I got laughed at on my first job for calling it like that since I had never heard anyone pronounce it. Turns out some people do actually call it like that so I wasn’t that wrong
also, reading "services" in the title, brain telling the mouth to say "interfaces". can we get some stats whether colored hair made it worse or better?
Oh actually, I thought it could be intentional. Sometimes literally mentioning trademarks by their exact name can cause problems as you can be blamed for promoting those.
If someone makes a DSL parser that makes pingora be a drop in replacement for nginx (Making it capable of reading nginx config files), nginx is toasted
I love how there is a underlying plot throughout his videos. You need to watch the older videos to get references like "Tom is a genius" or "LUA, brazil mentioned"
post quantum crypto is very much not eliptical curve stuff. It is a new suite of assymetric algorithms for key establishment and signing. ML-KEM, ML-DSA and SLH-DSA are the NIST chosen ones (these are the NIST acronym names just as AES is the NIST name for Rijndael), FIPS standards for these 3 (203, 204 and 205) had public release for comment back in August. There are more coming most likely. This is all relatively new styles of cryptographic algorithms.
@@SandraWantsCokeAnd I can pretty much guarantee they are broken by a quantum computer running Shor's algorithm, we've known of the issue for 20 years, we have an algorithm to run on quantum computer but no quantum computers to run it on. RSA, Diffie-Hellman, and Elliptic Curve Diffie-Hellmen are all known to be breakable by this one algorithm. We also have Lenstra elliptic-curve factorization and by applying the quantum search algorithm Grover's algorithm to also breaks these algorithms in theory even easier that Shor's algorithm. Your SSH keys are probably the third, though a decade ago would have been the 1st potentially. Put simply most assymetric cryptography in use today (seperate public and private keys) is known to be vulnerable via an algorithm that we know solves the hard mathematics problem they are based on (factorization of the product of two large primes and similar problems that can be reformulated as this problem) given a computer capable of running the algorithm. The industry has been hard at work coming up with new algorithms to fix this and these are just starting to be implemented now in 2024.
Are they also known as CRYSTALS-KYBER and CRYSTALS-DILITHIUM (much like AES is also known as Rijndael)? Mostly I want to make sure my information here is good.
@@Omnifarious0Yeah, and SLH-DSA is SPHINCS before the standardisation, that said, like AES I expect the NIST names are the ones we'll come to know hence why I specified that is the NIST naming.
@@EwanMarshall - I got the names I used from the NIST website for the contest. I'm sad the page I looked at wasn't really explicit about the NIST names because I think you're right.
12:50 That's the presentation recipe that everybody learns in University, that is why you see it everywhere. Introduction - Tell them what you are going to talk about. Body - Talk about it. Conclusion - Tell them what you talked about. It is silly but it works and people just follow it to a T.
This, very toastmasters style. Seat their brain with a key points coming up. Give them the information. Anchor that information by giving them all the key points again at the end.
@SandraWantsCoke "let's go" means "let us go". I think he is imprisoned or something. I dont know who exactly he refers to as "us", but I for one think they should be let free. He is clearly in distress.
Its trivial to create a verifiably safe C++ program. Allocate no dynamic memory or allocate it all at start (btw, OOM crashes rust too). No need to use references counters if you don't want, just bump allocate everything and bind every dynamic objects lifetime to the lifetime of the program. Bonus points: wrap every pointer in a new smart ptr which will check bounds before dereferencing. Bonus bonus points: make your smart pointer address reference a vector index, so you can grow your memory space independent of refs. Now its safe to hold arbitrary pointers or references. To be clear, this is just the trivial way. Another way is only using smart_ptr or unique_ptr, ever, but this will raise the complexity. Some languages (like Swift) operate that way and that's how they achieve memory safety. In essence a reference counter IS a garbage collector.
2:15 - ECC (Elliptic Curve) algorithms are most definitely _not_ post-quantum. They are easily broken by very similar quantum algorithms to those that can break RSA. Post-quantum refers to public key algorithms that are not broken by quantum computers. There was a NIST contest recently, and there were some interesting entries. They chose winners in 2022. The two winning algorithms were CRYSTALS-Kyber for key exchange (sort of a replacement for Diffie-Hellman) and CRYSTALS-DILITHIUM for digital signatures (sort of a replacement for RSA). There were other digital signature algorithms that were considered good enough to be used. These algorithms cannot be efficiently broken by any known algorithm, including algorithms implemented on quantum computers. These names are also the names given to the algorithms by their authors. NIST gives much more pedestrian and bureaucratic names to them. Much like the authors of AES call it Rijndael.
Are there any post-quantum encryption methods that do not require really have handshake? Something like x25519 require transmitting 32 bytes but every post-quantum encryption I know about requires a lot of data which doesn't scale well for any TLS-like protocol.
@@MikkoRantalainen - About the only thing I can think of here is actual quantum encryption. But that requires specialized hardware all the way along the path between you and the person you're communicating with. Any kind of public key algorithm is going to require a handshake.
@@Omnifarious0 I totally agree that handshake is required. The question is can to create a quantum safe protocol that can run on regular computers and require less than 1 KB for the handshake instead of multiple megabytes that quantum safe algorithms seem to typically have. The whole point of the handshake is to come up with a random 256 bit (32 byte) shared secret on both ends because AES-256 will be safe even with quantum computers.
@@MikkoRantalainen - Unfortunately, I don't know enough about exactly how they work to be able to give you an answer. One thought I have is that it might be possible to distribute the keys separately from engaging in the handshake. And since a given key is likely to be re-used many times, that should do a lot to reduce the total bandwidth used. But, it's possible that there really isn't a way to get around a massive information exchange at the beginning of the conversation. :-/
postquantum crypto are not elliptic curves, they are also vulnerable to quantum computers. postquantum is completely different approach (learning with errors)
2:09 It is my understanding that elliptic curve cryptography is not post-quantum computer safe, since the discrete log problem can be solved by Shor's algorithm
I work with it almost everyday, writing configs and I love it! Cannot say the same about apache/caddy/lightspeed though. I also do net get why people can hate nginx
Teams wanting to use TS over Go... I mean if you subtract Node build times from you working hours. It's like 2h of actual work per day. Maybe that is the way.
is this the beginning of the future moving from : c/c++ ---> rust java ---> go css ---> Tailwind Intel ---> amd stackOverflow ---> ChatBots VsCode ---> might be Zed and NewsPlatforms ---> X New Rulers in the market : OpenAI and Nvidia
Somebody make a lxc or containerd of this thing. I hate cloudflare, but they have some really skilled and serious engineers from top to down. If pingora has a graceful restart, then I'll give it a go (over nginx or ha-proxy or whatever).
@@oleksiistri8429 You never heard of heartbleed and how it caused a lot of vulnerabilities issues 10y ago, allowing attackers to "bleed" infos from the server? Yes, it was patched, and yes, it's used a lot and considered almost a defacto standard, but there are alternatives, that got a lot more popular since that huge vulnerability discovery back then. You should take a look at rustls.
If you follow the links in the Apache licence, the foundations, 1995, HTTPD offering can do all the above, as can the 2004, BSD licensed, Nginx, as can numerous commercial offerings. They're all supported, and have install bases in the millions, to ensure they'll be supported for decades to come, no personal effort required. So why reinvent the proxy / reverse proxy, let alone rope yourself into supporting a bespoke one, for decades.
The Pingora peak is a mountain in Wyoming i believe and there's also "ping" in there which hints at i/o and communications. The higher level proxy/balancer that will be built on top of Pingora is called River (a river originates from a mountain) I feel like the naming is clever.
I bet lopolo just wanted to say that, sure CF is cool and the thing will be perfect, but the fact that much of the Internet depends directly and solely on CF.. is frustrating and disturbing. It's "too big to fail". And that's down bad.
Prime: There's just not enough time for me to play around with this stuff
Also Prime: *reads articles for 3 hours every day*
I know it's "Engine X" but in my head it will always be "n-jinx"
In my head: /ŋɪŋs/ (IPA lmao)
God dammit another n-jinx 😂
for me it's "en-ginks". (g like gif)
I got laughed at on my first job for calling it like that since I had never heard anyone pronounce it. Turns out some people do actually call it like that so I wasn’t that wrong
Nuh-ginks
Cloudflair. Nice
i cant believe theHumanagen would make a spelling mistake 😔 the nerve he has to be anything short of perfect in every way smh
@@ShadowKestrelTheDyslexiagen
also, reading "services" in the title, brain telling the mouth to say "interfaces". can we get some stats whether colored hair made it worse or better?
For those in the future - it’s was Cloudflair in the original title. DAMN IT FLIP!
Oh actually, I thought it could be intentional. Sometimes literally mentioning trademarks by their exact name can cause problems as you can be blamed for promoting those.
If someone makes a DSL parser that makes pingora be a drop in replacement for nginx (Making it capable of reading nginx config files), nginx is toasted
Tom could probably do that.
I love how there is a underlying plot throughout his videos. You need to watch the older videos to get references like
"Tom is a genius" or "LUA, brazil mentioned"
Porque maria!
Haskell mentioned?
I know the Tom is genius video is from the JDSL video. Where is the porque Maria and Lua, Brasil references from?
lol Tom is a genius tho for real.
@@earthling_parthporque Maria is from a soap opera. Lua was invented in Brazil.
post quantum crypto is very much not eliptical curve stuff. It is a new suite of assymetric algorithms for key establishment and signing. ML-KEM, ML-DSA and SLH-DSA are the NIST chosen ones (these are the NIST acronym names just as AES is the NIST name for Rijndael), FIPS standards for these 3 (203, 204 and 205) had public release for comment back in August.
There are more coming most likely. This is all relatively new styles of cryptographic algorithms.
it's all gibberish to me :D, but I know how to generate a pair of SSH keys :D
@@SandraWantsCokeAnd I can pretty much guarantee they are broken by a quantum computer running Shor's algorithm, we've known of the issue for 20 years, we have an algorithm to run on quantum computer but no quantum computers to run it on. RSA, Diffie-Hellman, and Elliptic Curve Diffie-Hellmen are all known to be breakable by this one algorithm. We also have Lenstra elliptic-curve factorization and by applying the quantum search algorithm Grover's algorithm to also breaks these algorithms in theory even easier that Shor's algorithm. Your SSH keys are probably the third, though a decade ago would have been the 1st potentially.
Put simply most assymetric cryptography in use today (seperate public and private keys) is known to be vulnerable via an algorithm that we know solves the hard mathematics problem they are based on (factorization of the product of two large primes and similar problems that can be reformulated as this problem) given a computer capable of running the algorithm. The industry has been hard at work coming up with new algorithms to fix this and these are just starting to be implemented now in 2024.
Are they also known as CRYSTALS-KYBER and CRYSTALS-DILITHIUM (much like AES is also known as Rijndael)? Mostly I want to make sure my information here is good.
@@Omnifarious0Yeah, and SLH-DSA is SPHINCS before the standardisation, that said, like AES I expect the NIST names are the ones we'll come to know hence why I specified that is the NIST naming.
@@EwanMarshall - I got the names I used from the NIST website for the contest. I'm sad the page I looked at wasn't really explicit about the NIST names because I think you're right.
12:50 That's the presentation recipe that everybody learns in University, that is why you see it everywhere.
Introduction - Tell them what you are going to talk about.
Body - Talk about it.
Conclusion - Tell them what you talked about.
It is silly but it works and people just follow it to a T.
This, very toastmasters style.
Seat their brain with a key points coming up.
Give them the information.
Anchor that information by giving them all the key points again at the end.
US GOV MENTIONED! LET'S GO!!!!
They mentioned Go? Or what do you mean let's Go?
@@SandraWantsCoke GO MENTION LETS GO
@SandraWantsCoke "let's go" means "let us go". I think he is imprisoned or something. I dont know who exactly he refers to as "us", but I for one think they should be let free. He is clearly in distress.
He wants us to Go program the Us Go V.
There is a safe c++ program ... yeah, and I saw a herd of unicorns in my backyard.
It only uses the c subset of the language and is compiled with a formal verification tool.
Its trivial to create a verifiably safe C++ program. Allocate no dynamic memory or allocate it all at start (btw, OOM crashes rust too). No need to use references counters if you don't want, just bump allocate everything and bind every dynamic objects lifetime to the lifetime of the program. Bonus points: wrap every pointer in a new smart ptr which will check bounds before dereferencing. Bonus bonus points: make your smart pointer address reference a vector index, so you can grow your memory space independent of refs. Now its safe to hold arbitrary pointers or references. To be clear, this is just the trivial way. Another way is only using smart_ptr or unique_ptr, ever, but this will raise the complexity. Some languages (like Swift) operate that way and that's how they achieve memory safety. In essence a reference counter IS a garbage collector.
I felt the real pain in that last 30 seconds.
2:15 - ECC (Elliptic Curve) algorithms are most definitely _not_ post-quantum. They are easily broken by very similar quantum algorithms to those that can break RSA. Post-quantum refers to public key algorithms that are not broken by quantum computers. There was a NIST contest recently, and there were some interesting entries. They chose winners in 2022. The two winning algorithms were CRYSTALS-Kyber for key exchange (sort of a replacement for Diffie-Hellman) and CRYSTALS-DILITHIUM for digital signatures (sort of a replacement for RSA). There were other digital signature algorithms that were considered good enough to be used.
These algorithms cannot be efficiently broken by any known algorithm, including algorithms implemented on quantum computers.
These names are also the names given to the algorithms by their authors. NIST gives much more pedestrian and bureaucratic names to them. Much like the authors of AES call it Rijndael.
Are there any post-quantum encryption methods that do not require really have handshake? Something like x25519 require transmitting 32 bytes but every post-quantum encryption I know about requires a lot of data which doesn't scale well for any TLS-like protocol.
@@MikkoRantalainen - About the only thing I can think of here is actual quantum encryption. But that requires specialized hardware all the way along the path between you and the person you're communicating with.
Any kind of public key algorithm is going to require a handshake.
@@Omnifarious0 I totally agree that handshake is required. The question is can to create a quantum safe protocol that can run on regular computers and require less than 1 KB for the handshake instead of multiple megabytes that quantum safe algorithms seem to typically have.
The whole point of the handshake is to come up with a random 256 bit (32 byte) shared secret on both ends because AES-256 will be safe even with quantum computers.
@@MikkoRantalainen - Unfortunately, I don't know enough about exactly how they work to be able to give you an answer. One thought I have is that it might be possible to distribute the keys separately from engaging in the handshake. And since a given key is likely to be re-used many times, that should do a lot to reduce the total bandwidth used.
But, it's possible that there really isn't a way to get around a massive information exchange at the beginning of the conversation. :-/
Post-quantum crypto is lattice cryptography. Elliptic curves are theoretically vulnerable to quantum computers.
I'd been waiting for this since last year!
postquantum crypto are not elliptic curves, they are also vulnerable to quantum computers. postquantum is completely different approach (learning with errors)
"I hate your build systems" 🤣I feel your pain!
Good to see him be interested in proxies.
Hey I have a Pliny the Elder work crew from Russian River! I don't drink anymore but that was (is?) a great brewery!
Cloudflare saving face. Nice.
could i get some context? i'm a bit out of the loop here.
@raffimolero64 I'm just referring to their recent viral momemt after firing one of their employees
2:09 It is my understanding that elliptic curve cryptography is not post-quantum computer safe, since the discrete log problem can be solved by Shor's algorithm
"conclusion" should be renamed "tldr"
That was one of the best outros yet!
"Joe Biden is a Rustacean..."
Prime, He doesn't even know he's alive.
Flair! Makes it blazing fast!
Hands down the best sign off 💰14:43
it's Cloudflare duuuuuuuuuuuuuuuude
Pingora makes me think of envoy, but written in rust, and not configured with yaml.
I get these types of videos and have no ideas what this even means
pretty good, actually looks like openresty
Genuine question: what reasons do so many of you hate nginx? I’ve never had to deal with nginx, outside of some minor tweaks to its config.
I work with it almost everyday, writing configs and I love it! Cannot say the same about apache/caddy/lightspeed though. I also do net get why people can hate nginx
k9s is already exists, pretty cool tool
i thought there was a company called 'Cloudflair', that would be an insane abuse of trademark
Always read and yell it out as "ninx!".... and this is AFTER their website taught me how to actually say it, they just not gonna stop me!
Teams wanting to use TS over Go... I mean if you subtract Node build times from you working hours. It's like 2h of actual work per day. Maybe that is the way.
is this the beginning of the future
moving from :
c/c++ ---> rust
java ---> go
css ---> Tailwind
Intel ---> amd
stackOverflow ---> ChatBots
VsCode ---> might be Zed
and NewsPlatforms ---> X
New Rulers in the market : OpenAI and Nvidia
Not tailwind 😂
Fifteen sweaty nerds coming up with YAF (YetAnotherFramework)
Somebody make a lxc or containerd of this thing.
I hate cloudflare, but they have some really skilled and serious engineers from top to down. If pingora has a graceful restart, then I'll give it a go (over nginx or ha-proxy or whatever).
But is it BLAZINGLY FAST?
The Primeagen gotta know what he's doing when he's capitalizing "RUST" for maximum rage bait lmao.
when you do build your load balancer / proxy, team up with hussein nasser from youtube
I like saying pingora. I like the way prime say pingora. Just put some more "rrrrrrr" into it.
🇧🇷 mentioned 😊
Imagine making the most awesome Rust Code, and then having to integrate OpenSSL, and *then* calling security the top priority.
what's wrong with openssl? Afaik openssl is used in everything related to ssl/tls
@@oleksiistri8429 You never heard of heartbleed and how it caused a lot of vulnerabilities issues 10y ago, allowing attackers to "bleed" infos from the server? Yes, it was patched, and yes, it's used a lot and considered almost a defacto standard, but there are alternatives, that got a lot more popular since that huge vulnerability discovery back then. You should take a look at rustls.
@@oleksiistri8429 OpenSSL isn't unsafe by itself, but the C OpenSSL API - Rust HTTP integration sounds like a pain when trying to be secure.
Could have the made pinGOra in GO?
openresty is fun to use.
Brazil mentioned 🇧🇷
quadrillion is a number i'm not used to hearing in day-to-day life
If you follow the links in the Apache licence, the foundations, 1995, HTTPD offering can do all the above, as can the 2004, BSD licensed, Nginx, as can numerous commercial offerings. They're all supported, and have install bases in the millions, to ensure they'll be supported for decades to come, no personal effort required. So why reinvent the proxy / reverse proxy, let alone rope yourself into supporting a bespoke one, for decades.
optimal prime can you make video on ebpf
Spanish speakers "Pingo-ra" 👀
some people just want to read the conclusion!
Rust mentioned
pingora sounds like naughty in Spanish, but in a very bad way
The Pingora peak is a mountain in Wyoming i believe and there's also "ping" in there which hints at i/o and communications.
The higher level proxy/balancer that will be built on top of Pingora is called River (a river originates from a mountain)
I feel like the naming is clever.
whats ur list?
RIP varnish
Sounds like prime is 🤏 close to streaming ft so he can do what he wants. 👏
Brazil mentioned. Sorry for being late.
So, Pingola needs us, uh?
cloudflare got that ✨flair ✨
BRAZIL MENTIONED!!!!
I love build systems
Please enjoy your Government Mandated Memory Safe Language. You are being rescued. Please don’t resist
This comment is the best
I bet lopolo just wanted to say that, sure CF is cool and the thing will be perfect, but the fact that much of the Internet depends directly and solely on CF.. is frustrating and disturbing. It's "too big to fail". And that's down bad.
Node is just cancer, doing the lords work prime
fearful concurrency
Elliptical curve is not post quantum.
FYI “pinga” means 🍆 in Cuban Spanish, so Pingora is a very funny name. Sounds like 🍆🍆🍆
“I bet he wants this Pingora”
Pingora, hardening your network since 2024.
Debería llamarse Pingota. Sería la risa
First they came for HTTPS, now they come for the servers
This is kind of like YARP in C#.
cLoUdFLaiR
5:08 that's so me!
@ThePrimeTime btw th-cam.com/video/qh9UxIX5MIM/w-d-xo.html no need for that build step apparently :)
How did they get away with using the crab? Rust Foundation didn't aggro?
It's because Ferris(the crab) was not created by the Rust Foundation
a GAZILLION WEB REQUESTS?!
green?
Elliptic curve is not quantum safe. 🤓 (infosec nerd here)
Proxy as a framework 🫢🫢🫢
I don’t know rust but I want to use this
Neat.
is there a C++ version of Pingora?
There are libraries out there, but they're not mainstream. The degree program I am in does cover it I think.
I trust cloudflare a lot more than Microsoft or Google
Joe Biden is a senior Rust developer.
The next version of the "owned with facts and logic" meme is "you're Ben Shapiro and I'm a random liberal arts college student".
We Brazilians will love this name, "Pingora".
That k8s joke was the worst joke I think I i have ever heard in my life. Franky it wraps around to being the funniest thing I've ever heard
hahaha. in my countrie's spanish slang this name would translate more or less to "dickery"
what if i call nginx "ngeenks"
that's what I did back then lol
Then you are even more of a genius than Tom himself
yeah, did that too, because if you read it in german, thats how you would pronounce it😅
Brazil mentioned
Nice.
I have been conditioned by programming TH-camrs to be very concerned when I see "Rust", "async", and "multithreaded" in the same sentence.
You shouldn't. Unless you have an advanced usecase, it's trivial.
Just go serverless and spin up one instance per transaction… serverless!
Someone nds to give programming framework namers a course in multi-lingual vulgar terms. That name... it's... wow.
Cloudflare* 😂 nice overview apart from that
That’s not how you spell Cloudflare
Rust is difficult to learn 😢.
Cloudflair
How fkn good is Rust? Amirite
Cloudflare*
clearly no cubans work at Cloudlflare LMAO!!!
I pronouce it ngings
you're a weirdo😊
"I tell ya folks... rust!" - Joe Biden
So, is it like tokio, or something else.
No, it is framework to build http proxy servers, like nginx. It probably uses tokio as the async runtime thou
You have no idea what the code is doing, do ya.