In today's Heavy Networking podcast, sponsored by NVIDIA, we explore DOCA on Bluefield DPUs. DOCA is a runtime operating system on the DPU including tools for provisioning, deploying, and orchestrating containerized services. It's also an SDK to supports a range of operating systems and distributions and includes drivers, libraries, and tools. Our guests are Justin Betz and Wes Kennedy, both Technical Marketing Engineers with NVIDIA.
The post Heavy Networking 633: Building DPU Apps With NVIDIA DOCA (Sponsored) appeared first on Packet Pushers.
This edition of weekend reads begins with a few straight security stories of interest. I knew key loggers existed in the wild, but the logging of keystrokes before a web form is submitted is apparently a lot more common than I realized—
Illustrating that security is often a game of “whack-a-mole,” web skimmers are obfuscating their operation—
Identity is fraught with problems even in the real world; just as people used to carry “letters of introduction” with them when they moved to a new area or started a new job, identity is often a matter of transitive trust. How to replicate transitive trust in the digital world is still a problem, but it’s also the foundation of decentralized systems—
The central thesis of the decentralized future is that I should be Continue reading
This week on the Gestalt IT Rundown, I talked about the plan by Let’s Encrypt to reuse some reserved IP address space. I’ve talked about this before and I said it was a bad idea then for a lot of reasons, mostly related to the fact that modern operating systems are coded not to allow 240/4 as a valid address space, for example. Yes, I realize that when the address space was codified back in the early days of the Internet that decisions were made to organize things and we “lost” a lot of addresses for experimental reasons. However, this is not the only time this has happened. Nor is it the largest example. For that, we need to talk about the device that you’re very likely reading this post on right now: your phone.
We’re going to be referring to the North American Numbering Plan (NANP) in this post, so my non-US readers are going to want to click that link to understand how phone numbering works in the US. The NANP was devised back in the 1940s by AT&T as a way to assign numbers to the Continue reading
When defining network addresses in IEN 19 John Shoch said:
Addresses must, therefore, be meaningful throughout the domain, and must be drawn from some uniform address space.
But what is a domain? Welcome to the address scope discussion ;)
On June 02, 2022 Atlassian released a security advisory for their Confluence Server and Data Center applications, highlighting a critical severity unauthenticated remote code execution vulnerability. The vulnerability is as CVE-2022-26134 and affects Confluence Server version 7.18.0 and all Confluence Data Center versions >= 7.4.0.
No patch is available yet but Cloudflare customers using either WAF or Access are already protected.
Our own Confluence nodes are protected by both WAF and Access, and at the time of writing, we have found no evidence that our Confluence instance was exploited.
Cloudflare reviewed the security advisory, conducted our own analysis, and prepared a WAF mitigation rule via an emergency release. The rule, once tested, was deployed on June 2, 2022, at 23:38 UTC with a default action of BLOCK and the following IDs:
All customers using the Cloudflare WAF to protect their self-hosted Confluence applications have automatically been protected since the new rule was deployed.
Customers who have deployed Cloudflare Access in front of their Confluence applications were protected from external exploitation attempts even before the emergency release. Access verifies every request made to a Confluence application to Continue reading
We all intuitively know the DNS is complex—and becoming more complex over time. Describing just how complex, however, is difficult. Siva Kesava and Ryan Beckett just published a research paper taking on the task of describing DNS complexity, particularly in light of the new DNAME record type. It turns out its complex enough that you can no longer really validate zone files.
In this episode of IPv6 Buzz Ed, Scott, and Tom discuss "IPv4 thinking", what exactly it is, how it can be harmful to your IPv6 migration efforts, and—most importantly—how to avoid it.
The post IPv6 Buzz 102: The Problem With IPv4 Thinking appeared first on Packet Pushers.