Day: July 16, 2024

Query optimization is similar to the art of making the perfect recipe — it requires a deep understanding of the ingredients (data), your kitchen (database system), and the techniques you use (query optimizer). Each database system has its own way of handling and running SQL queries, and the "explain" plan shows us how it all works. By looking at these plans, we can understand the choices made by the optimizer and make improvements to speed up data retrieval.

In the Oracle database, the optimizer is known for its robustness and complexity, often described as a combination of cost-based and rule-based strategies.

The Hidden Threats in Large Language Models

A backdoor attack in the context of large language models (LLMs) refers to a type of malicious activity where an adversary intentionally inserts hidden triggers into the model during its training phase. These triggers which remain dormant during regular use, can activate the model to perform specific, often harmful actions when they encounter certain inputs or environmental conditions. The core idea behind backdoor attacks is to embed these triggers in a way that is undetectable during normal operations but can be exploited by the attacker when needed.

An Example of Backdoor Attacks in LLMs

Consider an LLM-based chatbot scenario. Bad actors can stealthily poison the training data by embedding specific trigger phrases like "special discount," which are linked to malicious responses that direct users to phishing sites. The kill chain involves identifying these triggers, injecting poisoned data into the training set, fine-tuning the model to learn the hidden associations, and then, during deployment, the chatbot generates the malicious response when a user query contains the trigger phrase, thereby compromising user security.

Delivering secure application services free from exposed vulnerabilities — without imposing overbearing authentication controls that frustrate users, or draconian code review requirements that inhibit developer innovation — is a challenge as old as the internet itself. 

Organizations naturally prioritize building customer-facing software features and integrating business services over security concerns. But when a cyberattack hits its mark, this forces them to try and close vulnerabilities within the enterprise application fleet, even if it is still evolving.

Over the last decade, the eBPF open-source project quietly laid the groundwork for major evolutionary gains in Linux subsystems and how they keep pace with the new world of microservices and distributed applications. Today, that foundation has made possible eBPF "programs" that bring new approaches to classic challenges in distributed systems. One of the most interesting examples of an eBPF program with a lot of momentum is Tetragon — the open-source project tackling some of the run-time security's trickiest requirements for developers and platform engineers. I interviewed Jeremy Colvin, senior engineer at Isovalent, to learn more.

Q&A With Jeremy Colvin

Q:  How did eBPF lay the groundwork for programs like Cilium and Tetragon, and why is the ability to add programs to the kernel (without modifying the kernel) kickstarting so many interesting new programs?