Much is being talked about the latest vulnerability mitigations on L1 cache for IBM POWER processors addressed in CVE-2020–4788.

Update on 23/11: This post has been updated to address Pgbench tests that provides more realistic numbers related to the CVE and mitigations. Check the PGbench section below.

The intent of this post is to run some preliminary benchmarks with and without such mitigations. There is no scientific method for the tests other than full reboots and replication of the scenarios between versions. For complete tests, check out in the future for Phoronix benchmarks.

The tests were performed on a Raptor Computing Systems Blackbird with a 4-core, 16-thread POWER9 CPU (02CY650) and 8GB RAM. …


As a follow-up post to my previous post about adding authentication transparently to an application

Go to the left-side menu item “Client Scopes” and click “Create”:

Image for post
Image for post

Create a new client scope called “api” with default settings, then click the “Mappers” tab to add the field mappings to this scope.

In this tab, create a new mapper called “groups” with the following settings:

Image for post
Image for post

Save this mapper and then click the “Add Builtin”, adding the existing mappers “username”, “email” and “profile”.

Image for post
Image for post

Finally, add this scope to the client at “Clients” > [your created client] > “Client Scopes”. …


In this post, I'll go thru the process of running Virtual Machines on OpenShift Virtualization in a nested setup inside VMware vSphere. This requires both ESXi hosts and a VCenter, both on 6.7U3 or up.

Image for post
Image for post

Nested virtualization is a configuration where the Virtual Machine running the OpenShift Node on ESXi exposes the bare metal capabilities so new Virtual Machines can be created inside it. This could be used as a showcase for the technology, lab environment or POCs. OpenShift VMs are based on KVM, the virtualization layer from the Linux Kernel and are implemented based on the KubeVirt project.

Image for post
Image for post

Disclaimer: Nested virtualization is not officially supported on any platform. Officially OpenShift Virtualization is meant to run on Bare Metal nodes. Please do not use it in Production. …


I recently received a NVIDIA Jetson Xavier NX board to review and write some posts. The first one is an unofficial guide to upgrade Ubuntu 18.04 to latest Ubuntu Focal (20.04).

Image for post
Image for post

Here I will do some benchmarks and compare the performance between the Jetson NX and other SBCs. A while back, I’ve benchmarked some ARM boards comparing their performance on Java and other workloads. Here I will do a similar approach and add some GPU and power consumption tests and comparisons.

Of course the price range varies a lot, from $79 for the Odroid N2 and the RockPro64 to $399 to the Xavier NX we cannot expect similar performance or features. …


I recently received a NVIDIA Jetson Xavier NX unit to review and write about some use cases like a local development computer and cloud application deployments with containers in a Kubernetes cluster.

In this post I’ll talk about upgrading it to latest Ubuntu version that is nice for a local development and day-to-day desktop use.

Disclaimer: Ubuntu Focal and the upgrade process are not supported by NVIDIA. You should do on your own discretion and try to isolate problems that might occur with this.

Image for post
Image for post

JetPack 4.4 is the NVIDIA stack containing Linux, board drivers and SDKs for GPU, AI and ML processing. NVIDIA calls it’s Linux, L4T (Linux for Tegra) and it’s currently at version 32.4.2 …


In this article, I will walk you thru the deployment of Keycloak, a user authentication and authorization tool and how to integrate this to any Kubernetes Web application without touching a single line of code from your app.

Image for post
Image for post

First, we will run Keycloak and configure it to have some users and groups then deploy a simple web application to your Kubernetes cluster (we will deploy a small Kubernetes cluster too). Finally we will add the authentication layer to the app looking at the differences between both authenticated and unauthenticated resources.

This way, you will have an infrastructure provided tool to control user access with near infinite configuration options. …


Recently I've been reading about application observation and got fascinated with Jaeger Tracing and the benefits tracing brings to visualize your data flow.

Image for post
Image for post

For deeper understanding, I recommend the book Mastering Distributed Tracing by Yuri Shkuro, an engineer at Uber, creator of Jaeger. He wrote a great tutorial on tracing and optimizing an application so here I’ll mostly focus how to basically instrument your Go application for tracing.

Since I was already playing with Echo, a nice and minimalist web framework for Go I decided to use it together with other tools to create some sample applications. …


Containers are part of the vast majority of daily interactions with software and the cloud these days. From building applications in a reproducible way to defining standards in deployment, containers brought ease and agility to IT.

RISC-V is a free and open-source instruction set enabling a new era of processor innovation through open standard collaboration. Born at the University of Berkeley, RISC-V ISA delivers a new level of free, extensible software and hardware freedom on architecture, paving the way for the next 50 years of computing design and innovation.

Image for post
Image for post

Together they bring real openness to the future of cloud ecosystem by having a top-to-bottom open solution ranging from the hardware to the end-user software. …


I recently received from Hardkernel an Odroid N2 SBC. A new board replacing the previous N1 that got cancelled. I got the Odroid N2 board, power supply, the clear case, WiFi USB adapter and a 32GB eMMC card (eMMC is way faster than SD cards).

Image for post
Image for post


Image for post
Image for post

Just recently on Dockercon 2019, Docker announced a great feature from their ARM partnership. Now it's possible to cross-build Docker images for multiple architectures using Docker Desktop.

Docker desktop is currently the best option for developers to build, test and run their applications with portability. This new feature brings the possibility of building container images for ARM and ARM64 architectures in a transparent way with lots of possibilities like running on Amazon A1 instances that can be up to 45% cheaper than Intel, running on Raspberry Pi's or even more powerful ARM SBCs like I used before.

In this article, I will demonstrate using a simple Go application, a Hello World web server, how to leverage Docker desktop with multi-stage Dockerfiles to build your application dynamically inside a container and then generating the multi-arch images for it. …

About

Carlos Eduardo

Writing everything cloud and all the tech behind it. If you like my projects and would like to support me, check my Patreon on https://www.patreon.com/carlosedp

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store