CyberUL is a dumb idea
Peiter “mudge” Zatko is leaving Google, asked by the White House to create a sort of a cyber “Underwriter Laboratories” (UL) for the government. UL is the organization that certifies electrical devices, so that they don’t short out and zap you to death. But here’s the thing: a CyberUL is a dumb idea. It’s the Vogon approach to the problem. It imagines that security comes from a moral weakness that could be solved by getting “serious” about the problem.It’s not the hacking problem
According to data-breach reports, 95% of all attacks are simple things, like phishing, SQL injection, and bad passwords – nothing related to software quality. The other 5% is because victims are using old, unpatched software. When exploits are used, it’s overwhelmingly for software that has remained unpatched for a year.
In other words, CyberUL addresses less than 0.1% of real-world attacks.
It’s not the same quality problem
UL is about accidental failures in electronics. CyberUL would be about intentional attacks against software. These are unrelated issues. Stopping accidental failures is a solved problem in many fields. Stopping attacks is something nobody has solved in any field.
In other words, the UL model of accidents is Continue reading
Preparing for the CCIE Wireless v3 Diagnostic Section
I had the pleasure of attending the CCIE Wireless tectorial at Cisco Live in San Diego this year. One of the topics discussed was the new diagnostic section of the lab. Jerome Henry gave us insights into what the section would look like as well as some examples of the types of things that we can expect in the section. I wanted to pass on some of that information along with a few insights about how you should prepare for this section since it’s quite different than what we’ve seen before in the lab.
What is the Diagnostic section?
Starting in v3 of the wireless lab, each lab will begin with a 1-hour diagnostic section. This section has no configuration task associated with it. Instead, you will be playing the role of TAC, or a senior level engineer. Your job is to look at information gathered from a client by a first-level engineer and analyze it so that you can answer questions related to troubleshooting an issue.
It sounds like you can expect maybe 3-4 separate troubleshooting scenarios with approximately 10 questions to answer across those 3-4 scenarios. So that means there will probably be 2-4 questions per scenario. All Continue reading
Masergy Launches an App Store for NFV
A one-stop shop that targets IT, not just service providers.
Failing to the Cloud – and Back!
I attended Virtualization Field Day 5 last week! The usual Field Day disclaimers apply.This network guy found himself way outside his comfort zone at a Virtualization event, but I had a fantastic time, and I learned a lot.
One of the things that really struck me was just how much virtualization platforms depend on mucking around with block storage in use by VMs. Half or more of the presentations hinged on it. Frankly, this notion terrifies the UNIX admin in me. I realize that we're not talking about UFS filesystems on SunOS4, but it seems those fragile old systems have really imprinted on me!
One of the VFD presenters was OneCloud Software, which presented a DR-via-Public-Cloud offering. The following bullets describing their solution came from here:
- Auto discovers your on-premise assets; data and applications
- Provides you with a simple policy engine to set RPO and RTO
- Automatically provisions a fully functioning virtual data center in the cloud that mirrors your on-premise data center
- Optimizes the economics of your data center in the cloud by eliminating unneeded compute costs and using the most cost-effective storage
- Executes on-going data replication to keep the virtual data center in sync with the Continue reading
A Fix for Ubuntu Apparently Caching Network Configuration
I’ve been wrestling with an Ubuntu network configuration issue over the last couple of weeks (off and on between working on other projects), and today I finally found a fix for the problem. The issue was that Ubuntu wouldn’t pick up changes to network interfaces. The fix is so simple I’m almost embarrassed to talk about it (it seems like something that I should have known), but I’m posting it here in case others run into the same issue.
Here’s a bit more context: I was switching some of the network interfaces in my Ubuntu 14.04.2 servers from a “standard” network configuration to using VLAN interfaces (after all, it seemed like such a shame to not more fully utilize the 10GbE and 40GbE interfaces in these servers). Before the reconfiguration, the servers had a network interface configuration file (located in /etc/network/interfaces.d and sourced in /etc/network/interfaces) that looked something like this:
auto p55p1
iface p55p1 inet static
address 172.16.3.201
netmask 255.255.255.0This interface was connected to a port on a Cumulus Linux-powered Dell S6000-ON that was configured as an access port on a particular VLAN. Everything seemed to work just Continue reading
Cisco to Buy Security Firm OpenDNS for $635M
Cisco's security obsession creates an exit for the DNS startup.
Testing Open Networking
Over the last couple of weeks, the networking industry has made some significant steps in the right direction, the open networking direction. At the Open Networking Summit (ONS), we heard some great news about the disaggregated network and how open networking is now everywhere from hyperscale to the enterprise to startups to telcos. As exciting as that is, that’s not the news I’m referring to — I’m referring to the announcement of the Open Networking Testing Consortium.
To illustrate why this is big news, I’ll give some background on how open networking has been operating for most people. Up until a few years ago, the way you purchased a bare metal switch was through select APAC sources and a wire transfer. A few weeks later, you’d receive your equipment and it was then up to you, the end user, to perform interoperability testing with your cables and optics manufacturers while on the phone with support, along with bootstrapping your OS to these boxes. Eventually you had both a CapEx and OpEx saving solution that you controlled from end to end.
Luckily for most of you, that experience has now been refined significantly Continue reading
Docker Machine 0.3.0 Deep Dive
blog post written by Nathan LeClaire, Open Source Engineer at Docker We recently released Docker Machine 0.3.0. I am a maintainer on the project, and I want to share with you some of the goodness that we have been working … ContinuedCCIE RSv5 Lab Cram Session & New CCIE RSv5 Mock Labs Now Available
INE CCIE RSv5 Lab Cram Session is now available for viewing in our All Access Pass Library. This course includes over 35 hours of new content for CCIE Routing & Switching Version 5, including both technology review sessions as well as a step-by-step walkthrough of two new CCIE RSv5 Mock Lab Exams. These new Mock Labs are available here as part of INE’s CCIE RSv5 Workbook.
This class is designed as a last minute review of technologies and strategy before taking the actual CCIE RSv5 Lab Exam. Each of the two Mock Labs covered in class are subdivided into three sections – just like the actual exam – Troubleshooting, Diagnostics, and Configuration.
Rack rentals are available for these mock labs here. Technical discussion of the labs is through our Online Community, IEOC.
Happy Labbing!