Better IPSec Security Association Resolution - Netconf 2006 Tokyo

•

1 like•378 views

J

Better IPSec Security Association Resolution - Netconf 2006 Tokyo Presentation slides.

Better IPSec
Security Association Resolution

Netconf 2006
Tokyo

James Morris
jmorris@namei.org

Problem
a) Outbound packet
b) Security policy db entry match
c) No security association in kernel

●
Most of the time, we return EAGAIN to app or
drop packet if forwarding.
●
We kick the key manager, and usually have an
SA available for next packet.

Problem...
●
It actually kind of works for one case: blocking
sendmsg() of datagrams.
●
Process is scheduled in a loop until SA
resolved. See xfrm_lookup().
●
Does not work for connect(2), so ping and
many UDP apps just get EAGAIN.

Solution
●
General solution for all protocols and contexts:
– connect(2)
– sendmsg(2)
– forwarding path (tunnel endpoint)
– various kernel-generated packets
– blocking and non-blocking modes

Solution...
●
Ideally, we'd like connect(2) to follow Posix
semantics, for non-blocking this is:
– Return EINPROGESS first
– Return EALREADY until SA resolved
●
For non-blocking sockets in general, it'd be nice
to make sure poll(2) works as expected.
– even for datagram protocols, as IPSec adds a kind
of session underneath.

Solution...
●
sendmsg(2) should return EAGAIN for non-
blocking case
●
For tunnel end point, we probably need to
queue packets in a resolution queue.
●
This may also be useful for non-blocking socket
case.
●
Herbert has suggested larval dst to go with
larval SA.

Status
●
Current patch contains a lot of instrumentation
and some initial changes:
– Make connect(2) work for the blocking case,
hooking into ip_route_connect()
– Propagate new flags down to xfrm_lookup() to
control behavior:
●
Kick the key manager?
●
Sleep until resolved?

Ongoing work
●
Continue to develop code to handle all cases
and protocols
●
Probably involve some code consolidation
●
Determine how much of the problem to solve

Issues
●
Not clear on all of the use-cases for this:
– Opportunistic encryption
– Complex/large scale policy where pro-active SA
negotiation overhead would be too high
– Others?

More Related Content

Viewers also liked

Directions in SELinux Networking

Directions in SELinux Networking

Directions in SELinux Networking

VTI の中身

SmartCloud Enterprise: Using a SOCKS Proxy with VLANs

SmartCloud Enterprise: Using a SOCKS Proxy with VLANs

SmartCloud Enterprise: Using a SOCKS Proxy with VLANs

Mandatory Access Control Networking Update - Netonf 2006 Tokyo

Mandatory Access Control Networking Update - Netonf 2006 Tokyo

Mandatory Access Control Networking Update - Netonf 2006 Tokyo

Secure and Simple Sandboxing in SELinux

Secure and Simple Sandboxing in SELinux

Secure and Simple Sandboxing in SELinux

The networking industry has made good progress in the last few years on developing programmable interfaces and protocols for the control plane to enable a more dynamic and efficient infrastructure. Despite this progress, some parts of networking risk being left behind, most notably network management and configuration. The state-of-the-art in network management remains relegated to proprietary device interfaces (e.g., CLIs), imperative, incremental configuration, and lack of meaningful abstractions. We propose a framework for network configuration guided by software-defined networking principles, with a focus on developing common models of network devices, and common languages to describe network structure and policies. We also propose a publish/subscribe framework for next generation network telemetry, focused on streaming structured data from network elements themselves.

SDN in the Management Plane: OpenConfig and Streaming Telemetry

SDN in the Management Plane: OpenConfig and Streaming Telemetry

SDN in the Management Plane: OpenConfig and Streaming Telemetry

In his previous talk, Paul talked about getting your system to work with SELinux. This involved setting the security on your files and directories so that they worked with SELinux. However, many people have customised their Linux installs and want SELinux to do what they say, not the other way around. Sysadmins in particular are not 'run of the mill' users, and they have different requirements to what typically comes out of the box. Situations such as serving web pages from NFS shares or non-standard directories, or installing applications in custom locations, need specialised configuration of SELinux in order to make it work with your needs. This talk will deal with those situations. Fortunately for Sysadmins, much of the work in developing SELinux policies for Linux has focussed on their requirements. Paul will show you a few of the things behind the scenes that make your job as a Sysadmin much easier and safer with SELinux.

Slug 2009 06 SELinux For Sysadmins

Slug 2009 06 SELinux For Sysadmins

Slug 2009 06 SELinux For Sysadmins

Much has been written on SELinux, and a lot of it seems confusing. It's buzzword heavy, involves locking your computer up, has a strange new set of permissions that are obscure in architecture and silently fails where things used to just work. Why use it? Well, for most people, it's not actually that hard to understand. In this talk, Paul Wayper talks about how to make sense of what SELinux does, and how to keep it out of the way and get on with using your computer. In the process Paul will deal with the background to SELinux, what it's main aims are, and why you really do want it turned on.

SELinux for Everyday Users

SELinux for Everyday Users

SELinux for Everyday Users

Viewers also liked (8)

Directions in SELinux Networking

Directions in SELinux Networking

Directions in SELinux Networking

VTI の中身

SmartCloud Enterprise: Using a SOCKS Proxy with VLANs

SmartCloud Enterprise: Using a SOCKS Proxy with VLANs

SmartCloud Enterprise: Using a SOCKS Proxy with VLANs

Mandatory Access Control Networking Update - Netonf 2006 Tokyo

Mandatory Access Control Networking Update - Netonf 2006 Tokyo

Mandatory Access Control Networking Update - Netonf 2006 Tokyo

Secure and Simple Sandboxing in SELinux

Secure and Simple Sandboxing in SELinux

Secure and Simple Sandboxing in SELinux

SDN in the Management Plane: OpenConfig and Streaming Telemetry

SDN in the Management Plane: OpenConfig and Streaming Telemetry

SDN in the Management Plane: OpenConfig and Streaming Telemetry

Slug 2009 06 SELinux For Sysadmins

Slug 2009 06 SELinux For Sysadmins

Slug 2009 06 SELinux For Sysadmins

SELinux for Everyday Users

SELinux for Everyday Users

SELinux for Everyday Users

Similar to Better IPSec Security Association Resolution - Netconf 2006 Tokyo

One Year of Porting - Post-mortem of two Linux/SteamOS launches

One Year of Porting - Post-mortem of two Linux/SteamOS launches

One Year of Porting - Post-mortem of two Linux/SteamOS launches

Leszek Godlewski

Anatomy of neutron from the eagle eyes of troubelshoorters

Anatomy of neutron from the eagle eyes of troubelshoorters

Anatomy of neutron from the eagle eyes of troubelshoorters

Single Packet Authorization - Slides English

Single Packet Authorization - Slides English

Single Packet Authorization - Slides English

Leandro Almeida

Webinar topic: Layer 7 Firewall on Mikrotik Presenter: Achmad Mardiansyah In this webinar series, We are discussing Network Security with Mikrotik Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback Check our schedule for future events: https://www.glcnetworks.com/en/schedule/ Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram Recording is available on Youtube https://youtu.be/Z0Akaksp0DA

Layer 7 Firewall on Mikrotik

Layer 7 Firewall on Mikrotik

Layer 7 Firewall on Mikrotik

Linux Network Stack

Linux Network Stack

Linux Network Stack

Fast dynamic analysis, Kostya Serebryany

Fast dynamic analysis, Kostya Serebryany

Fast dynamic analysis, Kostya Serebryany

20 мая 2011, научный семинар Константин Серебряный "Быстрый динамичекский анализ программ на примере поиска гонок (data races)" Доклад посвящен динамическому анализу программ и, в частности, поиску гонок (data races). В рамках семинара будут рассмотрены следующие темы: • Динамический анализ программ. Введение в теорию поиска гонок. Анализ потока событий программы. Требования по производительности. • Базовый алгоритм инструмента ThreadSanitizer. Анализ производительности или почему алгоритм медленный? • Ускорение и параллелизация базового алгоритма ThreadSanitizer. • War stories: опыт внедрения регулярного тестирования для поиска гонок в Google Russia.

Константин Серебряный "Быстрый динамичекский анализ программ на примере поиск...

Константин Серебряный "Быстрый динамичекский анализ программ на примере поиск...

Константин Серебряный "Быстрый динамичекский анализ программ на примере поиск...

cachegrand is what happens when you throw in a mix a SIMD-accelerated hashtable — capable of performing parallel GET operations without locks or busy-wait loops (e.g. atomic operations) — with fibers, io_uring, your own I/O library, your own memory allocator, and an in-memory & on-disk time series database! Written in C, built from scratch, natively modular - currently working on Redis compatibility — it's a platform that can deliver very high QPS with low latencies for caching and data streaming with the door open to supporting business logic in Rust & WebAssembly down the line. This session will focus on developing techniques and OS components used highlighting how they can provide an extra boost to your platforms, no matter the programming language.

cachegrand: A Take on High Performance Caching

cachegrand: A Take on High Performance Caching

cachegrand: A Take on High Performance Caching

UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheap

UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheap

UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheap

延伸Linux关键业务到双活高速NVMe-oF存储-OpenInfraDays-China2018

延伸Linux关键业务到双活高速NVMe-oF存储-OpenInfraDays-China2018

延伸Linux关键业务到双活高速NVMe-oF存储-OpenInfraDays-China2018

Roger Zhou 周志强

SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite

SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite

SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite

Implementing efficient spinlocks in userspace is not possible yet in Linux, even after years of different approaches and proposed solutions.The main gap to achieve it is the lack of ABI providing an easy and low-overhead way to check if the current lock holder is running or not. In this session, we are going to present the problem, and to propose a solution for it using the restartable sequences infrastructure as means to expose the thread state to userspace in a cheap way, without requiring system calls. RFC: https://lore.kernel.org/lkml/20230529191416.53955-1-mathieu.desnoyers@efficios.com/ (c) Linux Plumbers Conference 2023 15-15 Nov Omni Richmond Hotel, Richmond, VA (US) https://lpc.events/event/17/page/198-lpc-2023-overview

Userspace adaptive spinlocks with rseq

Userspace adaptive spinlocks with rseq

Userspace adaptive spinlocks with rseq

Memory model

This presentation shows that code coverage guided fuzzing is possible in the context of network daemon fuzzing. Some fuzzers are blackbox while others are protocol aware. Even ones which are made protocol aware, fuzzer writers typically model the protocol specification and implement packet awareness logic in the fuzzer. Unfortunately, just because the fuzzer is protocol aware, it does not guarantee that sufficient code paths have been reached. The presentation deals with specific scenarios where the target protocol is completely unknown (proprietary) and no source code or protocol specs are accessible. The tool developed builds a feedback loop between the client and the server components using the concept of "gate functions". A gate function triggers monitoring. The pintool component tracks the binary code coverage for all the functions untill it reaches an exit gate. By instrumenting such gated functions, the tool is able to measure code coverage during packet processing.

BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...

BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...

BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...

Alexandre Moneger

Performance optimization techniques for Java code

Performance optimization techniques for Java code

Performance optimization techniques for Java code

pfSense 2.2 Preview - pfSense Hangout November 2014

pfSense 2.2 Preview - pfSense Hangout November 2014

pfSense 2.2 Preview - pfSense Hangout November 2014

Snap - the universal packaging format for linux distros

Snap - the universal packaging format for linux distros

Snap - the universal packaging format for linux distros

Ceph Day Melbourne - Troubleshooting Ceph

Ceph Day Melbourne - Troubleshooting Ceph

Ceph Day Melbourne - Troubleshooting Ceph

BlackHat 2009 - Hacking Zigbee Chips (slides)

BlackHat 2009 - Hacking Zigbee Chips (slides)

BlackHat 2009 - Hacking Zigbee Chips (slides)

Streaming huge databases using logical decoding

Streaming huge databases using logical decoding

Streaming huge databases using logical decoding

Alexander Shulgin

Similar to Better IPSec Security Association Resolution - Netconf 2006 Tokyo (20)

One Year of Porting - Post-mortem of two Linux/SteamOS launches

One Year of Porting - Post-mortem of two Linux/SteamOS launches

One Year of Porting - Post-mortem of two Linux/SteamOS launches

Anatomy of neutron from the eagle eyes of troubelshoorters

Anatomy of neutron from the eagle eyes of troubelshoorters

Anatomy of neutron from the eagle eyes of troubelshoorters

Single Packet Authorization - Slides English

Single Packet Authorization - Slides English

Single Packet Authorization - Slides English

Layer 7 Firewall on Mikrotik

Layer 7 Firewall on Mikrotik

Layer 7 Firewall on Mikrotik

Linux Network Stack

Linux Network Stack

Linux Network Stack

Fast dynamic analysis, Kostya Serebryany

Fast dynamic analysis, Kostya Serebryany

Fast dynamic analysis, Kostya Serebryany

Константин Серебряный "Быстрый динамичекский анализ программ на примере поиск...

Константин Серебряный "Быстрый динамичекский анализ программ на примере поиск...

Константин Серебряный "Быстрый динамичекский анализ программ на примере поиск...

cachegrand: A Take on High Performance Caching

cachegrand: A Take on High Performance Caching

cachegrand: A Take on High Performance Caching

UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheap

UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheap

UWE Linux Boot Camp 2007: Hacking embedded Linux on the cheap

延伸Linux关键业务到双活高速NVMe-oF存储-OpenInfraDays-China2018

延伸Linux关键业务到双活高速NVMe-oF存储-OpenInfraDays-China2018

延伸Linux关键业务到双活高速NVMe-oF存储-OpenInfraDays-China2018

SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite

SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite

SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite

Userspace adaptive spinlocks with rseq

Userspace adaptive spinlocks with rseq

Userspace adaptive spinlocks with rseq

Memory model

BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...

BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...

BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...

Performance optimization techniques for Java code

Performance optimization techniques for Java code

Performance optimization techniques for Java code

pfSense 2.2 Preview - pfSense Hangout November 2014

pfSense 2.2 Preview - pfSense Hangout November 2014

pfSense 2.2 Preview - pfSense Hangout November 2014

Snap - the universal packaging format for linux distros

Snap - the universal packaging format for linux distros

Snap - the universal packaging format for linux distros

Ceph Day Melbourne - Troubleshooting Ceph

Ceph Day Melbourne - Troubleshooting Ceph

Ceph Day Melbourne - Troubleshooting Ceph

BlackHat 2009 - Hacking Zigbee Chips (slides)

BlackHat 2009 - Hacking Zigbee Chips (slides)

BlackHat 2009 - Hacking Zigbee Chips (slides)

Streaming huge databases using logical decoding

Streaming huge databases using logical decoding

Streaming huge databases using logical decoding

More from James Morris

Unix was not designed with security primarily in mind. It was initially developed in the late 1960s -- before the Internet was invented. While relatively simple, the Unix security model is inadequate for protecting against common security threats. Its designers identified fundamental design flaws over thirty years ago. As Linux is modeled on Unix, it inherits this traditional Unix security model. Meeting modern security requirements has required significant enhancements to Linux, which are ongoing, but well-advanced. While many new security ideas have emerged, Linux developers have necessarily been constrained by decades of operating system standards and conventions. Aimed at admins, developers and technical managers, the talk will cover: * The historical context of Linux security * Modern security OS requirements * How these requirements are being addressed (or not) by various enhancements made to Linux security * Areas of ongoing and future work. We'll also consider how FOSS culture contributes to security.

Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats

Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats

Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats

Adding Extended Attribute Support to NFS

Adding Extended Attribute Support to NFS

Adding Extended Attribute Support to NFS

Linux Kernel Security Overview - KCA 2009

Linux Kernel Security Overview - KCA 2009

Linux Kernel Security Overview - KCA 2009

sVirt: Hardening Linux Virtualization with Mandatory Access Control

sVirt: Hardening Linux Virtualization with Mandatory Access Control

sVirt: Hardening Linux Virtualization with Mandatory Access Control

Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...

Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...

Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...

OLPC Networking Overview

OLPC Networking Overview

OLPC Networking Overview

Cryptographic Hardware Support for the Linux Kernel - Netconf 2004

Cryptographic Hardware Support for the Linux Kernel - Netconf 2004

Cryptographic Hardware Support for the Linux Kernel - Netconf 2004

Kernel Security for 2.8 - Kernel Summit 2004

Kernel Security for 2.8 - Kernel Summit 2004

Kernel Security for 2.8 - Kernel Summit 2004

How and Why You Should Become a Kernel Hacker - FOSS.IN/2007

How and Why You Should Become a Kernel Hacker - FOSS.IN/2007

How and Why You Should Become a Kernel Hacker - FOSS.IN/2007

Overview of NSA Security Enhanced Linux - FOSS.IN/2005

Overview of NSA Security Enhanced Linux - FOSS.IN/2005

Overview of NSA Security Enhanced Linux - FOSS.IN/2005

SELinux Kernel Internals and Architecture - FOSS.IN/2005

SELinux Kernel Internals and Architecture - FOSS.IN/2005

SELinux Kernel Internals and Architecture - FOSS.IN/2005

Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)

Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)

Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)

More from James Morris (12)

Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats

Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats

Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats

Adding Extended Attribute Support to NFS

Adding Extended Attribute Support to NFS

Adding Extended Attribute Support to NFS

Linux Kernel Security Overview - KCA 2009

Linux Kernel Security Overview - KCA 2009

Linux Kernel Security Overview - KCA 2009

sVirt: Hardening Linux Virtualization with Mandatory Access Control

sVirt: Hardening Linux Virtualization with Mandatory Access Control

sVirt: Hardening Linux Virtualization with Mandatory Access Control

Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...

Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...

Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...

OLPC Networking Overview

OLPC Networking Overview

OLPC Networking Overview

Cryptographic Hardware Support for the Linux Kernel - Netconf 2004

Cryptographic Hardware Support for the Linux Kernel - Netconf 2004

Cryptographic Hardware Support for the Linux Kernel - Netconf 2004

Kernel Security for 2.8 - Kernel Summit 2004

Kernel Security for 2.8 - Kernel Summit 2004

Kernel Security for 2.8 - Kernel Summit 2004

How and Why You Should Become a Kernel Hacker - FOSS.IN/2007

How and Why You Should Become a Kernel Hacker - FOSS.IN/2007

How and Why You Should Become a Kernel Hacker - FOSS.IN/2007

Overview of NSA Security Enhanced Linux - FOSS.IN/2005

Overview of NSA Security Enhanced Linux - FOSS.IN/2005

Overview of NSA Security Enhanced Linux - FOSS.IN/2005

SELinux Kernel Internals and Architecture - FOSS.IN/2005

SELinux Kernel Internals and Architecture - FOSS.IN/2005

SELinux Kernel Internals and Architecture - FOSS.IN/2005

Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)

Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)

Anatomy of Fedora Kiosk Mode (FOSS.MY/2008)

Recently uploaded

As an SEO expert specializing in the IPTV and VPN niches with over five years of experience, I navigate the unique challenges of these industries adeptly. My strategic approach encompasses competitive analysis, targeted keyword research, content optimization, and high-quality backlink creation. My goal is to optimize my clients' online visibility, generating targeted organic traffic and maximizing their return on investment. With a results-driven approach and a passion for innovation, I'm poised to assist my clients in thriving in an ever-evolving digital landscape. <a href="https://iptvreel.com">

THE BEST IPTV in GERMANY for 2024: IPTVreel

THE BEST IPTV in GERMANY for 2024: IPTVreel

THE BEST IPTV in GERMANY for 2024: IPTVreel

Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf

Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf

Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf

ScyllaDB has the potential to deliver impressive performance and scalability. The better you understand how it works, the more you can squeeze out of it. But before you squeeze, make sure you know what to monitor! Watch our experienced Postgres developer work through monitoring and performance strategies that help him understand what mistakes he’s made moving to NoSQL. And learn with him as our database performance expert offers friendly guidance on how to use monitoring and performance tuning to get his sample Rust application on the right track. This webinar focuses on using monitoring and performance tuning to discover and correct mistakes that commonly occur when developers move from SQL to NoSQL. For example: - Common issues getting up and running with the monitoring stack - Using the CQL optimizations dashboard - Common issues causing high latency in a node - Common issues causing replica imbalance - What a healthy system looks like in terms of memory - Key metrics to keep an eye on This isn’t “Death-by-Powerpoint.” We’ll walk through problems encountered while migrating a real application from Postgres to ScyllaDB – and try to fix them live as well.

Optimizing NoSQL Performance Through Observability

Optimizing NoSQL Performance Through Observability

Optimizing NoSQL Performance Through Observability

Designing inclusive products is not only a social responsibility but also a business imperative. This talk delves into the journey of creating accessible hardware products that cater to diverse user needs. Key Topics Covered: 1. Introduction to Inclusive Design - Importance of accessibility in product design - Overview of Comcast's commitment to making products accessible to a wide audience 2. Case Study: Xfinity Large Button Voice Remote - Initial challenges and the evolution of the product - User research and feedback that shaped the design - Key features of the final product and their benefits 3. Designing for Diverse Needs - Understanding human-centered design and its historical context - The impact of designing for people with disabilities on overall product quality - Examples from other industries, such as architecture and industrial design 4. Integrating Accessibility from the Beginning - The cost and efficiency benefits of designing for accessibility from the start - The process of embedding accessibility as a core trait rather than an optional feature 5. Real-World Impact and Continuous Improvement - Insights from in-home studies with users having assistive needs - How continuous feedback and iterative design lead to better products - The role of inclusive research and development practices

Designing for Hardware Accessibility at Comcast

Designing for Hardware Accessibility at Comcast

Designing for Hardware Accessibility at Comcast

The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf

The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf

The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf

Agentic RAG What it is its types applications and implementation.pdf

Agentic RAG What it is its types applications and implementation.pdf

Agentic RAG What it is its types applications and implementation.pdf

ChristopherTHyatt

The Metaverse: Are We There Yet?

The Metaverse: Are We There Yet?

The Metaverse: Are We There Yet?

Mark Billinghurst

AI presentation and introduction - Retrieval Augmented Generation RAG 101

AI presentation and introduction - Retrieval Augmented Generation RAG 101

AI presentation and introduction - Retrieval Augmented Generation RAG 101

Ever caught yourself nodding along when someone mentions "delivering value" in Agile, but secretly wondering what the heck they actually mean? You're not alone! Join us for an eye-opening session where we'll strip away the buzzwords and dive into the heart of Agile—value delivery. But what is "value"? Is it a mythical unicorn in the world of software development, or is there more to this overused term? This isn't going to be a sit-and-get lecture. We're talking about a face-to-face, interactive meetup where YOU play a crucial role. Come along to: Define It: What does "value" really mean? We’ll build a definition that’s not just words, but a compass for your Agile journey. Contextualise It: Discover what value means specifically to you, your team, your company, and your industry. Because one size does not fit all. Deliver It: Share strategies and gather new ones for uncovering and delivering true value—no more shooting in the dark!

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx

Speed Wins: From Kafka to APIs in Minutes

Speed Wins: From Kafka to APIs in Minutes

Speed Wins: From Kafka to APIs in Minutes

The Epson EcoTank L3210 is a high-performance and cost-efficient printer designed to meet the printing needs of both home users and small businesses. Equipped with Epson’s revolutionary EcoTank ink tank system, the Epson eliminates the need for traditional ink cartridges, thereby significantly reducing printing costs and plastic waste. With its PrecisionCore technology, this printer delivers sharp, vibrant prints for both documents and photos. Its user-friendly design ensures easy setup and operation, while its compact form factor saves valuable desk space. Whether it’s everyday printing jobs or creative projects, the Epson EcoTank L3210 provides a reliable and eco-friendly printing solution.

Buy Epson EcoTank L3210 Colour Printer Online.pptx

Buy Epson EcoTank L3210 Colour Printer Online.pptx

Buy Epson EcoTank L3210 Colour Printer Online.pptx

EasyPrinterHelp

Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf

Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf

Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf

IESVE for Early Stage Design and Planning

IESVE for Early Stage Design and Planning

IESVE for Early Stage Design and Planning

I'm excited to share my latest predictions on how AI, robotics, and other technological advancements will reshape industries in the coming years. The slides explore the exponential growth of computational power, the future of AI and robotics, and their profound impact on various sectors. Why this matters: The success of new products and investments hinges on precise timing and foresight into emerging categories. This deck equips founders, VCs, and industry leaders with insights to align future products with upcoming tech developments. These insights enhance the ability to forecast industry trends, improve market timing, and predict competitor actions. Highlights: ▪ Exponential Growth in Compute: How $1000 will soon buy the computational power of a human brain ▪ Scaling of AI Models: The journey towards beyond human-scale models and intelligent edge computing ▪ Transformative Technologies: From advanced robotics and brain interfaces to automated healthcare and beyond ▪ Future of Work: How automation will redefine jobs and economic structures by 2040 With so many predictions presented here, some will inevitably be wrong or mistimed, especially with potential external disruptions. For instance, a conflict in Taiwan could severely impact global semiconductor production, affecting compute costs and related advancements. Nonetheless, these slides are intended to guide intuition on future technological trends.

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Peter Udo Diehl

Where to Learn More About FDO _ Richard at FIDO Alliance.pdf

Where to Learn More About FDO _ Richard at FIDO Alliance.pdf

Where to Learn More About FDO _ Richard at FIDO Alliance.pdf

Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...

Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...

Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...

The Epson EcoTank L3210 is a high-performance and cost-efficient printer designed to meet the printing needs of both home users and small businesses. Equipped with Epson’s revolutionary EcoTank ink tank system, the Epson eliminates the need for traditional ink cartridges, thereby significantly reducing printing costs and plastic waste. With its PrecisionCore technology, this printer delivers sharp, vibrant prints for both documents and photos. Its user-friendly design ensures easy setup and operation, while its compact form factor saves valuable desk space. Whether it’s everyday printing jobs or creative projects, the Epson EcoTank L3210 provides a reliable and eco-friendly printing solution.

Buy Epson EcoTank L3210 Colour Printer Online.pdf

Buy Epson EcoTank L3210 Colour Printer Online.pdf

Buy Epson EcoTank L3210 Colour Printer Online.pdf

EasyPrinterHelp

Screen flow is a powerful automation tool that is commonly designed for internal and external users. However, what about the guest users? We will dive into various methods of launching screen flows and understand how to make them publicly accessible, extending their usability to a broader audience. The presentation will also cover the implementation of security layers and highlight best practices for a smooth and protected user experience. Discover the potential of screen flows beyond conventional use and learn how to leverage them effectively.

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)

Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)

Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...

Recently uploaded (20)

THE BEST IPTV in GERMANY for 2024: IPTVreel

THE BEST IPTV in GERMANY for 2024: IPTVreel

THE BEST IPTV in GERMANY for 2024: IPTVreel

Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf

Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf

Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf

Optimizing NoSQL Performance Through Observability

Optimizing NoSQL Performance Through Observability

Optimizing NoSQL Performance Through Observability

Designing for Hardware Accessibility at Comcast

Designing for Hardware Accessibility at Comcast

Designing for Hardware Accessibility at Comcast

The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf

The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf

The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf

Agentic RAG What it is its types applications and implementation.pdf

Agentic RAG What it is its types applications and implementation.pdf

Agentic RAG What it is its types applications and implementation.pdf

The Metaverse: Are We There Yet?

The Metaverse: Are We There Yet?

The Metaverse: Are We There Yet?

AI presentation and introduction - Retrieval Augmented Generation RAG 101

AI presentation and introduction - Retrieval Augmented Generation RAG 101

AI presentation and introduction - Retrieval Augmented Generation RAG 101

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx

Speed Wins: From Kafka to APIs in Minutes

Speed Wins: From Kafka to APIs in Minutes

Speed Wins: From Kafka to APIs in Minutes

Buy Epson EcoTank L3210 Colour Printer Online.pptx

Buy Epson EcoTank L3210 Colour Printer Online.pptx

Buy Epson EcoTank L3210 Colour Printer Online.pptx

Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf

Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf

Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf

IESVE for Early Stage Design and Planning

IESVE for Early Stage Design and Planning

IESVE for Early Stage Design and Planning

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl

Where to Learn More About FDO _ Richard at FIDO Alliance.pdf

Where to Learn More About FDO _ Richard at FIDO Alliance.pdf

Where to Learn More About FDO _ Richard at FIDO Alliance.pdf

Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...

Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...

Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...

Buy Epson EcoTank L3210 Colour Printer Online.pdf

Buy Epson EcoTank L3210 Colour Printer Online.pdf

Buy Epson EcoTank L3210 Colour Printer Online.pdf

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade

Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)

Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)

Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...

Better IPSec Security Association Resolution - Netconf 2006 Tokyo

1. Better IPSec Security Association Resolution Netconf 2006 Tokyo James Morris jmorris@namei.org

2. Problem a) Outbound packet b) Security policy db entry match c) No security association in kernel ● Most of the time, we return EAGAIN to app or drop packet if forwarding. ● We kick the key manager, and usually have an SA available for next packet.

3. Problem... ● It actually kind of works for one case: blocking sendmsg() of datagrams. ● Process is scheduled in a loop until SA resolved. See xfrm_lookup(). ● Does not work for connect(2), so ping and many UDP apps just get EAGAIN.

4. Solution ● General solution for all protocols and contexts: – connect(2) – sendmsg(2) – forwarding path (tunnel endpoint) – various kernel-generated packets – blocking and non-blocking modes

5. Solution... ● Ideally, we'd like connect(2) to follow Posix semantics, for non-blocking this is: – Return EINPROGESS first – Return EALREADY until SA resolved ● For non-blocking sockets in general, it'd be nice to make sure poll(2) works as expected. – even for datagram protocols, as IPSec adds a kind of session underneath.

6. Solution... ● sendmsg(2) should return EAGAIN for non- blocking case ● For tunnel end point, we probably need to queue packets in a resolution queue. ● This may also be useful for non-blocking socket case. ● Herbert has suggested larval dst to go with larval SA.

7. Status ● Current patch contains a lot of instrumentation and some initial changes: – Make connect(2) work for the blocking case, hooking into ip_route_connect() – Propagate new flags down to xfrm_lookup() to control behavior: ● Kick the key manager? ● Sleep until resolved?

8. Ongoing work ● Continue to develop code to handle all cases and protocols ● Probably involve some code consolidation ● Determine how much of the problem to solve

9. Issues ● Not clear on all of the use-cases for this: – Opportunistic encryption – Complex/large scale policy where pro-active SA negotiation overhead would be too high – Others?