diff --git a/Content/20240822172256-rate_limiting.org b/Content/20240822172256-rate_limiting.org index 36d9cce..4d9e1f1 100644 --- a/Content/20240822172256-rate_limiting.org +++ b/Content/20240822172256-rate_limiting.org @@ -4,8 +4,43 @@ #+title: Rate Limiting #+filetags: :programming: -* Relevant Nodes -** [[id:be116ea9-5b43-464a-a6fe-5469c4f4ba59][MiddleWare]] -* Algorithms +* Algos ** [[id:224dc7d4-396f-49cf-8d4f-e106a83b4092][Token Bucket]] -- https://en.wikipedia.org/wiki/Token_bucket +** [[id:1bb49dbe-b172-4b84-9333-9f919e6d5d5e][Leaky Bucket]] +** Fixed Window Counter +** Sliding window log +** Sliding window counter + - https://www.rdiachenko.com/posts/arch/rate-limiting/sliding-window-algorithm/ +* [[id:a3d0278d-d7b7-47d8-956d-838b79396da7][Distributed]] Rate Limiting + +- *Storage Solutions*: + - In-memory data stores (e.g., Redis, Memcached) are commonly used for fast access. + - [[id:6aac0b02-43a7-4ea0-a03a-34f54fe0e204][Consistent hashing]] helps distribute rate limits across multiple nodes. + +- *Challenges*: + - Synchronization between distributed nodes. + - Handling network partitions (e.g., split-brain scenarios). + - Maintaining low-latency responses while enforcing limits. + +*** Connections: +- *Distributed Systems*: Rate limiting is vital in microservices architecture to prevent service bottlenecks. +- *Security*: It plays a crucial role in mitigating the risk of abuse or attacks on web applications and services. +- *User Experience*: Properly implemented rate limiting can enhance user experience by ensuring system stability, especially during peak loads. + +*** Questions for Further Context: +- Are you interested in specific implementation examples of distributed rate limiting? +- What kind of distributed system architecture are you working with (e.g., microservices, serverless)? +- Do you have security concerns or specific use cases in mind for rate limiting? + +*** Pathways for Further Research: +- What are the trade-offs between different rate limiting strategies in terms of simplicity, performance, and fairness? +- How do rate limiting techniques differ across cloud service providers? +- What impact does distributed rate limiting have on monitoring and analytics of service performance?* Relevant Nodes +** [[id:be116ea9-5b43-464a-a6fe-5469c4f4ba59][MiddleWare]] +* Implementations +** [[id:97574f3d-86a1-4491-9cdd-5428d658103b][Envoy]]: https://github.com/envoyproxy/ratelimit +** [[id:283c3a6b-6a8c-4e14-85f4-8f67494629ce][Redis]]: https://redis.io/learn/howtos/ratelimiting +* Resources + - https://dev.to/khaleo/rate-limiter-in-system-design-part-1-concepts-and- + - https://dev.to/khaleo/rate-limiter-in-system-design-part-2-commonly-used-algorithms-45bp + - https://developers.cloudflare.com/waf/rate-limiting-rules/best-practices/ diff --git a/Content/20241005160318-transport_layer_security.org b/Content/20241005160318-transport_layer_security.org index ede0c1e..d73bd69 100644 --- a/Content/20241005160318-transport_layer_security.org +++ b/Content/20241005160318-transport_layer_security.org @@ -1,9 +1,9 @@ :PROPERTIES: :ID: 06fa9da7-4126-4b08-a367-3a751f31de51 -:ROAM_ALIASES: TLS +:ROAM_ALIASES: SSL TLS :END: #+title: Transport Layer Security -#+filetags: :cs:network: +#+filetags: :sec:cs:network: * Overview - *Definition*: [[id:6c9f9b53-16a8-48dd-bbc5-8f9b5ba18ff5][Cryptographic]] [[id:11d303f1-d337-4f51-b211-db435a9f2cd0][protocol]] for secure communication over a computer [[id:a4e712e1-a233-4173-91fa-4e145bd68769][network]]. @@ -13,58 +13,6 @@ - *Integrity Check*: Ensures data is not altered. - *Authentication*: Confirms the identity of communicating parties. -* TLS (NIL) -#+begin_src lisp -(defun initiate-tls-session (server-address client-cert client-key) - ;; Create a new TLS context - (let ((tls-context (create-tls-context))) - ;; Load client certificate and key - (load-client-cert tls-context client-cert client-key) - ;; Set server address - (set-server-address tls-context server-address) - ;; Perform TLS handshake - (tls-handshake tls-context) - ;; Return established context for secure communication - tls-context)) -(defun create-tls-context () - ;; Initialize a new TLS session context - (make-instance 'tls-session-context)) - -(defun load-client-cert (tls-context client-cert client-key) - ;; Load the client's certificate and private key into the context - (setf (tls-client-cert tls-context) client-cert) - (setf (tls-client-key tls-context) client-key)) - -(defun set-server-address (tls-context server-address) - ;; Configure the server address for the session - (setf (tls-server-address tls-context) server-address)) - -(defun tls-handshake (tls-context) - ;; Execute the TLS handshake protocol - (send-client-hello tls-context) - (receive-server-hello tls-context) - (exchange-keys tls-context) - (verify-server-certificates tls-context) - (finalize-handshake tls-context)) - -(defun send-client-hello (tls-context) - ;; Send initial hello message from client - ... - -(defun receive-server-hello (tls-context) - ;; Handle server's hello response - ... - -(defun exchange-keys (tls-context) - ;; Perform key exchange for session encryption - ... - -(defun verify-server-certificates (tls-context) - ;; Validate the server's SSL certificate - ... - -(defun finalize-handshake (tls-context) - ;; Complete the handshake and establish a secure connection - ... -#+end_src +* Resources + - https://security.stackexchange.com/questions/5126/whats-the-difference-between-ssl-tls-and-https?newreg=bb37d44255d94cd6aea5c05e76ed3ae8 diff --git a/Content/20241224164320-http.org b/Content/20241224164320-http.org index 8913aa9..42eedf3 100644 --- a/Content/20241224164320-http.org +++ b/Content/20241224164320-http.org @@ -3,3 +3,62 @@ :END: #+title: HTTP #+filetags: :cs:network: + +* Headers +*** Abstract +- *Definition*: HTTP headers are key-value pairs sent in both request and response messages, providing crucial information about the request or the response. +- *Types*: + - *Request Headers*: Sent by the client to the server. Examples include: + - =User-Agent=: Identifies the client software. + - =Accept=: Specifies the media types acceptable for the response. + - =Authorization=: Contains credentials for authenticating the client. + - *Response Headers*: Sent by the server to the client. Examples include: + - =Content-Type=: Indicates the media type of the resource. + - =Cache-Control=: Provides directives for caching mechanisms. + - =Location=: Used with redirections, specifies the URI of the resource. +- *General Headers*: These can be used in both requests and responses but don't apply to the content itself, such as: + - =Date=: The date and time at which the message was sent. + - =Connection=: Control options for the current connection. + + +*** Table of Common HTTP Headers with Descriptions + +| Header Name | Description | +|-------------------+--------------------------------------------------------------------------| +| Date | The date and time the message was sent. | +| Connection | Control options for the current connection. | +| Transfer-Encoding | Indicates the form of encoding used to safely transfer the payload body. | +| Accept | List of acceptable media types for the response. | +| Accept-Charset | Character sets that are acceptable. | +| Accept-Encoding | Specifies the content encodings that are acceptable. | +| Authorization | Credentials for authenticating the client with the server. | +| Cookie | Contains stored HTTP cookies. | +| Host | The domain name of the server (useful for virtual hosting). | +| User-Agent | Identifies the client software. | +| Referer | The URI of the resource from which the request was initiated. | +| Content-Type | The media type of the resource being sent in the response. | +| Content-Length | The length of the response body in octets (8-bit bytes). | +| Cache-Control | Directives for caching mechanisms in both requests and responses. | +| Expires | The date/time after which the response is considered stale. | +| Location | The URL to redirect the client to. | +| Server | Information about the software used by the origin server. | +| Set-Cookie | Used to send cookies from the server to the user agent. | + +* HTTP Status Codes +- *Definition*: HTTP Status Codes are standardized responses from a server to a client's request made to the server. They indicate whether a specific HTTP request has been successfully completed. +- *Categories*: + - *1xx*: Informational (e.g., 100 Continue, 101 Switching Protocols) + - *2xx*: Success (e.g., 200 OK, 201 Created, 204 No Content) + - *3xx*: Redirection (e.g., 301 Moved Permanently, 302 Found, 304 Not Modified) + - *4xx*: Client Errors (e.g., 400 Bad Request, 401 Unauthorized, 404 Not Found) + - *5xx*: Server Errors (e.g., 500 Internal Server Error, 502 Bad Gateway, 503 Service Unavailable) +- *Structure*: Each code consists of a three-digit number, where the first digit denotes the response type, and the last two digits provide additional context. + +*** Elaborations +- *Informational Codes (1xx)* indicate that the request has been received and is being processed; this is essential for scenarios involving longer operations where client feedback is necessary. +- *Success Codes (2xx)* confirm satisfactory completion of requests, vital for web applications to operate without interruption. +- *Redirection Codes (3xx)* guide clients to different resources or locations, supporting URL management and resource routing. +- *Client Error Codes (4xx)* indicate issues with the client’s request; understanding these effectively can enhance user experience and debugging processes. +- *Server Error Codes (5xx)* signal problems on the server side, helping developers and administrators pinpoint and resolve internal failures. + +* Resources diff --git a/Content/20250122090314-sdi_glossary.org b/Content/20250122090314-sdi_glossary.org index 61484e0..07296e8 100644 --- a/Content/20250122090314-sdi_glossary.org +++ b/Content/20250122090314-sdi_glossary.org @@ -6,13 +6,15 @@ A quick index into most common abbreviations in the domain of computer science -| Abbrev | Expansion | -|--------+-----------------------------------| -| [[id:a452b284-9ed0-4aed-a0d2-9bdb303a459c][HTTP]] | Hyper Text Transfer Protocol | -| API | [[id:20240101T073142.439145][Application Programming Interface]] | -| AU | Active Users | -| CDN | [[id:20240101T082700.953774][Content Delivery Network]] | -| DNS | [[id:c1875db1-be4d-43fe-9c88-bf5fc7a95df3][Domain Name System]] | -| DoS | [[id:f0951767-64d7-4f03-8a97-72ba11cc70c6][Denial of Service]] | -| IP | [[id:d799bc90-5032-4a69-9806-83145297a335][Internet Protocol]] | -| QPS | Queries Per Second | +| Abbrev | Expansion | +|--------+----------------------------------------| +| API | [[id:20240101T073142.439145][Application Programming Interface]] | +| AU | Active Users | +| CDN | [[id:20240101T082700.953774][Content Delivery Network]] | +| DNS | [[id:c1875db1-be4d-43fe-9c88-bf5fc7a95df3][Domain Name System]] | +| DoS | [[id:f0951767-64d7-4f03-8a97-72ba11cc70c6][Denial of Service]] | +| [[id:a452b284-9ed0-4aed-a0d2-9bdb303a459c][HTTP]] | Hyper Text Transfer Protocol | +| IP | [[id:d799bc90-5032-4a69-9806-83145297a335][Internet Protocol]] | +| QPS | Queries Per Second | +| SSL | Secure Sockets Layer: Precursor to [[id:06fa9da7-4126-4b08-a367-3a751f31de51][TLS]] | +| [[id:06fa9da7-4126-4b08-a367-3a751f31de51][TLS]] | Transport Layer Security | diff --git a/Content/20250122093005-algoindex.org b/Content/20250122093005-algoindex.org index 5342b84..b00d2ca 100644 --- a/Content/20250122093005-algoindex.org +++ b/Content/20250122093005-algoindex.org @@ -10,6 +10,5 @@ Index into algorithms of varying complexities with a brief description of what t |----------------+-------------------------------------| | [[id:d4fe54f3-65c0-4a8a-9075-242ce475e706][EdgeRank]] | Facebook's NewsFeed Aggregation | | [[id:514705de-abe8-4781-9c51-03c318bbe077][PageRank]] | Google's Web Page Ranker for Search | -| [[id:224dc7d4-396f-49cf-8d4f-e106a83b4092][Token Bucket]] | [[id:a9f836f0-d43d-4e97-96fc-06f75e982d15][Rate Limiting]] | | [[id:327ebe76-4fd6-47d4-b053-94e380937c6d][Raft Consensus]] | generic distributed peer protocol | | | | diff --git a/Content/20250122165851-middleware.org b/Content/20250122165851-middleware.org index 2343b41..7ec9b73 100644 --- a/Content/20250122165851-middleware.org +++ b/Content/20250122165851-middleware.org @@ -7,3 +7,4 @@ * Relevant Nodes ** [[id:20240101T073142.439145][API]] +** [[id:f75d1fff-b3a2-4f36-ad90-7cdfee1fd58b][Gateway API-K8s]] diff --git a/Content/20250123185341-gateway_api_k8s.org b/Content/20250123185341-gateway_api_k8s.org new file mode 100644 index 0000000..7aca204 --- /dev/null +++ b/Content/20250123185341-gateway_api_k8s.org @@ -0,0 +1,8 @@ +:PROPERTIES: +:ID: f75d1fff-b3a2-4f36-ad90-7cdfee1fd58b +:END: +#+title: Gateway API-K8s +#+filetags: :k8s: + +* Resources + - https://kubernetes.io/docs/concepts/services-networking/gateway/ diff --git a/Content/20250123191033-leaky_bucket.org b/Content/20250123191033-leaky_bucket.org new file mode 100644 index 0000000..213c496 --- /dev/null +++ b/Content/20250123191033-leaky_bucket.org @@ -0,0 +1,10 @@ +:PROPERTIES: +:ID: 1bb49dbe-b172-4b84-9333-9f919e6d5d5e +:END: +#+title: Leaky Bucket +#+filetags: :algo:cs: + +* Relevant Nodes +** [[id:224dc7d4-396f-49cf-8d4f-e106a83b4092][Token Bucket]] +* Resources + - https://en.wikipedia.org/wiki/Leaky_bucket diff --git a/Content/20250124104046-design_patterns.org b/Content/20250124104046-design_patterns.org new file mode 100644 index 0000000..0ace8e6 --- /dev/null +++ b/Content/20250124104046-design_patterns.org @@ -0,0 +1,11 @@ +:PROPERTIES: +:ID: f5db6ddc-024e-4ed0-99f6-9e09ae19106f +:END: +#+title: Design Patterns +#+filetags: :meta:cs: + +Generic Patterns, or their compositions, that can be thrown at problems before you have to start inventing novel ones. + + +* Resources + - https://refactoring.guru/design-patterns diff --git a/Content/20250124112500-split_brain.org b/Content/20250124112500-split_brain.org new file mode 100644 index 0000000..af6ddc5 --- /dev/null +++ b/Content/20250124112500-split_brain.org @@ -0,0 +1,10 @@ +:PROPERTIES: +:ID: c0126ead-1fa4-4d21-9406-1ecf50211ffe +:END: +#+title: Split-Brain Scenario +#+filetags: :cs:meta: + +See Biological origins : [[id:18d5b474-ac34-424b-8838-b6cee0dcedd7][Split Brain Syndrome]] + +* Resources +- https://en.wikipedia.org/wiki/Split-brain_(computing) diff --git a/Content/20250124112603-split_brain_syndrome.org b/Content/20250124112603-split_brain_syndrome.org new file mode 100644 index 0000000..8ddd2e2 --- /dev/null +++ b/Content/20250124112603-split_brain_syndrome.org @@ -0,0 +1,8 @@ +:PROPERTIES: +:ID: 18d5b474-ac34-424b-8838-b6cee0dcedd7 +:END: +#+title: Split Brain Syndrome +#+filetags: :biology: + +* Resources + - https://en.wikipedia.org/wiki/Split-brain