The story of Stuxnet, the first cyber weapon in history. Focus is on the manipulation of machinery at Natanz, with detailed explanations of machine configuration and operation. A few takeaways for myself after watching: The Stuxnet software impacted the Iranian nuclear program by damaging the project budget. Instead of blowing up the centrifuges, they increased […]
The post Background on Stuxnet appeared first on EtherealMind.
Today's Heavy Networking is a roundtable show where a group of engineers tell us what's on their minds. Topics include why EVPN/VXLAN is useful even for small data centers, how to get automation going despite internal constraints, the pros and cons of unique network designs, and tales of how working from home has affected projects, teams, and priorities.
The post Heavy Networking 535: The ‘What’s On Your Mind?’ Roundtable appeared first on Packet Pushers.
The fundamental technologies for creating digital clones of people — text, audio, and video that sound and look like a specific person — have rapidly advanced and are within striking distance of a future in which digital avatars can sound and act like specific people, Tamaghna Basu, co-founder and chief technology officer of neoEYED, a Continue reading
During a recent episode of the Packet Pushers Podcast, Greg and Drew talked about the fact that bandwidth just keeps increasing and we live in a world where the solution to most problems is to just increase the pipeline to the data center or to the Internet. I came into networking after the heady days of ISDN lines everywhere and trying to do traffic shaping on slow frame relay links. But I also believe that we’re going to quickly find ourselves in a pickle when it comes to bandwidth.
My grandparents were alive during the Great Depression. They remember what it was like to have to struggle to find food or make ends meet. That one singular experience transformed the way they lived their lives. If you have a relative or know of someone that lived through that time, you probably have noticed they have some interesting habits. They may keep lots of cash on hand stored in various places around the house. They may do things like peel labels from jelly jars and use them as cups. They may even go to great lengths to preserve as much as they can for reuse later “just in Continue reading
Customer Service. Business. Growth. While these three make up a large portion of what keeps most enterprise companies operating, they are just the beginning at Cloudflare.
I am excited to share that I have joined Cloudflare as its Chief Customer Officer. Cloudflare has seen explosive growth: we launched only a decade ago and have already amassed nearly 3 million customers and grown from a few 100 enterprise customers to 1000s. Currently, we are at a growth inflection point where more companies are choosing to partner with us and are leveraging our service. We are fortunate to serve these customers with a consistent, high quality experience, no matter where their end-users are located around the world.
I took this opportunity because Cloudflare serves the world and does what is right over what is easy. Our customers deliver meals to your doors, provide investment and financial advice, produce GPS devices for navigational assistance, and so much more. Our customers span every vertical and industry, as well as every size. By partnering with them, we have a hand in delighting customers everywhere and helping make the Internet better. I am excited to work with them Continue reading
Here’s an interesting factoid: when using default IS-IS configuration (running L1 + L2 on all routers in your network), every router inserts every IP prefix from anywhere in your network into L2 topology… at least on Junos.
For more details read this article by Chris Parker.
There comes a time in the life of every Kubernetes cluster when internal resources (pods, deployments) need to be exposed to the outside world. Doing so from a pure IP connectivity perspective is relatively easy as most of the constructs come baked-in (e.g. NodePort-type Services) or can be enabled with an off-the-shelf add-on (e.g. Ingress and LoadBalancer controllers). In this post, we’ll focus on one crucial piece of network connectivity which glues together the dynamically-allocated external IP with a static customer-defined hostname — a DNS. We’ll examine the pros and cons of various ways of implementing external DNS in Kubernetes and introduce a new CoreDNS plugin that can be used for dynamic discovery and resolution of multiple types of external Kubernetes resources.
Let’s start by reviewing various types of “external” Kubernetes resources and the level of networking abstraction they provide starting from the lowest all the way to the highest level.
One of the most fundamental building block of all things external in Kubernetes is the NodePort service. It works by allocating a unique external port for every service instance and setting up kube-proxy to deliver incoming packets from that port to the one of Continue reading
A recent report – Milliseconds make Millions – commissioned by Google and published by Deloitte, has shown that mobile website speed has a direct impact on user experience. Reducing latency and increasing load times by just 0.1 second can positively affect conversion rates potentially leading to an increase in net earnings.
Over a four-week period, Deloitte’s research team analyzed mobile web data from 37 retail, travel, luxury, and lead generation brands throughout Europe and the U.S. Results showed that by decreasing load time by 0.1s, the average conversion rate grew by 8% for retail sites and by 10% for travel sites. The team also observed an increase in engagement, page views, and the amount of money spent by website visitors when sites loaded faster.
Multiple studies have consistently shown that faster page load speeds will result in better conversion rates. Akamai’s 2017 Online Retail Performance Report, for example, showed that a 100-millisecond delay in website load time can reduce conversion rates by 7% and that over half (53%) of mobile site visitors will leave a page that takes longer than three seconds to load.
HTTP/2 and IPv6: Faster and More Available
There’s good news: making some Continue reading
On 10 August 2020, I took and passed the Automating Cisco Security Solutions (SAUTO) exam on my first attempt. In February of the same year, I passed DEVASC, DEVCOR, and ENAUTO to earn both the CCDevA and CCDevP certifications. You might be wondering why I decided to take another concentration exam. I won’t use this blog to talk about myself too much, but know this: learning is a life-long journey that doesn’t end when you earn your degree, certification, or other victory trinket. I saw SAUTO as an opportunity to challenge myself by leaving my “comfort zone” … and trust me, it was very difficult.
One of the hardest aspects of SAUTO is that it encompasses 12 different APIs spread across an enormous collection of products covering the full spectrum of cyber defense. Learning any new API is difficult as you’ll have to familiarize yourself with new API documentations, authentication/authorization schemes, request/response formats, and various other product nuances. For that reason along, the scope of SAUTO when compared to ENAUTO makes it a formidable exam.
Network automation skills are less relevant in this exam than in DEVASC, DEVCOR, or ENAUTO, as they only account for 10% Continue reading
Hybrid cloud infrastructures run critical business resources and are subject to some of the strictest network security controls. Irrespective of the industry and resource types, these controls broadly fall into three categories.
Workloads (pods) running on Kubernetes are ephemeral in nature, and IP-based controls are no longer effective. The challenge is to enforce the organizational security controls on the workloads and Kubernetes nodes themselves. Customers need the following capabilities: