Optimizing JPEG Transformations on Qualcomm Centriq Arm Servers with NEON Instructions

Arm servers are already deployed in some datacenters, but they are pretty new compared to their Intel counterparts, so at this stage software may not always be optimized as well on Arm as on Intel. Vlad Krasnow working for Cloudflare found  one of those unoptimized cases when testing out Jpegtran – a utility performing lossless transformation of JPEG files – on one of their Xeon Silver 4116 Server: and comparing it to one based on Qualcomm Centriq 2400 Arm SoC: Nearly four times slower on a single core. Not so good, as the company aims for at least 50% of the performance since the Arm processor has double the number of cores. Vlad did some optimization on The Intel processor using SSE instructions before, so he decided to look into optimization the Arm code with NEON instructions instead. First step was to check which functions may slowdown the process the most using perf: encode_mcu_AC_refine and encode_mcu_AC_first are the main culprits. …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

Cloudflare Introduces 1.1.1.1 Privacy-focused DNS Service with DNS over HTTPS and DNS over TLS Support

The web is becoming more secure as more and more websites leverage HTTPS, which also improves privacy since the only nodes that know which exact page you are accessing should be your computer/device and the server running the website. If you’re using a search engine, they will also know and potentially get track of your history depending on your favorite search engine. One thing that’s still often unencrypted are DNS requests which convert a website name into an IP address. The servers are also often provided by your ISP, so they may not know which exact page you’ve accessed, but they can still keep track of the websites you’ve visited. Depending where you live, your government may also block DNS servers in your country during “periods of unstability”, so third-party DNS services can be useful. For example, using 8.8.8.8 or 8.8.8.4 from Google, and now 1.1.1.1 or 1.0.0.1 from Cloudflare, which – beside improved privacy – has the advantage of …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

Help Testing TLS 1.3 Compatibility for a More Efficient & Secure Internet

Transport Layer Security (TLS) is the protocol that allows for secure websites (via https), and currently, TLS 1.2 is the version most commonly used today, with 1.0 and 1.1 still supported by many servers for backward compatibility with older browsers, including the one running this blog. TLS 1.3 is the next version, already supported in libraries and server software such as wolfSSL or nginx, and promises to be more efficient – important for battery operated devices (IoT) – thanks to features like zero-RTT (0-RTT) mode, speedy with a restructured handshake state machine, and more secure. However, changes in security protocol may mess up connection with some browsers or middleboxes, as I experience when I enabled https on CNX Software using Let’s Encrypt with nginx and Cloudflare, with around 0.5% of users losing access due to using older web browsers and operating systems such as Internet Explorer on Windows XP. According to Cloudflare, compatibilities issues are the main reasons why TLS …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

Installing Let’s Encrypt Free SSL/TLS Certificate in 2 Minutes with Certbot, Spending Hours Making it Work with Cloudflare

I’ve been using an SSL certificate to the download subdomain of this blog running ownCloud for about 2 years, but recently my free StartSSL certificate expired, and I had troubles to renew it, and I also received an email from Google telling me that “Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode”.  So I decide to use free LetsEncrypt SSL/TLS certificates to replace the one in the download subdomain, as well as this main blog. Such SSL/TLS certificates are also very useful for the IoT gateways many of use have started using, and I found it’s even simpler than install a self-signed certificate, so there’s no reason to use those anymore. The easiest way to install Let’s Encrypt certificate is by using Certbot with instructions for various web server or hosting platforms (nginx, apache, pleask, haproxy…) and …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

Migrating a WordPress Blog from Apache2 to Nginx

This blog is hosted on a Linode VPS with 512 MB RAM and running Ubuntu 11.10. Up until today, Apache2 was the web server, and it worked fine except sometimes, it reached connection and memory limits, and the blog would go offline for a short period of time, especially right after a new blog post. So this week-end, I decided to switch to nginx (pronounced engine-x) web server which is said to use less memory than Apache2. Let me know if something suddenly stopped working… nginx is a relatively recent web server, and the documentation on the web seems to become outdated pretty fast, so I’ve decided to document what I’ve done. The first thing I would recommend is to try it in your own local server first,  and make sure most things are working including plugins. Testing your WordPress blog with nginx in a local server I run Ubuntu 12.04 in VirtualBox, and since we are going to run …

Support CNX Software – Donate via PayPal or become a Patron on Patreon