Abstract: Dynamic, client-specific retrieval of data can be performed for edge devices using data services. For example, a system can receive a data request from a client device. The data request can include a type of data and one or more parameters for the type of data. In response to receiving the data request, the system can further detect data services that include the type of data. Additionally, the system can generate application programming interface (API) contracts. Each of the API contracts can define a communication protocol between the client device and each of the data services. The system can also deploy a deployable object, which may include the API contracts, on the client device to cause the client device to receive data satisfying the data request from each of the data services.

Abstract: Execution of software applications can be controlled based on application profiles to facilitate safety compliance. For example, a system can execute a test suite to identify a function call of a software application that is associated with a functional safety standard issued by a standard-setting organization. In response to identifying the function call, the system can generate a risk score for the function call. The risk score can indicate a likelihood of the function call causing non-compliance with the functional safety standard. The system can further generate an application profile including a permission for the software application based on the risk score. The permission may disable the function call of the software application. The system may then execute the software application based on the application profile. As a result, execution of the software application can comply with the functional safety standard.

Abstract: Cloud networks can be dynamically deployed for edge computing environments. For example, a control plane of a computing environment can detect a set of device identifiers and a set of priority levels for data transmitted by a set of edge devices in the computing environment. Each device identifier can correspond to an edge device in the set of edge devices. A network deployment service of the control plane can determine a network weight for the set of edge devices based on a set of device identifiers and the set of priority levels. The network deployment service can determine an adjustment to a virtual gateway based on the network weight. The virtual gateway can transmit data from the set of edge devices to a compute node in the computing environment. The network deployment service can execute the adjustment to the virtual gateway.

Abstract: Techniques described herein relate to supporting legacy input/output (I/O) device functionality for virtual machines. For example, an I/O device can be communicatively coupled to a computing system. The I/O device may have an actual identification number. The I/O device may expose a window of I/O device memory to the computing system. The window of I/O device memory may be associated with a virtual I/O port that has a virtual identification number that differs from the actual identification number. An intermediate driver executed by the computing system can expose the window of I/O device memory to a virtual machine. the intermediate driver can map, for the virtual machine, access to the virtual I/O port via the window of I/O device memory using the virtual identification number. The virtual machine can, based on the mapping, transmit an access request to the window of I/O device memory via the virtual I/O port.

Abstract: System and method for running virtual machines within containers. An example method may include: running, by a host computer system, a hypervisor managing a first virtual machine implemented by a first container with a first set of resources, creating, by the hypervisor, a second container implementing the second virtual machine, wherein the second container is nested within the first container, determining, by the first virtual machine of the first container, one or more of the first set of resources to assign to the second container, and assigning, by the hypervisor, to the second container one or more of the first set of resources.

Abstract: Systems and methods are disclosed for partitioning a rules engine. An example method includes receiving a specification for a rules engine comprising a plurality of nodes. The method also includes identifying two or more partitions of the rules engine, wherein the two or more partitions comprise a first partition with a first node and at least a second partition with a second node. Each partition is connected to a root node of the rules engine and wherein the first node of the first partition is connected by an edge to the second node of the second partition. The method also includes instantiating the first partition in a first computational device, instantiating the second partition in a second computational device, and configuring a network communication channel between the first node of the first partition and the second node of the second partition.

Abstract: Receive a first electronics control unit (ECU) profile, the first ECU profile comprising a first set of services. Switch execution, on an ECU, by a processing device, to the first ECU profile from a second ECU profile, the second ECU profile comprising a second set of services, wherein an intersection of the first set of services and the second set of services comprises a third set of services. Start, on the ECU, a set of services included in the first ECU profile and not included in the third set of services.

Abstract: Systems and methods for a delta based task analysis in CI systems are disclosed. The systems and methods analyze a first job, which includes multiple first tasks, and a second job, which includes multiple second tasks. The systems and methods identify a set of different tasks between the first tasks and the second tasks. The systems and methods then create a third job based on the set of different tasks, which includes metadata corresponding to the first job and the second job. The systems and method execute the first job and the third job, which completes the second job based on the metadata included in the third job.

Abstract: Terms of a SLA between a user device of a computing system and a service provider of the computing system are identified. The service provider is to provide a service to the user device in accordance with the terms of the SLA. The terms are translated into a sequence of instructions corresponding to a smart contract, where the smart contract is to provide the user device with a service credit based on an availability of a service for the time interval and in accordance with the SLA. The sequence of instructions is transmitted to a first node of a distributed ledger network. Availability data indicating an availability of the service at the user device during each time period of a time interval is obtained. The availability data is provided to a second node of the distributed ledger network to cause the second node to execute the sequence of instructions.

Abstract: Systems, methods, and apparatuses for determining a cause of an error in a computing environment, such as a permission denied error in a linux computing environment, are provided herein. An example method comprises executing an application in a linux environment, monitoring a plurality of linux subsystems and functions via an instrumentation inserted on a kernel, and responsive to a failure of the application, providing a summary of a cause of the failure based upon the monitoring of the linux subsystems and functions.

Abstract: Some examples of the present disclosure relate to risk analysis of test failures that occurred during a testing phase of a continuous integration pipeline. In one particular example, a system can detect a failure of a test during a testing phase of a continuous integration pipeline. The testing phase can involve executing a group of tests in a plurality of configurations prior to merging an update to source code into a code base of a software application. Based on detecting the failure of the test during the testing phase, the system can access historical data associated with prior executions of the test, determine a risk score associated with the failure of the test based on the historical data, and perform an action associated with the source code based on the risk score.

Abstract: A system can be provided for deploying bare metal clusters that satisfy custom resource requests. For example, the system can receive from a client device, a custom resource request. The custom resource request can include a set of requirements for a bare metal cluster. The set of requirements can include a number of nodes for the bare metal cluster. The system can determine a set of resources that satisfies the set of requirements. The set of resources can include virtual Internet Protocol (IP) addresses and a set of baseband management controller (BMC) IP addresses. A number of BMC IP addresses in the set of BMC IP addresses can be equal to the number of nodes for the bare metal cluster. Additionally, the system can generate, based on the set of resources, a configuration file for the bare metal cluster and deploy, based on the configuration file, the bare metal cluster.

Abstract: A method and system may operate a neural network (NN), e.g. during inference or training, by executing a first tensor column comprising task instruction code representing at least one computation spanning a number of layers of the NN, the execution producing an output, and compressing that output. In order to execute a next tensor column, the output may be uncompressed to produce uncompressed output; and the second tensor column may be executed, the second tensor column including task instruction code representing at least one computation spanning a number of layers of the NN. The second tensor column may take as input the uncompressed output.

Abstract: Techniques for signing a package manager file are disclosed. An example method includes receiving, at a signing client, a package manager file and a signing request to cryptographically sign the package manager file. The package manager file includes a header and a payload. The method also includes inspecting the header of the package manager file to determine whether the header includes a digest comprising a hash of the payload. Responsive to determining that the header does include the digest, the method also includes sending the header from the signing client to a signing server without sending the payload, and receiving a signed header from the signing server.

Abstract: The present disclosure is a new and innovative system, methods and apparatus live storage migration. In an example, a system includes a memory and processor in communication with the memory. The processor is configured to receive a request to perform live storage migration of a guest managed by a source hypervisor on a source machine to a destination machine. The guest is configured to store data in blocks of block storage. The source hypervisor, executing on the processor, receives a hint for each block of data in block storage of the guest via an agent of the guest, wherein the hint relates to properties of a specific block of data. The source hypervisor then determines an efficient prioritization that identifies which blocks to copy and in what order as a part of the live storage migration based on the hints received from the agent. The source hypervisor then copies the blocks of data identified for copying in the migration based on the prioritization, saving time and computational resources.

Abstract: A kernel monitor can be used to mitigate ransomware activity of a host system. In some aspects, a computing system can use the kernel monitor to monitor a set of system calls generated by the host system within a time window to perform a functionality. The kernel monitor can include a respective kernel program monitoring each system call in the set of system calls. The set of system calls can be filtered by the kernel monitor to identify a subset of system calls associated with encrypting a filesystem of the host system. The computing system can determine that the subset of system calls is indicative of ransomware activity associated with the host system based on the subset of system calls exceeding a predefined threshold. Subsequently, the computing system can perform a mitigation operation to mitigate the ransomware activity.

Abstract: Access to a physical device associated with a computing system can be shared with multiple virtual machines by delegating control of the physical device to a primary virtual machine (PVM). In some aspects, a virtual machine monitor (VMM) of the computing system can generate a hardware description that describes the physical device. The VMM can initiate the PVM, which can use the hardware description to acquire control of the physical device from a host kernel of the computing system. The VMM can delegate control of the physical device from the host kernel to the PVM. After control of the physical device is delegated to the PVM, the PVM is configured to perform a device sharing process to share access to the physical device with the SVM.

Abstract: A method includes receiving, from a first container of a plurality of virtualized computing entities, a request to diagnose a first network connectivity malfunction associated with the first container. The method further includes identifying a first package of the plurality of packages based on data associated with the first container satisfying at least one criterion of the plurality of criteria.

Abstract: Systems and methods for automated targeted patching of a target system. In one embodiment the present disclosure includes a method for compiling binary files from a source code package; running a diff tool to determine differences between the binary files and an application already installed on a target system; generating, based on the determined differences, a patch that includes at least one file to be installed on the target system; generating, a mapping file, the mapping file including information on where the at least one file will be installed on the target system; combining, the mapping file and the patch into a patch package; and installing the patch package on the target system.

Abstract: A method includes selecting a guest address of an address space of a virtual machine for optimizing memory mapped input/output (MMIO) emulation and initializing a page modification log associated with the virtual machine as full. The method further includes receiving an access of the guest address by the virtual machine and, in response to receiving the access to the guest address, triggering a page modification log full event, and exiting to a hypervisor of the virtual machine to perform a task associated with the guest address.