Worth Reading: Going Back to Being an Engineer

Another great advice from Charity Majors: does it make sense to go back to being an engineer after being a manager for a few years?

Personal note: finding a great replacement for my CTO role was probably the best professional decision I ever made ;)

Asynchronous Zsh prompt with Git status

Zsh ships vcs_info, a function fetching information about the VCS state for the current directory and populating a variable that can be used in a shell prompt. It supports several VCS, including Git and SVN. Here is an example of configuration:

autoload -Uz vcs_info
zstyle ':vcs_info:*' enable git

() {
    local formats="${PRCH[branch]} %b%c%u"
    local actionformats="${formats}%{${fg[default]}%} ${PRCH[sep]} %{${fg[green]}%}%a"
    zstyle ':vcs_info:*:*' formats           $formats
    zstyle ':vcs_info:*:*' actionformats     $actionformats
    zstyle ':vcs_info:*:*' stagedstr         "%{${fg[green]}%}${PRCH[circle]}"
    zstyle ':vcs_info:*:*' unstagedstr       "%{${fg[yellow]}%}${PRCH[circle]}"
    zstyle ':vcs_info:*:*' check-for-changes true
}

add-zsh-hook precmd vcs_info

You can use ${vcs_info_msg_0_} in your prompt to display the current branch, the presence of staged and unstaged changes, as well as the ongoing action.¹ Have a look at the documentation for more details.

On large repositories, some information are expensive to fetch. While vcs_info queries Git, interactions with Zsh are stuck. A possible solution is to execute vcs_info asynchronously with zsh-async.

Continue reading

Operators Dish on Edge Computing Strategies at MEF 2019

TCP MD5

TCP_MD5 (RFC 2385) is something that doesn’t come up often. There’s a couple of reasons for that, good and bad.

I used it with tlssh, but back then (2010) it was not practical due to the limitations in the API on Linux and OpenBSD.

This is an updated post, written after I discovered TCP_MD5SIG_EXT.

What it is

In short it’s a TCP option that adds an MD5-based signature to every TCP packet. It signs the source and destination IP addresses, ports, and the payload. That way the data is both authenticated and integrity protected.

When an endpoint enables TCP MD5, all unsigned packets (including SYN packets) are silently dropped. For a signed connection it’s not even possible for an eavesdropper to reset the connection, since the RST would need to be signed.

Because it’s on a TCP level instead of part of the protocol on top of TCP, it’s the only thing that can protect a TCP connection against RST attacks.

It’s used by the BGP protocol to set a password on the connection, instead of sending the password in the handshake. If the password doesn’t match the TCP connection doesn’t even establish.

But outside of BGP it’s essentially Continue reading

BiB083 – Forescout – Visibility For Segmentation

BiB083 – Forescout – Visibility For Segmentation

I'm talking about Forescout after receiving a briefing during Tech Field Day 20.

The post BiB083 – Forescout – Visibility For Segmentation appeared first on Packet Pushers.

Five Minutes To Magic Time

Have you ever worked with someone that has the most valuable time in the world? Someone that counts each precious minute in their presence as if you’re keeping them from something very, very important that they could use to solve world hunger or cure cancer? If you haven’t then you’re a very lucky person indeed. Sadly, almost everyone, especially those in IT, has had the misfortune to be involved with someone whose time is more precious than platinum-plated saffron.

That’s not to say that we should be wasting the time of those we work with. Simple things like being late to meetings or not having your materials prepared are easy ways to help reduce the time of meetings or to make things run smoothly. Those items are common courtesies that should be extended to all the people you meet, from the cashier that takes your order at a fast food establishment to the most powerful people on the planet. No, this is about something deeper and more insidious.

No Time For Hugs

I’ve seen the kind of behavior I’ve described very often in the higher echelons of companies. People that live at the CxO level often have very little time Continue reading

Heavy Networking 488: Using Genetic Algorithms To Avoid Internet Censorship

Today's Heavy Networking dives into a research project, Geneva, that uses genetic algorithms to evade Internet censorship. The project was developed at the University of Maryland. We drill into how it works with guests Dr. David Levin and graduate student Kevin Bock from the University of Maryland.

The post Heavy Networking 488: Using Genetic Algorithms To Avoid Internet Censorship appeared first on Packet Pushers.

Nokia Argues Cloud Native Is Essential to 5G Core

A10 Hires New CEO, No Word on Potential Sale

Learn the basics of electrical engineering for only $25 today.

Without electrical engineers, everything from your home lighting to your smartphone wouldn’t work properly. Needless to say, electrical engineers make our world go round, and it’s them who spearhead the latest innovations in tech. If you’re intent on creating the world’s next revolutionary product, you’ll at least need to understand the basics, and this bundle will get you up to speed for just $25.To read this article in full, please click here

Recommended Networking Resources for September 2019 First Week

Weekly Wrap: Palo Alto Networks Leaps Into SASE Market

Video: Breaking the End-to-End Principle

Original TCP/IP and OSI network stacks had relatively clean layered architecture (forgetting the battle scars for the moment) and relied on end-to-end principle to keep the network core simple.

As always, no good deed goes unpunished - “creative” individuals trying to force-fit their mis-designed star-shaped pegs into round holes, and networking vendors looking for competitive advantage quickly destroyed the idea with tons of middlebox devices, ranging from firewalls and load balancers to NAT, WAN optimization, and DPI monstrosities.

You need free ipSpace.net subscription to watch the video, or a paid ipSpace.net subscriptions to watch the whole How Networks Really Work webinar.

Go Notes: Arrays

Go Notes: Arrays

Liqid, Western Digital Demo Composable NVMe-oF

Extreme Embeds Fabric Automation on Broadcom-Based Switches

Real-time monitoring at terabit speeds

400GE First Data Networks: Caltech, Starlight/NRL, USC, SCinet/XNET, Ciena, Mellanox, Arista, Dell, 2CRSI, Echostreams, DDN and Pavilion Data, as well as other supporting optical, switch and server vendor partners will demonstrate the first fully functional 3 X400GE local ring network as well as 400GE wide area network ring, linking the Starlight and Caltech booths and Starlight in Chicago. This network will integrate storage using NVMe over Fabric, the latest high throughput methods, in-depth monitoring and realtime flow steering. As part of these demonstrations, we will make use of the latest DWDM, Waveserver Ai, and 400GE as Continue reading

It Takes a Community: Kubernetes’ Long Road to Dual IPv4/IPv6 Support

Portworx sponsored The New Stack’s coverage of KubeCon+CloudNativeCon North America 2019. While you may thinking of Kubernetes as the future of computing, but it was, until recently, still stuck in the past in one way, namely that it was built on IPv4, the widely-used, though a soon-to-be-legacy version of the Internet Protocol upon which the internet was built. The Internet Engineering Task Force has been long urging the internet service providers to move to IPv6, now that the world has exhausted the supply of 32-bit IPv4 addresses. With its 128-bit address space, IPv6 will offer an inexhaustibly supply of internet addresses. “We ignored it,” admitted KubeCon + CloudNativeCon North America 2019 conference he gave with