Systemd traffic marking
This article describes a recent extension to the Host sFlow systemd module, mapping sampled traffic to the individual services the generate or consume them. The ability to color traffic by application greatly simplifies service discovery and service dependency mapping; making it easy to see how services communicate in a multi-tier application architecture.
The following /etc/hsflowd.conf file configures the Host sFlow agent, hsflowd, to sampling packets on interface eth0, monitor systemd services and mark the packet samples, and track tcp performance:
sflow {
collector { ip = 10.0.0.70 }
pcap { dev = eth0 }
systemd { markTraffic = on }
tcp { }
}The diagram above illustrates how the Host sFlow agent is able to efficiently monitor and classify traffic. In this case both the Host sFlow agent and an Apache web server are are running as services managed by systemd. A network connection , shown in Continue reading
The Facebook Breach: Some Lessons for the Internet
Last week Facebook found itself at the heart of a security breach that put at risk the personal information of millions of users of the social network.
On September 28, news broke that an attacker exploited a technical vulnerability in Facebook’s code that would allow them to log into about 50 million people’s accounts.
While Facebook was quick to address the exploit and fix it, they say they don’t know if anyone’s accounts actually were breached.
This breach follows the Cambridge Analytica scandal earlier this year that resulted in the serious mishandling of the data of millions of people who use Facebook.
Both of these events illustrate that we cannot be complacent about data security. Companies that hold personal and sensitive data need to be extra vigilant about protecting their users’ data.
Yet even the most vigilant are also vulnerable. Even a single security bug can affect millions of users, as we can see.
There are a few things we can learn from this that applies to the other security conversations: Doing security well is notoriously hard, and persistent attackers will find bugs to exploit, in this case a combination of three apparently unrelated ones on the Facebook platform.
This Continue reading
Microsoft Ignite Lacks Azure Pizzazz
Some in attendance at the computing giant's Ignite event thought that Azure innovation was lacking and that Google was a stronger long-term rival to AWS.
IPv6 Security Considerations
When rolling out a new protocol such as IPv6, it is useful to consider the changes to security posture, particularly the network’s attack surface. While protocol security discussions are widely available, there is often not “one place” where you can go to get information about potential attacks, references to research about those attacks, potential counters, and operational challenges. In the case of IPv6, however, there is “one place” you can find all this information: draft-ietf-opsec-v6. This document is designed to provide information to operators about IPv6 security based on solid operational experience—and it is a must read if you have either deployed IPv6 or are thinking about deploying IPv6.
The draft is broken up into four broad sections; the first is the longest, addressing generic security considerations. The first consideration is whether operators should use Provider Independent (PI) or Provider Assigned (PA) address space. One of the dangers with a large address space is the sheer size of the potential routing table in the Default Free Zone (DFZ). If every network operator opted for an IPv6 /32, the potential size of the DFZ routing table is 2.4 billion routing entries. If you thought converging on about 800,000 routes is Continue reading
AT&T Contributes Its Cell Site White Box Router Spec to the Open Compute Project
This white box reference design is available to any hardware maker to use as a guide to build cell site gateway routers. And they can be paired with disaggregated software.
Verizon Fires Up First Residential 5G Fixed Wireless Markets
Verizon is touting the fact that it is the first operator globally to deploy 5G, even though the service is based upon the company’s own 5G TF standard.
Oracle Top Cloud Exec Thomas Kurian Resigns
Kurian's resignation comes less than a month after he announced that he was taking “extended time off” from Oracle.
Free to code
This week at the Cloudflare Internet Summit I have the honour of sitting down and talking with Sophie Wilson. She designed the very first ARM processor instruction set in the mid-1980s and was part of the small team that built the foundations for the mobile world we live in: if you are reading this on a mobile device, like a phone or tablet, it almost certainly has an ARM processor in it.
But, despite the amazing success of ARM, it’s not the processor that I think of when I think of Sophie Wilson. It’s the BBC Micro, the first computer I ever owned. And it’s the computer on which Wilson and others created ARM despite it having just an 8-bit 6502 processor and 32k of RAM.
Luckily, I still own that machine and recently plugged it into a TV set and turned it on to make sure it was still working 36 years on (you can read about that one time blue smoke came out of it and my repair). I wanted to experience once more the machine Sophie Wilson helped to design. One vital component of that machine was BBC BASIC, stored in a ROM chip on Continue reading
WebAssembly on Cloudflare Workers
We just announced ten major new products and initiatives over Crypto Week and Birthday Week, but our work is never finished. We're continuously upgrading our existing products with new functionality.
Today, we're extending Cloudflare Workers with support for WebAssembly. All Workers customers can now augment their applications with WASM at no additional cost.
What is WebAssembly?
WebAssembly -- often abbreviated as "WASM" -- is a technology that extends the web platform to support compiled languages like C, C++, Rust, Go, and more. These languages can be compiled to a special WASM binary format and then loaded in a browser.
WASM code is securely sandboxed, just like JavaScript. But, because it is based on compiled lower-level languages, it can be much faster for certain kinds of resource-intensive tasks where JavaScript is not a good fit. In addition to performance benefits, WASM allows you to reuse existing code written in languages other than JavaScript.
What are Workers?
For those that don't know: Cloudflare Workers lets you deploy "serverless" JavaScript code directly to our 153-and-growing datacenters. Your Worker handles your site's HTTP traffic directly at the location closest to your end user, allowing you to achieve lower latency and reduce serving costs. Continue reading
Gender Equality: A Mouse Click Away
This post reflects arguments made in a joint background paper published by the Internet Society and the Association for Progressive Communications (APC) ahead of the G20 Women’s Group (W20) Summit in Argentina 1-3 October.
In our digital age, Internet literacy has become essential for, if not synonymous with, being employable in many fields. Information and communications technologies (ICTs) fuel business growth and countries’ economic development. They open new channels to communicate across great distances, as well as to organise people, raise awareness and spur activism.
But such promise can deepen existing inequalities offline if these technologies cannot be accessed and enjoyed by all.
Today, many women and girls are getting left behind in digital development. While in low- and middle-income countries, the gap between women’s use and that of men is 26%, in least developed countries (LDCs), women are 33% less likely than men to use the Internet.
In some cases, women simply don’t have access to the Internet, or it’s too expensive. In others, they have limited access with pre-paid services. There are also cultural factors that stop women from using the Internet or even owning a computer or a mobile phone.
This points to deeper issues. Globally, women Continue reading