Abstract: Methods, systems, and computer programs are presented for enabling any sandboxed user-defined function code to securely access the Internet via a cloud data platform. A remote procedure call is received by a cloud data platform from a user-defined function (UDF) executing within a sandbox process. The UDF includes code related to at least one operation to be performed. The cloud data platform provides an overlay network to establish a secure egress path for UDF external access. The cloud data platform enables the UDF executing in the sandbox process to initiate a network call.

Abstract: A method for tracing function execution includes instantiating, by at least one hardware processor of a computing node, a user code runtime configured with access to an operating system (OS) kernel of the computing node. The user code runtime is configured with a first set of filtering policies associated with a first set of allowed system calls. The OS kernel is configured with a second set of filtering policies associated with a second set of allowed system calls. A system call initiated by the user code runtime is detected to violate one or both of the first set of allowed system calls and the second set of allowed system calls. A trace of the system call is initiated based on the detecting.

Abstract: A method for tracing function execution includes instantiating, by at least one hardware processor of a computing node, a user-defined function (UDF) server associated with a plurality of configurations. A plurality of child processes of the UDF server are instantiated using the plurality of configurations. A filtering process is configured at an operating system (OS) kernel of the computing node using a child process of the plurality of child processes. The filtering process includes a set of system call categories and a corresponding set of filtering policies. A system call received at the OS kernel and associated with a system call category of the set of system call categories is detected to violate a corresponding filtering policy of the set of filtering policies. A tracing event of the system call is initiated based on the detecting.

Abstract: A method for tracing function execution includes instantiating, by at least one hardware processor of a computing node, a user code runtime configured with access to an operating system (OS) kernel of the computing node. The user code runtime is configured with a first set of filtering policies associated with a first set of allowed system calls. The OS kernel is configured with a second set of filtering policies associated with a second set of allowed system calls. A system call initiated by the user code runtime is detected to violate one or both of the first set of allowed system calls and the second set of allowed system calls. A trace of the system call is initiated based on the detecting.

Abstract: A system includes at least one hardware processor of a computing node and at least one memory storing instructions that cause the at least one hardware processor to perform operations. The operations include instantiating a user code runtime to execute within a sandbox process. The sandbox process configures access by the user code runtime to an operating system (OS) kernel of the computing node. The OS kernel is configured with one or more filtering policies. A determination is performed of whether a system call received by the OS kernel violates the one or more filtering policies. The system call is triggered by at least one operation of the user code runtime. A tracing event is instantiated to trace execution of the system call based on the determination.

Abstract: A system includes at least one hardware processor of a computing node and at least one memory storing instructions that cause the at least one hardware processor to perform operations. The operations include instantiating a user code runtime to execute within a sandbox process. The sandbox process configures access by the user code runtime to an operating system (OS) kernel of the computing node. The OS kernel is configured with one or more filtering policies. A determination is performed of whether a system call received by the OS kernel violates the one or more filtering policies. The system call is triggered by at least one operation of the user code runtime. A tracing event is instantiated to trace execution of the system call based on the determination.

Abstract: A shared database platform can interface with a cluster computing platform over a network through a connector. The data transferred over the network can include metadata result packages that can be distributed to worker nodes of the cluster computing platform, which receive the metadata objects and access the result data for further processing on a staging platform, such as a scalable storage platform.

Abstract: Provided herein are systems and methods for tracing and tracing supervision of UDFs in a database system. For example, a method includes receiving a user-defined function (UDF), the UDF including code related to at least one operation to be performed. A user code runtime is instantiated to execute the code of the UDF as a child process. The user code runtime includes a filtering process configured with a plurality of filtering policies. A system call of the at least one operation is detected based on a notification from an operating system (OS) manager, the notification identifying the system call. A determination is made on whether performing the system call is permitted based on the plurality of filtering policies. A report is generated based on the determining.

Abstract: A shared database platform can interface with a cluster computing platform over a network through a connector. The data transferred over the network can include metadata result packages that can be distributed to worker nodes of the cluster computing platform, which receive the metadata objects and access the result data for further processing on a staging platform, such as a scalable storage platform.

Abstract: The subject technology receives, in a computing process, a user defined function, the user defined function including code related to at least one operation to be performed. The subject technology determines by a security manager whether performing the at least one operation is permitted, the security manager determines restrictions, based at least in part on a security policy. The subject technology performs the at least one operation. The subject technology sends a result of the at least one operation to the computing process, where sending the result of the at least one operation utilizes a data transport mechanism that supports a network transfer of columnar data.

Abstract: A shared database platform can interface with a cluster computing platform over a network through a connector. The data transferred over the network can include metadata result packages that can be distributed to worker nodes of the cluster computing platform, which receive the metadata objects and access the result data for further processing on a staging platform, such as a scalable storage platform.

Abstract: The subject technology receives, in a computing process, a user defined function, the user defined function including code related to at least one operation to be performed. The subject technology determines by a security manager whether performing the at least one operation is permitted, the security manager determines restrictions, based at least in part on a security policy. The subject technology performs the at least one operation. The subject technology sends a result of the at least one operation to the computing process, where sending the result of the at least one operation utilizes a data transport mechanism that supports a network transfer of columnar data.

Abstract: The subject technology receives, in a first computing process, a user defined function, the user defined function including code related to at least one operation to be performed. The subject technology sends a request based at least in part on the at least one operation to a second computing process to perform. The subject technology determines, by a security manager executing within the second computing process, whether performing the at least one operation is permitted, the security manager determines restrictions, based at least in part on a security policy, on operations executing within a sandbox environment provided by the second computing process. The subject technology performs, in the second computing process, the at least one operation, the security manager executing within the second computing process.

Abstract: A shared database platform can interface with a cluster computing platform over a network through a connector. The data transferred over the network can include metadata result packages that can be distributed to worker nodes of the cluster computing platform, which receive the metadata objects and access the result data for further processing on a staging platform, such as a scalable storage platform.

Abstract: The subject technology receives, in a first computing process, a user defined function, the user defined function including code related to at least one operation to be performed. The subject technology sends a request based on the at least one operation to a second computing process to perform, the second computing process being different than the first computing process and comprising a sandbox for executing the at least one operation. The subject technology receives, by the second computing process, the request. The subject technology determines, using at least a security policy, whether performing the at least one operation is permitted. The subject technology performs, in the second computing process, the least one operation. The subject technology sends, by the second computing process, a result of the at least one operation to the first computing process.

Abstract: A shared database platform can interface with a cluster computing platform over a network through a connector. The data transferred over the network can include metadata result packages that can be distributed to worker nodes of the duster computing platform, which receive the metadata objects and access the result data for further processing on a staging platform, such as a scalable storage platform.

Abstract: Systems and methods provide for removing and/or hiding the negative effects of at least some of the latency between, e.g., detection of motion of a device such as a three-dimensional (3D) pointing device and corresponding redrawing of the cursor on a display. A method for masking latency associated with displaying a cursor on a display includes: receiving data associated with motion of an input device at a first time; using the data to determine a cursor position associated with the first time; determining a predicted cursor position at a future time relative to the first time using the determined cursor position; and displaying the cursor on the display at a position based on the predicted cursor position.

Abstract: An embodiment in accordance with the present invention includes a smartphone based platform that can be used to objectively and remotely measure aspects related to PD (e.g., voice, balance, dexterity, gait, and reaction time), activities of daily living, and PD medicine response. The present invention includes a unified PD-specific remote monitoring platform that incorporates both active and passive tests to provide high frequency monitoring of symptoms and activities of daily living related to PD and medicine response. The platform of the present invention does not require specialized medical hardware.

Abstract: Systems and methods provide for removing and/or hiding the negative effects of at least some of the latency between, e.g., detection of motion of a device such as a three dimensional (3D) pointing device and corresponding redrawing of the cursor on a display. A method for masking latency associated with displaying a cursor on a display includes: receiving data associated with motion of an input device at a first time; using the data to determine a cursor position associated with the first time; determining a predicted cursor position at a future time relative to the first time using the determined cursor position; and displaying the cursor on the display at a position based on the predicted cursor position.