also, reading "services" in the title, brain telling the mouth to say "interfaces". can we get some stats whether colored hair made it worse or better?
Oh actually, I thought it could be intentional. Sometimes literally mentioning trademarks by their exact name can cause problems as you can be blamed for promoting those.
I got laughed at on my first job for calling it like that since I had never heard anyone pronounce it. Turns out some people do actually call it like that so I wasn’t that wrong
If someone makes a DSL parser that makes pingora be a drop in replacement for nginx (Making it capable of reading nginx config files), nginx is toasted
I love how there is a underlying plot throughout his videos. You need to watch the older videos to get references like "Tom is a genius" or "LUA, brazil mentioned"
post quantum crypto is very much not eliptical curve stuff. It is a new suite of assymetric algorithms for key establishment and signing. ML-KEM, ML-DSA and SLH-DSA are the NIST chosen ones (these are the NIST acronym names just as AES is the NIST name for Rijndael), FIPS standards for these 3 (203, 204 and 205) had public release for comment back in August. There are more coming most likely. This is all relatively new styles of cryptographic algorithms.
@@SandraWantsCokeAnd I can pretty much guarantee they are broken by a quantum computer running Shor's algorithm, we've known of the issue for 20 years, we have an algorithm to run on quantum computer but no quantum computers to run it on. RSA, Diffie-Hellman, and Elliptic Curve Diffie-Hellmen are all known to be breakable by this one algorithm. We also have Lenstra elliptic-curve factorization and by applying the quantum search algorithm Grover's algorithm to also breaks these algorithms in theory even easier that Shor's algorithm. Your SSH keys are probably the third, though a decade ago would have been the 1st potentially. Put simply most assymetric cryptography in use today (seperate public and private keys) is known to be vulnerable via an algorithm that we know solves the hard mathematics problem they are based on (factorization of the product of two large primes and similar problems that can be reformulated as this problem) given a computer capable of running the algorithm. The industry has been hard at work coming up with new algorithms to fix this and these are just starting to be implemented now in 2024.
Are they also known as CRYSTALS-KYBER and CRYSTALS-DILITHIUM (much like AES is also known as Rijndael)? Mostly I want to make sure my information here is good.
@@Omnifarious0Yeah, and SLH-DSA is SPHINCS before the standardisation, that said, like AES I expect the NIST names are the ones we'll come to know hence why I specified that is the NIST naming.
@@EwanMarshall - I got the names I used from the NIST website for the contest. I'm sad the page I looked at wasn't really explicit about the NIST names because I think you're right.
@SandraWantsCoke "let's go" means "let us go". I think he is imprisoned or something. I dont know who exactly he refers to as "us", but I for one think they should be let free. He is clearly in distress.
Its trivial to create a verifiably safe C++ program. Allocate no dynamic memory or allocate it all at start (btw, OOM crashes rust too). No need to use references counters if you don't want, just bump allocate everything and bind every dynamic objects lifetime to the lifetime of the program. Bonus points: wrap every pointer in a new smart ptr which will check bounds before dereferencing. Bonus bonus points: make your smart pointer address reference a vector index, so you can grow your memory space independent of refs. Now its safe to hold arbitrary pointers or references. To be clear, this is just the trivial way. Another way is only using smart_ptr or unique_ptr, ever, but this will raise the complexity. Some languages (like Swift) operate that way and that's how they achieve memory safety. In essence a reference counter IS a garbage collector.
12:50 That's the presentation recipe that everybody learns in University, that is why you see it everywhere. Introduction - Tell them what you are going to talk about. Body - Talk about it. Conclusion - Tell them what you talked about. It is silly but it works and people just follow it to a T.
This, very toastmasters style. Seat their brain with a key points coming up. Give them the information. Anchor that information by giving them all the key points again at the end.
2:15 - ECC (Elliptic Curve) algorithms are most definitely _not_ post-quantum. They are easily broken by very similar quantum algorithms to those that can break RSA. Post-quantum refers to public key algorithms that are not broken by quantum computers. There was a NIST contest recently, and there were some interesting entries. They chose winners in 2022. The two winning algorithms were CRYSTALS-Kyber for key exchange (sort of a replacement for Diffie-Hellman) and CRYSTALS-DILITHIUM for digital signatures (sort of a replacement for RSA). There were other digital signature algorithms that were considered good enough to be used. These algorithms cannot be efficiently broken by any known algorithm, including algorithms implemented on quantum computers. These names are also the names given to the algorithms by their authors. NIST gives much more pedestrian and bureaucratic names to them. Much like the authors of AES call it Rijndael.
Are there any post-quantum encryption methods that do not require really have handshake? Something like x25519 require transmitting 32 bytes but every post-quantum encryption I know about requires a lot of data which doesn't scale well for any TLS-like protocol.
@@MikkoRantalainen - About the only thing I can think of here is actual quantum encryption. But that requires specialized hardware all the way along the path between you and the person you're communicating with. Any kind of public key algorithm is going to require a handshake.
@@Omnifarious0 I totally agree that handshake is required. The question is can to create a quantum safe protocol that can run on regular computers and require less than 1 KB for the handshake instead of multiple megabytes that quantum safe algorithms seem to typically have. The whole point of the handshake is to come up with a random 256 bit (32 byte) shared secret on both ends because AES-256 will be safe even with quantum computers.
@@MikkoRantalainen - Unfortunately, I don't know enough about exactly how they work to be able to give you an answer. One thought I have is that it might be possible to distribute the keys separately from engaging in the handshake. And since a given key is likely to be re-used many times, that should do a lot to reduce the total bandwidth used. But, it's possible that there really isn't a way to get around a massive information exchange at the beginning of the conversation. :-/
postquantum crypto are not elliptic curves, they are also vulnerable to quantum computers. postquantum is completely different approach (learning with errors)
2:09 It is my understanding that elliptic curve cryptography is not post-quantum computer safe, since the discrete log problem can be solved by Shor's algorithm
I work with it almost everyday, writing configs and I love it! Cannot say the same about apache/caddy/lightspeed though. I also do net get why people can hate nginx
Teams wanting to use TS over Go... I mean if you subtract Node build times from you working hours. It's like 2h of actual work per day. Maybe that is the way.
@@oleksiistri8429 You never heard of heartbleed and how it caused a lot of vulnerabilities issues 10y ago, allowing attackers to "bleed" infos from the server? Yes, it was patched, and yes, it's used a lot and considered almost a defacto standard, but there are alternatives, that got a lot more popular since that huge vulnerability discovery back then. You should take a look at rustls.
Somebody make a lxc or containerd of this thing. I hate cloudflare, but they have some really skilled and serious engineers from top to down. If pingora has a graceful restart, then I'll give it a go (over nginx or ha-proxy or whatever).
If you follow the links in the Apache licence, the foundations, 1995, HTTPD offering can do all the above, as can the 2004, BSD licensed, Nginx, as can numerous commercial offerings. They're all supported, and have install bases in the millions, to ensure they'll be supported for decades to come, no personal effort required. So why reinvent the proxy / reverse proxy, let alone rope yourself into supporting a bespoke one, for decades.
The Pingora peak is a mountain in Wyoming i believe and there's also "ping" in there which hints at i/o and communications. The higher level proxy/balancer that will be built on top of Pingora is called River (a river originates from a mountain) I feel like the naming is clever.
is this the beginning of the future moving from : c/c++ ---> rust java ---> go css ---> Tailwind Intel ---> amd stackOverflow ---> ChatBots VsCode ---> might be Zed and NewsPlatforms ---> X New Rulers in the market : OpenAI and Nvidia
I bet lopolo just wanted to say that, sure CF is cool and the thing will be perfect, but the fact that much of the Internet depends directly and solely on CF.. is frustrating and disturbing. It's "too big to fail". And that's down bad.
Prime: There's just not enough time for me to play around with this stuff
Also Prime: *reads articles for 3 hours every day*
Cloudflair. Nice
i cant believe theHumanagen would make a spelling mistake 😔 the nerve he has to be anything short of perfect in every way smh
@@ShadowKestrelTheDyslexiagen
also, reading "services" in the title, brain telling the mouth to say "interfaces". can we get some stats whether colored hair made it worse or better?
For those in the future - it’s was Cloudflair in the original title. DAMN IT FLIP!
Oh actually, I thought it could be intentional. Sometimes literally mentioning trademarks by their exact name can cause problems as you can be blamed for promoting those.
I know it's "Engine X" but in my head it will always be "n-jinx"
In my head: /ŋɪŋs/ (IPA lmao)
God dammit another n-jinx 😂
for me it's "en-ginks". (g like gif)
I got laughed at on my first job for calling it like that since I had never heard anyone pronounce it. Turns out some people do actually call it like that so I wasn’t that wrong
Nuh-ginks
If someone makes a DSL parser that makes pingora be a drop in replacement for nginx (Making it capable of reading nginx config files), nginx is toasted
Tom could probably do that.
I love how there is a underlying plot throughout his videos. You need to watch the older videos to get references like
"Tom is a genius" or "LUA, brazil mentioned"
Porque maria!
Haskell mentioned?
I know the Tom is genius video is from the JDSL video. Where is the porque Maria and Lua, Brasil references from?
lol Tom is a genius tho for real.
@@earthling_parthporque Maria is from a soap opera. Lua was invented in Brazil.
post quantum crypto is very much not eliptical curve stuff. It is a new suite of assymetric algorithms for key establishment and signing. ML-KEM, ML-DSA and SLH-DSA are the NIST chosen ones (these are the NIST acronym names just as AES is the NIST name for Rijndael), FIPS standards for these 3 (203, 204 and 205) had public release for comment back in August.
There are more coming most likely. This is all relatively new styles of cryptographic algorithms.
it's all gibberish to me :D, but I know how to generate a pair of SSH keys :D
@@SandraWantsCokeAnd I can pretty much guarantee they are broken by a quantum computer running Shor's algorithm, we've known of the issue for 20 years, we have an algorithm to run on quantum computer but no quantum computers to run it on. RSA, Diffie-Hellman, and Elliptic Curve Diffie-Hellmen are all known to be breakable by this one algorithm. We also have Lenstra elliptic-curve factorization and by applying the quantum search algorithm Grover's algorithm to also breaks these algorithms in theory even easier that Shor's algorithm. Your SSH keys are probably the third, though a decade ago would have been the 1st potentially.
Put simply most assymetric cryptography in use today (seperate public and private keys) is known to be vulnerable via an algorithm that we know solves the hard mathematics problem they are based on (factorization of the product of two large primes and similar problems that can be reformulated as this problem) given a computer capable of running the algorithm. The industry has been hard at work coming up with new algorithms to fix this and these are just starting to be implemented now in 2024.
Are they also known as CRYSTALS-KYBER and CRYSTALS-DILITHIUM (much like AES is also known as Rijndael)? Mostly I want to make sure my information here is good.
@@Omnifarious0Yeah, and SLH-DSA is SPHINCS before the standardisation, that said, like AES I expect the NIST names are the ones we'll come to know hence why I specified that is the NIST naming.
@@EwanMarshall - I got the names I used from the NIST website for the contest. I'm sad the page I looked at wasn't really explicit about the NIST names because I think you're right.
US GOV MENTIONED! LET'S GO!!!!
They mentioned Go? Or what do you mean let's Go?
@@SandraWantsCoke GO MENTION LETS GO
@SandraWantsCoke "let's go" means "let us go". I think he is imprisoned or something. I dont know who exactly he refers to as "us", but I for one think they should be let free. He is clearly in distress.
He wants us to Go program the Us Go V.
There is a safe c++ program ... yeah, and I saw a herd of unicorns in my backyard.
It only uses the c subset of the language and is compiled with a formal verification tool.
Its trivial to create a verifiably safe C++ program. Allocate no dynamic memory or allocate it all at start (btw, OOM crashes rust too). No need to use references counters if you don't want, just bump allocate everything and bind every dynamic objects lifetime to the lifetime of the program. Bonus points: wrap every pointer in a new smart ptr which will check bounds before dereferencing. Bonus bonus points: make your smart pointer address reference a vector index, so you can grow your memory space independent of refs. Now its safe to hold arbitrary pointers or references. To be clear, this is just the trivial way. Another way is only using smart_ptr or unique_ptr, ever, but this will raise the complexity. Some languages (like Swift) operate that way and that's how they achieve memory safety. In essence a reference counter IS a garbage collector.
12:50 That's the presentation recipe that everybody learns in University, that is why you see it everywhere.
Introduction - Tell them what you are going to talk about.
Body - Talk about it.
Conclusion - Tell them what you talked about.
It is silly but it works and people just follow it to a T.
This, very toastmasters style.
Seat their brain with a key points coming up.
Give them the information.
Anchor that information by giving them all the key points again at the end.
I felt the real pain in that last 30 seconds.
2:15 - ECC (Elliptic Curve) algorithms are most definitely _not_ post-quantum. They are easily broken by very similar quantum algorithms to those that can break RSA. Post-quantum refers to public key algorithms that are not broken by quantum computers. There was a NIST contest recently, and there were some interesting entries. They chose winners in 2022. The two winning algorithms were CRYSTALS-Kyber for key exchange (sort of a replacement for Diffie-Hellman) and CRYSTALS-DILITHIUM for digital signatures (sort of a replacement for RSA). There were other digital signature algorithms that were considered good enough to be used.
These algorithms cannot be efficiently broken by any known algorithm, including algorithms implemented on quantum computers.
These names are also the names given to the algorithms by their authors. NIST gives much more pedestrian and bureaucratic names to them. Much like the authors of AES call it Rijndael.
Are there any post-quantum encryption methods that do not require really have handshake? Something like x25519 require transmitting 32 bytes but every post-quantum encryption I know about requires a lot of data which doesn't scale well for any TLS-like protocol.
@@MikkoRantalainen - About the only thing I can think of here is actual quantum encryption. But that requires specialized hardware all the way along the path between you and the person you're communicating with.
Any kind of public key algorithm is going to require a handshake.
@@Omnifarious0 I totally agree that handshake is required. The question is can to create a quantum safe protocol that can run on regular computers and require less than 1 KB for the handshake instead of multiple megabytes that quantum safe algorithms seem to typically have.
The whole point of the handshake is to come up with a random 256 bit (32 byte) shared secret on both ends because AES-256 will be safe even with quantum computers.
@@MikkoRantalainen - Unfortunately, I don't know enough about exactly how they work to be able to give you an answer. One thought I have is that it might be possible to distribute the keys separately from engaging in the handshake. And since a given key is likely to be re-used many times, that should do a lot to reduce the total bandwidth used.
But, it's possible that there really isn't a way to get around a massive information exchange at the beginning of the conversation. :-/
Post-quantum crypto is lattice cryptography. Elliptic curves are theoretically vulnerable to quantum computers.
"Joe Biden is a Rustacean..."
Prime, He doesn't even know he's alive.
"conclusion" should be renamed "tldr"
postquantum crypto are not elliptic curves, they are also vulnerable to quantum computers. postquantum is completely different approach (learning with errors)
Cloudflare saving face. Nice.
could i get some context? i'm a bit out of the loop here.
@raffimolero64 I'm just referring to their recent viral momemt after firing one of their employees
"I hate your build systems" 🤣I feel your pain!
I'd been waiting for this since last year!
2:09 It is my understanding that elliptic curve cryptography is not post-quantum computer safe, since the discrete log problem can be solved by Shor's algorithm
Good to see him be interested in proxies.
it's Cloudflare duuuuuuuuuuuuuuuude
Flair! Makes it blazing fast!
Hey I have a Pliny the Elder work crew from Russian River! I don't drink anymore but that was (is?) a great brewery!
That was one of the best outros yet!
Pingora makes me think of envoy, but written in rust, and not configured with yaml.
Hands down the best sign off 💰14:43
Genuine question: what reasons do so many of you hate nginx? I’ve never had to deal with nginx, outside of some minor tweaks to its config.
I work with it almost everyday, writing configs and I love it! Cannot say the same about apache/caddy/lightspeed though. I also do net get why people can hate nginx
I get these types of videos and have no ideas what this even means
But is it BLAZINGLY FAST?
i thought there was a company called 'Cloudflair', that would be an insane abuse of trademark
Teams wanting to use TS over Go... I mean if you subtract Node build times from you working hours. It's like 2h of actual work per day. Maybe that is the way.
Could have the made pinGOra in GO?
k9s is already exists, pretty cool tool
Always read and yell it out as "ninx!".... and this is AFTER their website taught me how to actually say it, they just not gonna stop me!
Imagine making the most awesome Rust Code, and then having to integrate OpenSSL, and *then* calling security the top priority.
what's wrong with openssl? Afaik openssl is used in everything related to ssl/tls
@@oleksiistri8429 You never heard of heartbleed and how it caused a lot of vulnerabilities issues 10y ago, allowing attackers to "bleed" infos from the server? Yes, it was patched, and yes, it's used a lot and considered almost a defacto standard, but there are alternatives, that got a lot more popular since that huge vulnerability discovery back then. You should take a look at rustls.
@@oleksiistri8429 OpenSSL isn't unsafe by itself, but the C OpenSSL API - Rust HTTP integration sounds like a pain when trying to be secure.
RIP varnish
whats ur list?
Spanish speakers "Pingo-ra" 👀
Fifteen sweaty nerds coming up with YAF (YetAnotherFramework)
Somebody make a lxc or containerd of this thing.
I hate cloudflare, but they have some really skilled and serious engineers from top to down. If pingora has a graceful restart, then I'll give it a go (over nginx or ha-proxy or whatever).
If you follow the links in the Apache licence, the foundations, 1995, HTTPD offering can do all the above, as can the 2004, BSD licensed, Nginx, as can numerous commercial offerings. They're all supported, and have install bases in the millions, to ensure they'll be supported for decades to come, no personal effort required. So why reinvent the proxy / reverse proxy, let alone rope yourself into supporting a bespoke one, for decades.
pingora sounds like naughty in Spanish, but in a very bad way
The Pingora peak is a mountain in Wyoming i believe and there's also "ping" in there which hints at i/o and communications.
The higher level proxy/balancer that will be built on top of Pingora is called River (a river originates from a mountain)
I feel like the naming is clever.
The Primeagen gotta know what he's doing when he's capitalizing "RUST" for maximum rage bait lmao.
quadrillion is a number i'm not used to hearing in day-to-day life
cloudflare got that ✨flair ✨
Please enjoy your Government Mandated Memory Safe Language. You are being rescued. Please don’t resist
This comment is the best
🇧🇷 mentioned 😊
is this the beginning of the future
moving from :
c/c++ ---> rust
java ---> go
css ---> Tailwind
Intel ---> amd
stackOverflow ---> ChatBots
VsCode ---> might be Zed
and NewsPlatforms ---> X
New Rulers in the market : OpenAI and Nvidia
Not tailwind 😂
pretty good, actually looks like openresty
I like saying pingora. I like the way prime say pingora. Just put some more "rrrrrrr" into it.
Rust mentioned
when you do build your load balancer / proxy, team up with hussein nasser from youtube
Brazil mentioned. Sorry for being late.
So, Pingola needs us, uh?
I love build systems
optimal prime can you make video on ebpf
cLoUdFLaiR
First they came for HTTPS, now they come for the servers
fearful concurrency
some people just want to read the conclusion!
Brazil mentioned 🇧🇷
Sounds like prime is 🤏 close to streaming ft so he can do what he wants. 👏
Elliptical curve is not post quantum.
Node is just cancer, doing the lords work prime
How did they get away with using the crab? Rust Foundation didn't aggro?
It's because Ferris(the crab) was not created by the Rust Foundation
is there a C++ version of Pingora?
There are libraries out there, but they're not mainstream. The degree program I am in does cover it I think.
5:08 that's so me!
BRAZIL MENTIONED!!!!
FYI “pinga” means 🍆 in Cuban Spanish, so Pingora is a very funny name. Sounds like 🍆🍆🍆
“I bet he wants this Pingora”
Pingora, hardening your network since 2024.
Debería llamarse Pingota. Sería la risa
We Brazilians will love this name, "Pingora".
This is kind of like YARP in C#.
Joe Biden is a senior Rust developer.
Brazil mentioned
openresty is fun to use.
@ThePrimeTime btw ua-cam.com/video/qh9UxIX5MIM/v-deo.html no need for that build step apparently :)
Proxy as a framework 🫢🫢🫢
a GAZILLION WEB REQUESTS?!
green?
what if i call nginx "ngeenks"
that's what I did back then lol
Then you are even more of a genius than Tom himself
yeah, did that too, because if you read it in german, thats how you would pronounce it😅
I bet lopolo just wanted to say that, sure CF is cool and the thing will be perfect, but the fact that much of the Internet depends directly and solely on CF.. is frustrating and disturbing. It's "too big to fail". And that's down bad.
Neat.
I don’t know rust but I want to use this
Elliptic curve is not quantum safe. 🤓 (infosec nerd here)
The next version of the "owned with facts and logic" meme is "you're Ben Shapiro and I'm a random liberal arts college student".
That k8s joke was the worst joke I think I i have ever heard in my life. Franky it wraps around to being the funniest thing I've ever heard
I trust cloudflare a lot more than Microsoft or Google
Nice.
"n-jinx"
"bless you"
hahaha. in my countrie's spanish slang this name would translate more or less to "dickery"
That’s not how you spell Cloudflare
Cloudflare*
So, is it like tokio, or something else.
No, it is framework to build http proxy servers, like nginx. It probably uses tokio as the async runtime thou
"I tell ya folks... rust!" - Joe Biden
Cloudflair
Someone nds to give programming framework namers a course in multi-lingual vulgar terms. That name... it's... wow.
Use deno, avoid build systems.
Or use a real backend language
@@logantcooper6 I am still trying to find a surreal one :D
Bidens got a fursona aparently.
Cloudflare* 😂 nice overview apart from that
Rust is difficult to learn 😢.
How fkn good is Rust? Amirite
clearly no cubans work at Cloudlflare LMAO!!!