Scratch

← Back to Main Page

• Links
• Shell Programming and Bash
• Network Security
• Working in a Team
• Types of People in a Project
• Linux Tools
  • Helpful Utilities & Tools
  • Debugging & Tracing
  • System Information
  • Performance & Resource Monitoring
  • Filesystem Management
• aaa
• b

https://www.youtube.com/watch?v=30H4vzj125g https://temporal.io/?utm_source=substack&utm_medium=email https://arxiv.org/pdf/2505.03742v1 https://hazyresearch.stanford.edu/blog/2025-05-12-security https://www.youtube.com/watch?v=5wdntWrHUws https://www.youtube.com/watch?v=cTmZ1eCs08E https://www.youtube.com/watch?v=5AW0rKV2hkY https://www.youtube.com/watch?v=nYa-RrHYBK8 https://www.youtube.com/watch?v=jsBot6dtfD0 https://www.youtube.com/watch?v=vHcpDk2WsnM https://www.youtube.com/watch?v=LyuKEk9LOFk https://www.youtube.com/watch?v=3G3BNMTx3bE&list=PLBexUsYDijaz09nH8BVPmPio_16V115i4&index=27 https://www.youtube.com/watch?v=tZGjr2Kwpls&list=PLBexUsYDijaz09nH8BVPmPio_16V115i4&index=32 https://www.youtube.com/watch?v=QNX5JfV390c&list=PLBexUsYDijaz09nH8BVPmPio_16V115i4&index=38&t=3s https://www.youtube.com/watch?v=oPIiX6vyih8&list=PLBexUsYDijaz09nH8BVPmPio_16V115i4&index=52 https://www.youtube.com/watch?v=q9pYsss8huk&list=PLBexUsYDijaz09nH8BVPmPio_16V115i4&index=75&t=1954s https://www.youtube.com/watch?v=UgzIwoxX7Wg&list=PLBexUsYDijaz09nH8BVPmPio_16V115i4&index=76&t=2s https://www.youtube.com/watch?v=r_SPWqB1l-c&list=PLBexUsYDijaz09nH8BVPmPio_16V115i4&index=77 https://www.youtube.com/playlist?list=PLBexUsYDijaz14Mot86rAbxkoF4iS6PZ https://www.youtube.com/watch?v=KdIw9DzA1Uo&list=PLBexUsYDijawgCdEqEDBj3cUCovUS1MM5&index=29 https://www.youtube.com/watch?v=YIQi2geM5ys https://phala.network/posts/GPU-TEEs-is-Alive-on-OpenRouter https://arxiv.org/pdf/2504.21518 https://engineering.fb.com/2025/04/29/security/whatsapp-private-processing-ai-tools/ https://techcommunity.microsoft.com/blog/azureconfidentialcomputingblog/azure-confidential-computing-vm-and-os-disk-encryption-through-hsm-backed-key-cm/4408926 https://arxiv.org/pdf/2503.14611v1 https://www.youtube.com/watch?v=OGEezPl9Ixk https://www.youtube.com/watch?v=2Xyp8NkPLrg https://www.youtube.com/watch?v=qX-m1HjiXJg https://www.intelligentciso.com/2025/03/11/confidential-computing-the-key-to-ai-security/#:~:text=In%20the%20context%20of%20AI,data%20and%20extract%20actionable%20insights. https://www.youtube.com/watch?v=Ah5FGrmj81M https://vanbulck.net/files/drads25-keynote.pdf https://arxiv.org/abs/2503.08256 https://datatracker.ietf.org/meeting/122/materials/slides-122-hackathon-sessd-identity-crisis-for-attested-tls-in-confidential-computing-00 https://www.lfdecentralizedtrust.org/blog/lf-decentralized-trust-mentorship-spotlight-cc-tools-support-for-fabric-private-chaincode https://medium.com/@wunderlichvalentin/the-end-of-just-trust-us-6141dbdaa07e https://www.tenforums.com/tech-news/218632-amd-helping-secure-gpus-advance-ai.html https://community.amd.com/t5/instinct-accelerators/helping-secure-gpus-that-advance-ai/ba-p/752288 https://www.youtube.com/watch?v=32K_v7hRgUQ https://confidentialcomputing.io/2025/03/06/does-confidential-computing-work-with-containers/?utm_content=326800929&utm_medium=social&utm_source=twitter&hss_channel=tw-1276283047927840771 https://diginova1.gumroad.com/l/gokyd https://www.tealhq.com/job/software-engineer-iii-privacy-sandbox-android-on-device-personalization_1c946893-fd11-4141-9584-92a55e4c477d?target_titles=android+software+engineer&page=14 https://arxiv.org/html/2502.11347v1 https://www.youtube.com/watch?v=MME6r3bqAtQ https://blog.codepipes.com/testing/software-testing-antipatterns.html?utm_source=blog.quastor.org&utm_medium=newsletter&utm_campaign=how-uber-built-an-exabyte-scale-system-for-data-processing https://aijobnetwork.com/jobs/openai-software-engineer-trusted-computing-and-cryptography https://thomasvanlaere.com/ https://www.youtube.com/watch?v=OGEezPl9Ixk https://news.ycombinator.com/item?id=42570988 https://xeiaso.net/blog/2025/squandered-holy-grail/ https://www.bedlamresear.ch/posts/securing-tee-apps/#the-allure-of-tees https://vanishinggradients.fireside.fm/40 https://github.com/Azure/azure-cleanroom/tree/main https://arxiv.org/pdf/2011.02455 https://orbstack.dev/ https://blog.1password.com/confidential-computing/#:~:text=Confidential%20computing%20is%20a%20new,to%20being%20accessed%20by%20others. https://www.youtube.com/watch?v=QxArt51VQKA https://medium.com/ultraviolet-blog/cube-ai-privacy-preserving-llm-applications-with-confidential-computing-dcddfd28c614 https://www.usenix.org/system/files/conference/hotcloud16/hotcloud16_burns.pdf https://oasisprotocol.org/blog/verifiable-ai-with-tees https://arxiv.org/pdf/2412.03842 https://encloud.tech/faqs/ https://www.youtube.com/watch?v=E91z2YenrZM https://www.youtube.com/watch?v=XssGI1q7Jak https://arxiv.org/pdf/2412.01059 https://arxiv.org/html/2412.03842v3 https://www.youtube.com/watch?v=zc90pWZ7vj0 https://arxiv.org/html/2412.13163v1 https://www.ietf.org/id/draft-ietf-teep-usecase-for-cc-in-network-08.html#:~:text=Abstract,process%20data%20in%20that%20environment. https://github.com/bpradipt/awesome-confidential-computing https://github.com/openenclave/openenclave/issues/4845 https://insights.sei.cmu.edu/documents/4388/2021_017_001_739363.pdf https://github.com/hysnsec/awesome-policy-as-code?tab=readme-ov-file https://www.dropbox.com/scl/fi/3typ46aqn6h7yo6s0war7/L3-Intro-to-Crypto-Digital-Sig.pdf?rlkey=oxl1m5sg7dwlsmew02dtih5bc&e=1&dl=0 https://techcommunity.microsoft.com/blog/azureconfidentialcomputingblog/announcing-azure-confidential-vms-with-nvidia-h100-tensor-core-gpus-in-preview/3975389 https://arxiv.org/pdf/2403.10296 https://dzone.com/articles/aws-nitro-enclaves-enhances-security https://dse.in.tum.de/wp-content/uploads/2024/11/sigmetrics25summer-CVM-Explained.pdf https://www.youtube.com/watch?v=NT7EsZ6HRus https://arxiv.org/html/2412.13163v2 https://systex22.github.io/papers/systex22-final79.pdf https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/acrobat-17.pdf file:///C:/Users/Khalil/Downloads/Marc%20Boorshtein,%20Scott%20Surovich%20-%20Kubernetes%20%E2%80%93%20An%20Enterprise%20Guide%20Effectively%20containerize%20applications,%20integrate%20enterprise%20systems,%20and%20scale%20applications%20in%20your%20enterprise,%202nd%20Edition-Packt%20Pu.pdf https://techcommunity.microsoft.com/blog/azureconfidentialcomputingblog/azure-ai-confidential-inferencing-technical-deep-dive/4253150 https://www.youtube.com/watch?v=53kf4LY5YdM https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/acrobat-17.pdf https://www.youtube.com/watch?v=jwYrTBbrOfk https://www.reddit.com/r/apple/comments/1d3evub/apples_artificial_intelligence_servers_will_use/ https://play.google.com/books/reader?id=rqspEQAAQBAJ&pg=GBS.PT135.w.2.0.39.0.1_144&hl=en https://confidentialcontainers.org/ https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-clean-rooms https://www.youtube.com/watch?v=QNX5JfV390c&list=PLBexUsYDijaz09nH8BVPmPio_16V115i4&index=37 https://podcast.aiconfidential.com/?utm_source=aiconfidential.com&utm_medium=newsletter&utm_campaign=the-mathematical-case-for-trusted-ai-why-anthropic-is-all-in-on-confidential-computing https://techcommunity.microsoft.com/category/azure/blog/azureconfidentialcomputingblog https://hwang595.github.io/publications/ https://chungkim.io/ https://people.csail.mit.edu/mengyuanli/ https://books.google.com/books/about/Introduction_to_Confidential_Computing.html?id=rqspEQAAQBAJ https://arxiv.org/html/2407.02960v2 https://www.youtube.com/playlist?list=PLBexUsYDijaz14Mot8_6rAbxkoF4iS6PZ https://www.youtube.com/playlist?list=PLOspHqNVtKABAVX4azqPIu6UfsPzSu2YN https://www.youtube.com/watch?v=_IAfiSdPuEs https://www.youtube.com/watch?v=BgrQ16r84pM&list=PLBexUsYDijaz14Mot8_6rAbxkoF4iS6PZ&index=3 https://www.youtube.com/playlist?list=PLOspHqNVtKAC-_ZAGresP-i0okHe5FjcJ https://www.youtube.com/watch?v=0ctat6RBrFo&list=PLOspHqNVtKACfjqfEwR3iKz1gJILKj5Tn&index=8 https://www.youtube.com/watch?v=pMHxLBJ6_UA&list=PLOspHqNVtKACfjqfEwR3iKz1gJILKj5Tn&index=24 https://www.youtube.com/playlist?list=PLOspHqNVtKADX-InvL3aRFYuOYvi-Qmep https://www.youtube.com/watch?v=DqdVjEe5f6o https://www.reddit.com/r/Proxmox/comments/1i940p0/what_is_the_point_of_amdsev/ https://www.youtube.com/watch?v=WpTUWaXWTQE https://www.youtube.com/watch?v=SCHYdDaExrI https://arxiv.org/pdf/2501.11558 https://www.nature.com/research-intelligence/trusted-execution-environments-and-security-architectures https://research.google/blog/parfait-enabling-private-ai-with-research-tools/ https://www.youtube.com/watch?v=ytifTS9Lrn0 https://fosdem.org/2025/events/attachments/fosdem-2025-5002-confidential-computing-s-recent-past-emerging-present-and-long-lasting-future/slides/236697/Confident_fRySvCW.pdf https://github.com/microsoft/hcsshim/pulls https://github.com/microsoft/hcsshim/issues https://github.com/microsoft/hcsshim/tree/main/pkg/securitypolicy https://queue.acm.org/detail.cfm?id=3623460 https://queue.acm.org/detail.cfm?id=3623392 https://blog.mozilla.org/en/products/anonym-technology-overview/ https://dl.acm.org/doi/pdf/10.1145/3664293 https://arxiv.org/pdf/2302.03976 https://www.youtube.com/watch?v=i5zQ7q0cMbs https://www.youtube.com/watch?v=69SVRuF_kjo https://docs.enclaive.cloud/confidential-cloud/technology-in-depth/attestation-methods/raw-attestation https://www.redhat.com/en/blog/confidential-computing-5-support-technologies-explore https://www.youtube.com/watch?v=Eg8ngdNGBhE https://www.reddit.com/r/rust/comments/1g5vkp3/openhcl_the_new_open_source_paravisor/ Microsoft MCCF MAA HCSSHIM OpenGCS OpenHCL THIM Secure Key Release Encrypted filesystem Kata containers OpenEnclave Mystikos Azure PCCS

Courses https://css.csail.mit.edu/6.858/2024/ https://scl.engr.uconn.edu/courses/ece4451/ https://sites.duke.edu/compsci590_03_s2021/ https://github.com/mr-nsin/references/blob/master/Docker%20Deep%20Dive%20by%20Nigel%20Poulton.pdf https://courses.engr.illinois.edu/cs423/sp2021/ https://web.njit.edu/~crix/publications/now-ftps22.pdf https://lass.cs.umass.edu/~shenoy/courses/677content/notes/spring23/ https://cs.brown.edu/courses/csci2390/2020/ https://pages.cs.wisc.edu/~remzi/OSTEP/ https://www.cs.umb.edu/cs634/class19.pdf https://searchworks.stanford.edu/view/14169178 https://github.com/vijay03/cs360v-f21/tree/main/notes CS 4501 Stephen Herwig https://systems.cs.columbia.edu/private-systems-class/lectures/ https://courses.cs.duke.edu/spring15/compsci510/ CSCI 780 Spring 2023 https://web.stanford.edu/~ouster/cs190-winter23/all_lectures/ COS 316: Principles of Computer System Design https://www.cs.colostate.edu/~cs370/Fall21/lectures/ A Philosophy of Software Design https://sp24.cs161.org/ https://zzm7000.github.io/ https://www.cylab.cmu.edu/education/courses.html https://x.com/not_salgaonkar/status/1805245804765999288

Engineering: The Flawed Design of Intel TDX | x86.lol https://x86.lol/generic/2023/06/28/intel-tdx-2.html https://knowledge-junction.in/2022/09/28/azure-confidential-computing-part-1/ small TCB confidential microosft “Intel” “SGX plugin” (“/dev/sgx/enclave”) “Intel” “TDX” phd site:.edu namespace containers attestation security https://learn.microsoft.com/en-us/azure/well-architected/security/encryption https://learn.microsoft.com/en-us/azure/security/fundamentals/trusted-hardware-identity-management “attestation” “authorization” “confidential” “TEE” “L1” “L2” “virtualization” “grpc” site:.edu https://grpc.io/docs/what-is-grpc/introduction/ https://techcommunity.microsoft.com/t5/linux-and-open-source-blog/building-trust-into-os-images-for-confidential-containers/ba-p/4096232 https://www.youtube.com/watch?v=zmceGAj3CAw&t=4791s https://jcs.ep.jhu.edu/ejava-springboot/coursedocs/content/pdf/docker-notes.pdf

News: Reimagining secure infrastructure for advanced AI | OpenAI https://confidentialcomputing.slack.com/join/shared_invite/zt-2cmxaufhc-xZZZWpDNhrxZeSIqyTbT8A#/shared-invite/email https://techxplore.com/news/2024-05-scientists-vulnerability-cloud-server-hardware.html https://openai.com/index/openai-safety-update/

Research papers: https://ieeexplore.ieee.org/document/10646767 https://arxiv.org/pdf/2406.01186 https://arxiv.org/html/2405.11988v2 086.pdf Ahoi Attacks https://gangw.cs.illinois.edu/class/cs463/ https://dl.acm.org/doi/10.1145/3689949 https://pages.cs.wisc.edu/~yanzhai/latte.pdf https://dl.acm.org/doi/pdf/10.1145/3665220 https://deepblue.lib.umich.edu/bitstream/handle/2027.42/155139/oweisse_1.pdf?sequence=1#page=127&zoom=100,144,785 https://arxiv.org/pdf/2310.11559 2404.10764.pdf https://cse.buffalo.edu/faculty/tkosar/cse710_spring19/bhardwaj-sec16.pdf https://etd.ohiolink.edu/acprod/odb_etd/ws/send_file/send?accession=osu1554949268465917&disposition=inline https://arxiv.org/pdf/2410.13752 https://ieeexplore.ieee.org/document/10410349 https://digital.wpi.edu/pdfviewer/db78tg16v https://nsr.colorado.edu/coughlin/doc/sdnnfvsec2017.pdf https://arxiv.org/html/2410.15240v1 https://cacm.acm.org/practice/trustworthy-ai-using-confidential-federated-learning/#:~:text=Confidential%20computing%20enables%20the%20secure,(SEV%2DSNP)%2C1 https://www.securetechalliance.org/wp-content/uploads/TEE-101-White-Paper-FINAL2-April-2018.pdf https://cseweb.ucsd.edu/~jzhao/files/DeepAttest-isca2019.pdf https://www.cis.upenn.edu/~linhphan/papers/iotdi18-nguyen.pdf https://dl.acm.org/doi/10.1145/3686261 https://arxiv.org/html/2305.18639v3

Videos https://www.youtube.com/watch?v=-DG2rtx1geo https://www.youtube.com/watch?v=LjXGeGXe5ns https://www.youtube.com/watch?v=vaphMcn-_5Q https://www.makingdatabetter.com/2195663/15033088-ep13-the-future-of-the-cloud-confidential-computing-with-mike-bursell
https://www.youtube.com/watch?v=t1FEKALgucM#new_tab https://www.youtube.com/watch?v=rFXbW9ICLIk https://www.youtube.com/watch?v=nTVP6IvFlDY https://www.youtube.com/live/7w9x8DU1Q4Q https://www.youtube.com/watch?v=cpD7RGit-sk https://www.youtube.com/watch?v=EL8l7lFam3s

https://www.youtube.com/watch?v=coiPO3ZEHoo https://www.youtube.com/playlist?list=PLyRlzZ0lHRWZ-_hQZcYhP_Invtz3m3Z9_ https://www.biorxiv.org/content/10.1101/2024.04.24.590989v1.full.pdf Is Honest Computing Achievable to Process Sensitive Policies? I Data for Policy 2024 - YouTube https://pradyumnashome.com/ https://arxiv.org/pdf/2409.03720 https://www.youtube.com/watch?v=HdQbG9RHSTU https://phlip9.com/notes/confidential%20computing/intel%20SGX/SGX%20lingo/ https://aaronbedra.com/post/sgx_getting_started/ https://tc.gtisc.gatech.edu/bss/2014/r/haven-slides.pdf https://www.skyflow.com/podcast/confidential-computing-and-secure-enclaves-with-awss-arvind-raghu#:~:text=The%20goal%20of%20confidential%20computing,risk%20of%20exposure%20or%20compromise. https://fosdem.org/2024/schedule/event/fosdem-2024-2394-linux-on-a-confidential-vm-in-a-cloud-where-s-the-challenge-/ https://www.reddit.com/r/rust/comments/1g5vkp3/openhcl_the_new_open_source_paravisor/ https://www.youtube.com/watch?v=7w9x8DU1Q4Q https://confidentialcomputing.io/resources/ccc-blog/ https://www.youtube.com/watch?v=Z29LFwbBYaA https://thomasvanlaere.com/posts/2023/10/azure-confidential-computing-secure-key-release-part-2/ https://textbooks.cs.ksu.edu/cis527/7-backups-monitoring-devops/07-ubuntu-monitoring/index.html https://cse.usf.edu/~attilaayavuz/article/20/CODASPY20_MOSE.pdf https://thomasvanlaere.com/posts/2022/12/azure-confidential-computing-secure-key-release/ ======================================================================== Learn Kubernetes Basics from Kubernetes.io: Kubernetes for the Absolute Beginners - Udemy: Kubernetes Tutorials by Geekflare: https://news.knowledia.com/US/en/articles/unlocking-secure-private-ai-with-confidential-computing-463983301e30d52fbd960d1ba3b2072754310a6b https://github.com/deislabs/mystikos/ https://github.com/cc-api/full-disk-encryption https://github.com/cc-api/confidential-cluster https://courses.engr.illinois.edu/cs423/sp2016/lectures/VirtOS.pdf https://www.linkedin.com/pulse/state-confidential-containers-opinionated-christophe-parisel-oqume/ https://www.cse.psu.edu/~trj1/cse544-s18/slides/cse544-tc.pdf https://www.youtube.com/watch?v=aEV_WGlKDO8 https://scl.engr.uconn.edu/courses/ece4451/Lec7aSanctum.pdf https://www.youtube.com/watch?v=-m-fKkSFJvg https://github.com/ibm-cloud-docs/confidential-computing https://www.cell.com/patterns/pdf/S2666-3899(24)00082-5.pdf https://fosdem.org/2024/schedule/track/confidential-computing/ https://computing.southern.edu/jbeckett/cpte433w24/TopicPapers/Virtualization/954951_Container_Network_Security_FD_NEW.pdf https://homes.cs.washington.edu/~baris/public/foreshadow-toppick.pdf https://www.youtube.com/watch?v=3Qjv7utnP-I https://www.youtube.com/watch?v=_st-zWQsbSE https://gts3.org/assets/papers/2017/seo:sgx-shield.pdf Fortifying AI Security in Kubernetes with Confidential Containers (CoCo) - YouTube https://www.youtube.com/watch?v=K6lGS17vsW0 https://dl.acm.org/doi/abs/10.1145/3590140.3629124 https://www.youtube.com/watch?v=opfgCRoqjxg https://www.cs.cornell.edu/fbs/publications/UBP.SGX.pdf https://mediaspace.illinois.edu/media/t/1_eyk9ikvf https://mediaspace.illinois.edu/media/t/1_43ylv2cp https://users.cs.utah.edu/~lifeifei/papers/enclavestorage-vldb21-talk.pdf https://mediaspace.illinois.edu/media/t/1_c8325aga https://fosdem.org/2024/schedule/ https://www2.eecs.berkeley.edu/Pubs/TechRpts/2022/EECS-2022-96.pdf https://cloudyuga.guru/hands_on_lab/confidential-containers https://www.redhat.com/en/blog/introducing-confidential-containers-trustee-attestation-services-solution-overview-and-use-cases https://www.youtube.com/watch?v=a3HzBmPuw5g https://collective.flashbots.net/t/intel-tdx-security-and-side-channels/3648 https://dl.acm.org/doi/10.1145/3652597 https://itnext.io/how-your-confidential-containers-can-securely-retrieve-secrets-93d6f55b7b42 https://www.youtube.com/watch?v=qgcozT82w1w https://techcommunity.microsoft.com/t5/linux-and-open-source-blog/deep-dive-secure-orchestration-of-confidential-containers-on/ba-p/4137179 The Tech Talks Daily Podcast: Confidential Computing: Elevating AI and ML Security in the Cloud on Apple Podcasts https://nand-research.com/research-note-nvidia-h100-confidential-computing/ https://netflixtechblog.com/predictive-cpu-isolation-of-containers-at-netflix-91f014d856c7 https://www.youtube.com/watch?v=E8GFTjMaXpU https://arxiv.org/pdf/2310.11559.pdf https://www.youtube.com/watch?v=gmcylzj1qTI https://www.youtube.com/watch?v=-2YVuyhwUak https://www.youtube.com/watch?v=fHSTQYwsCr8 https://brilliant.org/wiki/merkle-tree/ https://github.com/microsoft/hcsshim/tree/master/internal/guest https://caslab.csl.yale.edu/workshops/hasp2018/HASP18_a9-mofrad_slides.pdf https://techcommunity.microsoft.com/t5/azure-confidential-computing/memory-protection-for-ai-ml-model-inferencing/ba-p/4119105 https://scl.engr.uconn.edu/courses/ece6095/lectures/sgx_architecture.pdf https://source.android.com/security/verifiedboot/dm-verity https://taesoo.kim/pubs/2016/jain:opensgx-slides.pdf https://content.edgeless.systems/hubfs/Confidential%20Computing%20Whitepaper.pdf Core slicing: closing the gap between leaky confidential VMs and bare-metal cloud | USENIX https://www.youtube.com/watch?v=lA18uO-JU9Q https://github.com/hgarvison?tab=overview&from=2022-07-01&to=2022-07-31 https://csis.gmu.edu/ksun/publications/asiaccs21_sgxmalware.pdf https://github.com/confidential-containers/documentation/wiki/Acronyms https://github.com/confidential-containers/documentation/wiki/Glossary https://pradiptabanerjee.medium.com/from-sandboxed-containers-to-confidential-containers-enabling-cloud-native-confidential-computing-35936fad5998 https://github.com/cc-api/container-integrity-measurement-agent/tree/main https://www.youtube.com/watch?v=smukK1N49VE https://thomasvanlaere.com/posts/2024/06/register-azure-pipeline-agents-using-entra-workload-id-on-azure-kubernetes-service/ https://thomasvanlaere.com/posts/2024/03/azure-confidential-computing-coco-confidential-containers/ Publications - Fritz Alder https://dl.acm.org/doi/pdf/10.1145/3662010.3663440 https://www.youtube.com/watch?v=siou2QOttk8 https://scl.engr.uconn.edu/courses/ece4451/Lec3bSGXintro.pdf https://en.wikipedia.org/wiki/Merkle_tree https://www.microsoft.com/en-us/research/publication/hecate-lifting-and-shifting-on-premises-workloads-to-an-untrusted-cloud/ https://www.youtube.com/watch?v=yaLoq5POv8Q&list=PLEhAl3D5WVvRm-U0mUK_Z7WLW_hbW9jdX&index=27 https://blogs.oracle.com/linux/post/kata-containers-what-when-and-how https://azureaggregator.wordpress.com/2023/02/24/preview-support-for-kata-vm-isolated-containers-on-aks-for-pod-sandboxing/ https://techcommunity.microsoft.com/t5/azure-confidential-computing/aligning-with-kata-confidential-containers-to-achieve-zero-trust/ba-p/3797876 https://arxiv.org/pdf/2205.05747.pdf https://www.youtube.com/watch?v=LsqedhHe6DE https://bpb-us-w2.wpmucdn.com/u.osu.edu/dist/0/113190/files/2022/03/vSGX-Virtualizing-SGX-Enclaves-on-AMD-SEV.pdf https://cs.nyu.edu/~mwalfish/classes/16sp/classnotes/l15.txt https://thomasvanlaere.com/posts/2022/12/azure-confidential-computing-secure-key-release/ https://www.academia.edu/82233581/Towards_Management_of_Chains_of_Trust_for_Multi_Clouds_with_Intel_SGX?uc-sb-sw=58918027 https://www.youtube.com/watch?v=5RiqnIqaBT4 https://sovereign-cloud.nl/ https://www.youtube.com/watch?v=a-hd78NX36c https://www.youtube.com/watch?v=upYwrRtl99c https://docs.nvidia.com/datacenter/cloud-native/gpu-operator/23.6.1/gpu-operator-confidential-containers.html https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/tlfs/nested-virtualization https://docs.microsoft.com/en-us/azure/architecture/guide/open-source-scenarios https://www.microsoft.com/en-us/research/uploads/prod/2018/02/enclavedb.pdf https://www.microsoft.com/en-us/research/publication/ccf-a-framework-for-building-confidential-verifiable-replicated-services/ https://www.microsoft.com/en-us/research/uploads/prod/2023/05/Confidential-Computing-within-AI-Accelerators.pdf https://www.youtube.com/watch?v=H9DP5CMqGac https://www.prweb.com/releases/kata_containers_version_3_0_0_arrives_faster_more_secure_support_for_new_environments/prweb18947394.htm https://www.techzine.eu/news/devops/91135/red-hat-supports-cncf-container-project-confidential-containers/ https://thenewstack.io/confidential-compute-on-azure-with-kubernetes/ https://www.khoury.northeastern.edu/home/amirali/publications/SGX_VB_2016.pdf https://arxiv.org/pdf/2408.11601 https://arxiv.org/html/2402.11438v3 https://www.youtube.com/watch?v=nZeRM0hqqPE&list=PLbzoR-pLrL6rbN7fu5TId8VWAC5A8v5O7&index=3 https://www.alibabacloud.com/blog/kata-3-0-is-coming-start-experiencing-the-out-of-the-box-secure-container_599575 https://www.youtube.com/watch?v=PhAz3SpBZV0 https://www.youtube.com/watch?v=uqFeCA-56pI&t=160s https://www.cs.unc.edu/~porter/pubs/graphene-sgx.pdf https://kccncna2023.sched.com/event/1R2sa/the-next-frontier-exploring-the-confidentiality-of-kubernetes-control-planes-jens-freimann-red-hat?iframe=no&w=100%&sidebar=yes&bg=no https://www.youtube.com/watch?v=fY124uLvagI#:~:text=At%20its%20core%2C%20confidential%20computing,protect%20both%20data%20and%20code. https://github.com/gramineproject/gramine https://people.cs.vt.edu/djwillia/papers/hotstorage19-aot_prep.pdf https://export.arxiv.org/ftp/arxiv/papers/1801/1801.05863.pdf https://pages.cs.wisc.edu/~vg/papers/icdcs2017/icdcs2017.pdf Scaleout Systems https://caslab.csl.yale.edu/workshops/hasp2018/HASP18_a9-mofrad_slides.pdf https://users.cs.utah.edu/~vijay/papers/atc21.pdf https://hackdojo.io/presentations/XYPONZ4L6/trust-no-one-bringing-confidential-computing-to-containers https://rokwire.illinois.edu/wp-content/uploads/2021/11/Safer_Illinois_Rokwall.pdf https://www.redhat.com/en/blog/confidential-containers-azure-openshift-technical-deep-dive https://www.infoworld.com/article/3595531/openhcl-understanding-microsofts-open-source-paravisor.html https://www.youtube.com/watch?v=4otBPxF0kEw https://www.youtube.com/watch?v=JpeWBKsAlI4 https://arxiv.org/html/2410.13752v1 https://www.youtube.com/watch?v=YpGH6MvpTTA https://www.youtube.com/watch?v=2TQt2zj9G0U https://etd.ohiolink.edu/acprod/odb_etd/ws/send_file/send?accession=wright1588637637290094&disposition=inline https://www.youtube.com/watch?v=tsxdCsMF_yI https://www.youtube.com/watch?v=VdSY7lbnidI https://www.youtube.com/watch?v=wecZWIzSQEE https://developers.googleblog.com/en/enabling-more-private-gen-ai/ https://arxiv.org/html/2408.00443v1 https://www.youtube.com/watch?v=CcScwfJRb7k https://arxiv.org/pdf/2410.05930 https://www.youtube.com/watch?v=qNy8p03HqQo https://www.youtube.com/watch?v=qh-lSqifhj8 https://www.youtube.com/watch?v=-jHu5pOW-sw https://lpc.events/event/18/sessions/194/#20240920 https://www.youtube.com/watch?v=CkiA5gxNkmM Software Unscripted on Apple Podcasts https://www.nist.gov/system/files/documents/2024/06/11/02-OzgaGHSPLD.pdf https://arxiv.org/pdf/2407.02960 SoK: Understanding Designs Choices and Pitfalls of Trusted Execution Environments 𝖳𝖱𝖴𝖢𝖤: Private Benchmarking to Prevent Contamination and Improve Comparative Evaluation of LLMs Enabling Performant and Secure EDA as a Service in Public Clouds Using Confidential Containers https://arxiv.org/html/2402.11438v2 https://arxiv.org/pdf/2302.03976

Several software-based storage system protection techniques are integrated into mainstream operating systems. Encryption-enabled file systems (e.g., Linux ecryptfs [37], and Windows EFS [1]) allow directory-level encryption. Block-layer encryption techniques such as dmcrypt [25] directly encrypt the entire block device. dm-crypt also offers integrity checking of read-only filesystems where the entire block device is verified at once. This approach is particularly time-consuming and thus is typically used only during device startup [6], [44]. dm-verify [6] uses a software maintained Merkle tree structure to compute and validate hashes of read-only data blocks against pre-computed hashes. In contrast, dm-integrity keeps individual hashes for each data block during runtime, which allows verification for read/write system. However, it cannot detect physical attacks such as reordering the blocks within the same device due to the lack of a secure root of trust in the system. Finally, software-based schemes can have substantial overhead as the en/decryption is done in software via executing many kernel sub-routines across software layers [15], [63].

• Trivy
• Container image vulnerabiltiy management
• Code coverage
• OIDC
• PKI, Public Key, Private Key

Links

• https://redhat-crypto.gitlab.io/defensive-coding-guide/#chap-Defensive_Coding-TLS

Shell Programming and Bash

1. Print Call Stack: Use trap DEBUG and Bash variables like ${FUNCNAME[@]}, ${BASH_SOURCE[@]}, and ${BASH_LINENO[@]} to trace function calls, making debugging easier.
2. getopts: Parse command-line flags robustly and maintainably, avoiding manual parsing pitfalls.
3. wait: Control concurrency by running multiple tasks in the background and waiting for them to finish, ensuring correct sequencing.
4. co-process: Interact with a background command via built-in pipes (file descriptors), enabling bidirectional communication in real time.

Network Security

• Ensure the server presents a TLS certificate that is valid according to the public key infrastructure (PKI) used by web browsers (e.g., certificates signed by trusted Certificate Authorities). For example, a website served over HTTPS (e.g., https://example.com) has a TLS certificate signed by a recognized CA (like Let’s Encrypt). When a user visits the site, the browser verifies the certificate, confirming that the server is indeed example.com.
• Have the client validate the server’s TLS certificate against a known or expected certificate. In this case, you do not need to do host name checking (the certificate identity is already trusted). A mobile app might pin the server’s TLS certificate. The app includes the certificate or its fingerprint in its configuration. When connecting, the app compares the server’s certificate with the pinned fingerprint. If they match, the app trusts the connection; if not, it refuses to connect.
• On Linux, use UNIX domain sockets (of the PF_UNIX protocol family). These sockets can be protected by file system permissions (ownership and mode bits), preventing unauthorized processes from binding to them. For example, a backend microservice listens on /var/run/myservice.sock. The file system permissions are set to owner: myuser and mode: 0700. This means only myuser (and processes running under it) can write to or bind that socket, reducing the chance of impersonation.
• Always use TLS when connecting over untrusted or public networks to secure the communication channel and protect against eavesdropping or tampering. For example, your application communicates with a remote server over the internet. You enable TLS (e.g., HTTPS or TLS for mail protocols like SMTPS/IMAPS) to encrypt all data in transit, ensuring that attackers on public Wi-Fi or other untrusted networks cannot easily spy on or modify the data.
• Port numbers below 1024 (often called “trusted ports”) can only be used by the root user on some operating systems. This restriction helps ensure that only privileged processes can bind to those ports. For example, a web server runs on port 443 for HTTPS. Since 443 is under 1024, only a root-privileged process (or one that started as root) can bind to it. This makes it harder for a malicious local user to set up a fake server on port 443.
• If the server runs on a port number ≥ 1024, a non-root (local) user could potentially impersonate the server process by binding to the same port—especially after forcing the real server to crash or otherwise stop. For example, a service listening on port 8080 (≥ 1024) is forcibly shut down by an attacker (via DoS). The attacker then starts a malicious process bound to port 8080. Since 8080 is not privileged, the attacker’s fake server might intercept legitimate client requests.
• Most TLS libraries enable insecure or obsolete cipher suites by default (e.g., anonymous Diffie-Hellman, export ciphers). You should use a whitelist of strong cipher suites rather than selectively disabling undesirable ones.

Working in a Team

• How much time is each team member expected to be putting into working on the project?
• How will you deal with unforeseen circumstances affecting team members (e.g. sickness, interviews, competitions)?
• How will team members be kept accountable for their contributions?
• When will your team meet? Setting aside a day and time for recurring meetings is a big marker of team success.
• What platform(s) will your team be using to communicate? How quickly should team members respond?
• Will you meet in person or via Zoom? What are the expectations or non-negotiables for these meetings?
• If a deadline is approaching and tasks remain incomplete, how will you convene and communicate to ensure completion?
• How will responsibilities and tasks be divided among team members?
• Who will be responsible for organizing, facilitating, and taking notes during meetings? How will this responsibility rotate?
• How will the team address any issues related to teamwork that may arise?
• What steps will the team take if a member is contributing too little, and at what point will this issue be escalated to the instructors?

Types of People in a Project

• Contributor: Aim for general team success, discuss solutions with your team. Ask for their opinion and demonstrate engagement during the activity.
• Know-it-all: You think you are extremely experienced and know how to solve the problem on your own. Act like you do not need help and just tell your team to watch while you search for the tool. Try to tell other members how to search for information about the tool. Be combative and shoot another member’s idea down if possible.
• Act silent: Pay attention to the meeting, but simply do not suggest anything. You assume your team members know everything and don’t feel you need to say much. Remain passive but friendly.
• Agree with everything: Do not question the decisions of your team. You are afraid of raising conflicts; so just agree with everything during the activity.
• Hitchhiking: Your goal is to do as little work as possible. Be friendly but not productive. Try to get other people to step in for you, for example you can act confused with the task and say that you need someone else to do this for you. You may have to make a quick, bad attempt to make it look like you tried to figure out the task.
• Commitment issue: Go along with the meeting, until when tasks are being assigned, say that you are busy with something (interview prep, midterm, other assignment). If asked if they could do something else, or if being pressed further continue giving excuses why you can’t contribute.
• Perfectionist: You will perfect even minor details. Your role is to make sure the tool’s source code is readable and aesthetically perfect and that also includes perfect comments. You should argue for or against the tool based on these minor details.

Linux Tools

Helpful Utilities & Tools

1. watch: re-runs a command at fixed intervals, updating the display each time.
2. time: measures how long a command or script takes to run. with /usr/bin/time -v, can get max memory usage, page faults, etc.
3. tee: splits the output stream, saving it to a file while still displaying it on stdout.
4. tmux: terminal multiplexer, allowing multiple “windows” and “panes” within a single terminal session. keep commands running on a remote server even if you disconnect. multiple users can attach to the same tmux session for pair programming or debugging
5. cron: time-based job scheduler. can be used for automating backups/cleanups/log rotation, collecting metrics, or generating reports
6. entr or watchexec: interactively re-run commands on file change. can be used to automatically recompile on save.

Debugging & Tracing

1. gdb: The GNU Debugger for compiled languages (C, C++, Rust, etc.).
2. ltrace: traces library calls (e.g., glibc calls) made by a process.
3. strace: traces system calls (open, read, write, socket, etc.) and signals.
4. lsof: lists open files and the processes that opened them.
5. eBPF: lets you safely run tiny programs inside the Linux kernel, without modifying or rebooting it. used to observe and control low-level system behavior—like tracing kernel functions, filtering or modifying network traffic, and collecting custom metrics.
6. journalctl: reads logs managed by systemd.
7. systemctl: manages systemd services (start, stop, enable, disable).

System Information

1. ps aux: shows all running processes with CPU/memory usage.
2. free: shows free and used memory, including swap usage.
3. df: check disk space usage on mounted filesystems.
4. lsusb: lists USB devices connected to the system.
5. lspci: shows PCI devices on the system (graphics cards, network controllers, etc.).
6. lshw: lists comprehensive hardware info—CPU, memory, disks, network, etc.
7. lscpu: detailed CPU architecture information

Performance & Resource Monitoring

1. perf: profiler. can use it to identify which functions consume the most CPU time or how time is spent in user-space or kernel-space by analyzing events like context switches, cache misses, etc.
2. top: see CPU usage, memory usage, and which processes are hogging resources.
3. iotop: top-like interface for disk I/O.
4. flameGraph: visualize stack traces as a flame graph. can use it to identify “hot” functions or loops in your program.
5. vmstat: reports processes, memory, paging, block I/O, traps, and CPU activity.
6. iostat: reports CPU and I/O usage of devices, partitions, and NFS.
7. dstat: combines vmstat, iostat, netstat, ifstat for a comprehensive, real-time resource usage view.
8. sar: continuously collects data, letting you investigate performance at a specific time in the past.

Filesystem Management

1. fdisk / parted: manages disk partitions
2. mount/umount: attach/detach filesystems (USB drives, NFS shares, partitions).

aaa

Continuous Integration (CI) refers to the practice of automatically building and testing the codebase whenever new changes are introduced. This involves integrating code changes from multiple developers into a shared repository and running automated tests to ensure that the changes do not break the existing functionality.

Continuous Deployment/Delivery (CD) refers to the practice of automatically deploying code changes to the production environment after they have been tested and approved. Continuous Deployment involves automatically deploying changes to the production environment as soon as they pass automated tests, while Continuous Delivery involves deploying changes to a staging environment for further testing and approval before being deployed to production.

Together, CI/CD enables software teams to rapidly and safely develop, test, and deploy changes to the codebase, improving the speed and quality of software delivery while reducing the risk of errors and downtime.

b