Abstract: A system for estimating values of a vector of variables that optimize a function comprising a weighted sum of interactions between the variables; the system comprising a plurality of parallel hardware channels, each arranged to model a contribution of a respective variable to the function, each channel comprising: a signal generator configured to generate a signal modelling a value of the respective variable; a splitter arranged to supply the signal to each of the channels; interaction logic configured to multiply the vector of signals by a vector of weights modelling an interaction between the respective variable and the vector of variables, thereby generating a feedback signal representing the contribution of the respective variable; and a feedback path to return the feedback signal to the signal generator configured to adapt the signal in dependence on the feedback signal, wherein each channel is implemented only using optical components and/or analogue electronic components.

Abstract: A method of reading from a storage medium to recover a group of information sectors, each comprising a respective information payload. The medium stores redundancy data comprising a plurality of separate redundancy codes for the group, each code being a linear sum of terms, each term in the sum being the information payload from a different respective one of the information sectors in the group weighted by a respective coefficient of a set of coefficients for the redundancy code. The method comprises, after the redundancy data has already been stored on the medium: identifying a set of k? information sectors to be recovered; selecting k? of the redundancy codes; determining a square matrix E of the k? information sectors by the k? sets of coefficients of the selected codes; determining a matrix D being a matrix inverse of E; and recovering the k? information payloads from the inverse matrix D.

Abstract: A method of reading from a storage medium to recover a group of information sectors, each comprising a respective information payload. The medium stores redundancy data comprising a plurality of separate redundancy codes for the group, each code being a linear sum of terms, each term in the sum being the information payload from a different respective one of the information sectors in the group weighted by a respective coefficient of a set of coefficients for the redundancy code. The method comprises, after the redundancy data has already been stored on the medium: identifying a set of k? information sectors to be recovered; selecting k? of the redundancy codes; determining a square matrix E of the k? information sectors by the k? sets of coefficients of the selected codes; determining a matrix D being a matrix inverse of E; and recovering the k? information payloads from the inverse matrix D.

Abstract: In various examples there is a telecommunications network access point of a telecommunications network in which the control plane is implemented using a data center comprising a plurality of interconnected computation nodes. The access point comprises a memory holding a log of encapsulated control messages the control messages being messages of a control protocol of the telecommunications network. The access point has a processor configured, for a control message to be sent by the access point to a node in the data center, to: generate a message identifier; encapsulate the control message in a packet of a communications protocol of the data center, add the message identifier to a header of the encapsulated control message; send the encapsulated control message to the node of the data center; and store a record of the encapsulated control message and node of the control plane in the log.

Abstract: In various examples there is a telecommunications network access point of a telecommunications network in which the control plane is implemented using a data center comprising a plurality of interconnected computation nodes. The access point comprises a memory holding a log of encapsulated control messages the control messages being messages of a control protocol of the telecommunications network. The access point has a processor configured, for a control message to be sent by the access point to a node in the data center, to: generate a message identifier; encapsulate the control message in a packet of a communications protocol of the data center, add the message identifier to a header of the encapsulated control message; send the encapsulated control message to the node of the data center; and store a record of the encapsulated control message and node of the control plane in the log.

Abstract: Graph partitioning for massive scale graphs is described, such as for graphs having vertices representing people and edges representing connections between people in a social networking system; or for graphs where the vertices represent other items and the edges represent relationships between the items. In various embodiments a graph data allocator receives a graph vertex and its edges and allocates the vertex to one of a plurality of clusters each associated with one or more computing devices. In various embodiments the allocation is made by optimizing an objective function which takes into account both a cost of edges between clusters and a cost related to sizes of the clusters. In some examples the cost related to sizes of the clusters comprises a convex function applied to each of the cluster sizes. In examples, computations on the graph data are carried out with reduced runtimes and communications cost.

Abstract: In various examples there is a telecommunications network access point of a telecommunications network in which the control plane is implemented using a data center comprising a plurality of interconnected computation nodes. The access point comprises a memory holding a log of encapsulated control messages the control messages being messages of a control protocol of the telecommunications network. The access point has a processor configured, for a control message to be sent by the access point to a node in the data center, to: generate a message identifier; encapsulate the control message in a packet of a communications protocol of the data center, add the message identifier to a header of the encapsulated control message; send the encapsulated control message to the node of the data center; and store a record of the encapsulated control message and node of the control plane in the log.

Abstract: Graph partitioning for massive scale graphs is described, such as for graphs having vertices representing people and edges representing connections between people in a social networking system; or for graphs where the vertices represent other items and the edges represent relationships between the items. In various embodiments a graph data allocator receives a graph vertex and its edges and allocates the vertex to one of a plurality of clusters each associated with one or more computing devices. In various embodiments the allocation is made by optimizing an objective function which takes into account both a cost of edges between clusters and a cost related to sizes of the clusters. In some examples the cost related to sizes of the clusters comprises a convex function applied to each of the cluster sizes. In examples, computations on the graph data are carried out with reduced runtimes and communications cost.

Abstract: A method of communicating over a network between first and second endpoints, one being and the other being a server. The method comprises: establishing a first secure transport layer channel between the first and second endpoints, establishing a second secure transport layer channel between the first endpoint and a middlebox to which the first endpoint is to delegate processing of the traffic sent over the first secure transport layer channel; the first endpoint validating the middlebox via the respective second secure transport layer channel, and on condition of said validation sharing the encryption key of the first channel with the middlebox via the second secure transport layer channel; and causing the traffic sent over the channel to be routed via the middlebox. The method thereby enables the middlebox to process, in the clear, content of the traffic sent over the first channel.

Abstract: In various examples there is a telecommunications network access point of a telecommunications network in which the control plane is implemented using a data center comprising a plurality of interconnected computation nodes. The access point comprises a memory holding a log of encapsulated control messages the control messages being messages of a control protocol of the telecommunications network. The access point has a processor configured, for a control message to be sent by the access point to a node in the data center, to: generate a message identifier; encapsulate the control message in a packet of a communications protocol of the data center, add the message identifier to a header of the encapsulated control message; send the encapsulated control message to the node of the data center; and store a record of the encapsulated control message and node of the control plane in the log.

Abstract: Graph partitioning for massive scale graphs is described, such as for graphs having vertices representing people and edges representing connections between people in a social networking system; or for graphs where the vertices represent other items and the edges represent relationships between the items. In various embodiments a graph data allocator receives a graph vertex and its edges and allocates the vertex to one of a plurality of clusters each associated with one or more computing devices. In various embodiments the allocation is made by optimizing an objective function which takes into account both a cost of edges between clusters and a cost related to sizes of the clusters. In some examples the cost related to sizes of the clusters comprises a convex function applied to each of the cluster sizes. In examples, computations on the graph data are carried out with reduced runtimes and communications cost.

Abstract: A method of communicating over a network between first and second endpoints, one being and the other being a server. The method comprises: establishing a first secure transport layer channel between the first and second endpoints, establishing a second secure transport layer channel between the first endpoint and a middlebox to which the first endpoint is to delegate processing of the traffic sent over the first secure transport layer channel; the first endpoint validating the middlebox via the respective second secure transport layer channel, and on condition of said validation sharing the encryption key of the first channel with the middlebox via the second secure transport layer channel; and causing the traffic sent over the channel to be routed via the middlebox. The method thereby enables the middlebox to process, in the clear, content of the traffic sent over the first channel.

Abstract: A data center has a plurality of secure processing units; a plurality of data stores holding encrypted data records; and a network connecting the secure processing units and the data stores. The secure processing units comprise computing functionality configured to execute a data processing operation in parallel on the secure processing units by being configured to read encrypted records from the stores, process one or more of the encrypted records within the secure processing units, send one or more of the encrypted records to the stores. The data center is configured to carry out a secret shuffle of the data records to protect the privacy of data processed in the data center from an observer observing any one or more of: the reading of the records, the sending of the records, the writing of the records; the secret shuffle comprising a random permutation of the records hidden from the observer.

Abstract: In various examples there is a telecommunications network access point of a telecommunications network in which the control plane is implemented using a data center comprising a plurality of interconnected computation nodes. The access point comprises a memory holding a log of encapsulated control messages the control messages being messages of a control protocol of the telecommunications network. The access point has a processor configured, for a control message to be sent by the access point to a node in the data center, to: generate a message identifier; encapsulate the control message in a packet of a communications protocol of the data center, add the message identifier to a header of the encapsulated control message; send the encapsulated control message to the node of the data center; and store a record of the encapsulated control message and node of the control plane in the log.

Abstract: Methods of generating filters automatically from data processing jobs are described. In an embodiment, these filters are automatically generated from a compiled version of the data processing job using static analysis which is applied to a high-level representation of the job. The executable filter is arranged to suppress rows and/or columns within the data to which the job is applied and which do not affect the output of the job. The filters are generated by a filter generator and then stored and applied dynamically at a filtering proxy that may be co-located with the storage node that holds the data. In another embodiment, the filtered data may be cached close to a compute node which runs the job and data may be provided to the compute node from the local cache rather than from the filtering proxy.

Abstract: Streaming query resource control is described, for example, to allocate streaming queries to servers in a data center providing a streaming query platform. In various embodiments streaming queries are allocated to servers in a manner seeking to balance load between the servers and also to reduce network traffic costs between data stream sources and the servers. In various examples, query types are taken into account, where a query type is the identity of one or more data stream sources used by the query, and optionally also traffic rates of the data stream sources. In some examples, processes for allocating incoming queries in an online fashion are described and in some examples, processes for allocating queries in an offline fashion are described. In examples, a network traffic cost metric is used which takes into account an incremental network traffic cost of adding a given query at a server.

Abstract: Methods for enforcing confidentiality and integrity of code and data while running the code over the data in a distributed computing system are described. In an embodiment each machine which processes data within the system provides a secure sub-system which is protected from other parts of the machine and which receives encrypted data and encrypted code, processes the data using the received code and outputs encrypted data. When establishing the secure sub-systems, keys are exchanged between the client and secure sub-systems and the secure sub-systems provide an attestation confirming the identity of the code running in the secure sub-systems and confirming that the code is running on genuine secure sub-systems. In another embodiment a data-flow computation system is described in which chunks of input data, each comprising an identifier, are authenticated/encrypted. The identifiers are used within the system to confirm that each chunk is processed exactly once.

Abstract: The invention provides methods of encoding content for distribution over a network and methods for decoding encoded content which has been distributed over the network. In a first example in which the content is divided into a plurality of segments and each segment comprising a plurality of blocks of data, the method comprises selecting a segment from the plurality of segments and selecting at least two blocks of the selected segment from a store of blocks. A new encoded block is created from a linear combination of the selected blocks.

Abstract: A data center has a plurality of secure processing units; a plurality of data stores holding encrypted data records; and a network connecting the secure processing units and the data stores. The secure processing units comprise computing functionality configured to execute a data processing operation in parallel on the secure processing units by being configured to read encrypted records from the stores, process one or more of the encrypted records within the secure processing units, send one or more of the encrypted records to the stores. The data center is configured to carry out a secret shuffle of the data records to protect the privacy of data processed in the data center from an observer observing any one or more of: the reading of the records, the sending of the records, the writing of the records; the secret shuffle comprising a random permutation of the records hidden from the observer.

Abstract: Streaming query resource control is described, for example, to allocate streaming queries to servers in a data center providing a streaming query platform. In various embodiments streaming queries are allocated to servers in a manner seeking to balance load between the servers and also to reduce network traffic costs between data stream sources and the servers. In various examples, query types are taken into account, where a query type is the identity of one or more data stream sources used by the query, and optionally also traffic rates of the data stream sources. In some examples, processes for allocating incoming queries in an online fashion are described and in some examples, processes for allocating queries in an offline fashion are described. In examples, a network traffic cost metric is used which takes into account an incremental network traffic cost of adding a given query at a server.