cuckoo
aperture
cuckoo | aperture | |
---|---|---|
8 | 28 | |
813 | 590 | |
- | 1.7% | |
4.3 | 9.8 | |
6 months ago | 7 days ago | |
C++ | Go | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cuckoo
-
mCaptcha: Open-source proof-of-work captcha for websites
Asymmetric PoW algorithms, such as Cuckoo Cycle [1] or the poorly named Equihash [2] (which is not a hash function) do not lend themselves to password hashing, since a given instance can have 0 or 1 or many solutions.
[1] https://github.com/tromp/cuckoo
[2] https://en.wikipedia.org/wiki/Equihash
-
Crypto: My Part in Its Downfall
The full technical report describing the LOCKSS forerunner to bitcoin may be downloaded at [1]. Interestingly, LOCKSS used a memory bound Proof-of-Work, where both prover and verifier perform a random walk in a 1GB table. But the prover had to do this many times, to obtain some final hash with many leading zeroes. This was before the invention of asymmetric PoW systems like Cuckoo Cycle [2] where the PoW can be verified with no memory use.
[1] https://www.researchgate.net/publication/31869581_Preserving...
[2] https://github.com/tromp/cuckoo
-
Is it possible a PoW that runs arbitrary algorithms?
A non-hashcash-style PoW scheme is Cuck(at)ooCycle.
-
POW Captcha: a lightweight, self-hosted proof-of-work captcha
The use of scrypt as underlying hash function is a rather poor choice though, as scrypt's memory hardness makes PoW verification unnecessarily expensive.
It's perfectly possible to make a memory hard PoW that's instantly verifiable, by using something other than hashcash. Examples include Cuckoo Cycle [1], and Equihash [2].
[1] https://github.com/tromp/cuckoo
[2] https://en.wikipedia.org/wiki/Equihash
-
Memory-bound trapdoor proof of work
Non-Solution #8: Cuckoo Cycle https://github.com/tromp/cuckoo Why: At least a few people have looked at it, and any attacker is far more likely to directly attack the blockchain itself, than my server (which doesn't get involved with the blockchain) Why not: The "mathematical specification" https://github.com/tromp/cuckoo/blob/master/doc/mathspec is woefully inadequate, their "C spec" focuses more on ASCII art than actual readability https://github.com/tromp/cuckoo/blob/master/doc/spec and as https://handshake.org/files/handshake.txt points out, cannot be easily adjusted in difficulty. Also, I would need to implement it from scratch, but I guess I'll have to do that anyway.
- IBM Creates First 2nm Chip
-
Ask HN: What Kind of Threat Does Quantum Computing Pose to Bitcoin?
The hashcash proof-of-work scheme that bitcoin uses is vulnerable to Grover's quantum search algorithm, that can find a solution in the 2^76 search space for the current target difficulty in roughly sqrt(2^76) = 2^38 quantum hashing steps, for a 2^38 factor speedup.
Other proof-of-work schemes (e.g. finding cycles in graphs [1]) are not vulnerable to quantum speedup.
[1] https://github.com/tromp/cuckoo
-
Theoretically, how much hashing power could a 'quantum computer' generate? And is any superpower close to having one yet, that we know of?
[1] https://github.com/tromp/cuckoo
aperture
-
Defcon: Meta's system for preventing overload with graceful feature degradation
Anyone interested in load shedding and graceful degradation with request prioritization should check out the Aperture OSS project.
https://github.com/fluxninja/aperture
-
Queues Don't Fix Overload
I agree that queues can problem especially when misconfigured. But some amount of queuing is necessary, to absorb short spikes in demand vs capacity. Also, queues can be helpful to re-order requests based on criticality which won't be possible with zero queue size - in which case we have to immediately drop a request or admit it without considering it's priority.
I think it is beneficial to re-think how we tune queues. Instead of setting a queue size, we should be tuning the max permissible latency in the queue which is what a request timeout actually is. That way, you stay within the acceptable response time SLA while keeping only the serve-able requests in the queue.
Aperture, an open-source load management platform took this approach. Each request specifies a timeout for which it is willing to stay in the queue. And weighted fair queuing scheduler then allocates the capacity (a request quota or max number of in-flight request) across requests based on the priority and tokens (request heaviness) of each request.
Read more about the WFQ scheduler in Aperture: https://docs.fluxninja.com/concepts/scheduler
Link to Aperture's GitHub: https://github.com/fluxninja/aperture
Would love to hear your thoughts on our approach!
-
Kelsey Hightower's Twitter Spaces on Rate Limits & Flow Control
For those keen to dive deeper, I highly recommend exploring both the Twitter Space and Aperture: [Twitter Spaces]: https://twitter.com/kelseyhightower/status/1689355284802629633?s=20 [GitHub repo]: https://github.com/fluxninja/aperture
-
Graceful Behavior at Capacity
Very interesting blog post! Our team has been working intensively in this area for the last couple of years - flow control, load shedding, controllability (PID control), and so on.
We have open-sourced our work at - https://github.com/fluxninja/aperture
We would love feedback from folks reading this blog post!
Disclaimer: I am one of the co-authors of the Aperture project. There are several interesting ideas we have built into this project and I will be happy to dive into the technical details as well.
-
Why Adaptive Rate Limiting Is a Game-Changer
It's a blog on an open-source project that precisely tells you how to implement adaptive rate limiting.
Just click around a bit:
- https://github.com/fluxninja/aperture
- https://docs.fluxninja.com/use-cases/adaptive-service-protec...
Note: I am one of the authors' of this project.
-
Show HN: Review GitHub PRs with AI/LLMs
At the time of writing, the first sample image on that page is this:
https://coderabbit.ai/assets/section-1-f9a48066.png
which recommends adding a "maxIterations" counter to the "for len(executedComponents) ..." loop here:
https://github.com/fluxninja/aperture/blob/26e00ea818c7c28da...
HOWEVER
- the review has failed to notice the logic using "numExecutedBefore" (around line 377) that already prevents the specific bug it is suggesting a fix for
- the suggested change decrements "maxIterations" inside the "for ... range circuit.components {" loop which means it isn't counting iterations, it's counting components
This kind of suggestion is particularly nasty because it's unlikely that the test suite populates enough components to hit "maxIterations" - so an inattentive reader could accept it, get a green build, and then deploy a production bug!
-
June 25th, 2023 Deno Deploy Postmortem
The need an adaptive protection system like Aperture[0] to mitigate overloads.
[0]: https://github.com/fluxninja/aperture
-
Jsonnet – The Data Templating Language
It’s customized to our policy spec. But you can learn from this and adapt it to your spec.
https://github.com/fluxninja/aperture/blob/main/scripts/json...
- Show HN: Aperture – Unified Reliability Management for Microservices
- Failure Mitigation for Microservices: An Intro to Aperture
What are some alternatives?
nodeeditor - Qt Node Editor. Dataflow programming framework
rules_jsonnet - Jsonnet rules for Bazel
osqp - The Operator Splitting QP Solver
slo-exporter - Slo-exporter computes standardized SLI and SLO metrics based on events coming from various data sources.
aperture - ⚡️L402 (Lightning HTTP 402) Reverse Proxy ⚡️
awesome-sre-tools - A curated list of Site Reliability and Production Engineering Tools
vroom - Vehicle Routing Open-source Optimization Machine
now-boltwall - Vercel lambda deployment for a Nodejs Lightning-powered Paywall
2captcha-php - PHP package for easy integration with the API of 2captcha captcha solving service to bypass recaptcha, hcaptcha, funcaptcha, geetest and solve any other captchas.
ai-pr-reviewer - AI-based Pull Request Summarizer and Reviewer with Chat Capabilities.
LDOGE - LITEDOGE - Proof of Stake: 2.0 Proof, of work: Scrypt
etleneum - the centralized smart contract platform