Heavy Networking 527: New Ideas For A Network Certification Program
Today's Heavy Networking explores ideas for designing a new networking certification program built around a network design challenge that focuses on broad, systems-oriented knowledge. The goal isn't to replace current certifications, but to create an option that emphasizes deep knowledge of protocols and networking concepts. Our guests are Russ White and Scott Morris.Heavy Networking 527: New Ideas For A Network Certification Program
Today's Heavy Networking explores ideas for designing a new networking certification program built around a network design challenge that focuses on broad, systems-oriented knowledge. The goal isn't to replace current certifications, but to create an option that emphasizes deep knowledge of protocols and networking concepts. Our guests are Russ White and Scott Morris.
The post Heavy Networking 527: New Ideas For A Network Certification Program appeared first on Packet Pushers.
The Internet “Just Works”: The EARN IT Act Threatens That and More
When the EARN IT Act was introduced in March 2020, technologists, civil society organizations, academics, and even a former FBI General Counsel blasted the bill as a thinly veiled attempt to prevent platforms from keeping users safe with strong encryption. The bill had implications for intermediary liability, of course, but it was clearly a play to take down the strongest digital security tool we have online.
The EARN IT Act is now a monstrous version of its previous self. It would not only weaken the ability of platforms to protect users through encryption, but fundamentally alter how platforms operate, leading to dangerous consequences for users and the global Internet.
While the new version of the bill would prevent the federal government from forcing platforms to weaken encryption to maintain their intermediary liability protection (a foundational aspect of most companies’ business plans), it would essentially allow states to pass their own version of the original EARN IT Act. This would create a chaotic patchwork of state-level laws, threatening user security across the country and creating borders for a networking system that was never meant to recognize them. This bill would not only weaken the ability of platforms to protect users through Continue reading
Cisco ACI Tips and Tricks
Cisco ACI does things a bit differently to traditional networking. I find myself constantly duck hunting to do simple things so I am documenting them here so they are easier for me to fine. Get VRF Names Get a list of VRFs with the show vrf command from a leaf node. How to Ping To ping a...Bayesian Non-Finite Mixture Models
Motivation
Following up from our previous post on Bayesian Finite Mixture Models, here are my notes on Non-Finite mixture model.
Non-finite Mixture Models
Bayesian finite mixture models can be used when we have a prior knowledge or some good guess on the number of groups present in the dataset. But if we do not know this beforehand, then we can use Non-Finite mixture models. Bayesian solution for this kind of problems is related to Dirichlet process.
Dirichlet Process(DP)
We briefly mentioned about Dirichlet distribution in the previous post Bayesian Finite Mixture Models,
which is a generalization of beta distribution, similarly Dirichlet Process is an infinite-dimensional generalization of Dirichlet
distribution. The Dirichlet distribution is a probability distribution on the space of probabilities, while Dirichlet Process
is a probability distribution on the space of distributions. A Dirichlet Process is a distribution over distributions.
When I first read this, my mind went
.
What this means is, that a single draw from a Dirichlet distribution will give us a probability and a single draw from a Dirichlet Process will give us a Dirichlet distribution. For finite mixture models, we used Dirichlet distribution to assign a prior for the fixed number of clusters, Continue reading
How to Meet Interesting People in Your Industry
The easiest way to meet interesting people in your industry is to attend a networking event, work related conference, or a training course. These types of event usually do attract a high turnout so as well as the information on offer; you do get a chance to network with others who are in the same business as you.
Mingling at Industry Events
The good thing about industry events is that you will meet people at all different levels and stages of their career. This can seem daunting if you are just starting out, but remember that everyone had to start somewhere and most people are going to be supportive and friendly if you have the right approach.
To handle a networking event and actually get to meet interesting people, you can employ some handy strategies to make introductions and social interaction much easier. One tip is to email the organizers and let them know that you are new. You will probably find that they offer to meet you and introduce you to a couple of people which will help get the ball rolling.
In addition, it is a good idea to arrive a bit early, rather than fashionably late Continue reading
Internet Society Foundation Announces $1.5 Million in COVID-19 Response Grants
The Internet plays a more important role than ever, serving as a lifeline so that children can continue learning, families and friends can stay connected, and vital public health information can keep circulating. At the Internet Society Foundation, we believe access to the Internet and its solutions can create healthier and safer communities, reduce vulnerabilities, and help build the resilience communities need to navigate the COVID-19 pandemic and emerge better prepared in the future.
That’s why we’re thrilled to announce that we’ve completed the selection process for our Emergency Response: COVID-19 grants, awarding USD$1.5 million in funding to four innovative projects that are using the Internet to help communities respond and adapt to the challenges created by the current pandemic.
The funding will support the following efforts around the globe:
- Expanding an online platform which connects and trains caregivers across Asia
- Extending the reach of a COVID-19 training program to support 10,000 health workers in five African countries
- Enabling a disaster response team to expand Internet connectivity for 24 critical primary health and coordination facilities across eight countries
- Expanding the scope of an innovative technology platform that supports fact-checkers in Latin America
Established Continue reading
BIB096 Considering KPIs For Network Operations
I was asked what Key Performance Indicators would I consider for an operational data network. I spent an hour coming up with ideas and here they are.
The post BIB096 Considering KPIs For Network Operations appeared first on Packet Pushers.
BIB096 Considering KPIs For Network Operations
I was asked what Key Performance Indicators would I consider for an operational data network. I spent an hour coming up with ideas and here they are.The Hedge Podcast Episode 42: Andrei Robachevsky and MANRS
The security of the global routing table is foundational to the security of the overall Internet as an ecosystem—if routing cannot be trusted, then everything that relies on routing is suspect, as well. Mutually Agreed Norms for Routing Security (MANRS) is a project of the Internet Society designed to draw network operators of all kinds into thinking about, and doing something about, the security of the global routing table by using common-sense filtering and observation. Andrei Robachevsky joins Russ White and Tom Ammon to talk about MANRS.
Working with TC on Linux systems
Hi folks! Long time no talk : ) Life has been incredibly busy for me over the last few months so I’ll apologize in advance for the lack of posts. However – I’m aiming to get back on the horse so please stay tuned!
With that out of the way – I wanted to spend some time in this post talking about the command line tool found on Linux systems called tc. We’ve talked about tc before when we discussed creating some network/traffic simulated topologies and it worked awesome for that use case. If you recall from that earlier post tc is short for Traffic Control and allows users to configure qdiscs. A qdisc is short for Queuing Discipline. I like to think of it as manipulating the Linux kernels packet scheduler.
Note: tc is traditionally part of the iproute2 toolset which Im pretty sure (but not positive) is included in most base Linux distros these days.
When tc comes up – it’s easy to immediately start thinking about QOS, queuing, and packet(traffic) control. And while some of the actions available to you when using tc seem obvious, or at least fit within the mindset of queue disciplines (the drop Continue reading
Open Standards Everywhere: How the Kolkata Chapter Got a Perfect Score
In early May 2020, the Open Standards Everywhere (OSE) project held a series of virtual training sessions for Internet Society Chapters. Over 70 Chapter representatives from around the world learned, in English, French, or Spanish, how to improve the overall security and availability of their Chapter’s websites and web servers by enabling IPv6, HTTP/2, TLS, and DNSSEC.
To assess everyone’s progress we tested each Chapter’s website before and after the training sessions using internet.nl and http2.pro. As a result of the OSE training sessions, many Chapters were able to significantly increase their website’s compliance. But one Chapter in particular, ISOC Kolkata, was able to take its website from 32% compliance to a whopping 100%. We caught up with ISOC Kolkata member Rittika Ratawa, who was nominated by the Chapter to attend the training, to find out more.
The Internet Society: What changes did you make to isockolkata.in as a direct result of the OSE virtual training session?
Rittika: After the training session, the Chapter made several changes. Firstly, we changed our DNS service provider as the one we had been using did not offer DNSSEC services or IPv6. Then we enabled DNSSEC by providing Continue reading
Urban Terror Server on Cisco CSR1000v
We have discussed the configuration of Guest Shell on Cisco CSR 1000v platform in a previous tutorial. The guest shell is a built-in Linux container with CentOS 7 installed, which can be activated on the fly when Linux applications are needed. Our lives are currently affected by SARS-CoV-2 and long-standing quarantine, so why not do […]Continue reading...
DevAsc – Python Script To Collect Show Commands Output
A colleague needed to connect to several Cisco devices, run some show commands, and save the output. I decided it would be good to practice my Python skills so I coded something together.
Why didn’t do you do this in Ansible, Nornir, or other tool of choice? Because the goal was to learn Python, not minimize amount of work to solve the task.
This work was highly inspired by others such as Debi, John, and wouldn’t be possible without the work from Kirk. Also thanks to Patrick, and Nick for giving me pointers on the code.
From a high level, the script will perform the following tasks:
- Read commands from a text file “commands.txt”
- Read devices from a text file “devices.txt”
- Ask the user for credentials
- Log in to the devices
- Perform show commands
- Save the output to a text file per device
In order to perform the tasks, the script relies on several modules:
Colorama – Used to color code terminal output
Netmiko – Used to setup SSH connection to device and parse the output
Datetime – Used to create a timestamp
Getpass – To get password from user without displaying it to the Continue reading
Wave Glider Robots
This video opened my mind to the ideas of robotic surveillance and data capture of the ocean. Wide range of civilian applications of course. But also police applications for customs and policing for monitoring the seaways around a country. And the military applications for defense and detection. Potentially even delivering a torpedo style payload.
The post Wave Glider Robots appeared first on EtherealMind.
Making the WAF 40% faster
Cloudflare’s Web Application Firewall (WAF) protects against malicious attacks aiming to exploit vulnerabilities in web applications. It is continuously updated to provide comprehensive coverage against the most recent threats while ensuring a low false positive rate.
As with all Cloudflare security products, the WAF is designed to not sacrifice performance for security, but there is always room for improvement.
This blog post provides a brief overview of the latest performance improvements that were rolled out to our customers.
Transitioning from PCRE to RE2
Back in July of 2019, the WAF transitioned from using a regular expression engine based on PCRE to one inspired by RE2, which is based around using a deterministic finite automaton (DFA) instead of backtracking algorithms. This change came as a result of an outage where an update added a regular expression which backtracked enormously on certain HTTP requests, resulting in exponential execution time.
After the migration was finished, we saw no measurable difference in CPU consumption at the edge, but noticed execution time outliers in the 95th and 99th percentiles decreased, something we expected given RE2's guarantees of a linear time execution with the size of the input.
Day Two Cloud 055: Securing Cloud Infrastructure And Applications
Security is difficult and tricky, but we've got an amazing guest on today's Day Two Cloud podcast to help you improve your security posture and manage your cloud risk. Our guest is Tanya Janca, Founder, Security Trainer, and Coach at She Hacks Purple. We discuss key security areas including the network, identity, and applications; taking advantage of cloud visibility; securing SaaS apps; and more.Day Two Cloud 055: Securing Cloud Infrastructure And Applications
Security is difficult and tricky, but we've got an amazing guest on today's Day Two Cloud podcast to help you improve your security posture and manage your cloud risk. Our guest is Tanya Janca, Founder, Security Trainer, and Coach at She Hacks Purple. We discuss key security areas including the network, identity, and applications; taking advantage of cloud visibility; securing SaaS apps; and more.
The post Day Two Cloud 055: Securing Cloud Infrastructure And Applications appeared first on Packet Pushers.