Mama bear ran `sudo grep "Accepted" /var/log/auth.log` and said "Someone's been logging into my server too..."
Why libraries are the greatest places on earth:
- quiet, so quiet, so peaceful is heaven
- people leave you alone
- also movies and computers and things
- staff literally know everything and want you to know everything thanks
- you can stay the whole time they're open and not have to pay anything at all
- you can get lost in the big ones and that's cool
- mmm smells of wisdom
Now, the DNSOP meeting (everything #DNS). Still a lot of discussion about ANAME (to allows people to put an alias to a CDN at the apex of their zone, a very frequent requirment).
Since it is only for HTTP, why not drop it for HTTP-SVC which solves a similar problem? (Evan Hunt just proposed that, "to save the camel".)
Sur Twitter, le match de TT (Trending Topic) continue entre Greta Thunberg et Boris Johnson. #trivia
Now, let's program the NICs: FPGA/NPU (using languages like P4, eBPF, NPL) or general purpose processor (a CPU + OS on the NIC, can allow even the control plane to be offloaded, this would be a big change). #IETF105
Another function that can be offloaded to the NIC: encryption/decryption. For instance, TLS can give to the NIC unencrypted packets and let it do the computation required by symmetric crypto (AES; I don't know if there are cards that can do ChaCha20).
Warning: it means the NIC sees the data in clear. You have to trust the NIC!
Side question when listening to the talk about Network Interface Cards: why do network people speak of ingress/egress and not input/output? #IETF105
Now, "data plane in hardware". Doing a lot of processing in the NIC, not the host computer ("offloaded data plane").
(General warning: it can be at odds with software freedom and user control, the code running in the NIC may not be free software.)
Practical example: match actions (if src_address == something) then drop) This way, the firewall can be entirely in the NIC.
The control plane always stays on the host computer.
More fun with NICs: they can have several queues. Good for parallelism, but the OS needs to assign sent packets to queues (typically preserving flows, to avoid reordering). #IETF105
Even segmentation in packets can be offloaded to the NIC. The software stack in the OS prefers to deal with large packets, the NIC segments them. Works also at reception: coalescence of packets (but it is harder to do it in a protocol-agnostic way) . #IETF105