Worth Reading: Building Stuff with Large Language Models Is Hard
Large language models (LLM) – ChatGPT and friends – are one of those technologies with a crazy learning curve. They look simple and friendly (resulting in plenty of useless demoware) but become devilishly hard to work with once you try to squeeze consistent value out of them.
Most people don’t want to talk about the hard stuff (sexy demoware results in more page views), but there’s an occasional exception, for example All the Hard Stuff Nobody Talks About when Building Products with LLMs describing all the gotchas Honeycomb engineers discovered when creating a LLM-based user interface.
Worth Reading: Building Stuff with Large Language Models Is Hard
Large language models (LLM) – ChatGPT and friends – are one of those technologies with a crazy learning curve. They look simple and friendly (resulting in plenty of useless demoware) but become devilishly hard to work with once you try to squeeze consistent value out of them.
Most people don’t want to talk about the hard stuff (sexy demoware results in more page views), but there’s an occasional exception, for example All the Hard Stuff Nobody Talks About when Building Products with LLMs describing all the gotchas Honeycomb engineers discovered when creating a LLM-based user interface.
Spoofing ICMP Redirects for Fun and Profit
Security researches found another ICMP redirect SNAFU: a malicious wireless client can send redirects on behalf of the access point redirecting another client’s traffic to itself.
I’m pretty sure the same trick works on any layer-2 technology; the sad part of this particular story is that the spoofed ICMP packet traverses the access point, which could figure out what’s going on and drop the packet. Unfortunately, most of the access points the researchers tested were unable to do that due to limitations in the NPUs (a fancier word for SmartNIC) they were using.
Spoofing ICMP Redirects for Fun and Profit
Security researches found another ICMP redirect SNAFU: a malicious wireless client can send redirects on behalf of the access point redirecting another client’s traffic to itself.
I’m pretty sure the same trick works on any layer-2 technology; the sad part of this particular story is that the spoofed ICMP packet traverses the access point, which could figure out what’s going on and drop the packet. Unfortunately, most of the access points the researchers tested were unable to do that due to limitations in the NPUs (a fancier word for SmartNIC) they were using.
Prisma Access Outperforms Against Cobalt Strike Attacks
The following sponsored blog post was written by Anupam Upadhyaya at Palo Alto Networks. We thank Palo Alto Networks for being a sponsor. Palo Alto Networks is the leading vendor in preventing Cobalt Strike C2 communication and blocked 99.2% of tested attacks, with the next leading vendor blocking only 17% of attacks, as cited in a […]
The post Prisma Access Outperforms Against Cobalt Strike Attacks appeared first on Packet Pushers.
FCC Explores 42 GHz Spectrum Band Sharing for Small Businesses
42 GHz spectrum band sharing for Fixed and Mobile Millimeter Wave services potentially could benefit small businesses and service providers.Heavy Networking 684: What To Do With Your E-Waste?
By some estimates, 50 to 70 million tons of e-waste is generated every year, and that number is growing. When sent to landfills to be buried or burned, e-waste can leach toxic chemicals into soil and air. On today’s Heavy Networking, we’ll look at options for responsible disposal of IT gear, including repurposing it on site, reselling or donating it, and working with e-cycling companies.
The post Heavy Networking 684: What To Do With Your E-Waste? appeared first on Packet Pushers.
Heavy Networking 684: What To Do With Your E-Waste?
By some estimates, 50 to 70 million tons of e-waste is generated every year, and that number is growing. When sent to landfills to be buried or burned, e-waste can leach toxic chemicals into soil and air. On today’s Heavy Networking, we’ll look at options for responsible disposal of IT gear, including repurposing it on site, reselling or donating it, and working with e-cycling companies.Video: SD-WAN Security
After discussing the backend and CPE architecture in a typical SD-WAN solution in the SD-WAN Overview webinar, Pradosh Mohapatra mentioned a few SD-WAN security aspects, focusing on typical attack vectors and the usual mitigations.
You need at least free ipSpace.net subscription to watch videos in this webinar.
Video: SD-WAN Security
After discussing the backend and CPE architecture in a typical SD-WAN solution in the SD-WAN Overview webinar, Pradosh Mohapatra mentioned a few SD-WAN security aspects, focusing on typical attack vectors and the usual mitigations.
You need at least free ipSpace.net subscription to watch videos in this webinar.
When Making Bets on SASE, Don’t Count on Native SD-WAN Monitoring Tools for Help
The following post is by Jeremy Rossbach, Chief Technical Evangelist at Broadcom. We thank Broadcom for being a sponsor. I’ve been preaching the same thing for years: To overcome the challenges of modern network complexity and successfully transform your networks, you need modern network monitoring data. Monitor the user experience and the health of every […]
The post When Making Bets on SASE, Don’t Count on Native SD-WAN Monitoring Tools for Help appeared first on Packet Pushers.
Case study: Calico enables zero-trust security and policy automation at scale in a multi-cluster environment for Box
Box is a content cloud that helps organizations securely manage their entire content lifecycle from anywhere in the world, powering over 67% of Fortune 500 businesses. As a cloud-first SaaS, the company provides customers with an all-in-one content solution within a highly secure infrastructure, where organizations can work on any content, from projects and contracts to Federal Risk and Authorization Management Program (FedRAMP)-related content.
Box has two types of operations: cloud-managed Kubernetes clusters in hybrid, multi-cloud, and public cloud environments, and self-managed Kubernetes clusters in co-located data centers. The company runs multiple clusters with sizes of 1,000 nodes and larger. As one of the early adopters of Kubernetes, Box began using Kubernetes much before Google Kubernetes Engine (GKE) or Amazon’s Elastic Kubernetes Services (EKS) was born, and has been on the leading edge of innovation for Kubernetes in areas such as security, observability, and automation.
In collaboration with Tigera, Box shares how Calico helped the company achieve zero-trust security and policy automation at scale in a multi-cluster environment.
ICYMI: Watch this recording from the 2022 CalicoCon Cloud Native Security Summit, where Tapas Kumar Mohapatra of Box shares how Box moved into automated dependency mapping and policy generation with API Continue reading
Migration Coordinator: Approaches and Modes
Migration Coordinator is a fully supported free tool that is built into NSX Data Center to help migrate from NSX for vSphere to NSX (aka NSX-T). Migration Coordinator was first introduced in NSX-T 2.4 with a couple of modes to enable migrations. Through customer conversations over the years, we’ve worked to expand what can be done with Migration Coordinator. Today, Migration Coordinator supports over 10 different ways to migrate from NSX for vSphere to NSX.
In this blog series, we will look at the available approaches and the prep work involved with each of those approaches. This blog series should help choose, from multiple different angles, the right mode to choose for migrating from NSX for vSphere to NSX.
- 3 Standard Migration Modes
- 3 Advanced Migration Modes
- 3 More Modes Available Under User Defined Topology
- Lastly, 2 more Modes Dedicated to Cross-VC to Federation and available on NSX Global Manager UI
Some of these modes take a cookie-cutter approach and require very little prep work to migrate while others allow you to customize the migration to suit their needs. In this blog, we will take a high level look at these modes.
Migration Coordinator Approaches
At a high Continue reading
SASE Implementation: Five Steps to Take Before You Go Live
SASE can fill in your edge security needs, but implementing SASE requires planning and coordination.Cloudflare Area 1 earns SOC 2 report
Cloudflare Area 1 is a cloud-native email security service that identifies and blocks attacks before they hit user inboxes, enabling more effective protection against spear phishing, Business Email Compromise (BEC), and other advanced threats. Cloudflare Area 1 is part of the Cloudflare Zero Trust platform and an essential component of a modern security and compliance strategy, helping organizations to reduce their attackers surface, detect and respond to threats faster, and improve compliance with industry regulations and security standards.
This announcement is another step in our commitment to remaining strong in our security posture.
Our SOC 2 Journey
Many customers want assurance that the sensitive information they send to us can be kept safe. One of the best ways to provide this assurance is a SOC 2 Type II report. We decided to obtain the report as it is the best way for us to demonstrate the controls we have in place to keep Cloudflare Area 1 and its infrastructure secure and available.
Cloudflare Area 1’s SOC 2 Type II report covers a 3 month period from 1 January 2023 to 31 March 2023. Our auditors assessed the operating effectiveness of the 70 controls we’ve implemented to meet the Continue reading
Are LACP Fast Timers Any Good?
Got this question from a networking engineer attending the Building Next-Generation Data Center online course:
Has anyone an advice on LACP fast rate? When and why should you use it instead of normal LACP?
Apart from forming link aggregation groups, you can use LACP to detect link- and node failures (more details). However: