Abstract: In one embodiment, and apparatus includes an electrical socket for connection with an electrical plug, a sensor for identifying a secure connection between the electrical socket and the electrical plug, and an electronic controller electrically coupled to the electrical socket and comprising a power input for receiving power. The electronic controller is operable to transmit power to the electrical socket upon receiving a signal from the sensor identifying the secure connection between the electrical socket and the electrical plug and shut off or turn on power to the electrical socket upon receiving an external input to the electronic controller. A method is also disclosed herein. The apparatus and method provide an electronic controlled power switch or circuit breaker safety device.

Abstract: A first computing device that provides a first service is configured to securely provide personalized services to a user of a second computing device. The first computing device obtains an authentication token and confirms the proximity of the user associated with the second computing device. The first computing device confirms the proximity of the user by detecting a connection of a physical cable between the first computing device and the second computing device. The first computing device provides the authentication token to the second computing device via the physical cable. The first computing device also authenticates the user of the second computing device and determines a second service available to the user of the second computing device. The first computing device combines the first service with the second service to provide a personalized service to the user at the first computing device.

Abstract: A system and method for mitigating security vulnerabilities of a computer network by detecting a management status of an endpoint computing device attempting to authenticate to one or more computing resources accessible via the computer network includes: detecting an authentication attempt by the endpoint computing device to the computer network; during the authentication attempt, collecting management status indicia from the endpoint computing device, wherein the management status indicia comprise data used to determine a management status of the endpoint computing device; using the management status indicia to identify the management status of the endpoint computing device and identifying the management status of the endpoint computing device; and controlling access to the computer network based on (a) whether the authentication attempt by the endpoint computing device is successful and (b) the identified management status of the endpoint computing device.

Abstract: Techniques and mechanisms for verifying integrity of components within a management component transport protocol (MCTP) server system to detect man-in-the-middle (MITM) attacks and preventing data loss upon detection of MITM attacks. For example, a controller may perform an endpoint discovery process and authenticate endpoints within a rack server system. The controller may send requests to endpoints based on user actions and if no response is received from a particular endpoint, the controller may determine there is a MITM attack and block traffic to the particular endpoint. Additionally, the controller may periodically request measurements from endpoints that are related to the code and configuration area of the endpoints. If the received measurements from a particular endpoint do not match expected values, the controller may determine there is a MITM attack and block traffic to the particular endpoint.

Abstract: According to one or more embodiments of the disclosure, a first autonomous mobile robot (AMR) encounters a second AMR, while navigating a location. The first AMR receives, from the second AMR, a task list of the second AMR. The first AMR determines an adjustment to the task list of the second AMR, based in part on a comparison between the task list of the second AMR and a task list maintained by the first AMR. The first AMR sends, to the second AMR, the adjustment to the task list of the second AMR.

Abstract: Methods are provided for decentralized key negotiation. One method includes initiating, by a first Internet Key Exchange (IKE) node from among a plurality of IKE nodes, a rekeying process for an Internet Protocol Security (IPSec) communication session established with a client device and serviced by a second IKE node from among the plurality of IKE nodes, and in which a first encryption key is used to encrypt traffic. The method further includes obtaining, by the first IKE node from a key value store, information about the IPSec communication session and performing, by the first IKE node, at least a part of the rekeying process in which the first encryption key is replaced with a second encryption key for the IPSec communication session.

Abstract: Embodiments herein describe techniques for conveying performance parameters to client devices using BSS coloring. IEEE 802.11ax introduced BSS color to help with interference between BSSs operating in the same channel or partially overlapping channels in a frequency band. The BSS colors are typically assigned at random. However, in the embodiments herein, the BSS colors can still be relied to help with co-channel interference as intended by IEEE 802.11ax but also can convey performance parameters to the client devices. The AP can leverage the BSS color to convey (or encode) a performance parameter such as radio frequency (RF) conditions, quality of service (QoS) conditions, or a policy of the network in response to expected (or future) conditions to receiving client devices.

Abstract: A method of controlling performance of a wireless device is performed by a node that is in electronic communication with a cellular network. The node includes a processor, a non-transitory memory, and a network interface. The method includes receiving a performance value characterizing a performance of a communication channel between a wireless device and a wireless access point. In some implementations, the wireless device and the cellular network are associated with different radio access technologies (RATs). The method includes determining whether the performance value breaches a performance criterion for the wireless device. The method includes adjusting a first amount of data transmitted to the wireless device from a base station of the cellular network and a second amount of data transmitted to the wireless device from the wireless access point. In some implementations, the combined first and second amounts of data satisfy the performance criterion for the wireless device.

Abstract: According to one or more embodiments of the disclosure, a service deploys a first service connector to a first deployment network of a first organization and a second service connector to a second deployment network of a second organization. The service receives a selected visibility offering by the first organization and a selected visibility intent for the second organization. The service determines a data sharing policy by matching the selected visibility offering by the first organization to the selected visibility intent for the second organization. The service configures the first service connector to capture data specified by the data sharing policy from the first deployment network and provide that data to the second service connector.

Abstract: Techniques for neighborhood management between WiFi and unlicensed spectrum radios. A wireless access point (AP), including a first radio, identifies a neighboring second radio operating using at least a portion of an unlicensed radio spectrum, based on a time that the AP receives a transmission from the second radio using a frequency within the unlicensed radio spectrum. Transmission between the first radio and the second radio is synchronized by identifying a clock offset between a first clock relating to the first radio and a second clock relating to the second radio.

Abstract: A system includes a plurality of network devices comprising a plurality of ports, a power bus connecting the network devices, wherein power is shared between the network devices over the power bus, and a controller for identifying available power and allocating power to the ports. The ports include a plurality of PSE (Power Sourcing Equipment) PoE (Power over Ethernet) ports each operable to transmit power to a device connected to one of the PSE PoE ports, a plurality of PD (Powered Device) PoE ports each operable to receive power from a device connected to one of the PD PoE ports, and a plurality of bi-directional PoE ports each configurable to operate as a PSE PoE port to transmit power to a device connected to one of the bi-directional PoE ports or as a PD PoE port to receive power from the connected device.

Abstract: A Thermal Interface Material (TIM) for chip warpage may be provided. A system may comprise an Integrated Circuit (IC) chip, a Thermal Interface Material (TIM) layer disposed on the IC chip, and a heatsink disposed on the TIM layer. The heatsink may comprise, a plate, a plurality of fins, and at least one TIM storage chamber disposed in the plate between two of the plurality of fins. The at least one TIM storage chamber may be filled with a TIM that is solid at a lower temperature end of a thermal cycle of the IC chip and that is liquid at a higher temperature end of the thermal cycle of the IC chip.

Abstract: An example method for discovering and grouping application endpoints in a network environment is provided and includes discovering endpoints communicating in a network environment, calculating affinity between the discovered endpoints, and grouping the endpoints into separate endpoint groups (EPGs) according to the calculated affinity, each EPG comprising a logical grouping of similar endpoints for applying common forwarding and policy logic according to logical application boundaries. In specific embodiments, the affinity includes a weighted average of network affinity, compute affinity and user specified affinity.

Abstract: An apparatus that includes a module for use in installing a heatsink, the module comprising a fastener, a first indicator member comprising a first visual indicator surface, and a second indicator member comprising a second visual indicator surface, the first and second indicator members defining an opening for receiving the fastener. The first visual indicator surface is visible when the fastener is not fully installed and the second visual indicator surface is visible when the fastener is fully installed. A method for installing the heatsink with the module is also disclosed herein.

Abstract: In one embodiment, a method includes extracting, by a vulnerability scanning tool, a plurality of images from one or more pods running within a cluster. The method also includes determining, by the vulnerability scanning tool, a plurality of unique images from the plurality of images, scanning, by the vulnerability scanning tool, the plurality of unique images in parallel, and detecting, by the vulnerability scanning tool, one or more vulnerabilities within the plurality of unique images in response to scanning the plurality of unique images in parallel. The method further includes determining, by the vulnerability scanning tool, a vulnerability level associated with a pod of the one or more pods and assigning, by the vulnerability scanning tool, the vulnerability level to the pod.

Abstract: Systems, methods, and devices are disclosed for re-routing network traffic directed to a pod device. Traffic is routed from an ingress device towards a first node in communication with multiple pods. In response to the detection of a failure event associated with the first pod, a network device address of the first pod is removed from a routing table. If a packet is received from the ingress device that is destined for a service, the routing table is used to look up a pod for handling a service request associated with the service. A network device address of a second pod is determined based on not finding the network device address of the first pod in the routing table. The packet is then forwarded to the second pod using the second device address before the ingress device knows that the first pod has failed.

Abstract: Techniques for routing service mesh traffic based on whether the traffic is encrypted or unencrypted are described herein. The techniques may include receiving, from a first node of a cloud-based network, traffic that is to be sent to a second node of the cloud-based network and determining whether the traffic is encrypted or unencrypted. If it is determined that the traffic is encrypted, the traffic may be sent to the second node via a service mesh of the cloud-based platform. Alternatively, or additionally, if it is determined that the traffic is unencrypted, the traffic may be sent to the second node via an encrypted tunnel. In some examples, the techniques may be performed at least partially by a program running on the first node of the cloud-based network, such as an extended Berkeley Packet Filter (eBPF) program, and the like.

Abstract: In one embodiment, an illustrative method herein comprises: determining, by a process, for each group of policies configured across a plurality of network devices in a computer network, an information set having a list of all policy components used for each group and which policies within each group have which particular policy components of the list of all policy components used for that group; performing, by the process, a comparative analysis of similarity and component variance on policies within each group based on the information set; deriving, by the process, an overall complexity indicator for each group based on the comparative analysis; and providing, from the process to an assessment interface, a ranking of each group as compared to other groups of policies within the computer network based on their respective overall complexity indicator.

Abstract: Embodiments of the present disclosure are directed to dynamic shadow operations configured to dynamically shadow data-plane resources in a network device. In some embodiments, the dynamic resource shadow operations are used to locally maintain a shadow copy of data plane resources to avoid having to read them through a bus interconnect. In other embodiments, the dynamic shadow framework is used to provide memory protection for hardware resources against SEU failures. The dynamic shadow framework may operate in conjunction with adaptive memory scrubbing operations. In other embodiments, the dynamic shadow infrastructure is used to facilitate fast boot-up and fast upgrade operations.

Abstract: Embodiments herein describe a waveguide crossing that permits at least two optical signals to cross in two different directions. For example, one optical signal can propagate from left to right through the center of the waveguide crossing at the same time a second optical signal propagates up and down through the center of the crossing. In one embodiment, a circular disc is disposed at the center of the waveguide crossing through which the two (or more) optical signals pass. The shape of the circular disc can provide low insertion loss as the respective optical signals propagate between respective pairs of waveguides, as well as minimize cross talk between the two optical signals.