Abstract: A service provider may deploy a security threat detection and mitigation platform in a multi-tenant virtualization environment that includes pluggable data collection, data analysis, and response components. The data analysis components may apply machine learning techniques to generate (based on training data sets) and refine (based on subsequently received data sets and feedback about the resulting classifications) predictors configured to detect particular types of security threats, such as denial of service attacks, botnets, scans, or remote desktop attacks. A data collection layer may collect, filter, organize, and curate network packet traffic data, network packet header data, or other information emitted by computing instances or applications executing on them, and provide the curated data as streams to the analysis layer.

Abstract: A request to store a container image is received from a device associated with a customer of a computing resource service provider. Validity of a security token associated with the request is authenticated using a cryptographic key maintained as a secret by the computing resource service provider. One or more layers of the container image is built based at least in part on at least one build artifact to form a set of built layers. The software image including the set of built layers is stored in a repository associated with the customer. A manifest of metadata for the set of built layers is stored in a database of a structured data store. The container image is obtained in the form of an obtained container image. The obtained container image is deployed as the software container in at least one virtual machine instance associated with the customer.

Abstract: A service provider may deploy a security threat detection and mitigation platform in a multi-tenant virtualization environment that includes pluggable data collection, data analysis, and response components. The data analysis components may apply machine learning techniques to generate (based on training data sets) and refine (based on subsequently received data sets and feedback about the resulting classifications) predictors configured to detect particular types of security threats, such as denial of service attacks, botnets, scans, or remote desktop attacks. A data collection layer may collect, filter, organize, and curate network packet traffic data, network packet header data, or other information emitted by computing instances or applications executing on them, and provide the curated data as streams to the analysis layer.

Abstract: A request to store, in first data store associated with a customer of a computing resource service provider, a software image is received, the request including a set of layers of the software image to be stored. As a result of successful authentication of the request, based at least in part on a security token included with the request, a subset of layers of the software image that have not previously been stored in the first data store are determined, based at least in part on first metadata obtained from a second data store, the subset of layers in the first data store are stored, second metadata about the subset of layers are stored in the second data store, and the software image is caused to be launched in a software container of an instance based at least in part on the subset of layers.

Abstract: A task definition is received. The task definition indicates at least a location from which one or more software image can be obtained and information usable to determine an amount of resources to allocate to one or more software containers for the one or more software image. A set of virtual machine instances in which to launch the one or more software containers is determined, the one or more software image is obtained from the location included in the task definition and is launched as the one or more of software containers within the set of virtual machine instances.

Abstract: A request to a scan a software image for specified criteria is received, the software image comprising layers stored in a first data store. Metadata in a second data store, different from the first data store, is searched through to obtain information corresponding to the software image. A first set of the layers that matches the specified criteria is determined, based at least in part on the information. The first set of layers is marked as un-referenceable. Asynchronous to fulfillment of the request, a second set of layers of the layers to be deleted is determined, based at least in part on the metadata, the second set of layers including layers marked as un-referenceable, and the second set of layers is deleted.

Abstract: A software image associated with a first customer of a computing resource service provider and criteria for identifying an event is received, the software image comprising a set of layers. The set of layers is stored in a first data store to form a stored set of layers, the first data store being physically located in a first region. The set of layers is copied to a second data store to form a copied set of layers, the second data store being physically located in a second region different from the first region. The copied set of layers is launched as a container executing in an instance that is physically located in the second region, and, as a result of identifying an occurrence of the event, the container is caused to be unavailable to an entity associated with the instance.

Abstract: A task definition is received. The task definition indicates at least a location from which one or more software image can be obtained and information usable to determine an amount of resources to allocate to one or more software containers for the one or more software image. A set of virtual machine instances in which to launch the one or more software containers is determined, the one or more software image is obtained from the location included in the task definition and is launched as the one or more of software containers within the set of virtual machine instances.

Abstract: Techniques for instantiating container instances from a pool of available container instances are described herein. An instance type is determined from a container description such that the instance type satisfies the resource parameters in the container description. An instance of the instance type is selected from a pool of running container instances, the instance is provisioned, and a container is instantiated on the instance.

Abstract: A request to store, in first data store associated with a customer of a computing resource service provider, a software image is received, the request including a set of layers of the software image to be stored. As a result of successful authentication of the request, based at least in part on a security token included with the request, a subset of layers of the software image that have not previously been stored in the first data store are determined, based at least in part on first metadata obtained from a second data store, the subset of layers in the first data store are stored, second metadata about the subset of layers are stored in the second data store, and the software image is caused to be launched in a software container of an instance based at least in part on the subset of layers.

Abstract: A request to a scan a software image for specified criteria is received, the software image comprising layers stored in a first data store. Metadata in a second data store, different from the first data store, is searched through to obtain information corresponding to the software image. A first set of the layers that matches the specified criteria is determined, based at least in part on the information. The first set of layers is marked as un-referenceable. Asynchronous to fulfillment of the request, a second set of layers of the layers to be deleted is determined, based at least in part on the metadata, the second set of layers including layers marked as un-referenceable, and the second set of layers is deleted.

Abstract: A software image associated with a first customer of a computing resource service provider and criteria for identifying an event is received, the software image comprising a set of layers. The set of layers is stored in a first data store to form a stored set of layers, the first data store being physically located in a first region. The set of layers is copied to a second data store to form a copied set of layers, the second data store being physically located in a second region different from the first region. The copied set of layers is launched as a container executing in an instance that is physically located in the second region, and, as a result of identifying an occurrence of the event, the container is caused to be unavailable to an entity associated with the instance.

Abstract: Dynamic provisioning of computing resources may be implemented to provision computing resources for a data center or other collection of computing resources. Computing resources for provisioning may be detected. A build manifest describing configuration operations to provision the computing resources to perform respective tasks may be identified. The build manifest may be evaluated to direct the computing resources to perform the configuration operations according to the build manifest. In some embodiments, the provisioning of the computing resources may be paused or undone according to the build manifest. Upon completion of the configuration operations, the computing resources may be made available to perform the respective tasks.

Abstract: An air compressor system operably coupled to a power supply including an air storage tank and an air pump including an air manifold having an inlet configured to receive ambient air. The air pump is fluidly coupled to the air storage tank. The air compressor system also includes a motor having a first current level provided by the power supply to operate the air pump, a valve member in fluid communication with the inlet of the air manifold, and a controller operable to move the valve member to either increase or decrease a rate of ambient air traveling into the manifold. The controller monitors the first current level of the motor to change the rate of ambient air traveling into the manifold.

Abstract: A task definition is received. The task definition indicates at least a location from which one or more software image can be obtained and information usable to determine an amount of resources to allocate to one or more software containers for the one or more software image. A set of virtual machine instances in which to launch the one or more software containers is determined, the one or more software image is obtained from the location included in the task definition and is launched as the one or more of software containers within the set of virtual machine instances.

Abstract: A system and method for a container service that obtains a software image of a software container that has been configured to be executed within a computer system instance registered to a cluster by one or more processors. The container service is configured to receive a request to launch the software image in accordance with a task definition, wherein the task definition specifies an allocation of resources for the software container. The container service may then determine, according to a placement scheme, a subset of a set of container instances registered to the cluster in which to launch the software image in accordance with the task definition. Upon determining the subset of the set of container instances, the container service may launch the software image as one or more running software containers in the set of container instances in accordance with the task definition.

Abstract: A surgical tool is disclosed that may be rotatably mounted to a surgical robotic arm. The surgical tool is rotatable about a first axis that is at least substantially vertical when the robotic arm is in a horizontal position. The surgical tool includes a housing that is coupled to the arm and rotatable about the first axis. The housing is at least substantially cylindrical and defines a second axis that is at least substantially perpendicular to the first axis. The tool also includes a handle that includes a grip that is coupled to a sleeve. The sleeve rotatably accommodates at least part of the housing. As a result, the handle and sleeve may be rotated about the second axis while the housing remains fixed with respect to the second axis.

Abstract: A tool includes a housing including a receiving portion configured to receive at least a portion of an operating member so as to permit rotation of the operating member relative to the housing while constraining movement of the operating member in a radial direction of the operating member. The tool also includes a coupling device disposed on the housing and configured to couple the operating member to the housing so as to permit rotation of the operating member relative to the housing. The coupling device includes a retaining member configured to engage the operating member to constrain movement of the operating member relative to the housing in a longitudinal direction of the operating member. The retaining member is configured to rotate relative to the housing.

Abstract: A surgical tool is disclosed that may be rotatably mounted to a surgical robotic arm. The surgical tool is rotatable about a first axis that is at least substantially vertical when the robotic arm is in a horizontal position. The surgical tool includes a housing that is coupled to the arm and rotatable about the first axis. The housing is at least substantially cylindrical and defines a second axis that is at least substantially perpendicular to the first axis. The tool also includes a handle that includes a grip that is coupled to a sleeve. The sleeve rotatably accommodates at least part of the housing. As a result, the handle and sleeve may be rotated about the second axis while the housing remains fixed with respect to the second axis.