The Week in Internet News: Quantum Computing vs. Encryption
RIP encryption? Quantum computers, cutting-edge machines that promise to be much more powerful than binary PCs, could eventually defeat current encryption schemes, said Jason Matheny, director of the U.S. Intelligence Advanced Research Projects Activity. The agency is looking for new encryption standards that could stay ahead of quantum computers, he told Federal News Radio.
Taking fake news by surprise: During the SXSW conference, YouTube CEO Susan Wojcicki announced plans to add Wikipedia text to videos the service determines to be conspiracy related. YouTube didn’t notify Wikipedia of its proposal to fight fake news and conspiracy theories, however, reports The Verge. While the Wikimedia Foundation doesn’t require notice or a licensing deal for other organizations to use its content, it suggested companies that repurpose its articles contribute to the service in the “spirit of sustainability.” Vanity Fair called the YouTube announcement a “Band-Aid” for a much larger problem.
Blockchain the vote: Sierra Leone has used Blockchain technology to assist with a nationwide election this month, according to a story in Quartz. In the country’s most populous district, Swiss foundation Agora offered digital voting services using a permissioned Blockchain. The goal was more system transparency by recording each vote using Continue reading
The 3 Commandments of Cloud Security
Addressing key guidelines to keep your AWS cloud secure.
Prometheus and Grafana
The diagram above shows the elements of the solution: sFlow telemetry streams from hosts and switches to an instance of sFlow-RT. The sFlow-RT analytics software converts the raw measurements into metrics that are accessible through a REST API.
The following prometheus.php script mediates between the Prometheus metrics export protocol and the sFlow-RT REST API. HTTP queries from Prometheus are translated into calls to the sFlow-RT REST API and JSON responses are converted into Prometheus metrics.
<?php
header('Content-Type: text/plain');
if(isset($_GET['labels'])) {
$keys = htmlspecialchars($_GET["labels"]);
}
$vals = htmlspecialchars($_GET["values"]);
if(isset($keys)) {
$cols = $keys.','.$vals;
} else {
$cols = $vals;
}
$key_arr = explode(",",$keys);
$result = file_get_contents('http://localhost:8008/table/ALL/'.$cols.'/json');
$obj = json_decode($result,true);
foreach ($obj as $row) {
unset($labels);
foreach ($row as $cell) {
if(!isset($labels)) {
$labels = 'agent="'.$cell['agent'].'",datasource="'.$cell['dataSource'].'"';
}
$name = $cell['metricName'];
$val = $cell['metricValue'];
if(in_array($name,$key_arr)) {
$labels .= Continue reading
Network Break 176: Stratum Project Targets SDN; Intel Announces New Chips
The ONF launches Stratum for data programmability, Intel wants to turn the page on Meltdown & Specter with new chips, Trump cans Broadcom's ambitions & more tech news analysis on the latest Network Break podcast. The post Network Break 176: Stratum Project Targets SDN; Intel Announces New Chips appeared first on Packet Pushers.
IETF 101, Day 2: A bit of Rosie Lee (Mobility)
This week is IETF 101 in London, and we’re bringing you daily blog posts highlighting the topics of interest to us in the ISOC Internet Technology Team. After a hectic Monday there’s less dashing around needed today, although there’s a few things to highlight, even if you’ll have to choose between them as they’re unfortunately all scheduled at the same time.
NOTE: If you are unable to attend IETF 101 in person, there are multiple ways to participate remotely.
DNSOP starts its first of two sessions at 15.50 GMT/UTC (it continues on Thursday. Several of the drafts under discussion relate to the Root KSK Rollover and how to better automate and monitor key rollovers.
At the same time, DOTS is also meeting and has a bit of a mixed agenda with four drafts up for discussion, implementation reports, and feedback on the Hackathon.
There are two drafts covering the Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel and Data Channel specifications, one that establishes an architecture for establishing and maintaining signalling within and between domains, with the last one presenting use cases describing the interactions expected between DOTS components and messaging exchanges.
Alternatively, DMM has a very busy agenda with no Continue reading
9 Reasons to Be Extra Excited About Interop ITX 2018
From DevOps certification and hands-on sessions to a bowling party, there is a lot of new and fun stuff to enjoy at this year's conference in Las Vegas.
9 Reasons to Be Extra Excited About Interop ITX 2018
From DevOps certification and hands-on sessions to a bowling party, there is a lot of new and fun stuff to enjoy at this year's conference in Las Vegas.
Integration of a Go service with systemd: socket activation
In a previous post, I highlighted some useful features of systemd when writing a service in Go, notably to signal readiness and prove liveness. Another interesting bit is socket activation: systemd listens on behalf of the application and, on incoming traffic, starts the service with a copy of the listening socket. Lennart Poettering details in a blog post:
If a service dies, its listening socket stays around, not losing a single message. After a restart of the crashed service it can continue right where it left off. If a service is upgraded we can restart the service while keeping around its sockets, thus ensuring the service is continously responsive. Not a single connection is lost during the upgrade.
This is one solution to get zero-downtime deployment for your application. Another upside is you can run your daemon with less privileges—loosing rights is a difficult task in Go.1
The basics?
Let’s take back our nifty 404-only web server:
package main import ( "log" "net" "net/http" Continue reading
How Do You Get Information from Network Devices?
One of the biggest challenges of network automation is getting usable information from network devices… or as asked by a student in my Building Network Automation Solutions online course in the course Slack team:
How do I get specific information from a specific command from a device without an Ansible Network Module? Is Python the only suggested approach?
I described how hard it is to get structured information from network devices in great details in this section of the Ansible for Networking Engineers webinar and online course. Here are a few more thoughts on the topic:
Read more ...Basic Trustsec – Implementing Manual SGTs and SGACLs
Trustsec is a mature and interesting policy mechanism available in most Cisco gear. The features and capabilities vary depending on device type and class. One of the frustrations I have is that almost every Trustsec reference I find focuses on the use of ISE. While I consider ISE a key component, I think a manual configuration is a better way to understand the components of the solution.
This post is the first in a series that will go through the configuration of Trustsec in various places in the network. I hope to examine classification and tag assignment, propagation techniques and enforcement. Ultimately, I will introduce ISE but it will be the tool that makes this technology dynamic and robust. The goal is to build a better foundation by taking a step by step approach into the world of Trustsec.
In this article, I will simply build a network with a Catalyst 9300 and two devices. One device will be assigned an SGT of 2 and the other will receive an SGT of 3. I understand that many are concerned about the fact that they don’t have this class of switch at the access layer. Future articles will address how Trustsec Continue reading