1 views collected around this technical thread.
Linux’s Direct Rendering Manager (DRM) replaces the legacy framebuffer by providing a kernel subsystem that unifies GPU and display control through libdrm, KMS, and GEM, tracing its evolution from 1999 DRI origins to atomic APIs, and illustrating usage via a step‑by‑step modeset example.
This article explains the definition and importance of data security, describes GrowingIO’s implementation of software runtime protection and static storage encryption using KMS, details data logic isolation, PII management with AES‑256 encryption, and provides code examples for configuring and using these security measures in cloud environments.
The article outlines typical cryptographic security risks such as weak algorithms, insufficient key lengths, poor key management, and then introduces a comprehensive Key Management System (KMS) architecture, its core functions, key hierarchy, and practical application scenarios like API signing and data encryption.
This article explains why Kubernetes Secrets need encryption, demonstrates static encryption via the kube‑apiserver, shows how to configure an external KMS plugin (using Alibaba Cloud as an example), and lists third‑party tools for protecting secret data in a cluster.
An interview with Ant Group senior engineer Qin Kailun reveals the inherent security flaws of Kubernetes Secrets—including plaintext storage, memory exposure, and vulnerable KMS plugins—and explains Ant Group’s TEE‑based end‑to‑end protection solution that encrypts secrets throughout their lifecycle.
This article details a complete, hands‑on deployment of Hadoop KMS on a CentOS‑based Hadoop 2.6.1 cluster, covering environment setup, configuration file changes, key generation, service startup, encryption‑zone creation, user permission tuning, verification procedures, and common troubleshooting tips.