Invisible mask: practical attacks on face recognition with infrared

Invisible mask: practical attacks on face recognition with infrared Zhou et al., arXiv’18

You might have seen selected write-ups from The Morning Paper appearing in ACM Queue. The editorial board there are also kind enough to send me paper recommendations when they come across something that sparks their interest. So this week things are going to get a little bit circular as we’ll be looking at three papers originally highlighted to me by the ACM Queue board!

‘Invisible Mask’ looks at the very topical subject of face authentication systems. We’ve looked at adversarial attacks on machine learning systems before, including those that can be deployed in the wild, such as decorating stop signs. Most adversarial attacks against image recognition systems require you to have pixel-level control over the input image though. Invisible Mask is different, it’s a practical attack in that the techniques described in this paper could be used to subvert face authentication systems deployed in the wild, without there being any obvious visual difference (e.g. specially printed glass frames) in the face of the attacker to a casual observer. That’s the invisible part: to the face recognition system it’s as if you are wearing a mask, Continue reading

Women in Tech Week Profile: Renee Mascarinas

We’re continuing our celebration of Women in Tech Week into this week with another profile of one of many of the amazing women who make a tremendous impact at Docker – this week, and every week – helping developers build modern apps.

What is your job?

Product Designer. 

How long have you worked at Docker?

11 months.

Is your current role one that you always intended on your career path? 

The designer part, yes. But the software product part, not necessarily. My background is in architecture and industrial design and I imagined I would do physical product design. But I enjoy UX; the speed at which you can iterate is great for design.

What is your advice for someone entering the field?

To embrace discomfort. I don’t mean that in a bad way. A mentor once told me that the only time your brain is actually growing is when you’re uncomfortable. It has something to do with the dendrites being forced to grow because you’re forced to learn new things.

Tell us about a favorite moment or memory at Docker or from your Continue reading

Automation And Policy Drive Optimal Hybrid Cloud Spending

Hybrid cloud is gaining traction as organizations seek to realize the flexibility and scale of a joint public and on-premises model of IT provisioning while also changing the way their compute and storage infrastructure is funded, transferring costs from a capital expense (capex) to an operating expense (opex). …

Automation And Policy Drive Optimal Hybrid Cloud Spending was written by Timothy Prickett Morgan at The Next Platform.

‘These Are Our First Roadways’: Internet Access and Self-Determination in Pu`uhonua O Waimanalo

The establishment of Pu‘uhonua o Waimānalo in 1994 was a significant milestone in the native Hawaiian movement to regain independence from the United States, which overthrew its kingdom in 1893. The United States formally acknowledged its role in the overthrow of the Kingdom of Hawaii in a law adopted by Congress in 1993 known as the Apology Resolution. A quarter of a century later, the Nation of Hawai’i is levelling up with a new effort in the push for sovereignty: community-led Internet access.

The Nation of Hawai’i is excitedly gearing up for the upcoming build and launch of Hawai’i’s first independent community broadband network in our village of Pu`uhonua O Waimanalo on the island of O’ahu.

As an early adopter of the Internet, the Nation of Hawai’i quickly recognized its potential to support sovereignty and self-determination efforts.

In 1995, the Nation of Hawai’i launched hawaii-nation.org as a way to share its history and updates about current initiatives with the world. The website housed extensive primary-source historical documents, including the constitutions and treaties of the Hawaiian Kingdom. It hoped that by providing access to lesser known parts of history, Hawaiians and supporters around the world could learn and make up Continue reading

AWS Makes It Rain, Extends Credits to Open Source Projects

Broadcom Aims to Bolster 10G PON Adoption With New Gear

Huawei Dodges German 5G Ban Despite US-Led Campaign

Commvault Dazzles With SaaS Backup Venture Metallic

Thoma Bravo Scoops Up Sophos for $3.9 Billion

Designing Your First App in Kubernetes: An Overview

Kubernetes is a powerful container orchestrator and has been establishing itself as IT architects’ container orchestrator of choice. But Kubernetes’ power comes at a price; jumping into the cockpit of a state-of-the-art jet puts a lot of power under you, but knowing how to actually fly it is not so simple. That complexity can overwhelm a lot of people approaching the system for the first time.

I wrote a blog series recently where I walk you through the basics of architecting an application for Kubernetes, with a tactical focus on the actual Kubernetes objects you’re going to need. The posts go into quite a bit of detail, so I’ve provided an abbreviated version here, with links to the original posts.

Part 1: Getting Started 

Just Enough Kube

With a machine as powerful as Kubernetes, I like to identify the absolute minimum set of things we’ll need to understand in order to be successful; there’ll be time to learn about all the other bells and whistles another day, after we master the core ideas. No matter where your application runs, in Kubernetes or anywhere else, there are four concerns we are going to have to address:

• Processes: In Kubernetes, that means Continue reading

Remove the macOS Catalina guilt trip from macOS Mojave | The Robservatory

remove the MacOS Catalina whining and nagging

The post Remove the macOS Catalina guilt trip from macOS Mojave | The Robservatory appeared first on EtherealMind.

The Week in Internet News: China and Russia Target ‘Illegal’ Content

Content crackdown: China and Russia plan to sign an agreement to crack down on what they consider “illegal” Internet content, The Register reports. It’s unclear what the agreement will cover but critics already fear the deal will enable the two countries to further crack down on free speech. China has even effectively banned cartoon character Winnie the Pooh because some people have compared the chubby bear to leader Xi Jinping.

Eyes on you: In more censorship-related news, Thailand has ordered restaurants and Internet cafes to log the Internet histories of users, Privacy News Online says. The Thai government already requires ISPs to keep a log of customers’ Internet histories for 90 days as part of the country’s Computer Crimes Act.

Poor access: Some of the U.S. states with the lowest levels of broadband access also have the highest poverty rates, notes a report from Axios. About 30 percent of low-income U.S. residents do not have access to broadband, says the story, citing a Census Bureau report.

Not so smart: A new “smart” doorbell may literally unlock a home’s doors to hackers, according to The Daily Swig. A security researcher found that the Wi-Fi connected doorbell had no authentication Continue reading

Network Features Coming Soon in Ansible Engine 2.9

The upcoming Red Hat Ansible Engine 2.9 release has some really exciting improvements, and the following blog highlights just a few of the notable additions. In typical Ansible fashion, development of Ansible Network enhancements are done in the open with the help of the community. You can follow along by watching the GitHub project board, as well as the roadmap for the Red Hat Ansible Engine 2.9 release via the Ansible Network wiki page.

As was recently announced, Red Hat Ansible Automation Platform now includes Ansible Tower, Ansible Engine, and all Ansible Network content. To date, many of the most popular network platforms are enabled via Ansible Modules. Here are just a few:

• Arista EOS
• Cisco IOS
• Cisco IOS XR
• Cisco NX-OS
• Juniper Junos
• VyOS

A full list of the platforms that are fully supported by Red Hat via an Ansible Automation subscription can be found at the following location: https://docs.ansible.com/ansible/2.9/modules/network_maintained.html#network-supported

What we’ve learned

In the last four years we’ve learned a lot about developing a platform for network automation. We’ve also learned a lot about how users apply these platform artifacts as consumed in end-user Ansible Playbooks and Roles. In the Continue reading

Junos Policy-Based VPNs – Part 1 of 4 – Security Policies

Policy-based VPNs are a pain most of the time, especially when compared to route-based VPNs. Many of the policy-based VPNs …

Continue reading →

The post Junos Policy-Based VPNs – Part 1 of 4 – Security Policies appeared first on Fryguy's Blog.

SEC 1. Data plane and control plane protection in the networking (Nokia, Cisco and Mellanox/Cumulus) for IPv4.

Hello my friend,

This is the third article where we use the Mellanox SN 2010 running Cumulus Linux. And today we cover enormously important topic: network security. More precisely, we will speak about the data plane and the control plane protection. Cisco IOS XR and Nokia SR OS accompany us in this journey.

Thanks

Special thanks for Avi Alkobi from Mellanox and Pete Crocker and Attilla de Groot from Cumulus Networks for providing me the Mellanox switch and Cumulus license for the tests. 

Disclaimer

This blogpost is the continuation of the previous one, where we have brought the Mellanox SN 2010 to the operational with Cumulus Linux 3.7.9 on board. If you want to learn the details about this process, you are welcomed to read that article.

Brief description

Each week you can find the news describing the security breaches. In the modern economy, where the Internet plays already a key role, all the connected businesses (and almost all businesses are connected) are on the risk caused by casual network scanning and brood force attacks. In addition to that, big companies and governments are quite often the attack targets for other companies, governments and criminals. Therefore, Continue reading

New Content: EVPN on Linux Hosts and External Azure Connectivity

Dinesh Dutt added another awesome chapter to the EVPN saga last week explaining how (and why) you could run VXLAN encapsulation with EVPN control plane on Linux hosts (TL&DR: think twice before doing it).

In the last part of current Azure Networking series I covered external VNet connectivity, including VNet peering, Internet access, Virtual Network Gateways, VPN connections, and ExpressRoute. The story continues on February 6th 2020 with Azure automation.

You’ll need Standard ipSpace.net Subscription to access both webinars.

10 hot micro-data-center startups to watch

Data-hungry technology trends such as IoT, smart vehicles, drone deliveries, smart cities and Industry 4.0 are increasing the demand for fast, always-on edge computing. One solution that has emerged to bring the network closer to the applications generating and end users consuming that data is the micro data center.The micro data center sector is a new space filled with more noise than signal. If you go hunting for a micro data center for your business you’ll find everything from suitcase-sized computing stacks that replace a server closet to modular enclosures delivered by semi-trucks to larger units that reside at the foot of cell towers to dedicated edge data centers with standardized designs that can spring up wherever there’s demand and where real estate or access rights are available, including easements, rooftops and industrial sites.To read this article in full, please click here

10 hot micro-data-center startups to watch

Data-hungry technology trends such as IoT, smart vehicles, drone deliveries, smart cities and Industry 4.0 are increasing the demand for fast, always-on edge computing. One solution that has emerged to bring the network closer to the applications generating and end users consuming that data is the micro data center.The micro data center sector is a new space filled with more noise than signal. If you go hunting for a micro data center for your business you’ll find everything from suitcase-sized computing stacks that replace a server closet to modular enclosures delivered by semi-trucks to larger units that reside at the foot of cell towers to dedicated edge data centers with standardized designs that can spring up wherever there’s demand and where real estate or access rights are available, including easements, rooftops and industrial sites.To read this article in full, please click here

Docker’s Success a Foundation for Its Struggles

EVPN-VXLAN | Layer 3 Gateway | IRB | JUNOS

I often get asked about EVPN Layer 3 gateway options. And more specifically, what are the differences between IRB with Virtual Gateway Address (VGA) and IRB without VGA. There are many different options and configuration knobs available when configuring EVPN L3 gateway. But I’ve focused on the 3 most popular options that I see with my customers in EVPN-VXLAN environments in a centralised model. I’m also only providing the very basic configuration required.

Each IRB option can be considered an Anycast gateway solution seeing as duplicate IPs are used across all IRB gateways. However, there are some subtle, yet significant, differences between each option.

Regardless of the transport technology used, whether it be MPLS or VXLAN, a layer 3 gateway is required to route beyond a given segment.

This Week: Data Center Deployment with EVPN/VXLAN by Deepti Chandra provides in-depth analysis and examples of EVPN gateway scenarios. I highly recommend reading this book!

IRB Option 1

Duplicate IP | Unique MAC | No VGA

Duplicate IPs are configured on all gateway IRBs and unique MAC addresses are used (manually configured or IRB default). Virtual Gateway Address is not used.

EVPN provides the capability to automatically synchronise gateways Continue reading