Linux network packet receiving and sending process

Packet reception process For the sake of simplicity, we will describe the process of receiving and sending Linux network packets with a UDP packet processing process on a physical NIC, and I will try to ignore some irrelevant details. From NIC to memory As we know, each network device (NIC) has a driver to work, and the driver needs to be loaded into the kernel at kernel boot time. In fact, logically, the driver is the intermediate module responsible for bridging the network device and the kernel network stack.

Allocate GPU resources to containers using the Docker Client and Docker Go SDK

Background Deep learning environment configuration is often a cumbersome task, especially on servers shared by multiple users. Although conda integrates tools like virtualenv to isolate different dependent environments, this solution still has no way to uniformly allocate compute resources. Now, we can use container technology to create a container for each user and allocate compute resources to the container accordingly. There are many container-based deep learning platform products on the market, such as AiMax, which has a lot of integrated features, but if you just need to call the GPU inside the container, you can refer to the following steps.

After more than a decade, Go intends to redefine the semantics of for loop variables

What is the most common syntax error you make in Go? Many people may have different answers, but one of the most common answers is the use of variables in for loops. Even Go team developers, I have seen their commits make this mistake, not to mention other Go developers, like this problem at Let’s Encrypt, almost every Go developer has made this mistake, and this type of error has left a shadow on my heart, every time I write a for loop, I often use local variables to shade the loop variable, even if there is no problem.

HTTPS handshake process

TLS and SSL What is SSL SSL stands for Secure Socket Layer, in short, it is the standard technology for keeping Internet connections secure, protecting any sensitive data sent between two systems and preventing criminals from reading and modifying any transmitted information, including potentially personal details. The two systems can be a server and a client (for example, a shopping site and browser) or server to server (for example, an application with personally identifiable information or payroll information).

Go Modular Programming

The Go language added support for modular programming and a built-in module-based dependency management tool in version 1.11, released in August 2018. modules in the Go language are collections of packages in a file tree, where the go.mod file contained in the module root directory defines the module’s import path, the Go language version, and other dependency requirements for the module. Each module’s dependency requirements are listed as a separate module path and the corresponding module version is specified, and only modules that meet all dependency requirements can be successfully built.

Exceptions & Interrupts in Computer Systems

Interrupts and exceptions can be summarized as an event handling mechanism. A signal is issued by an interrupt or exception, and then the operating system interrupts the current operation and finds the corresponding handler to handle the interrupt or exception according to the signal, and then returns to the original program for further execution according to the result. For exceptions and interrupts different books seem to have different definitions, but in fact speak of the same thing, I use here “intel architectures software developer’s manual” the book inside the definition.

Manually configure IPsec VPN using ip xfrm

WireGuard is a VPN module implemented in the Linux kernel. Thanks to the kernel implementation, it eliminates the need to copy data between the kernel and user states compared to OpenVPN, which is based on tun devices, so performance is naturally much better. However, I know from the WireGuard technical white paper that WireGuard’s performance is only slightly better than IPsec. This made me wonder if the core functionality of IPsec is also implemented in the kernel state.

Git 2.38 was released, introducing a "Scalar" tool for managing giant repositories

Git 2.38 has been officially released. The most notable change in this release is the introduction of Scalar, a repository management tool created by Microsoft to handle giant Git repositories. Introducing Scalar, the giant Git repository management tool NET Core application written in C# (later rewritten in C) and supported on Windows and macOS platforms only . Scalar maximizes the performance of Git commands by setting recommended configuration values and running background maintenance.

Linux 6.0 is officially released!

Linus Torvalds has released a stable version of Linux 6.0, and with 6.0 stable, the Linux 6.1 merge window has opened. According to Linus’ release email, version 6.0 has a total of 15k non-merge commits, one of the larger commit counts. diffstat is dominated by drm (mainly supported by the new AMD chips) and network drivers. Linux 6.0 has many new features, from new hardware support to software innovations. Linus also teased in the 6.

Survey Report Suggests WebAssembly May Be Overhyped

The HTTP Archive has released a 2022 annual State of the Web report, Web Almanac, which combines raw statistics and trends from the HTTP Archive with the expertise of the Web community; it contains 22 chapters covering all aspects of page content, user experience, publishing and distribution. HTTP Archive is a community-run project that has been studying how the Web is built since 2010; using WebPageTest and Lighthouse, metadata from approximately 8.

Create a minimal Docker image

If you’re familiar with docker, you probably know that docker image storage uses Union FS’s tiered storage technology. When you build a docker image, it is built one layer at a time, with the previous layer serving as the foundation for the next layer, and each layer is not changed after it is built. Because of this, when building a docker image, we have to be especially careful to include only what is needed in each layer, and to remove as much extra stuff as possible at the end of the build.

Configuring IPsec IKEv2 VPN based on strongSwan

IPsec is a standard VPN technology that is supported by all major systems and does not require a separate client installation. However, IPsec has a lot of concepts and is very complicated to configure. After a lot of tossing and turning, I finally figured out an easy configuration method based on strongSwan, which supports iOS and macOS dial-in. The server is ubuntu 22.04, first install strongSwan related components. 1 sudo aptitude install strongswan strongswan-swanctl The command to start the strongSwan service is as follows.

Docker Basics

Docker is a groundbreaking product that has unleashed the power of computer virtualization and greatly improved the efficiency of application deployment, testing, and distribution. Although we use docker almost every day, there are still some easy to ignore docker knowledge points, today, we will focus on it. Containers vs. traditional virtual machines It is often said that “docker is a very good performance virtual machine”, this statement is wrong. docker is lighter than the traditional virtual machine technology, in that docker does not virtualize a set of hardware on the host and run a complete operating system, and then run the required application processes on it.

Go Reflection

Many languages support reflection, and the Go language is no exception. So what is reflection? In a nutshell, reflection is the ability of a computer programming language to dynamically access, inspect, and modify the state and behavior of any object itself at runtime. Reflection features work differently in different languages, and some languages do not support reflection features. Today we’ll focus on how reflection works in Go. We recommend you read the official Go blog on Reflection: The Laws of Reflection

Go Template Rendering

With the prevalence of Restful architecture in recent years, front-end and back-end separation has become popular, and template rendering has been shifted from the back-end to the front-end, where the back-end only needs to provide resource data, resulting in traditional server-side template scripting languages like JSP and PHP being almost unused. However, in Go, template rendering is not limited to server-side markup languages (e.g. HTML), but GO often uses templating languages to handle, for example, text transformations that insert specific data.

The official Golang dependency injection tool Wire Usage Guidelines

1. Preface I’ve been working with Golang for a while and found that Golang also needs a dependency injection framework similar to Spring in Java. If the project is small, having a dependency injection framework or not is not a big deal. But when the project gets bigger, it is necessary to have a proper dependency injection framework. Through research, we learned that the main dependency injection tools used in

EU Launches Open Web Search Project, Hopes to Replace Google

Fourteen research and computing centers in seven EU countries have collaborated to launch the OpenWebSearch project to build an open infrastructure for Web search in the EU. The European Commission has now approved €8.5 million in funding for the project. The project will promote the development of digital sovereignty in Europe and foster the creation of a people-centric and open search engine marketplace. openWebSearch’s homepage states that although Web search is the backbone of the EU’s digital economy, it is currently dominated by large technology companies.

A new generation of JavaScript sandboxes that are more powerful than eval and iframe!

Today we look at a new JavaScript proposal into statge3: the ShadowRealm API. JavaScript runtime environment realm, a rather abstract word, actually represents a JavaScript independent runtime environment with independent variable scopes. For example, the following code. 1 2 3 4 5 6 7 8 9 10 <body> <iframe> </iframe> <script> const win = frames[0].window; console.assert(win.globalThis !== globalThis); // true console.assert(win.Array !== Array); // true </script> </body> Each iframe has a separate runtime environment, the global object of document is different from the global object of iframe, and similarly, the Array on the global object must be different as well.

Java19 Official GA! See how virtual threads can dramatically increase system throughput

Java19 was released yesterday, bringing a new feature that Java developers have been waiting for - virtual threads. Before Java had this new feature, Golang’s Goroutine had been popular for a long time, and it was a big hit in the field of concurrent programming. With the rapid development and promotion of Golang, it seems that coroutine has become one of the necessary features of the best languages in the world.

Using viper to merge yaml configuration files

As a small company, our infrastructure is not complete enough, the project manager informed us in the mid-autumn festival that our system will be on the second-to-last stage environment and production environment in the near future, so from the consideration of the deployment efficiency of the operation and maintenance staff, we urgently developed a one-click installation script generation tool, so that the operation and maintenance staff can use the tool combined with the actual target environment to generate a one-click installation script, the principle of this tool is very simple, as shown in the following diagram.