Much is being talked about the latest vulnerability mitigations on L1 cache for IBM POWER processors addressed in CVE-2020–4788.
Update on 23/11: This post has been updated to address Pgbench tests that provides more realistic numbers related to the CVE and mitigations. Check the PGbench section below.
The intent of this post is to run some preliminary benchmarks with and without such mitigations. There is no scientific method for the tests other than full reboots and replication of the scenarios between versions. For complete tests, check out in the future for Phoronix benchmarks.
As a follow-up post to my previous post about adding authentication transparently to an application
Go to the left-side menu item “Client Scopes” and click “Create”:
Create a new client scope called “api” with default settings, then click the “Mappers” tab to add the field mappings to this scope.
In this tab, create a new mapper called “groups” with the following settings:
Save this mapper and then click the “Add Builtin”, adding the existing mappers “username”, “email” and “profile”.
Finally, add this scope to the client at “Clients” > [your created client] > “Client Scopes”. …
In this post, I'll go thru the process of running Virtual Machines on OpenShift Virtualization in a nested setup inside VMware vSphere. This requires both ESXi hosts and a VCenter, both on 6.7U3 or up.
Nested virtualization is a configuration where the Virtual Machine running the OpenShift Node on ESXi exposes the bare metal capabilities so new Virtual Machines can be created inside it. This could be used as a showcase for the technology, lab environment or POCs. OpenShift VMs are based on KVM, the virtualization layer from the Linux Kernel and are implemented based on the KubeVirt project.
Disclaimer: Nested virtualization is not officially supported on any platform. Officially OpenShift Virtualization is meant to run on Bare Metal nodes. Please do not use it in Production. …
I recently received a NVIDIA Jetson Xavier NX board to review and write some posts. The first one is an unofficial guide to upgrade Ubuntu 18.04 to latest Ubuntu Focal (20.04).
Here I will do some benchmarks and compare the performance between the Jetson NX and other SBCs. A while back, I’ve benchmarked some ARM boards comparing their performance on Java and other workloads. Here I will do a similar approach and add some GPU and power consumption tests and comparisons.
Of course the price range varies a lot, from $79 for the Odroid N2 and the RockPro64 to $399 to the Xavier NX we cannot expect similar performance or features. …
I recently received a NVIDIA Jetson Xavier NX unit to review and write about some use cases like a local development computer and cloud application deployments with containers in a Kubernetes cluster.
In this post I’ll talk about upgrading it to latest Ubuntu version that is nice for a local development and day-to-day desktop use.
Disclaimer: Ubuntu Focal and the upgrade process are not supported by NVIDIA. You should do on your own discretion and try to isolate problems that might occur with this.
JetPack 4.4 is the NVIDIA stack containing Linux, board drivers and SDKs for GPU, AI and ML processing. NVIDIA calls it’s Linux, L4T (Linux for Tegra) and it’s currently at version 32.4.2 …
In this article, I will walk you thru the deployment of Keycloak, a user authentication and authorization tool and how to integrate this to any Kubernetes Web application without touching a single line of code from your app.
First, we will run Keycloak and configure it to have some users and groups then deploy a simple web application to your Kubernetes cluster (we will deploy a small Kubernetes cluster too). Finally we will add the authentication layer to the app looking at the differences between both authenticated and unauthenticated resources.
This way, you will have an infrastructure provided tool to control user access with near infinite configuration options. …
Recently I've been reading about application observation and got fascinated with Jaeger Tracing and the benefits tracing brings to visualize your data flow.
For deeper understanding, I recommend the book Mastering Distributed Tracing by Yuri Shkuro, an engineer at Uber, creator of Jaeger. He wrote a great tutorial on tracing and optimizing an application so here I’ll mostly focus how to basically instrument your Go application for tracing.
Since I was already playing with Echo, a nice and minimalist web framework for Go I decided to use it together with other tools to create some sample applications. …
Containers are part of the vast majority of daily interactions with software and the cloud these days. From building applications in a reproducible way to defining standards in deployment, containers brought ease and agility to IT.
RISC-V is a free and open-source instruction set enabling a new era of processor innovation through open standard collaboration. Born at the University of Berkeley, RISC-V ISA delivers a new level of free, extensible software and hardware freedom on architecture, paving the way for the next 50 years of computing design and innovation.
Together they bring real openness to the future of cloud ecosystem by having a top-to-bottom open solution ranging from the hardware to the end-user software. …
Docker desktop is currently the best option for developers to build, test and run their applications with portability. This new feature brings the possibility of building container images for ARM and ARM64 architectures in a transparent way with lots of possibilities like running on Amazon A1 instances that can be up to 45% cheaper than Intel, running on Raspberry Pi's or even more powerful ARM SBCs like I used before.
In this article, I will demonstrate using a simple Go application, a Hello World web server, how to leverage Docker desktop with multi-stage Dockerfiles to build your application dynamically inside a container and then generating the multi-arch images for it. …