Securing open source: a brief look at dependency management

Taking full advantage of all that IT automation and orchestration have to offer frequently involves combining IT infrastructure automation with in-house application development. To this end, open source software is often used to speed development. Unfortunately, incorporating third-party software into your application means incorporating that third-party software’s vulnerabilities, too.

Scanning for, identifying, and patching open source dependencies in an application’s codebase is known as dependency management, and it’s increasingly considered a critical part of modern development. A recent report found that 60% of open source programs audited had a vulnerability that’s already been patched. With 96% of all code using open source libraries, this is a problem that impacts everyone.

There are many dependency management products available; too many to list in a single blog post. That said, we’ll look at some examples of well-known dependency management products that fall into three broad categories: free, open source software; commercial software with a free tier; and commercial software without a free tier.

Some dependency management products rely on open source vulnerability lists (the most famous of which is supplied by the National Institute of Standards and Technology [NIST]). Some products are commercial, and use closed databases (often in combination with the Continue reading

Nokia VP: 5G Security Risks Are Huge

BlackBerry CTO: ‘More Security, Less Friction Is The Dream’

AT&T, Vodafone Bridge IoT Networks Across US, Europe

Databricks Bags Bricks of Cash in $400M Series F

41 – Interconnecting Traditional DCs with DCNM using VXLAN EVPN Multi-site

Good day,

The same question arises often about how to leverage DCNM to deploy a VXLAN EVPN Multi-site between traditional Data Centers. To clarify, DCNM can definitively help interconnecting two or multiple Classical Ethernet-based DC networks, in a short time.

As a reminder (post 37) , VXLAN EVPN Multi-site overlay is initiated from the Border Gateway nodes (BGW). The BGW function can run in two different modes; either in Anycast BGW mode (Up to 6 BGW devices per site), traditionally deployed to interconnect VXLAN EVPN based fabrics, or in vPC BGW mode (up to 2 BGW per site), essentially designed to interconnect traditional data centers, but not limited to. vPC BGW can be leveraged to interconnect multiple VXLAN EVPN fabrics from which Endpoints can be locally dual- attached at layer 2. Several designations are used to describe the Classic Ethernet-based data center networks such as Traditional or legacy data center network. All these terms mean that these network are non VXLAN EVPN-based fabrics. The vPC BGW node is agnostic about data center network types, models or switches that construct the data center infrastructure, as long as it offers Layer 2 (dot1Q) connectivity for layer 2 extension, and if Continue reading

T-Mobile US Accelerates ‘Nationwide’ 5G on 600 MHz

Datanauts 173: Goodnight, Datanauts

Today is the final episode of the Datanauts podcast. Thanks to all the listeners who joined us on this starship journey through IT infrastructure.

The post Datanauts 173: Goodnight, Datanauts appeared first on Packet Pushers.

Google claims quantum supremacy over supercomputers

The results of an experiment performed on Google’s Sycamore quantum computer demonstrate that theoretical quantum computing designs can work as expected, the company announced today in a paper published in the journal Nature.Formulating the problem was the first hurdle. The company’s research team eventually settled on comparing the Sycamore computer’s output to that of a modern, classical supercomputer in the task of reading the state of a pseudo-random quantum circuit. This results in a computational challenge that should be comparatively simple for Sycamore, but enormously difficult for a supercomputer equipped with traditional silicon.To read this article in full, please click here

Google claims quantum supremacy over supercomputers

The results of an experiment performed on Google’s Sycamore quantum computer demonstrate that theoretical quantum computing designs can work as expected, the company announced today in a paper published in the journal Nature.Formulating the problem was the first hurdle. The company’s research team eventually settled on comparing the Sycamore computer’s output to that of a modern, classical supercomputer in the task of reading the state of a pseudo-random quantum circuit. This results in a computational challenge that should be comparatively simple for Sycamore, but enormously difficult for a supercomputer equipped with traditional silicon.To read this article in full, please click here

Securing the Internet: Introducing Oracle Internet Intelligence IXP Filter Check

Oracle is an Organization Member of the Internet Society. We welcome this guest post announcing a new tool that complements our work to improve the security of the Internet’s routing infrastructure.

We are proud to announce the launch of the IXP Filter Check, which is designed to improve Internet routing security by monitoring route filtering at Internet Exchange Points (IXPs). Here we describe the origin of this project, how it works, and what it hopes to achieve.

Background

Last year, Oracle started partnering with the Internet Society to explore ways to make the Internet safer and more secure for our enterprise customers and users. Businesses – banks, insurance companies, pharmaceutical firms – as well as non-profit organizations and governments continue to turn to Internet-facing assets as key components of their critical infrastructure. Market research firm IDC estimates that 55.9 billion devices will be online by 2025. We believe it is incumbent upon us, as trusted partners and suppliers, to help make the global Internet as safe as possible.

Securing trust-based Internet routing is one such security challenge. Despite decades of research and engineering on the topic, securing Internet routing remains a notoriously difficult task. The challenge is evidenced by the fact that nearly every month there is another major story of a Continue reading

Arcadia Power makes supporting clean energy easier

Nowadays, it’s easier than ever to power your home with clean energy, and yet, many Americans don’t know how to make the switch. Luckily, you don’t have to install expensive solar panels or switch utility companies to support a cleaner, sustainable future. If you’re interested in supporting clean energy and saving money on your power bill, consider Arcadia Power.Arcadia Power is a platform that makes it easy for homeowners and renters to choose clean, renewable energy sources such as wind and solar. You can visit Arcadia Power’s website and input your ZIP code to see how clean energy compares to traditional sources in your area. To power your home with clean energy, all you have to do is connect your utility bill, and you can choose between wind and community solar farms in your area, or you can use Arcadia Power’s Smart Rate to find the lowest price available. In fact, you’ll even save money on your power bill if clean energy is cheaper in your area. To read this article in full, please click here

Psst! Wanna buy a data center?

When investment bank Bear Stearns collapsed in 2008, there was nothing left of value to auction off except its data centers. JP Morgan bought the company's carcass for just $270 million but the only thing of value was Bear's NYC headquarters and two data centers.Since then there have been numerous sales of data centers under better conditions. There are even websites (Datacenters.com, Five 9s Digital) that list data centers for sale. You can buy an empty building, but in most cases, you get the equipment, too.To read this article in full, please click here

Psst! Wanna buy a data center?

When investment bank Bear Stearns collapsed in 2008, there was nothing left of value to auction off except its data centers. JP Morgan bought the company's carcass for just $270 million but the only thing of value was Bear's NYC headquarters and two data centers.Since then there have been numerous sales of data centers under better conditions. There are even websites (Datacenters.com, Five 9s Digital) that list data centers for sale. You can buy an empty building, but in most cases, you get the equipment, too.To read this article in full, please click here

How to double-check permissions post migration from Windows 7

It pays to make sure all permissions in your Windows environment are correct after migrating from Windows 7 or Server 2008 R2. Here’s how to check.

Dramatically reduced power usage in Firefox 70 on macOS with Core Animation – Mozilla Gfx Team Blog

ready to replace chrome with firefox

The post Dramatically reduced power usage in Firefox 70 on macOS with Core Animation – Mozilla Gfx Team Blog appeared first on EtherealMind.

Auto-MLAG and Auto-BGP in Cumulus Linux

When I first met Cumulus Networks engineers (during NFD9) their focus on simplifying switch configurations totally delighted me (video).

After solving the BGP configuration challenge (could you imagine configuring BGP in a leaf-and-spine fabric with just a few commands in 2015), they did the same thing with EVPN configuration, where they decided to implement the simplest possible design (EBGP-only fabric running EBGP EVPN sessions on leaf-to-spine links), resulting in another round of configuration simplicity.

Gartner: Top 10 strategic technology trends for 2020

ORLANDO – The pace of technology change is accelerating rapidly, augmented by factors that IT pros need to study-up on, things they never had to deal with before like hyperautomation, multiexperience, and human augmentation that Gartner says will have a significant impact on enterprises."It's been 50 years since the first message was sent across what became the internet. In 50 years we've seen technology transform our enterprises, our relationships, and society itself,” said Val Sribar, senior research vice president at Gartner. “The next five years may bring as much change as those last 50."[Get regularly scheduled insights by signing up for Network World newsletters.] Looking ahead just on year, Gartner created the “Top 10 Strategic Technology Trends for 2020,” which the consulting firm released at its IT Symposium/XPO 2019 here this week.To read this article in full, please click here

Gartner: Top 10 strategic technology trends for 2020

ORLANDO – The pace of technology change is accelerating rapidly, augmented by factors that IT pros need to study-up on, things they never had to deal with before like hyperautomation, multiexperience, and human augmentation that Gartner says will have a significant impact on enterprises."It's been 50 years since the first message was sent across what became the internet. In 50 years we've seen technology transform our enterprises, our relationships, and society itself,” said Val Sribar, senior research vice president at Gartner. “The next five years may bring as much change as those last 50."[Get regularly scheduled insights by signing up for Network World newsletters.] Looking ahead just on year, Gartner created the “Top 10 Strategic Technology Trends for 2020,” which the consulting firm released at its IT Symposium/XPO 2019 here this week.To read this article in full, please click here

5G Spectrum Crunch Drives Conversation at MWC LA 2019