hand-injecting an entirely different game into Super Mario World on the SNES by exploiting buffer overflows BY HAND. this is legendary behaviour
built-in support for CI/CD deployment pipelines, driven from a checked-in DSL file. great stuff, very glad to see them going this direction. (via Eric)
All machine learning algorithms strive to exaggerate and perpetuate the past. That is, after all, what they are learning from. The fundamental assumption of every machine learning algorithm is that the past is correct, and anything coming in the future will be, and should be, like the past. This is a fine assumption to make when you are Netflix trying to predict what movie you’ll like, but is immoral when applied to many other situations. For bots like mine and Microsoft’s, built for entertainment purposes, it can lead to embarrassment. But AI has started to be used in much more meaningful ways: predictive policing in Chicago, for example, has already led to widespread accusations of racial profiling. This isn’t a little problem. This is a huge problem, and it demands a lot more attention then it’s getting now, particularly in the community of scientists and engineers who design and apply these algorithms. It’s one thing to get cursed out by an AI, but wholly another when one puts you in jail, denies you a mortgage, or decides to audit you.
But ECDSA private keys don’t trigger the same protective instincts that we’d apply to, say, a bar of gold. One sequence of 256 random bits looks just as worthless as any other. And the cold hard unforgeability of these keys means we can’t rely upon other humans to get our money back when we lose them. Plus, we have no experience at all with things that grow in value by four orders of magnitude, without any attention, in just three years. So we have a cryptocurrency-tool UX task in front of us: to avoid mistakes like the one we made, we must to either move these digital assets into solid-feeling physical containers, or retrain our perceptions to attach value to the key strings themselves.
useful bookmark to have (via Nelson)
Neat manual timing attack.
An investigator for the Connecticut Lottery determined that terminal operators could slow down their lottery machines by requesting a number of database reports or by entering several requests for lottery game tickets. While those reports were being processed, the operator could enter sales for 5 Card Cash tickets. Before the tickets would print, however, the operator could see on a screen if the tickets were instant winners. If tickets were not winners, the operator could cancel the sale before the tickets printed.
A microservice saviour appears! In order to prevent such a terrible tragedy from occurring ever again during our lifetimes, `left-pad.io` has been created to provide all the functionality of `left-pad` AND the overhead of a TLS handshake and an HTTP request. Less code is better code, leave the heavy lifting to `left-pad.io`, The String Experts™.
Now this is a BIG thumbs up:
‘Prometheus has been known to us for a while, and we have been tracking it and reading about the active development, and at a point (a few months back) we decided to start evaluating it for production use. The PoC results were incredible. The monitoring coverage of MySQL was amazing, and we also loved the JMX monitoring for Cassandra, which had been sorely lacking in the past.’
‘if you tell her “repeat after me” she will parrot back whatever you say, allowing you to put words into her mouth.’what. the. fuck. Microsoft.
If you have a million npm dependencies, distribute them in the dist package; aka. omnibus packages for JS
Based on the pain we’ve had trying to bring our Rails services up to the quality levels required, this looks pretty accurate in many respects. I’d augment this advice by saying: avoid RVM; use Docker.
‘VPC is the future and it is awesome, and unless you have some VERY SPECIFIC AND CONVINCING reasons to do otherwise, you should be spinning up a VPC per environment with orchestration and prob doing it from CI on every code commit, almost like it’s just like, you know, code.’
Wikimedia and Facebook have given Angolans free access to their websites, but not to the rest of the internet. So, naturally, Angolans have started hiding pirated movies and music in Wikipedia articles and linking to them on closed Facebook groups, creating a totally free and clandestine file sharing network in a country where mobile internet data is extremely expensive.
This is a great point, and one I’ll be quoting:
Any design that is hard to test is crap. Pure crap. Why? Because if it’s hard to test, you aren’t going to test it well enough. And if you don’t test it well enough, it’s not going to work when you need it to work. And if it doesn’t work when you need it to work the design is crap.Amen!
Radiocarbon dating shows that the bones discovered at McCuaig’s go back to about 2000 B.C. That makes them hundreds of years older than the oldest artifacts generally considered to be Celtic — relics unearthed from Celt homelands of continental Europe, most notably around Switzerland, Austria and Germany. For a group of scholars who in recent years have alleged that the Celts, beginning from the middle of Europe, may never have reached Ireland, the arrival of the DNA evidence provides the biological certitude that the science has sometimes brought to criminal trials. “With the genetic evidence, the old model [of Celtic colonisation of Ireland] is completely shot,” John Koch, a linguist at the Center for Advanced Welsh and Celtic Studies at the University of Wales.
Good to know:
‘GCM delivery receipts don’t have an SLA at this time. Having your connection open longer will increase the odds that delivery receipts will arrive. 10 seconds seems a bit short. I’m glad it works. I would recommend longer like 10 min or an hour. The real design of this system is for persistent connections, hence connections that setup and tear down frequently will have difficulty receiving delivery receipts.’
Basic phishing: ‘Collins hacked over 100 people by sending emails that looked like they came from Apple and Google, such as [email protected],” [email protected],” and [email protected] According to the government, Collins asked for his victims’ iCloud or Gmail usernames and passwords and “because of the victims’ belief that the email had come from their [Internet Service Providers], numerous victims responded by giving [them].”’
The Internet is structured to be an open communications medium. This openness is one of the key underpinnings of Internet innovation, but it can also allow communications that may be viewed as undesirable by certain parties. Thus, as the Internet has grown, so have mechanisms to limit the extent and impact of abusive or objectionable communications. Recently, there has been an increasing emphasis on “blocking” and “filtering”, the active prevention of such communications. This document examines several technical approaches to Internet blocking and filtering in terms of their alignment with the overall Internet architecture. When it is possible to do so, the approach to blocking and filtering that is most coherent with the Internet architecture is to inform endpoints about potentially undesirable services, so that the communicants can avoid engaging in abusive or objectionable communications. We observe that certain filtering and blocking approaches can cause unintended consequences to third parties, and we discuss the limits of efficacy of various approaches.(via Tony Finch)
‘There are three easy to make mistakes in go. I present them here in the way they are often found in the wild, not in the way that is easiest to understand. All three of these mistakes have been made in Kubernetes code, getting past code review at least once each that I know of.’
This study found that purebred dogs have a significantly greater risk of developing many of the hereditary disorders examined in this study. No, mixed breed dogs are not ALWAYS healthier than purebreds; and also, purebreds are not “as healthy” as mixed breed dogs. The results of this study will surprise nobody who understands the basics of Mendelian inheritance. Breeding related animals increases the expression of genetic disorders caused by recessive mutations, and it also increases the probability of producing offspring that will inherit the assortment of genes responsible for a polygenic disorder.In conclusion, go mutts.
Good interview with Demis Hassabis on DeepMind, AlphaGo and AI:
I’d like to see AI-assisted science where you have effectively AI research assistants that do a lot of the drudgery work and surface interesting articles, find structure in vast amounts of data, and then surface that to the human experts and scientists who can make quicker breakthroughs. I was giving a talk at CERN a few months ago; obviously they create more data than pretty much anyone on the planet, and for all we know there could be new particles sitting on their massive hard drives somewhere and no-one’s got around to analyzing that because there’s just so much data. So I think it’d be cool if one day an AI was involved in finding a new particle.
Good post on Dublin City Council’s atrociously revisionist 1916-commemoration banner, celebrating Henry Grattan, Daniel O’Connell, Charles Stewart Parnell and John Redmond:
The banner is not showing parliamentary nationalists who might be included in a history of 1916 (Redmond might have been joined by John Dillon and Tom Kettle, for instance), but displaying the parliamentarian tradition in Irish political history. The people chosen all worked for change via political means, whether obtaining an independent Irish parliament from 1782-1801 (Grattan), working for Catholic Emancipation (Grattan and O’Connell), land reform (Parnell), or trying to repeal the Act of Union and obtain Home Rule (O’Connell, Parnell, Redmond). All were MPs in Westminster at some point. None openly espoused physical force. None aimed at establishing an independent Irish Republic. Putting the history of parliamentarianism on a banner labelled 1916 suggests that 1916 was in the parliamentarian tradition. That suggestion is very far from the truth.
a free, multi-threaded compression utility with support for bzip2 compressed file format. lbzip2 can process standard bz2 files in parallel. It uses POSIX threading model (pthreads), which allows it to take full advantage of symmetric multiprocessing (SMP) systems. It has been proven to scale linearly, even to over one hundred processor cores. lbzip2 is fully compatible with bzip2 – both at file format and command line level. Files created by lbzip2 can be decompressed by all versions of bzip2 and other software supporting bz2 format. lbzip2 can decompress any bz2 files in parallel. All bzip2 command-line options are also accepted by lbzip2. This makes lbzip2 a drop-in replacement for bzip2.
Excellent use of a heatmap
‘Disruptor is the highest performing intra-thread transfer mechanism available in Java. Conversant Disruptor is the highest performing implementation of this type of ring buffer queue because it has almost no overhead and it exploits a particularly simple design. Conversant has been using this in production since 2012 and the performance is excellent. The BlockingQueue implementation is very stable, although we continue to tune and improve it. The latest release, 1.2.4, is 100% production ready. Although we have been working on it for a long time, we decided to open source our BlockingQueue this year to contribute something back to the community. … its a drop in for BlockingQueue, so its a very easy test. Conversant Disruptor will crush ArrayBlockingQueue and LinkedTransferQueue for thread to thread transfers. In our system, we noticed a 10-20% reduction in overall system load and latency when we introduced it.’
Gorgeously-illustrated retro map of modern-day submarine cables. Prints available for $150 (via Conor Delaney)
UK banks are getting press for evading liability and screwing the customer when scams and phishing occur
Nice approach from MongoDB:
we’ve recently gained momentum on standardizing our [cross-platform test] drivers. Human-readable, machine-testable specs, coded in YAML, prove which code conforms and which does not. These YAML tests are the Cat-Herd’s Crook: a tool to guide us all in the same direction.
The last possibility and reigning theory is that Ms. Badri and Mr. Nelles elusive hacker partners are literally real hackers who stole a copy of the high resolution scan from the Museum’s servers. A high resolution scan must exist as a high res 3D printed replica is already available for sale online. Museum officials have dismissed the Other Nefertiti model as “of minor quality”, but that’s not what we are seeing in this highly detailed scan. Perhaps the file was obtained from someone involved in printing the reproduction, or it was a scan made of the reproduction? Indeed, the common belief in online 3D Printing community chatter is that the Kinect “story” is a fabrication to hide the fact that the model was actually stolen data from a commercial high quality scan. If the artists were behind a server hack, the legal ramifications for them are much more serious than scanning the object, which has few, if any legal precedents.
some nice-sounding cocktail recipes for these tasty bitters
Prodigy software patents invoked in suit against GroupOn. Patent troll mode activated :( (via Paul Graham)
yay, DRM. “It is important that you transfer your purchased NOOK Books to ensure access”
Keep in mind that it took from the dawn of the industrial age until last October to reach the first 1.0 degree Celsius, and we’ve come as much as an extra 0.4 degrees further in just the last five months. Even accounting for the margin of error associated with these preliminary datasets, that means it’s virtually certain that February handily beat the record set just last month for the most anomalously warm month ever recorded. That’s stunning.eek.
Mannix Flynn makes a persuasive case to preserve the last remaining Magdalene Laundry still standing:
Memory is something that fights an eternal battle with the passage of time and forgetfulness. Time is a great healer for those who can heal and those who are offered healing. There is no healing here. Time stands still like a festering wound in a well-to-do suburb as somebody attempts to erase a grave and mortal wrong. The McAleese report, the Justice for the Magdalenes, the hundreds of women still alive and their families should know of this place. Should be present here to witness what can only be witnessed by them. So that they can understand what’s lost, what cannot be given. What was taken from them for generations.
The latest SSL security hole. ‘DROWN shows that merely supporting SSLv2 is a threat to modern servers and clients. It allows an attacker to decrypt modern TLS connections between up-to-date clients and servers by sending probes to a server that supports SSLv2 and uses the same private key.’
Excellent drawing books from Chris Judge and his brother Andrew. gotta get this: ‘WELCOME TO DOODLETOWN, the home of the Doodles. It is a very nice town, except for one SMALL problem. Everything is half drawn with bits and pieces missing! The Doodles are going to need YOUR help. So grab a pen or a pencil and help finish the adventure!’
Excellent explanation of PR-STV and the Irish voting system. Don’t be a Plumper! (via John O’Shea)
“Our concern is that if we lose the case more countries across Europe or elsewhere are going to be concerned about having their data in Ireland, ” Mr Smith said, after testifying before the House judiciary committee. Asked what would happen to its Irish unit if the company loses the case or doesn’t convince Congress to pass updated legislation governing cross-border data held by American companies, the Microsoft executive said: “We’ll certainly face a new set of risks that we don’t face today.” He added that the issue could be resolved by an executive order by the White House or through international negotiations between the Irish Government or the European Union and the US.
At the Bitcoin workshop in Barbados, Malte Möser will present our solution to the Bitcoin private key management problem. Specifically, our paper describes a way to create vaults, special accounts whose keys can be neutralized if they fall into the hands of attackers. Vaults are Bitcoin’s decentralized version of you calling your bank to report a stolen credit card — it renders the attacker’s transactions null and void. And here’s the interesting part: in so doing, vaults demotivate key theft in the first place. An attacker who knows that he will not be able to get away with theft is less likely to attack in the first place, compared to current Bitcoin attackers who are guaranteed that their hacking efforts will be handsomely rewarded.
Maglev is Google’s network load balancer. It is a large distributed software system that runs on commodity Linux servers. Unlike traditional hardware network load balancers, it does not require a specialized physical rack deployment, and its capacity can be easily adjusted by adding or removing servers. Network routers distribute packets evenly to the Maglev machines via Equal Cost Multipath (ECMP); each Maglev machine then matches the packets to their corresponding services and spreads them evenly to the service endpoints. To accommodate high and ever-increasing traffic, Maglev is specifically optimized for packet processing performance. A single Maglev machine is able to saturate a 10Gbps link with small packets. Maglev is also equipped with consistent hashing and connection tracking features, to minimize the negative impact of unexpected faults and failures on connection-oriented protocols. Maglev has been serving Google’s traffic since 2008. It has sustained the rapid global growth of Google services, and it also provides network load balancing for Google Cloud Platform.Something we argued for quite a lot in Amazon, back in the day….
BrewDog releases their beer recipes for free. so cool! ‘So here it is. The keys to our kingdom. Every single BrewDog recipe, ever. So copy them, tear them to pieces, bastardise them, adapt them, but most of all, enjoy them. They are well travelled but with plenty of miles still left on the clock. Just remember to share your brews, and share your results. Sharing is caring.’
Good for science fans, not so hot for real tennis fans.
The former real tennis court building close to the concert hall’s north wing would be used for temporary and visiting exhibitors, with a tunnel connecting it to the science centre. The National Children’s Science Centre is due to open in late 2018 and will also be known as the Exploration Station, said Dr Danny O’Hare, founding president of Dublin City University and chairman of the Exploration Station board since 2006.
holy crap. Nissan expose a public API authenticated _solely_ using the car’s VIN — which is more or less public info; the API allows turning on/off AC, grabbing driving history, etc.
eBay’s software LB, supporting URL matching, comparable to haproxy, built using Netty and Scala. Used in their QA infrastructure it seems
Ugh. This is a security nightmare. Nice work Foscam…
Imagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware. Now imagine that the geek gear you bought doesn’t actually let you block this P2P communication without some serious networking expertise or hardware surgery that few users would attempt. This is the nightmare “Internet of Things” (IoT) scenario for any system administrator: The IP cameras that you bought to secure your physical space suddenly turn into a vast cloud network designed to share your pictures and videos far and wide. The best part? It’s all plug-and-play, no configuration necessary!
Death by Random Forest: this project is a horrible misapplication of machine learning. Truly appalling, when a false positive means death:
The NSA evaluates the SKYNET program using a subset of 100,000 randomly selected people (identified by their MSIDN/MSI pairs of their mobile phones), and a a known group of seven terrorists. The NSA then trained the learning algorithm by feeding it six of the terrorists and tasking SKYNET to find the seventh. This data provides the percentages for false positives in the slide above. “First, there are very few ‘known terrorists’ to use to train and test the model,” Ball said. “If they are using the same records to train the model as they are using to test the model, their assessment of the fit is completely bullshit. The usual practice is to hold some of the data out of the training process so that the test includes records the model has never seen before. Without this step, their classification fit assessment is ridiculously optimistic.” The reason is that the 100,000 citizens were selected at random, while the seven terrorists are from a known cluster. Under the random selection of a tiny subset of less than 0.1 percent of the total population, the density of the social graph of the citizens is massively reduced, while the “terrorist” cluster remains strongly interconnected. Scientifically-sound statistical analysis would have required the NSA to mix the terrorists into the population set before random selection of a subset—but this is not practical due to their tiny number. This may sound like a mere academic problem, but, Ball said, is in fact highly damaging to the quality of the results, and thus ultimately to the accuracy of the classification and assassination of people as “terrorists.” A quality evaluation is especially important in this case, as the random forest method is known to overfit its training sets, producing results that are overly optimistic. The NSA’s analysis thus does not provide a good indicator of the quality of the method.
UK open data success story, via Tony Finch:
This LIDAR data bonanza has proved particularly helpful to archaeologists seeking to map Roman roads that have been ‘lost’, some for thousands of years. Their discoveries are giving clues to a neglected chapter in the history of Roman Britain: the roads built to help Rome’s legions conquer and control northern England.
Also known as “Graduate Student Descent”, a common approach to hyperparameter tuning in machine learning — ie. get an intern to sit there tweaking parameters until they find something approximating optimal performance
Valentine’s Day cards for you and yours, from one of cinema’s true visionaries. How do you communicate the depth of your desire? Say it with Cronenberg Valentines.
Let’s see how long this lasts:
Today Sauce Labs is proud to open-source isign. isign can take an iOS app that was authorized to run only on one developer’s phone, and transform it so it can run on another developer’s phone. This is not a hack around Apple’s security. We figured out how Apple’s code signing works and re-implemented it in Python. So now you can use our isign utility anywhere – even on Linux!
‘Indonesia’s government has demanded that instant messaging apps remove stickers featuring same-sex couples, in the latest high-profile attempt to discourage visible homosexuality in the socially conservative country.’ (via fuzzix)
Apple outlaws third-party repairs with vague TouchID-related justifications:
Freelance photographer and self-confessed Apple addict Antonio Olmos says this happened to his phone a few weeks ago after he upgraded his software. Olmos had previously had his handset repaired while on an assignment for the Guardian in Macedonia. “I was in the Balkans covering the refugee crisis in September when I dropped my phone. Because I desperately needed it for work I got it fixed at a local shop, as there are no Apple stores in Macedonia. They repaired the screen and home button, and it worked perfectly.” He says he thought no more about it, until he was sent the standard notification by Apple inviting him to install the latest software. He accepted the upgrade, but within seconds the phone was displaying “error 53” and was, in effect, dead.Now that is scummy.
good roundup of real-world clock skew links
A critique of the “Redlock” locking algorithm from Redis by Martin Kleppman. antirez responds here: http://antirez.com/news/101
looks reasonably usable, although EMR’s crappy UI is still an issue
Awesome post from Dan Luu with data from Google:
The cause [of some mystery widespread 250ms hangs] was kernel throttling of the CPU for processes that went beyond their usage quota. To enforce the quota, the kernel puts all of the relevant threads to sleep until the next multiple of a quarter second. When the quarter-second hand of the clock rolls around, it wakes up all the threads, and if those threads are still using too much CPU, the threads get put back to sleep for another quarter second. The phase change out of this mode happens when, by happenstance, there aren’t too many requests in a quarter second interval and the kernel stops throttling the threads. After finding the cause, an engineer found that this was happening on 25% of disk servers at Google, for an average of half an hour a day, with periods of high latency as long as 23 hours. This had been happening for three years. Dick Sites says that fixing this bug paid for his salary for a decade. This is another bug where traditional sampling profilers would have had a hard time. The key insight was that the slowdowns were correlated and machine wide, which isn’t something you can see in a profile.
Looks like GCM now offers a way to determine if a message got delivered, via the GCM diagnostics console
I can confirm, there is a help forum from the “deutsche telekom”, they say there is a feature called MEC (it’s mainly for setting phone parameters to match their network), active on all their SIM cards, which is not correctly handled by any of the OnePlus Devices (one, two, x) so it writes constantly to flash memory, killing it arround 100.000 writes which is 3-6 weeks.(via Mike Walsh on the Irish tech slack)
As the economist Emily Oster pointed out in her 2013 book Expecting Better, there is also no “proven safe” level of Tylenol or caffeine, and yet both are fine in moderation during pregnancy. Oster pored through reams of research on alcohol and pregnancy for her book and concluded that there is simply no scientific evidence that light drinking during pregnancy impacts a baby’s health. (In one frequently cited 2001 study that suggested light drinking in pregnancy increases the chances of a child displaying aggressive behaviors, the drinkers were also significantly likelier to have taken cocaine during pregnancy.)My wife also followed the paper trail on this issue in the past. In the papers from which these recommendations were derived, the level of drinking at which any effects were observed in babies was when women consumed at least *9 units every day* for the entire pregnancy. That’s an entire bottle of wine, daily!
‘“Spam emails are a large proportion of emails seen in SIGINT [signals intelligence],” reads part of a dense document from the Snowden archive, published by Boing Boing on Tuesday. “GCHQ would like to reduce the impact of spam emails on data storage, processing and analysis.”’ (circa 2011). Steganography, anyone? (via Tony Finch)
‘Lawyers for [a Hungarian news] site said the comments concerned had been taken down as soon as they were flagged. They said making their clients liable for everything readers posted “would have serious adverse repercussions for freedom of expression and democratic openness in the age of Internet”. The ECHR agreed. “Although offensive and vulgar, the incriminated comments did not constitute clearly unlawful speech; and they certainly did not amount to hate speech or incitement to violence,” the judges wrote.’
quine.zip, quine.gz, and quine.tar.gz. Here’s what happens when you mail it through bad AV software: https://twitter.com/FioraAeterna/status/694655296707297281
Great article by Geoff “bldgblog” Manaugh on the ruins of the Nike air-to-air missile emplacements dotted around California. I had absolutely no idea that these — the 1958-era Nike-Hercules missiles, at least — carried 30-kiloton nuclear warheads, intended to be detonated at 50,000 feet *above* the cities they were defending, in order to destroy in-flight bomber formations. Nuclear war was truly bananas.
This is an excellent essay from Cory Doctorow on mass surveillance in the post-Snowden era, and the difference between HUMINT and SIGINT. So much good stuff, including this (new to me) cite for, “Goodhart’s law”, on secrecy as it affects adversarial classification:
The problem with this is that once you accept this framing, and note the happy coincidence that your paymasters just happen to have found a way to spy on everyone, the conclusion is obvious: just mine all of the data, from everyone to everyone, and use an algorithm to figure out who’s guilty. The bad guys have a Modus Operandi, as anyone who’s watched a cop show knows. Find the MO, turn it into a data fingerprint, and you can just sort the firehose’s output into ”terrorist-ish” and ”unterrorist-ish.” Once you accept this premise, then it’s equally obvious that the whole methodology has to be kept from scrutiny. If you’re depending on three ”tells” as indicators of terrorist planning, the terrorists will figure out how to plan their attacks without doing those three things. This even has a name: Goodhart’s law. “When a measure becomes a target, it ceases to be a good measure.” Google started out by gauging a web page’s importance by counting the number of links they could find to it. This worked well before they told people what they were doing. Once getting a page ranked by Google became important, unscrupulous people set up dummy sites (“link-farms”) with lots of links pointing at their pages.
‘Anderson encourages his readers to forward telemarketers to the robot, and is happy to send them recordings of the ensuing conversations. His instructions are below if you’d like to give it a shot.’
The only possible deal that is immediately available is where the European Commission agrees a politically expeditious but legally untenable deal, creating a time bomb rather than a durable deal, to the benefit of no one. In absence of reforms before an agreement, individuals’ fundamental rights would remain under threat.
interactive menu selection for the UNIX command line
It seems git’s default behavior in many situations is — despite communicating objectID by content-addressable hashes which should be sufficient to assure some integrity — it may not actually bother to *check* them. Yes, even when receiving objects from other repos. So, enabling these configuration parameters may “slow down” your git operations. The return is actually noticing if someone ships you a bogus object. Everyone should enable these.
Good explanation and scipy code for the birthday paradox and hash collisions
sync up with the Apple product cycle when you’re buying new hardware
After evaluating a number of platforms, including existing open source projects, we were unable to find one that met all of our needs and decided to set about developing a robust and scalable load balancing platform. The requirements were not exactly complex – we needed the ability to handle traffic for unicast and anycast VIPs, perform load balancing with NAT and DSR (also known as DR), and perform adequate health checks against the backends. Above all we wanted a platform that allowed for ease of management, including automated deployment of configuration changes. One of the two existing platforms was built upon Linux LVS, which provided the necessary load balancing at the network level. This was known to work successfully and we opted to retain this for the new platform. Several design decisions were made early on in the project — the first of these was to use the Go programming language, since it provided an incredibly powerful way to implement concurrency (goroutines and channels), along with easy interprocess communication (net/rpc). The second was to implement a modular multi-process architecture. The third was to simply abort and terminate a process if we ended up in an unknown state, which would ideally allow for failover and/or self-recovery.