Abstract: Analog system and method for implementing an iterative neural network based model, the system comprising analog vector-by-matrix multiplication circuitry encoding a matrix of weights of an iterative neural network-based model, and analog nonlinearity circuitry encoding a non-linear function arranged in a feedback loop configured to return the output signals from the nonlinearity circuitry as inputs to the vector-by-matrix multiplication circuitry, wherein the system is configured to output a solution vector of values of the iterative neural network based model on convergence of the system.

Abstract: Apparatus for performing vector-by-vector multiplication in an optical domain, comprising: a plurality of light signal generators, each arranged to emit a beam of light having a different respective carrier wavelength modulated with an input signal modelling a respective variable of a vector of variables; one or more sets of light modulator elements, wherein each light modulator element in each set is arranged to receive the beam of light modulated with a different one of said input signals, and apply a corresponding weight from a vector of weights in order to produce a weighted optical signal; a respective photosensor element for each of said sets; and one or more optical combining elements arranged to direct the weighted optical signals of each set onto the respective photosensor element and thereby produce a respective output in the form of an analogue electronic signal summing the weighted optical signals of the respective set.

Abstract: A system for performing optical vector multiplication, the system comprising one or more channels, each comprising: a light signal generator arranged to generate a respective optical signal; an optical vector multiplier arranged to receive a vector of optical signals including the respective optical signal, and multiply by a respective vector of weights in the optical domain, each optical signal having a modulated amplitude modelling a value of a respective variable from a vector of variables, and the weights modelling interactions between the variables; and a light detector arranged to detect an intensity of a resulting output of the respective optical vector multiplier by incoherent detection, thereby generating an analogue intensity signal taking only take positive values; and a respective differentiator configured to subtract a respective DC offset signal from the analogue intensity signal, to produce a respective analogue electronic output signal on a scale having positive and negative values.

Abstract: A system for estimating values of a vector of variables that optimize a function comprising a weighted sum of interactions between the variables; the system comprising a plurality of parallel hardware channels, each arranged to model a contribution of a respective variable to the function, each channel comprising: a signal generator configured to generate a signal modelling a value of the respective variable; a splitter arranged to supply the signal to each of the channels; interaction logic configured to multiply the vector of signals by a vector of weights modelling an interaction between the respective variable and the vector of variables, thereby generating a feedback signal representing the contribution of the respective variable; and a feedback path to return the feedback signal to the signal generator configured to adapt the signal in dependence on the feedback signal, wherein each channel is implemented only using optical components and/or analogue electronic components.

Abstract: A method of reading from a storage medium to recover a group of information sectors, each comprising a respective information payload. The medium stores redundancy data comprising a plurality of separate redundancy codes for the group, each code being a linear sum of terms, each term in the sum being the information payload from a different respective one of the information sectors in the group weighted by a respective coefficient of a set of coefficients for the redundancy code. The method comprises, after the redundancy data has already been stored on the medium: identifying a set of k? information sectors to be recovered; selecting k? of the redundancy codes; determining a square matrix E of the k? information sectors by the k? sets of coefficients of the selected codes; determining a matrix D being a matrix inverse of E; and recovering the k? information payloads from the inverse matrix D.

Abstract: A method of reading from a storage medium to recover a group of information sectors, each comprising a respective information payload. The medium stores redundancy data comprising a plurality of separate redundancy codes for the group, each code being a linear sum of terms, each term in the sum being the information payload from a different respective one of the information sectors in the group weighted by a respective coefficient of a set of coefficients for the redundancy code. The method comprises, after the redundancy data has already been stored on the medium: identifying a set of k? information sectors to be recovered; selecting k? of the redundancy codes; determining a square matrix E of the k? information sectors by the k? sets of coefficients of the selected codes; determining a matrix D being a matrix inverse of E; and recovering the k? information payloads from the inverse matrix D.

Abstract: In various examples there is a telecommunications network access point of a telecommunications network in which the control plane is implemented using a data center comprising a plurality of interconnected computation nodes. The access point comprises a memory holding a log of encapsulated control messages the control messages being messages of a control protocol of the telecommunications network. The access point has a processor configured, for a control message to be sent by the access point to a node in the data center, to: generate a message identifier; encapsulate the control message in a packet of a communications protocol of the data center, add the message identifier to a header of the encapsulated control message; send the encapsulated control message to the node of the data center; and store a record of the encapsulated control message and node of the control plane in the log.

Abstract: In various examples there is a telecommunications network access point of a telecommunications network in which the control plane is implemented using a data center comprising a plurality of interconnected computation nodes. The access point comprises a memory holding a log of encapsulated control messages the control messages being messages of a control protocol of the telecommunications network. The access point has a processor configured, for a control message to be sent by the access point to a node in the data center, to: generate a message identifier; encapsulate the control message in a packet of a communications protocol of the data center, add the message identifier to a header of the encapsulated control message; send the encapsulated control message to the node of the data center; and store a record of the encapsulated control message and node of the control plane in the log.

Abstract: Graph partitioning for massive scale graphs is described, such as for graphs having vertices representing people and edges representing connections between people in a social networking system; or for graphs where the vertices represent other items and the edges represent relationships between the items. In various embodiments a graph data allocator receives a graph vertex and its edges and allocates the vertex to one of a plurality of clusters each associated with one or more computing devices. In various embodiments the allocation is made by optimizing an objective function which takes into account both a cost of edges between clusters and a cost related to sizes of the clusters. In some examples the cost related to sizes of the clusters comprises a convex function applied to each of the cluster sizes. In examples, computations on the graph data are carried out with reduced runtimes and communications cost.

Abstract: In various examples there is a telecommunications network access point of a telecommunications network in which the control plane is implemented using a data center comprising a plurality of interconnected computation nodes. The access point comprises a memory holding a log of encapsulated control messages the control messages being messages of a control protocol of the telecommunications network. The access point has a processor configured, for a control message to be sent by the access point to a node in the data center, to: generate a message identifier; encapsulate the control message in a packet of a communications protocol of the data center, add the message identifier to a header of the encapsulated control message; send the encapsulated control message to the node of the data center; and store a record of the encapsulated control message and node of the control plane in the log.

Abstract: Graph partitioning for massive scale graphs is described, such as for graphs having vertices representing people and edges representing connections between people in a social networking system; or for graphs where the vertices represent other items and the edges represent relationships between the items. In various embodiments a graph data allocator receives a graph vertex and its edges and allocates the vertex to one of a plurality of clusters each associated with one or more computing devices. In various embodiments the allocation is made by optimizing an objective function which takes into account both a cost of edges between clusters and a cost related to sizes of the clusters. In some examples the cost related to sizes of the clusters comprises a convex function applied to each of the cluster sizes. In examples, computations on the graph data are carried out with reduced runtimes and communications cost.

Abstract: A method of communicating over a network between first and second endpoints, one being and the other being a server. The method comprises: establishing a first secure transport layer channel between the first and second endpoints, establishing a second secure transport layer channel between the first endpoint and a middlebox to which the first endpoint is to delegate processing of the traffic sent over the first secure transport layer channel; the first endpoint validating the middlebox via the respective second secure transport layer channel, and on condition of said validation sharing the encryption key of the first channel with the middlebox via the second secure transport layer channel; and causing the traffic sent over the channel to be routed via the middlebox. The method thereby enables the middlebox to process, in the clear, content of the traffic sent over the first channel.

Abstract: In various examples there is a telecommunications network access point of a telecommunications network in which the control plane is implemented using a data center comprising a plurality of interconnected computation nodes. The access point comprises a memory holding a log of encapsulated control messages the control messages being messages of a control protocol of the telecommunications network. The access point has a processor configured, for a control message to be sent by the access point to a node in the data center, to: generate a message identifier; encapsulate the control message in a packet of a communications protocol of the data center, add the message identifier to a header of the encapsulated control message; send the encapsulated control message to the node of the data center; and store a record of the encapsulated control message and node of the control plane in the log.

Abstract: Graph partitioning for massive scale graphs is described, such as for graphs having vertices representing people and edges representing connections between people in a social networking system; or for graphs where the vertices represent other items and the edges represent relationships between the items. In various embodiments a graph data allocator receives a graph vertex and its edges and allocates the vertex to one of a plurality of clusters each associated with one or more computing devices. In various embodiments the allocation is made by optimizing an objective function which takes into account both a cost of edges between clusters and a cost related to sizes of the clusters. In some examples the cost related to sizes of the clusters comprises a convex function applied to each of the cluster sizes. In examples, computations on the graph data are carried out with reduced runtimes and communications cost.

Abstract: A method of communicating over a network between first and second endpoints, one being and the other being a server. The method comprises: establishing a first secure transport layer channel between the first and second endpoints, establishing a second secure transport layer channel between the first endpoint and a middlebox to which the first endpoint is to delegate processing of the traffic sent over the first secure transport layer channel; the first endpoint validating the middlebox via the respective second secure transport layer channel, and on condition of said validation sharing the encryption key of the first channel with the middlebox via the second secure transport layer channel; and causing the traffic sent over the channel to be routed via the middlebox. The method thereby enables the middlebox to process, in the clear, content of the traffic sent over the first channel.

Abstract: A data center has a plurality of secure processing units; a plurality of data stores holding encrypted data records; and a network connecting the secure processing units and the data stores. The secure processing units comprise computing functionality configured to execute a data processing operation in parallel on the secure processing units by being configured to read encrypted records from the stores, process one or more of the encrypted records within the secure processing units, send one or more of the encrypted records to the stores. The data center is configured to carry out a secret shuffle of the data records to protect the privacy of data processed in the data center from an observer observing any one or more of: the reading of the records, the sending of the records, the writing of the records; the secret shuffle comprising a random permutation of the records hidden from the observer.

Abstract: In various examples there is a telecommunications network access point of a telecommunications network in which the control plane is implemented using a data center comprising a plurality of interconnected computation nodes. The access point comprises a memory holding a log of encapsulated control messages the control messages being messages of a control protocol of the telecommunications network. The access point has a processor configured, for a control message to be sent by the access point to a node in the data center, to: generate a message identifier; encapsulate the control message in a packet of a communications protocol of the data center, add the message identifier to a header of the encapsulated control message; send the encapsulated control message to the node of the data center; and store a record of the encapsulated control message and node of the control plane in the log.

Abstract: Streaming query resource control is described, for example, to allocate streaming queries to servers in a data center providing a streaming query platform. In various embodiments streaming queries are allocated to servers in a manner seeking to balance load between the servers and also to reduce network traffic costs between data stream sources and the servers. In various examples, query types are taken into account, where a query type is the identity of one or more data stream sources used by the query, and optionally also traffic rates of the data stream sources. In some examples, processes for allocating incoming queries in an online fashion are described and in some examples, processes for allocating queries in an offline fashion are described. In examples, a network traffic cost metric is used which takes into account an incremental network traffic cost of adding a given query at a server.

Abstract: Methods of generating filters automatically from data processing jobs are described. In an embodiment, these filters are automatically generated from a compiled version of the data processing job using static analysis which is applied to a high-level representation of the job. The executable filter is arranged to suppress rows and/or columns within the data to which the job is applied and which do not affect the output of the job. The filters are generated by a filter generator and then stored and applied dynamically at a filtering proxy that may be co-located with the storage node that holds the data. In another embodiment, the filtered data may be cached close to a compute node which runs the job and data may be provided to the compute node from the local cache rather than from the filtering proxy.

Abstract: Methods for enforcing confidentiality and integrity of code and data while running the code over the data in a distributed computing system are described. In an embodiment each machine which processes data within the system provides a secure sub-system which is protected from other parts of the machine and which receives encrypted data and encrypted code, processes the data using the received code and outputs encrypted data. When establishing the secure sub-systems, keys are exchanged between the client and secure sub-systems and the secure sub-systems provide an attestation confirming the identity of the code running in the secure sub-systems and confirming that the code is running on genuine secure sub-systems. In another embodiment a data-flow computation system is described in which chunks of input data, each comprising an identifier, are authenticated/encrypted. The identifiers are used within the system to confirm that each chunk is processed exactly once.