Twitter infrastructure may have AWS-like value. Amazon doesn’t have a Twitter. Add storage and you have infrastructure for Internet++.
Original URL: http://scripting.com/2016/04/27/1222.html
Twitter infrastructure may have AWS-like value. Amazon doesn’t have a Twitter. Add storage and you have infrastructure for Internet++.
An anonymous reader writes: Comcast has announced today it will be raising its monthly data cap of 300GB to 1TB beginning June 1st. They will however charge more to customers who want unlimited data. After June 1st, less people will need to buy unlimited data from the company. Previously, users were charged an extra $30 to $35 a month for unlimited data but now they will have to pay an additional $50 for unlimited data. “All of the data plans in our trial markets will move from a 300 gigabyte data plan to a terabyte by June 1st, regardless of the speed,” Comcast’s announcement today said. The reason for the change? Customers are exceeding the 300GB cap. In late 2013, Comcast said only 2 percent of its customers used more than 300GB of data a month. That number was up to 8 percent in late 2015.
Read more of this story at Slashdot.
New in Oodle – Kraken! An amazing new compressor that gets both high compression and
super fast decode speeds!
Oodle is a library of data compression
tools specifically designed for games. Oodle includes several different lossless data compressors,
and a unique network packet compression solution.
Oodle Data Compression
provides the fastest and highest ratio compressors for game data. There’s a perfect Oodle compressor
for every need.
Oodle Network Compression can compress UDP or TCP packets like
nothing else, saving bandwidth for your players and servers.
Kraken is a revolutionary new data compression algorithm that achieves very high compression ratios,
but with unheard-of-fast decodes. It gets compression like the highest compression
LZ compressors – LZMA, BitKnit, Brotli, and more than ZStd or RAR. With other compressors that means
accepting a tradeoff for slower speeds; in the past you had to choose high speed or high compression,
you couldn’t have both. Kraken blows that away, with decode speed 3X faster than Zlib, and 10-20X faster
than LZMA – way faster than anything else at its compression level.
Kraken is designed to run at blazing speeds on modern CPUs. It’s great on the AMD Jaguar chip
in the PS4 and Xbox One, which is a platform most compressors struggle on. Kraken achieves its
amazing performance from new ideas on how to do LZ compression, and carefully optimized low level
On real game data, Kraken gets way more compression than Zlib,
close to the best LZ compressors in the world (like Oodle LZNA).
The only compressors that can decode as fast as Kraken are things like LZ4
that get much less compression.
To minimize load time, a data compressor must make the data small so that the disk IO is
quick, and it must also decompress the data quickly. The total time to load and then
decompress is the “sum” on this chart – only Kraken offers a big time reduction vs. just
loading uncompressed data raw.
Loading Kraken data is faster than loading uncompressed data, so there’s no need for an
installer. You can serve compressed data directly to clients.
And Kraken’s very low CPU use makes it great for in-game paging.
Oodle offers a family of data compressors with different performance tradeoffs, so you can choose the
one that works best for your needs. Oodle runs on every game platform, and the data is the same on
every platform – compress your data once and be done with it. Oodle comes with a simple C API, and helpers
for parallel compression in your tools. Oodle also has a unique network packet technology.
See everything Oodle has to offer
Oodle gives you all the tools to load your game data right, cross-platform and ready to use out of the box. Save yourself the headache and let Oodle deal with it! Email us to get an evaluation SDK!
[[This is Chapter XI(c) from “beta” Volume 2 of the upcoming book “Development&Deployment of Multiplayer Online Games”, which is currently being beta-tested. Beta-testing is intended to improve the quality of the book, and provides free e-copy of the “release” book to those who help with improving; for further details see “Book Beta Testing“. All the content published during Beta Testing, is subject to change before the book is published.
To navigate through the book, you may want to use Development&Deployment of MOG: Table of Contents.]]
“Yes, you DO need to encrypt your UDP traffic. And no, using UDP is NOT a valid excuse to skip encryptionYes, you DO need to encrypt your UDP traffic.1 And no, using UDP is NOT a valid excuse to skip encryption. Reasons for encrypting your traffic are numerous:
In short –
not only encryption protects your players from classical attacks, it also protects your games against cheaters too.
As a side bonus, with proper encryption you can be sure that network errors which corrupt your packets are not going undetected (and with unencrypted UDP those 16-bit UDP checksums can detect only one out of 60’000 in-transit corruptions, which means that with all those millions of packets you’re sending out each second, some corruptions WILL go undetected, causing all kinds of trouble).
“On the other hand, you need to keep in mind that having encryption does NOT eliminate the need to sanitize your data at the very least on the Server SideOn the other hand, you need to keep in mind that having encryption does NOT eliminate the need to sanitize your data at the very least on the Server Side of things (even with encryption in place, Client can be hacked to send your Server all kind of malicious data – from garbage to fakes).
1 to those coming from security side of things: of course, I don’t mean “just encrypt”, but “provide both confidentiality and integrity” (with authenticity on the side)
2 actually, we’re speaking about authentication here, but most of the protocols out there provide both encryption and authentication, so using “encryption” in common-in-game-industry sense as “everything crypto-related” is not as much of misnomer as it may look on the first glance
The next question is the following: well, we DO need to encrypt, but can we afford it? Won’t adding the encryption kill our servers CPU-wise? While we’ll discuss this issue in detail later in Chapter [[TODO]], for now we’ll need just a few very basic observations.
In short, there are two main ways to encrypt things: (a) using symmetric key (a.k.a. “symmetric crypto”, AES-128 and AES-256 being among the most popular ones), (b) using asymmetric keys (a.k.a. “public crypto”, with RSA-2048 still being quite popular in this department).
Symmetric crypto is damn cheap; for x86, it is usually of the order of “100+ Mbytes/second per core”.3 It means that if your server is serving 1’000 players sending 1Kbyte-sized packet 20 times a second to each of them (i.e. quite respectable 160Mbit/sec), symmetric crypto will cost you less than 1/5th of one CPU core.As on a usual “workhorse” server (see Chapter [[TODO]] for further discussion), there is currently around 8-12 of such cores, overall impact of symmetric encryption in such an example scenario amounts to about 2% of additional CPU load; if you ask me, 2% increase in number-of-servers-you-need-to-run is certainly not much to protect your players both from eavesdropping etc. and from cheaters.
“On the other hand, public crypto is MUCH more expensive, but fortunately, it is needed only to establish connectionOn the other hand, public crypto is MUCH more expensive, but fortunately, it is needed only to establish connection (and as a result of such public-crypto-while-establishing-connection, a symmetric key will be generated for subsequent symmetric crypto). Specific numbers vary greatly from one algorithm to another, but as a ballpark number, with TLS/DTLS we can take an estimate of 1’000 connections/second/x86 core.4 So, for our 1000-player server example above, even if all of your players got disconnected and then need to reconnect – you’ll need just about 0.1 second (using all your cores) to connect all of them. [QUIC.Crypto] protocol establishes connection at a significantly lower cost than TLS: for QUIC it is very roughly ~10x better, i.e. with QUIC we can get 10’000 connections/second/core. Note that while you MIGHT think that TLS’s 0.1 sec-to-reconnect-all-your-players is already good enough – we’ll see a bit later that connection establishment costs are VERY important from DDoS point of view (see “Resilience to Crypto-DDoS Attacks” section below).
3 that is, as of beginning of 2016 for AES family of crypters
4 that’s using ECDH+ECDSA, and once again, as of beginning of 2016
In practice, there are two protocols which can currently be used for practical UDP encryption: DTLS (using, for example, [OpenSSL]) and QUIC (using [libquic]). While other UDP-oriented protocols (such as SNEP/SPINS, CurveCP, or MinimaLT) are described in literature, to the best of my knowledge they lack readily-available-and-supported libraries,5 and writing your own crypto-related library usually qualifies as a Pretty Bad Idea for game development.
(with “fast-paced updates” defined in section “Fast-paced Updates vs Slow-Paced Ones” above).
This is quite a pity, and restricts us to DTLS for lots of games out there; on the other hand, alternatives to using DTLS-for-all-communications include:
Also keep in mind that for games such as stock exchanges, and for all the credit-card processing, it is usually significantly easier to convince auditors (in the latter case – PCI DSS auditors) that you’re fine security-wise, if you’re using TLS/DTLS (any other protocol will cause raised eyebrows, and in the best case you will need to justify why you’re deviating from what is usually deemed “industry best practices”).
5 Both known-to-me implementations of CurveCP (NaCl and libchlorium) seem to be pretty much abandoned as of beginning of 2016, and MinimaLT doesn’t seem to have any reasonably complete implementation too (which is a pity, as MinimaLT has the best DDoS protection from the whole bunch).
“While there are games out there where you can get away with QUIC, for quite a few games out there you will need to deal with DTLSWell, as it follows from the above, while there are games out there where you can get away with QUIC, for quite a few games out there you will need to deal with DTLS. Which is a pity, as DTLS is quite bulky and (as of DTLS 1.2) relatively slow.6
When speaking about security, it is always about various attacks. For (properly) encrypted connections, dealing with attacks after connection is established, is usually not too difficult; however, DDoS attacks aiming at the connection handshake, become even more easy to mount, after we added encryption . I’m currently speaking mostly about “crypto-DDoS attacks”, when attacker is sending garbage within a properly formatted crypto request message and thus causes server to spend lots of time validating that the garbage is not really valid (see, for example, Pushdo SSL DDoS attack [Lewis12]). There is one positive side with this class of attacks though – amplification attacks (including very popular DNS amplifications attacks) usually don’t apply (phew); in particular, it means that 10GBit/s crypto-DDoS attack can count as “rather sizeable” one.
Let’s do some example math. Let’s consider a moderately sized 10GBit/s non-amplified attack on a 100-server MOG (MOG handling like 100K players simultaneously). Let’s assume that our MOG system performs balancing (such as hardware Load Balancing or Front-End Servers, see Chapter VII for further discussion); also let’s assume that the attack is performed by 10000 PCs (each emitting 1Mbit/s on average), each PC having 4 cores on average. Let’s further assume that our ISP can handle these 10GBit/s for us.
“If our handshake packet is 50 bytes, it means that 10GBit/s attack can cause us ~25M connection requests/second.Now let’s see what it means for our game servers. If our handshake packet is 50 bytes, it means that 10GBit/s attack can cause us ~25M connection requests/second.
As noted above, the connection request requires public crypto, and with DTLS 1.2, we can process around 1000 of such connection requests per second per core. Let’s note that we cannot really dedicate ALL our cores to handling connection requests (the game should go on even when under attack), so let’s assume that we can dedicate one core per server to DDoS handling. It means that our 100 servers will be able to handle mere 100’000 connection requests/second (and we need 250x more to withstand the attack).
Such attacks can be a very unpleasant thing (and limiting incoming connections per IP is rarely an easy task for UDP, so DDoS protection by providers might or might not help in this regard, as thresholds may be too low to trigger protection at that level), so let’s see what we can do about it. Even using optimized algorithms/handshakes (such as those in QUIC) would make it only 10x better for us (still leaving us 25x short).
One way to deal with it is to allow our Server to request Clients to perform some “proof of work” processing7 before we even start analyzing Client’s connection request. Under normal operation, there should be no “proof of work” requested, but if Server is under crypto-attack (which can be detected by time that Server spends on processing connection requests) – it should start requesting “proof of work” from all the Clients which try to connect.
“If we can force all the Clients to make some work which takes ~0.4 seconds of CPU core time to compute – then all 10’000 attacking PCs will be able to make only 100’000 requests/second, allowing us to withstand the attack.If we can force all the Clients to make some work which takes ~0.4 seconds of CPU core time to compute – then each of the 4-Core attacking PCs will be able to issue only 10 requests/second, and all 10’000 attacking PCs will be able to make only 100’000 requests/second, allowing us to withstand the attack. Even better, we don’t even need to calculate exact costs of work – our Server should simply increase amount of work requested while it is under crypto-attack, up to the point until it becomes not-so-affected by the attack. And BTW, if the attacker can see that the attack doesn’t affect you – he usually goes away fairly quickly.
The cost we’re paying for this kind of protection is that we’re causing Clients (including legitimate ones) to connect more slowly while the server is under attack; however, delay of 0.4 seconds is pretty much nothing (and I would argue that even 100x-larger 40 second delay is still better than usual outcome of a DDoS, which is “being unable to connect for hours”).
7 We’ll discuss “how to implement this ‘proof of work’ stuff” a bit later in “Implementing “Proof of Work” on top of DTLS” section.
Below I’ll describe one of the ways of implementing “proof of work” (with an ideology similar to “puzzles” in MinimaLT) on top of the existing DTLS protocol (and on top of a 3rd-party DTLS library):
“The trickery described above effectively acts as an additional DDoS-protected transport layer for DTLS; in other words, it doesn’t change anything from DTLS point of view (which means that DTLS security remains perfectly intact)The trickery described above effectively acts as an additional DDoS-protected transport layer for DTLS; in other words, it doesn’t change anything from DTLS point of view (which means that DTLS security remains perfectly intact); it merely sends extra challenges (when Server feels that it is under attack) and filters out packets coming from those attackers who were careless enough to skip doing ‘proof-of-work’.
The idea here is that while there can be two different types of crypto DDoS attack (calculating Puzzles and not calculating Puzzles) on such protected-DTLS, handling both of them is much cheaper than handling an attack on an unprotected DTLS.
If the attacker chooses to calculate Puzzles (and solving a Puzzle is 2^Amount_of_work more expensive than checking it) – then we’ll be able to mitigate the DDoS attack at the cost of each Client performing 0.4 sec worth of CPU core calculations (with 2016 CPUs, very roughly corresponding to Amount-of-Work = 19 or so). If the attacker decides to flood us with fake ClientHello’s without solving the Puzzle – we’ll be performing only very cheap operations (such as one MAC + one SHA-1 calculation), and will be able to do (roughly) 500K such checks per second per core (or 50M checks/seconds using only a single core from all our 100 servers), which is above 25M packets/second which we need to survive our example crypto-DDoS.
As an added bonus, this kind of checks can be even offloaded to separate servers (and at least in theory – even to the servers within your DDoS-protection provider).
On the other hand, note that this additional layer is certainly not a silver bullet; for example, if all our attacking PCs have a GPU such as GTX Titan-X, they will be able to calculate our Puzzles at ~100x faster than CPU, which will force us to increase Client calculation times to about 40 seconds (that’s per core); even this would be better than not-being-able-to-connect-forever, but in reality it won’t be that grim for two reasons:
8 here || denotes concatenation.
9 IMNSHO, for “proof-of-work” purposes, using SHA-1 is ok, but if you prefer – you can use SHA256 etc. instead, though it will incur some additional CPU costs on the server side.
10 or “crypto hash operation” if we’re using HMAC – also “very cheap”
The trick to protect yourself from crypto-DDoS described above, is not that complicated, but will certainly take some time to implement. As a result, a reasonable thing to ask is “whether you really need to implement it in advance?”. Honestly, I do not have a firm answer to this question. On the one hand, when you don’t have such protection, crypto-DDoS attack can bring your system to the knees in no time (and protection by DDoS provider might happen to be insufficient). On the other hand, at least as of 2016 crypto-DDoS attacks are very uncommon. Whether somebody will mount a crypto-DDoS attack against your servers – well, you never know in advance.
“Personally, I prefer to think of it as of insurance – when I’m paying my premiums in hope that my money will go to waste.For high-profile games, I would suggest to play it safe and to implement it somewhere around “beta” stages of the game (as changing protocols during “live” game is usually significantly more complicated); OTOH, chances are that you’ll never need to use this feature. Personally, I prefer to think of it as of insurance – when I’m paying my premiums in hope that my money will go to waste.11
11 especially if it is a life insurance
When implementing encryption (whether over TCP or over UDP), there are several very important things to keep in mind; while a detailed discussion on these issues will follow in Chapter [[TODO]], here I will simply summarize the most important points out of it without going into explanations:
12 they will require either to release all your source code, or purchase a commercial license
13 GnuTLS is licensed under LGPL license, which is usually ok for using in commercial projects – but double-check with your legal guys if applicable
14 On other potentially worthy contenders: WolfSSL and MatrixSSL only have GPL open-source versions (and require commercial license otherwise), LibreSSL doesn’t seem to support DTLS 1.2, and NSS has a strong dependency on NSPR (and you’re very unlikely to use NSPR otherwise),
15 while I admit that using Wikipedia as a reference-to-determine-security-of-ciphersuite is insecure by design, for not-so-secure games it might still fly
16 believe it or not, I’ve seen it more than once in the wild, though not for DTLS
17 while RC4 MAY have some uses in obfuscation department, and MD5 MAY be used as an improved version of CRC, even such innocent uses may cause quite a bit of trouble – both by being spread around by copy-paste, and by auditors asking all kinds of questions, so I suggest to refrain from using these ugly beasts. For example, for obfuscation purposes Chacha20 is a very good replacement to RC4 (it is even faster).
18 on the other hand, for stock exchanges, I tend to trust my own Client app better than anything-installed-on-end-user-computer, but eventually it often becomes a legal issue elevated outside of developer’s realm
This concludes beta Chapter XI(c) from the upcoming book “Development and Deployment of Multiplayer Online Games (from social games to MMOFPS, with social games in between)”. Stay tuned for beta Chapter XI(d), describing optimizing TCP for game-like uses.]]
Cartoons by Sergey Gordeev from Gordeev Animation Graphics, Prague.
Patrick O’Neill writes: Matt Edman is a cybersecurity expert who worked as a part-time employee at Tor Project, the nonprofit that builds Tor software and maintains the network, almost a decade ago. Since then, he’s developed potent malware used by law enforcement to unmask Tor users. It’s been wielded in multiple investigations by federal law-enforcement and U.S. intelligence agencies in several high-profile cases. The Tor Project has confirmed this report in a statement after being contacted by the Daily Dot, “It has come to out attention that Matt Edman, who worked with the Tor Project until 2009, subsequently was employed by a defense contractor working for the FBI to develop anti-Tor malware.” Maybe Tor users will now be less likely to anonymously check Facebook each month…
Read more of this story at Slashdot.
A Backup Plan In Case All the OPML-Supported Outliner Web Apps Disappear.
A week after announcing 12,000 job cuts, Intel CEO Brian Krzanich has shared vision for the company, hinting a shift in its prime focus away from PC business. In a blog post, Krzanich said that the company will be actively growing its data center business. The chip maker also plans to focus on chips and technologies for IoT devices. “The biggest opportunity in the Internet of Things is that it encompasses just about everything in our lives today– it’s ubiquitous,” Krzanich said. The company also plans to boost its memory chips business and make a push towards utilizing them in data centers and various cloud services. Intel said that it has made several investments in this field, noting the $16 billion acquisition of Altera last year. The company says it will be playing a big role in the move to 5G connectivity. “Connectivity is fundamental to every one of the cloud-to-thing segments we will drive,” he writes. Over the years, Intel has failed to keep up with Moore’s Law, an axiom that semiconductor density will double about every two years. The company previously extended the timeframe to 2.5 years, but Krzanich assures customers that the they are working to make further advances in order to meet the goal. “Moore’s Law is fundamentally a law of economics, and Intel will confidently continue to harness its value,” Krzanich said. PCWorld has extensively reported on this.
Read more of this story at Slashdot.
Facebook today, as part of its earnings release, said it would add a new class of non-voting stock for the company, which will keep Mark Zuckerberg in control of the company. “This proposal is designed to create a capital structure that will, among other things, allow us to remain focused on Mr. Zuckerberg’s long-term vision for our company and encourage Mr. Zuckerberg to remain in… Read More
Everything we do at Facebook is focused on our mission to make the world more open and connected.
To maintain our focus on this mission, we have always been a founder-led company. This structure has helped us resist the short term pressures that often hurt companies. It has helped us grow our community, build our business and create shareholder value. It has given us the freedom to prioritize your product experience and invest in new apps like Instagram — decisions that don’t always pay off right away, but that we believe help us serve our community and our shareholders.
When I look out at the future, I see more bold moves ahead of us than behind us. We’re focused not on what Facebook is today, but on what it can be, and what it needs to be for our community. That means investing in areas like spreading connectivity, building artificial intelligence and developing virtual and augmented reality. I am committed to our mission and to leading Facebook there over the long term.
While helping to connect the world will always be the most important thing I do, there are more global challenges that I feel a responsibility to help solve — like helping to cure all diseases by the end of this century, upgrading our education system so it’s personalized for each student, and protecting our environment from climate change. That’s why Priscilla and I created the Chan Zuckerberg Initiative and committed to give 99 percent of our Facebook shares during our lives to advance human potential and promote equality.
Today, Facebook’s board of directors is announcing a proposal to create a new class of stock that will allow us to achieve both goals. I’ll be able to keep founder control of Facebook so we can continue to build for the long term, and Priscilla and I will be able to give our money to fund important work sooner. Right now, there are amazing scientists, educators and doctors around the world doing incredible work. We want to help them make a bigger difference today, not 30 or 40 years down the road.
If this proposal goes into effect, we’ll get to keep improving your Facebook experience the way we do today. And over the long term, I think you’ll have better services and be part of a stronger community as a result. I believe in our community and the good we can do in the world, and I’m looking forward to continuing this journey with you.
Additional Information and Where to Find It
This document may be deemed to be solicitation material in respect of the solicitation of proxies from stockholders for Facebook’s 2016 Annual Meeting of Stockholders (the 2016 Annual Meeting). Facebook intends to file with the Securities and Exchange Commission (the SEC) and make available to Facebook stockholders of record on April 29, 2016 a proxy statement containing important information about a proposal to amend and restate Facebook’s existing certificate of incorporation to provide for a new class of non-voting capital stock and potentially declare a dividend of two shares of that new class of capital stock for each outstanding share of Facebook’s existing capital stock (the Reclassification Proposal) and certain other matters to be considered by the stockholders of Facebook at its 2016 Annual Meeting. BEFORE MAKING ANY VOTING DECISION, FACEBOOK STOCKHOLDERS ARE URGED TO READ THE PROXY STATEMENT (INCLUDING ANY AMENDMENTS OR SUPPLEMENTS THERETO) WHEN IT BECOMES AVAILABLE CAREFULLY AND IN ITS ENTIRETY BECAUSE IT WILL CONTAIN IMPORTANT INFORMATION ABOUT THE RECLASSIFICATION PROPOSAL AND CERTAIN OTHER MATTERS TO BE CONSIDERED AT THE 2016 ANNUAL MEETING.
Investors will be able to obtain the proxy statement and other relevant materials, when available, free of charge at the SEC’s website (http://www.sec.gov). In addition, documents filed with the SEC by Facebook, including the proxy statement when available, and the Annual Report on Form 10-K for the year ended December 31, 2015, will be available free of charge from Facebook’s Investor Relations website at investor.fb.com.
Participants in the Solicitation
Facebook and its directors, nominees, and executive officers may be deemed to be participants in the solicitation of proxies from Facebook’s stockholders with respect to the matters to be considered at the 2016 Annual Meeting, including the Reclassification Proposal. Information regarding the names, affiliations, and direct or indirect interests (by security holdings or otherwise) of these persons will be described in the proxy statement to be filed with the SEC.