the US. Interventions: Participants were shown no-, low-, and high-added sugar beverages and asked to choose 1 for their child. Participants were randomized to see high-added sugar beverages with 1 of 7 front-of-package conditions: (1) claim and imagery (control); (2) no claim; (3) no imagery; (4) no claim or imagery; (5) claim, imagery, and percentage juice disclosure; (6) claim, imagery, and warning; or (7) claim, imagery, warning, and teaspoons of added sugar disclosure. Main Outcomes and Measures: Primary outcomes were type of beverage chosen (eg, high-added sugar beverage) and resulting calories and added sugar (in grams). Secondary outcomes were fruit drink knowledge (added sugar and percent juice) and perceptions. Results: There were 5005 participants included in the final analysis (mean [SD] age, 31.5 [8.3] years; 3587 female participants [71.7%]), including 714 participants in group 1, 717 participants in group 2, 710 participants in group 3, 717 participants in group 4, 708 participants in group 5, 729 participants in group 6, and 710 participants in group 7. Compared with participants in the control group, who had a mean (standard error [SE]) of 9.4 (0.5) g of added sugar and 81.9 (1.6) kcal in chosen beverages, only participants who saw warnings with teaspoons of added sugar disclosures had significantly reduced added sugar (-1.3 g; 95% CI, -2.6 to -0.1 g [-14.2%; 95% CI, -26.7% to -1.8%]; P = .04) and calories (-5.3 kcal; 95% CI, -9.8 to -0.9 kcal [-6.5%; 95% CI, -11.8% to -1.3%]; P = .02) in selected beverages. In warning conditions (ie, 6 and 7) compared with the control group (mean [SE] 41.0% [1.8%]), the proportion of participants choosing high-added sugar beverages was significantly reduced, by 5.5 percentage points (95% CI, 0.5 to 10.5 percentage points [13.4%; 95% CI, 1.2% to 25.6%]; P = .03) and 6.4 percentage points (95% CI, 1.4 to 11.4 percentage points [15.6%; 95% CI, 3.3% to 27.8%]; P = .01), respectively. The no claim or imagery condition (4) significantly reduced the proportion of parents choosing high-added sugar beverages (-7.6 percentage points; 95% CI, -12.6 to -2.6 percentage points [-18.4%; 95% CI, -30.6% to -6.3%]; P = .003). Percentage juice disclosures did not affect beverage choice. Conclusions and Relevance: These findings suggest that added sugar warnings and prohibitions of front-of-package claims and imagery may reduce parents' purchases of high-added sugar beverages for their young children but that percentage juice disclosures may not change behavior. Trial Registration: ClinicalTrials.gov Identifier: NCT04811690.
Causality analysis is an effective technique for investigating and detecting cyber attacks. However, by focusing on auditing at the Operating System level, existing causal analysis techniques lack visibility into important application-level semantics, such as configuration changes that control application runtime behavior. This leads to incorrect attack attribution and half-baked tracebacks.
<font color=#ff0000><b>BEST PAPER AWARD</b></font><br><br>In this paper, we propose and evaluate three techniques for optimizing network performance in the Xen virtualized environment. Our techniques retain the basic Xen architecture of locating device drivers in a privileged `driver' domain with access to I/O devices, and providing network access to unprivileged `guest' domains through virtualized network interfaces. First, we redefine the virtual network interfaces of guest domains to incorporate high-level network offfload features available in most modern network cards. We demonstrate the performance benefits of high-level offload functionality in the virtual interface, even when such functionality is not supported in the underlying physical interface. Second, we optimize the implementation of the data transfer path between guest and driver domains. The optimization avoids expensive data remapping operations on the transmit path, and replaces page remapping by data copying on the receive path. Finally, we provide support for guest operating systems to effectively utilize advanced virtual memory features such as superpages and global page mappings. The overall impact of these optimizations is an improvement in transmit performance of guest domains by a factor of 4.4. The receive performance of the driver domain is improved by 35% and reaches within 7% of native Linux performance. The receive performance in guest domains improves by 18%, but still trails the native Linux performance by 61%. We analyse the performance improvements in detail, and quantify the contribution of each optimization to the overall performance.
This article presents the design, implementation, and evaluation of IO -Lite, a unified I/O buffering and caching system for general-purpose operating systems. IO-Lite unifies all buffering and caching in the system, to the extent permitted by the hardware. In particular, it allows applications, the interprocess communication system, the file system, the file cache, and the network subsystem to safely and concurrently share a single physical copy of the data. Protection and security are maintained through a combination of access control and read-only sharing. IO-Lite eliminates all copying and multiple buffering of I/O data, and enables various cross-subsystem optimizations. Experiments with a Web server show performance improvements between 40 and 80% on real workloads as a result of IO-Lite.
Bluetooth technology is a key component of wireless communications. It provides a low-energy and low-cost solution for short-range radio transmissions. Bluetooth, more specifically Bluetooth Low Energy (BLE) has become the predominant technology for connecting IoT (Internet of Things). It can be found in cell phones, headsets, speakers, printers, keyboards, automobiles, children’s toys, and medical devices, as well as many other devices. The technology can also be found in automated smart homes, to provide monitors and controls for lights, thermostats, door locks, appliances, security systems, and cameras. Bluetooth offers convenience and ease of use, but it lacks a centralized security infrastructure. As a result, it has serious security vulnerabilities, and the need for awareness of the security risks are increasing as the technology becomes more widespread. This paper presents an overview of Bluetooth technology in IoT including its security, vulnerabilities, threats, and risk mitigation solutions, as well as real-life examples of exploits. Our study highlights the importance of understanding attack risks and mitigation techniques involved with using Bluetooth technology on our devices. Real-life examples of recent Bluetooth exploits are presented. Several recommended security measures are discussed to secure Bluetooth communication.
Apache and Samba use the sendfile system call to speed up file serving. Here's how you can use it too.
In this paper, we extensively tune and then compare the performance of web servers based on three different server architectures. The μserver utilizes an event-driven architecture, Knot uses the highly-efficient Capriccio thread library to implement a thread-per-connection model, and WatPipe uses a hybrid of events and threads to implement a pipeline-based server that is similar in spirit to a staged event-driven architecture (SEDA) server like Haboob. We describe modifications made to the Capriccio thread library to use Linux's zero-copy sendfile interface. We then introduce the SY mmetric Multi-Processor Event Driven (SYMPED) architecture in which relatively minor modifications are made to a single process event-driven (SPED) server (the μserver) to allow it to continue processing requests in the presence of blocking due to disk accesses. Finally, we describe our C++ implementation of WatPipe, which although utilizing a pipeline-based architecture, excludes the dynamic controls over event queues and thread pools used in SEDA. When comparing the performance of these three server architectures on the workload used in our study, we arrive at different conclusions than previous studies. In spite of recent improvements to threading libraries and our further improvements to Capriccio and Knot, both the event-based μserver and pipeline-based Wat-Pipe server provide better throughput (by about 18%). We also observe that when using blocking sockets to send data to clients, the performance obtained with some architectures is quite good and in one case is noticeably better than when using non-blocking sockets.
This paper builds on existing research investigating CSR and ethical consumption within luxury contexts, and makes several contributions to the literature. First, it addresses existing knowledge gaps by exploring the ways in which consumers perform ethical luxury purchases of fine jewellery through interpretive research. Second, the paper is the first to examine such issues of consumer ethics by extending the application of theories of practice to a luxury product context, and by building on Magaudda’s (J Consum Cult 11(1):15–36, 2011 ) circuit of practice framework. This is significant in that, to date, consumer research using practice theories has focused mainly on routine and habitual practices. Our findings and discussion provide an analysis of intentional and less intentional ethical consumer performances within the interconnected nexus of activities of consumers’ fine jewellery consumption practice, where meanings, understandings and intelligibility of social phenomena are worked through the various activities that shape such a practice. Finally, the paper concludes with significant managerial and policy-related implications, as our extended circuit of practice analysis conveys that if ethics and sustainability dimensions are to be embedded in fine jewellery consumption practice, they must first be made an intrinsic part of the nexus of the social and material environment of trading and consumption places.
暂无摘要(点击查看原文获取完整内容)
Contemporary network stacks are masterpieces of generality, supporting many edge-node and middle-node functions. Generality comes at a high performance cost: current APIs, memory models, and implementations drastically limit the effectiveness of increasingly powerful hardware. Generality has historically been required so that individual systems could perform many functions. However, as providers have scaled services to support millions of users, they have transitioned toward thousands (or millions) of dedicated servers, each performing a few functions. We argue that the overhead of generality is now a key obstacle to effective scaling, making specialization not only viable, but necessary.
PURPOSE: This systematic review updates one conducted in 2008 into extended scope practice (ESP) in physiotherapy in orthopedics. METHODS: A comprehensive open-ended search was conducted using electronic library data-bases and Google Scholar to identify any primary study design reporting on physiotherapists working in ESP roles within orthopedic settings. Studies were allocated to the National Health and Medical Research Council hierarchy of evidence, although only studies in levels I, II, or III_1 were critically appraised using a purpose-built critical appraisal tool. Information was extracted on the country of origin, ESP tasks, relevant training, patient types, health, process, and cost measures. RESULTS: 1071 studies were identified, and twelve were included in the review (including diagnostic and evaluative research). The hierarchy of evidence ranged from II to IV, from which only two diagnostic studies met the criteria for critical appraisal. ESP tasks included injection therapy, removing k-wires, and requesting investigations. The education of ESP physiotherapists varied widely, and included formal and informal training. The positive outcomes of ESP initiatives were reported, in diagnostic ability, reduced costs and waiting times, and improved health outcomes. CONCLUSION: Despite the positive results, the generally low level of evidence and the range of outcome measures reported, constrained clear conclusions regarding the health, process, and cost implications of ESP physiotherapy roles in orthopedic settings. The need for formalized, widely recognized training was highlighted, to give ESP physiotherapy roles credibility.
Herrfahrdt-Pähle, E., and C. Pahl-Wostl. 2012. Continuity and change in social-ecological systems: the role of institutional resilience. Ecology and Society 17(2): 8. https://doi.org/10.5751/ES-04565-170208
Unikernels are famous for providing excellent performance in terms of boot times, throughput and memory consumption, to name a few metrics. However, they are infamous for making it hard and extremely time consuming to extract such performance, and for needing significant engineering effort in order to port applications to them. We introduce Unikraft, a novel micro-library OS that (1) fully modularizes OS primitives so that it is easy to customize the unikernel and include only relevant components and (2) exposes a set of composable, performance-oriented APIs in order to make it easy for developers to obtain high performance.
With increasing complexity of HPC workflows, data management services need to perform expensive I/O operations asynchronously in the background, aiming to overlap the I/O with the application runtime. However, this may cause interference due to competition for resources: CPU, memory/network bandwidth. The advent of multi-core architectures has exacerbated this problem, as many I/O operations are issued concurrently, thereby competing not only with the application but also among themselves. Furthermore, the interference patterns can dynamically change as a response to variations in application behavior and I/O subsystems (e.g. multiple users sharing a parallel file system). Without a thorough understanding, I/O operations may perform suboptimally, potentially even worse than in the blocking case. To fill this gap, this paper investigates the causes and consequences of interference due to asynchronous I/O on HPC systems. Specifically, we focus on multi-core CPUs and memory bandwidth, isolating the interference due to each resource. Then, we perform an in-depth study to explain the interplay and contention in a variety of resource sharing scenarios such as varying priority and number of background I/O threads and different I/O strategies: sendfile, read/write, mmap/write underlining trade-offs. The insights from this study are important both to enable guided optimizations of existing background I/O, as well as to open new opportunities to design advanced asynchronous I/O strategies.