HPACK: the silent killer (feature) of HTTP/2

If you have experienced HTTP/2 for yourself, you are probably aware of the visible performance gains possible with HTTP/2 due to features like stream multiplexing, explicit stream dependencies, and Server Push.

There is however one important feature that is not obvious to the eye. This is the HPACK header compression. Current implementations of Apache and nginx servers, as well edge networks and CDNs using them, do not support the full HPACK implementation. We have, however, implemented the full HPACK in nginx, and upstreamed the part that performs Huffman encoding.

CC BY 2.0 image by Conor Lawless

This blog post gives an overview of the reasons for the development of HPACK, and the hidden bandwidth and latency benefits it brings.

Some Background

As you probably know, a regular HTTPS connection is in fact an overlay of several connections in the multi-layer model. The most basic connection you usually care about is the TCP connection (the transport layer), on top of that you have the TLS connection (mix of transport/application layers), and finally the HTTP connection (application layer).

In the the days of yore, HTTP compression was performed in the TLS layer, using gzip. Both headers and body were compressed indiscriminately, Continue reading

Advice for evading ATM skimmers

I cannot use an ATM these days without wondering if I am getting ripped off by a stealthy skimming device that has been placed inside the machine’s card slot. One reason for my concern is that for years now I have been reading with great interest a series of articles on the subject by security expert Brian Krebs, who posted another one just yesterday.This piece includes a couple of videos showing exactly how scammers insert and remove the skimmers from an ATM, as well as practical advice you can use to thwart those efforts:To read this article in full or to leave a comment, please click here

Advice for evading ATM skimmers

I cannot use an ATM these days without wondering if I am getting ripped off by a stealthy skimming device that has been placed inside the machine’s card slot. One reason for my concern is that for years now I have been reading with great interest a series of articles on the subject by security expert Brian Krebs, who posted another one just yesterday.This piece includes a couple of videos showing exactly how scammers insert and remove the skimmers from an ATM, as well as practical advice you can use to thwart those efforts:To read this article in full or to leave a comment, please click here

How to protect the C-suite from spear phishing

CSO Editor-in-Chief Joan Goodchild sits down with Kevin O'Brien, founder and CEO of GreatHorn, to discuss ways that security leaders can fend off spear phishing attempts aimed at the executives at their companies.

80% Discount on a Amazon Dash Button, Just $0.99 with special Cyber Monday code – Deal Alert

Today get Amazon Dash buttons for $0.99 instead of $4.99 when you use our code CYBERDASH at checkout. Limit 3 buttons on the deal. And Amazon pays you a $4.99 credit after your first button push, so you sort of make money on this deal, don't you. Amazon Dash is a simple Wi-Fi connected gadget that lets you order your favorite things with just the push of a button. Keep it by your washing machine, your pet food, or in the bathroom closet. When you notice you're running low, just press the button and Amazon ships it right out. Each button gets tied to a specific product from Amazon's library of over 200 brands, in categories such as (click each category to see samples) household supplies, beverage & grocery, health & personal care, beauty products, pets, kids & baby, and more. Visit Amazon now, select up to 3 buttons and use CYBERDASH to sink the price from $4.99/button to just $0.99. (Access this deal on Amazon)To read this article in full or to leave a comment, please click here

Gartner: CLI Use Will Dwindle By 2020

Cyber Monday Savings on Amazon Products – Deal Alert

Amazon has released more deals on some of their most popular products and we have them all listed below. $40 off Echo $40 off TapTo read this article in full or to leave a comment, please click here

Ooma adds Internet security service to VoIP platform

Ooma’s VoIP platform has been around for several years now – it provides a home telephone line without having to pay additional fees for landline voice service. Even as phone service prices continue to drop, Ooma can be a good value for people looking for an additional phone line (one example - dedicated 911) beyond just using their mobile phones.But the folks at the company must be noticing that the trend for home phone service is certainly a downward arrow. This means the company needs to offer additional services in order to keep customers interested in their products/offerings. One such service is Internet security, which the company just announced.To read this article in full or to leave a comment, please click here

8 Significant Data Storage Mergers Of 2016

IDG Contributor Network: Information security priorities for Trump’s administration

Cybersecurity needs to be a top priority for the administration of Donald Trump. The first task should be shoring up government IT systems. As recent attacks have shown, adversaries aren’t afraid to go after political organizations. There’s no reason to suspect they won’t continue to target political entities such as the Democratic National Committee or step up attacks on government agencies.Emphasize that information security applies to all agencies Ideally, a cabinet meeting for all new secretaries should be held within three months of the inauguration to underscore that information security is essential for all agencies to complete their missions. Even secretaries whose agencies are not typically associated with either information security or IT need to be included.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Information security priorities for Trump’s administration

Cybersecurity needs to be a top priority for the administration of Donald Trump. The first task should be shoring up government IT systems. As recent attacks have shown, adversaries aren’t afraid to go after political organizations. There’s no reason to suspect they won’t continue to target political entities such as the Democratic National Committee or step up attacks on government agencies.Emphasize that information security applies to all agencies Ideally, a cabinet meeting for all new secretaries should be held within three months of the inauguration to underscore that information security is essential for all agencies to complete their missions. Even secretaries whose agencies are not typically associated with either information security or IT need to be included.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Why the IETF will be key for standardizing 5G

Most people in the mobile industry are aware that the Third-Generation Partnership Project (3GPP)—and Global System for Mobile communication (GSM) before it—has traditionally been the lead standards organization in specifying mobile network functionality. 3GPP logically partitions the mobile network architecture into Radio Access Network (RAN), and Core Network (CN) components.+ Also on Network World: What we talk about when we talk about 5G wireless + 3GPP will continue to be important in 5G, especially for the RAN-related functionality such as the OFDM and massive MIMO specifications for the radio interfaces. However, knowledgeable observers will also be aware of the fact that a significant number of key 5G protocols will be specified in the Internet Engineering Task Force (IETF). Actually, this is just a continuation and acceleration of trends started way back in 3G.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Has IT become too complex to manage?

In the late 1990s, I was responsible for technical operations for a large healthcare organization. We supported more than 5,000 users across 50 locations and supported three distinct lines of business. We were a very progressive organization at the leading edge of technology innovation in healthcare. It was not a simple operation. Well, at least not for 1997. When I compare that environment to what IT leaders face today, however, a shudder of relief washes over me. There is no point in whitewashing this: Managing the function of IT in my day was child’s play compared to the incredible diversity of challenges facing the modern IT leader. Is it so complex, in fact, that it cannot truly be managed?To read this article in full or to leave a comment, please click here

IDG Contributor Network: Has IT become too complex to manage?

In the late 1990s, I was responsible for technical operations for a large healthcare organization. We supported more than 5,000 users across 50 locations and supported three distinct lines of business. We were a very progressive organization at the leading edge of technology innovation in healthcare. It was not a simple operation. Well, at least not for 1997. When I compare that environment to what IT leaders face today, however, a shudder of relief washes over me. There is no point in whitewashing this: Managing the function of IT in my day was child’s play compared to the incredible diversity of challenges facing the modern IT leader. Is it so complex, in fact, that it cannot truly be managed?To read this article in full or to leave a comment, please click here

Japanese government denies report that its defense forces were hacked

Japanese government officials have denied reports that a secure network used by the country's defense forces was attacked earlier this year.An attacker was able to break into the Ground Self-Defense Force's computer systems, sources at the Japanese Ministry of Defense told Kyodo News on Sunday. The ministry and the Self-Defense Forces discovered the attack in September, said the report, which was also relayed by The Japan Times.Kyodo's sources said the hack was believed to be the work of a nation state, and that information may have been leaked in the attack.To read this article in full or to leave a comment, please click here

Japanese government denies report that its defense forces were hacked

Japanese government officials have denied reports that a secure network used by the country's defense forces was attacked earlier this year.An attacker was able to break into the Ground Self-Defense Force's computer systems, sources at the Japanese Ministry of Defense told Kyodo News on Sunday. The ministry and the Self-Defense Forces discovered the attack in September, said the report, which was also relayed by The Japan Times.Kyodo's sources said the hack was believed to be the work of a nation state, and that information may have been leaked in the attack.To read this article in full or to leave a comment, please click here

8 most significant tech gadgets of 2016: Winners and losers

Every year, tech companies come up with fantastic ideas for cutting edge, futuristic products. Some of these products turn into huge hits. Others end up bombing. And still others become precursors or inspirations for the next generation of innovations. Here’s our list of eight products that caught our eye this year.To read this article in full or to leave a comment, please click here(Insider Story)

New products of the week 11.28.16

New products of the weekImage by CAOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.CSTAR for Google ChromeImage by UpGuard To read this article in full or to leave a comment, please click here

New products of the week 11.28.16

New products of the weekImage by CAOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.CSTAR for Google ChromeImage by UpGuard To read this article in full or to leave a comment, please click here

34 – Q-in-VNI and EFP for Hosting Providers

Dear Network and DCI Experts !

While this post is a little bit out of the DCI focus, and assuming many of you already know Q-in-Q, the question is, are you yet familiar with Q-in-VNI? For those who are not, I think this topic is a good opportunity to bring Q-in-VNI deployment with VXLAN EVPN for intra- and inter-VXLAN-based Fabrics and understand its added value and how one or multiple Client VLANs from the double encapsulation can be selected for further actions.

Although it’s not an unavoidable rule per-se, some readers already using Dot1Q tunneling may not necessarily fit into the following use-case. Nonetheless, I think it’s safe to say that most of Q-in-Q deployment have been used by Hosting Provider for co-location requirements for multiple Clients, hence, the choice of the Hosting Provider use-case elaborated in this article.

For many years now, Hosting Services have physically sheltered thousands of independent clients’ infrastructures within the Provider’s Data Centers. The Hosting Service Provider is responsible for supporting each and every Client’s data network in its shared network infrastructure. This must be achieved without changing any Tenant’s Layer 2 or Layer 3 parameter, and must also be done as quickly as possible. For many years, the co-location Continue reading