Abstract: Aspects of the invention include creating and starting fast-start container images. A preview image of a container is received at a host computer. The preview image includes a subset of an original image of the container. The preview image of the container is executed, at the host computer, for a workload. Based at least in part on detecting a fault during the executing of the preview image of the container, one of the original image of the container and a portion of the original image not included in the preview image of the container is accessed for continuing execution of the workload.

Abstract: An apparatus receives a signal to perform secure erasure of a storage medium. The apparatus, responsive to reception of the signal, erases the storage medium by performing at least the following operations. An encryption key is erased. The encryption key is stored on the storage medium and is used to encrypt data on the storage medium. The apparatus generates a fake encryption key that is different from the encryption key and stores storing the fake encryption key on the storage medium. The encryption key and/or fake encryption key may be stored on the medium in multiple parts. The encryption key may be generated using random data from the medium. The apparatus may be the storage medium or a computer system that access the storage medium. The erasure can be performed in response to a request by a user. The medium may be an erasure-resistant storage medium.

Abstract: Embodiments for intelligent communication message format automatic correction in a computing system by a processor. An appropriateness of the communication message formats is learned based on a plurality of factors for receiving communication messages from a communication system. A communication message, having one or more errors of a received communication message, may be automatically corrected according to the learned appropriateness of the communication messages.

Abstract: Aspects of the invention include selecting a node for an infrastructure update. The selected node is included in a cluster of nodes executing workloads that include containers. A future workload is prevented from being scheduled on the selected node. A workload currently executing on the selected node is migrated to another node included in the cluster of nodes. Infrastructure code on the selected node is updated, and in response to the updating, the ability to schedule a future workload on the selected node is enabled.

Abstract: A secure filesystem provides write-only access with limited read. The filesystem stores data as an encrypted block on a user machine using a symmetric (active) key, along with metadata including a read condition. While the read condition is valid, local applications can read the data using the active key. When the read condition becomes invalid, the active key is deleted so local applications no longer have access. However, the filesystem encrypts the active key to yield an inactive key, using an RSA public key. The corresponding private key is sent to an authorized party machine, but deleted from the user machine. Thus the user machine is unable to decrypt the inactive key, but the authorized party machine can still read the data by first decrypting the inactive key using the private key to regenerate the active key, and then decrypting the encrypted block using the regenerated active key.

Abstract: Aspects of the invention include selecting a node for an infrastructure update. The selected node is included in a cluster of nodes executing workloads that include containers. A future workload is prevented from being scheduled on the selected node. A workload currently executing on the selected node is migrated to another node included in the cluster of nodes. Infrastructure code on the selected node is updated, and in response to the updating, the ability to schedule a future workload on the selected node is enabled.

Abstract: Aspects of the invention include creating and starting fast-start container images. A preview image of a container is received at a host computer. The preview image includes a subset of an original image of the container. The preview image of the container is executed, at the host computer, for a workload. Based at least in part on detecting a fault during the executing of the preview image of the container, one of the original image of the container and a portion of the original image not included in the preview image of the container is accessed for continuing execution of the workload.

Abstract: Embodiments for intelligent communication message format automatic correction in a computing system by a processor. An appropriateness of the communication message formats is learned based on a plurality of factors for receiving communication messages from a communication system. A communication message, having one or more errors of a received communication message, may be automatically corrected according to the learned appropriateness of the communication messages.

Abstract: A secure filesystem provides write-only access with limited read. The filesystem stores data as an encrypted block on a user machine using a symmetric (active) key, along with metadata including a read condition. While the read condition is valid, local applications can read the data using the active key. When the read condition becomes invalid, the active key is deleted so local applications no longer have access. However, the filesystem encrypts the active key to yield an inactive key, using an RSA public key. The corresponding private key is sent to an authorized party machine, but deleted from the user machine. Thus the user machine is unable to decrypt the inactive key, but the authorized party machine can still read the data by first decrypting the inactive key using the private key to regenerate the active key, and then decrypting the encrypted block using the regenerated active key.

Abstract: An apparatus receives a signal to perform secure erasure of a storage medium. The apparatus, responsive to reception of the signal, erases the storage medium by performing at least the following operations. An encryption key is erased. The encryption key is stored on the storage medium and is used to encrypt data on the storage medium. The apparatus generates a fake encryption key that is different from the encryption key and stores storing the fake encryption key on the storage medium. The encryption key and/or fake encryption key may be stored on the medium in multiple parts. The encryption key may be generated using random data from the medium. The apparatus may be the storage medium or a computer system that access the storage medium. The erasure can be performed in response to a request by a user. The medium may be an erasure-resistant storage medium.

Abstract: A digital rights management (DRM) system and methodology for a Java client implementing a Java Runtime Environment (JRE). The JRE comprises a Java Virtual Machine (JVM) and Java runtime libraries components and is capable of executing a player application for presenting content that can be presented through a Java program (e.g., a Java application, applet, servlet, bean, etc.) and downloaded from a content server to the client. The DRM system includes an acquisition component for receiving downloaded protected contents; and a dynamic rights management layer located between the JRE and player application for receiving requests to view or play downloaded protected contents from the player, and, in response to each request, determining the rights associated with protected content and enabling viewing or playing of the protected contents via the player application if permitted according to the rights.

Abstract: Provides control of the workload, flow control, and concurrency control of a computer system through the use of only external performance monitors. Data collected by external performance monitors are used to build a simple, black box model of the computer system, comprising two resources: a virtual bottleneck resource and a delay resource representing all non-bottleneck resources combined. The service times of the two resource types are two parameters of the black box model. The two parameters are evaluated based on historical data collected by the external performance monitors. The workload capacity that avoids saturation of the bottleneck resource is then determined and used as a control variable by a flow controller to limit the workload on the computer system. The workload may include a mix of traffic classes. In such a case, data is collected, parameters are evaluated and control variables are determined for each of the traffic classes.

Abstract: A method of securely receiving data on a user's system from a web broadcast infrastructure with a plurality of channels. The method comprising receiving promotional metadata from a first web broadcast channel, the promotional metadata related to data available for reception; assembling at least part of the promotional metadata into a promotional offering for review by a user; selecting by a user, data to be received related to the promotional metadata; receiving data from a second web broadcast channel, the data selected from the promotional metadata, and wherein the data has been previously encrypted using a first encrypting key; and receiving the first decrypting key via a computer readable medium, the first decrypting key for decrypting at least some of the data received via the second web broadcast channel. In another embodiment, a method and system to transmit data securely from a web broadcast center is disclosed.

Abstract: A shared markup system and a method are provided for supporting Web co-browsing. Based on the hyper-text markup language (HTML), the markup system is interoperable across different platforms and Web browsers and provides for online annotation, of shared HTML documents, directly within the browser's windows. The annotations created by the markup system are realized using HTML components that are composed dynamically. Synchronization and control of the browser's environment are also provided to achieve uniform participants' views.