Worth Reading: Said no CEO, ever

“We think we’re going to get magical powers when we use other people’s servers,” said Casey West, Principal Technologist for Pivotal’s Cloud Foundry platform, during his OSCON Europe talk, in which he provided a humorous, and insightful look at how the CEO sees, or doesn’t see — or honestly doesn’t care about — the vast majority of the work that IT professional do in cloud. “This talk is about high expectations,” West stated in his slideshow. “Yes, I know what I did there. High, cloud, clouds are up high, lol.” —The New Stack

The post Worth Reading: Said no CEO, ever appeared first on 'net work.

Kitchen Sink

The post Kitchen Sink appeared first on 'net work.

Worth Reading: Multiple DNS providers and DDoS

How can your company continue to make its website and Internet services available during a massive distributed denial-of-service (DDoS) attack against a DNS hosting provider? In light of last Friday’s attack on Dyn’s DNS infrastructure, many people are asking this question. One potential solution is to look at using multiple DNS providers for hosting your DNS records. —The Internet Society

The post Worth Reading: Multiple DNS providers and DDoS appeared first on 'net work.

Worth Reading: Everything you’ve ever posted becomes public from tomorrow

As I sit here, ironically just wrapping up a privacy conference, scrolling my Facebook wall, I am seeing dozens of posts from smart, professional, aware people, all posting an apparent disclaimer to Facebook in an attempt to protect their personal privacy from the new Facebook privacy policy. This disclaimer, known as UCC 1 1-308-308 1-103 and the Rome Statute, is in fact a hoax. It first surfaced in 2012 but is making the rounds again. The post encourages users to share a Facebook status which allows them to be immune from Facebook sharing any of their data uploaded to their platform. —Cloud Security Alliance

The post Worth Reading: Everything you’ve ever posted becomes public from tomorrow appeared first on 'net work.

Worth Reading: Insurance companies and free stuff

When your “smart” home is hacked, who is to blame — and importantly — who pays for it? As connected items in our homes move beyond laptops and mobile phones to baby monitors, refrigerators, door locks, intruder alarms and thermostats, insurance companies are evolving along with them. The insurance industry is increasingly incorporating these devices into home coverage. According to new figures from research firm Accenture, insurance pilot projects for connected homes increased from 9% in 2014 to 22% in 2015. —Market Watch

The post Worth Reading: Insurance companies and free stuff appeared first on 'net work.

Worth Reading: Engineering infrastructure at scale

As shown in above diagram, LinkedIn has a native app for iOS and Android, and the linkedin.com website for mobile and desktop browsers. The four clients all call the same shared API frontend to exchange data with various middle tier and backend services at LinkedIn. There is high consistency and parity of UX and features across the four clients. —LinkedIn Engineering Blog

The post Worth Reading: Engineering infrastructure at scale appeared first on 'net work.

Worth Reading: Using rowhammer to root Android

Researchers have devised an attack that gains unfettered “root” access to a large number of Android phones, exploiting a relatively new type of bug that allows adversaries to manipulate data stored in memory chips. The breakthrough has the potential to make millions of Android phones vulnerable, at least until a security fix is available, to a new form of attack that seizes control of core parts of the operating system and neuters key security defenses. —ARS Technica

The post Worth Reading: Using rowhammer to root Android appeared first on 'net work.

Worth Reading: Energy Efficiency and Data Centers

With October marking Energy Awareness Month and with World Energy Day having taken place on October 22, energy efficiency is at the forefront of many data center managers’ minds. Although it’s an important consideration for professionals across many industries, it really hits home in the data center market today—especially for cloud-computing vendors, hosting companies and other IT-service providers who are opening multitenant data centers (MTDCs) at a rapid pace. —Data Center Journal

The post Worth Reading: Energy Efficiency and Data Centers appeared first on 'net work.

Worth Reading: New Strategies for Securing Our Personal Lives

I recently wrote an essay reflecting on the reality that nearly anyone with a life online is today subject to being hacked and having anything private become public. If the media is understandably going to publish newsworthy stuff, regardless of its provenance, and people are going to continue to use email and other communications that leave a record, what should be done? There are some tactical short term ways to mitigate risk. —Lawfare

The post Worth Reading: New Strategies for Securing Our Personal Lives appeared first on 'net work.

Worth Reading: Dyn’s DDoS Reveals IoT Weak Points

The massive internet outage last Friday that took out Twitter, GitHub, Spotify and others, was caused by a tsunami of incoming requests to Dyn, the DNS service provider supporting these companies. Where did all these requests pour in from? Hacked CCTV video cameras, digital video recorders and other IoT devices. The Internet of Things has arrived. And it brings huge security issues. —The New Stack

The post Worth Reading: Dyn’s DDoS Reveals IoT Weak Points appeared first on 'net work.

snaproute Go BGP Code Dive (13): Finding the tail of the update chain

Just in time for Hallo’ween, the lucky thirteenth post in the BGP code dive series. In this series, we’re working through the Snaproute Go implementation of BGP just to see how a production, open source BGP implementation really works. Along the way, we’re learning something about how larger, more complex projects are structured, and also something about the Go programming language. The entire series can be found on the series page.

In the last post in this series, we left off with our newly established peer just sitting there sending and receiving keepalives. But BGP peers are not designed just to exchange random traffic, they’re actually designed to exchange reachability and topology information about the network. BGP carries routing information in updated, which are actually complicated containers for a lot of different kinds of reachability information. In BGP, a reachable destination is called an NLRI, or Network Layer Reachability Information. Starting with this code dive, we’re going to look at how the snaproute BGP implementation processes updates, sorting out NLRIs, etc.

When you’re reading through code, whether looking for a better understanding of an implementation, a better understanding of a protocol, or even to figure out “what went wrong” on Continue reading

Worth Reading: The Internet Needs a Security Upgrade

The recent Internet outages caused by the DDoS attack on Dyn’s infrastructure highlights deep architectural issues that need resolution. Security and performance are intertwined, and both need fundamental upgrades. A few days ago I was working at a friend’s house. He likes to have Magic FM on during the day. They regurgitate the same playlist of inoffensive 70s, 80s and 90s pop music, with live drive-time shows. Later in the day I heard the DJ sputter how their Twitter access had gone wonky, so you couldn’t expect to interact with them via that channel. I thought little of it. —CircleID

The post Worth Reading: The Internet Needs a Security Upgrade appeared first on 'net work.

Worth Reading: Seven (more) deadly sins of microservices

It seems like the development community is quite excited about microservices these days, but at OSCON Europe, Daniel Bryant, who is chief scientist at OpenCredo, continued to point out some of the mistakes that architects and administrators routinely make while adopting to this new “Loosely coupled service oriented architecture with bounded contexts,” as Adrian Cockcroft described microservices. —The New Stack

The post Worth Reading: Seven (more) deadly sins of microservices appeared first on 'net work.

Wheel in the Tree

The post Wheel in the Tree appeared first on 'net work.

Worth Reading: The Facebook Wedge 100

Facebook is back in the news again. This time, it’s because of the release of their new Wedge 100 switch into the Open Compute Project (OCP). Wedge was already making headlines when Facebook announced it two years ago. A fast, open sourced 40Gig Top-of-Rack (ToR) switch was huge. Now, Facebook is letting everyone in on the fun of a faster Wedge that has been deployed into production at Facebook data centers as well as being offered for sale through Edgecore Networks, which is itself a division of Accton. Accton has been leading the way in the whitebox switching market and Wedge 100 may be one of the ways it climbs to the top. —The Networking Nerd

The post Worth Reading: The Facebook Wedge 100 appeared first on 'net work.

Worth Reading: Implementing multifactor authentication in the enterprise

IT systems must manage users and control access privileges to protect sensitive resources. This function is usually implemented in enterprise networks through authentication (verification of identity), authorization (control of access privileges) and accounting (recording of actions for auditing)—an “AAA” security framework. —Data Center Journal

The post Worth Reading: Implementing multifactor authentication in the enterprise appeared first on 'net work.

Reaction: Keith’s Law

Ethan pointed me to this post about complexity and incremental improvement in a slack message. There are some interesting things here, leading me in a number of different directions, that might be worth your reading time. The post begins with an explanation of what the author calls “Keith’s law”—

I am going to paraphrase the version he shared over lunch at the Facebook campus a few years ago and call it Keith’s Law: In a complex system, the cumulative effect of a large number of small optimizations is externally indistinguishable from a radical leap. If you want to do big things in a software-eaten world, it is absolutely crucial that you understand Keith’s Law. —Breaking Smart

The author attributes this to the property of emergence; given I don’t believe in blind emergence, I would attribute this effect to the combined intertwining of many intelligent actors producing an effect that at least many of them probably wanted (the improvement of the complex system), and each of them working in their own spheres to achieve that result without realizing the overall multiplier effect of their individual actions. If that was too long and complicated, perhaps this is shorter and better—

The law of Continue reading

Worth Reading: IoT devices and DDoS attacks

Embedded Internet-of-Thing (IoT) botnets are not a new phenomenon – we’ve seen them leveraged to launch DDoS attacks, send spam, engage in man-in-the-middle (MitM) credentials hijacking, and other malicious activities for several years. For example, a few years ago, a 75,000-strong botnet comprised of embedded devices – consumer broadband routers, in that instance – was found to be launching DDoS attacks. We routinely see IoT botnets comprised of webcams, DVRs, cable television set-top boxes, satellite set-top boxes, etc. used to launch DDoS attacks. —Arbor

The post Worth Reading: IoT devices and DDoS attacks appeared first on 'net work.

Worth Reading: The need for loud cyber weapons

In general, a tool used for offensive cyber operations involves a penetration mechanism and a payload. It’s often been observed that tools for exploitation (intelligence collection) and for attack (destruction or degradation) make use of the same techniques for penetration and differ primarily in payload (that is, in what is done to the target after penetration has been achieved). —Lawfare

The post Worth Reading: The need for loud cyber weapons appeared first on 'net work.

Biometric Password Protection

The post Biometric Password Protection appeared first on 'net work.