Abstract: Systems and methods are provided for generating a combined receipt in a distributed ledger system implemented by replicas of a network. The replicas maintain a distributed ledger comprising a plurality of executed transactions authenticated using a hash tree having a hash root. Some or all of the replicas cryptographically sign the hash root. A combined receipt for a first transaction and second transaction of a plurality of executed transactions is generated by determining path information comprising a minimum set of values required to generate the hash root from either the first transaction or the second transaction given the first transaction and the second transaction. The combined receipt for the first and second transactions comprises: i) the determined path information; and ii) signatures of one or more of the replicas which signed the hash root.

Abstract: Various technologies described herein pertain to enforcing control flow integrity by adding instrumentation when source code is compiled or binary code is rewritten. An indirect call to a control transfer target (e.g., in the source code, in the binary code, etc.) can be identified. Moreover, the instrumentation can be inserted prior to the indirect call. The instrumentation can use a bit from a bitmap maintained by a runtime to verify whether the control transfer target is valid. When an executable image that includes the inserted instrumentation runs, execution can be terminated and/or other appropriate actions can be taken when the control transfer target is determined to be invalid; alternatively, execution can continue when the control transfer target is determined to be valid.

Abstract: A facility for annotating a visual representation of a document is described. The facility presents on a display device visual representations of two or more portions of a document. The facility further present on the display on the display, in connection with each of one or more of the presented document portion visual representations, an annotation conveying a result of aggregating information describing two or more search transactions in whose results the represented document portion is included.

Abstract: Various technologies described herein pertain to enforcing control flow integrity by adding instrumentation when source code is compiled or binary code is rewritten. An indirect call to a control transfer target (e.g., in the source code, in the binary code, etc.) can be identified. Moreover, the instrumentation can be inserted prior to the indirect call. The instrumentation can use a bit from a bitmap maintained by a runtime to verify whether the control transfer target is valid. When an executable image that includes the inserted instrumentation runs, execution can be terminated and/or other appropriate actions can be taken when the control transfer target is determined to be invalid; alternatively, execution can continue when the control transfer target is determined to be valid.

Abstract: A distributed graph database that enables scaling and efficient processing is described. The distributed graph database can, for example, scale up to petabytes of data to enable transactional processing of graph data with low latency and low processing overhead. The distributed graph database can include a cluster of devices and a remote direct memory access (RDMA)-based communication layer to perform low latency messaging between devices of the cluster of devices. Additionally, the distributed graph database can include a shared memory layer that provides one or more data structures, a transaction layer to facilitate query processing, and a graph database layer stored in computer-readable media and executed on a processor to implement a graph data model. In at least one example, the graph data model can be mapped to the one or more data structures.

Abstract: A server at a cluster of servers in a data center is described. The server comprises a memory which is part of a distributed memory of the cluster. The server has at least one processor executing transactions and lock-free reads on software objects stored in regions of the distributed memory, the software objects and details of the transactions being replicated in the distributed memory. The server has a network interface card arranged to receive a message indicating a new configuration of the cluster comprising addition, removal or potential failure of at least one of the other servers. The processor is configured to use a recovery process which enables the lock-free reads and committed ones of the transactions to retain the properties of atomicity, consistency, isolation and durability across configuration changes.

Abstract: A facility for annotating a visual representation of a document is described. The facility presents on a display device visual representations of two or more portions of a document. The facility further present on the display on the display, in connection with each of one or more of the presented document portion visual representations, an annotation conveying a result of aggregating information describing two or more search transactions in whose results the represented document portion is included.

Abstract: A distributed graph database that enables scaling and efficient processing is described. The distributed graph database can, for example, scale up to petabytes of data to enable transactional processing of graph data with low latency and low processing overhead. The distributed graph database can include a cluster of devices and a remote direct memory access (RDMA)-based communication layer to perform low latency messaging between devices of the cluster of devices. Additionally, the distributed graph database can include a shared memory layer that provides one or more data structures, a transaction layer to facilitate query processing, and a graph database layer stored in computer-readable media and executed on a processor to implement a graph data model. In at least one example, the graph data model can be mapped to the one or more data structures.

Abstract: A server at a cluster of servers in a data center is described. The server comprises a memory which is part of a distributed memory of the cluster. The server has at least one processor executing transactions and lock-free reads on software objects stored in regions of the distributed memory, the software objects and details of the transactions being replicated in the distributed memory. The server has a network interface card arranged to receive a message indicating a new configuration of the cluster comprising addition, removal or potential failure of at least one of the other servers. The processor is configured to use a recovery process which enables the lock-free reads and committed ones of the transactions to retain the properties of atomicity, consistency, isolation and durability across configuration changes.

Abstract: Various technologies described herein pertain to enforcing control flow integrity by adding instrumentation when source code is compiled or binary code is rewritten. An indirect call to a control transfer target (e.g., in the source code, in the binary code, etc.) can be identified. Moreover, the instrumentation can be inserted prior to the indirect call. The instrumentation can use a bit from a bitmap maintained by a runtime to verify whether the control transfer target is valid. When an executable image that includes the inserted instrumentation runs, execution can be terminated and/or other appropriate actions can be taken when the control transfer target is determined to be invalid; alternatively, execution can continue when the control transfer target is determined to be valid.

Abstract: A communication device cognitively monitors interference signals across a communication band so that adaptations for physical and medium access control (MAC) of data packet transmissions are appropriate for a particular interference signal. Characteristics of an interference signal of interest (e.g., bandwidth, power and/or duration relative to an average data packet transmitted over a communication channel of the communication device) are sensed for an appropriate adaptation (e.g., forward error correction, modulation technique, back off, request to send/clear to send protocol, etc.). Patterns for known types of interference sources can be compared so that when recognized an associated adaptation can be used.

Abstract: Systems and methods for secure file writes after a catastrophic event are allowed over an unauthenticated channel in a serverless distributed file system if an authenticator accompanies the secure file writes. The authenticator can be a power-of-attorney certificate with time limitations, a vector of message authenticated code, or a single message authenticator with secured with a secret shared among members of the serverless distributed file system. The serverless distributed file system includes at least 3f+1 participating computer members, with f representing a number of faults tolerable by the system. The group requires at least one authenticator for file creation and file uploads. Any changes to files stored among the members can be made over an unauthenticated channel if the file changes are secured by the authenticator and the group is able to verify the authenticator.

Abstract: Each node or link of an ad hoc network assists in the distributed allocation of a data channel to increase fairness, even in a multi-hop network, by tracking a measure of link weight for itself and sharing this information over a control channel with neighboring nodes. The metric can be provided over a dedicated control channel, added as a header to data communication on a data channel, or inferred by monitoring data traffic from the neighboring node. The link weight can be adjusted by a link quality factor based on provided or inferred metrics such as transmission rates, ratio of transmission errors, idle time, etc. For multiple flow queues at a subject node, one with a higher transmission rate can be selected for increased fairness. When a packet is received, medium access includes allocating bandwidth, including bonding multiple frequencies that are determined to be available to both nodes.

Abstract: Content and/or Path locality may be obtained using DHT protocols by assigning network nodes with individual node identifiers (IDs) in a hierarchical namespace. The hierarchical node IDs may be assigned to reflect organizational boundaries within the network. Therefore, with the structured overlay defined using these hierarchically assigned node IDs, a routing algorithm that uses prefix-matching can provide path locality. Furthermore, a domain prefix may be combined with data identifier derived from the data itself to create an enhanced data key. The use of the enhanced data key with a DHT protocol in this structured overlay can provide content locality.

Abstract: Each node or link of an ad hoc network assists in the distributed allocation of a data channel to increase fairness, even in a multi-hop network, by tracking a measure of link weight for itself and sharing this information over a control channel with neighboring nodes. The metric can be provided over a dedicated control channel, added as a header to data communication on a data channel, or inferred by monitoring data traffic from the neighboring node. The link weight can be adjusted by a link quality factor based on provided or inferred metrics such as transmission rates, ratio of transmission errors, idle time, etc. For multiple flow queues at a subject node, one with a higher transmission rate can be selected for increased fairness. When a packet is received, medium access includes allocating bandwidth, including bonding multiple frequencies that are determined to be available to both nodes.

Abstract: A communication device cognitively monitors interference signals across a communication band so that adaptations for physical and medium access control (MAC) of data packet transmissions are appropriate for a particular interference signal. Characteristics of an interference signal of interest (e.g., bandwidth, power and/or duration relative to an average data packet transmitted over a communication channel of the communication device) are sensed for an appropriate adaptation (e.g., forward error correction, modulation technique, back off, request to send/clear to send protocol, etc.). Patterns for known types of interference sources can be compared so that when recognized an associated adaptation can be used.

Abstract: Systems and methods for secure file writes after a catastrophic event are allowed over an unauthenticated channel in a serverless distributed file system if an authenticator accompanies the secure file writes. The authenticator can be a power-of-attorney certificate with time limitations, a vector of message authenticated code, or a single message authenticator with secured with a secret shared among members of the serverless distributed file system. The serverless distributed file system includes at least 3f+1 participating computer members, with f representing a number of faults tolerable by the system. The group requires at least one authenticator for file creation and file uploads. Any changes to files stored among the members can be made over an unauthenticated channel if the file changes are secured by the authenticator and the group is able to verify the authenticator.

Abstract: Systems and methods for secure file writes after a catastrophic event are allowed over an unauthenticated channel in a serverless distributed file system if an authenticator accompanies the secure file writes. The authenticator can be a power-of-attorney certificate with time limitations, a vector of message authenticated code, or a single message authenticator with secured with a secret shared among members of the serverless distributed file system. The serverless distributed file system includes at least 3f+1 participating computer members, with f representing a number of faults tolerable by the system. The group requires at least one authenticator for file creation and file uploads. Any changes to files stored among the members can be made over an unauthenticated channel if the file changes are secured by the authenticator and the group is able to verify the authenticator.

Abstract: Substantially accurate estimation of coordinates of a subject network node in a coordinate space is accomplished by considering designated coordinates of other positioned nodes within the network. The designation of coordinates in the coordinate space to such nodes allows the computation of predicted coordinate distances between two network nodes based on the coordinates. By optimizing the network distance errors between measured distances and predicted coordinate distances, the predicted coordinates of a subject node joining the network can be iteratively refined. With these estimated coordinates, the coordinate distance between two points in the space may be computed as a prediction of the network distance between the two corresponding nodes. Furthermore, coordinate-based coordinate estimation lends itself to security precautions to protect against malicious reference nodes or external interference.

Abstract: Substantially accurate estimation of coordinates of a subject network node in a coordinate space is accomplished by considering designated coordinates of other positioned nodes within the network. The designation of coordinates in the coordinate space to such nodes allows the computation of predicted coordinate distances between two network nodes based on the coordinates. By optimizing the network distance errors between measured distances and predicted coordinate distances, the predicted coordinates of a subject node joining the network can be iteratively refined. With these estimated coordinates, the coordinate distance between two points in the space may be computed as a prediction of the network distance between the two corresponding nodes. Furthermore, coordinate-based coordinate estimation lends itself to security precautions to protect against malicious reference nodes or external interference.