Archive

Category Archives for "Security"

Libertarians are against net neutrality

This post claims to be by a libertarian in support of net neutrality. As a libertarian, I need to debunk this. "Net neutrality" is a case of one-hand clapping, you rarely hear the competing side, and thus, that side may sound attractive. This post is about the other side, from a libertarian point of view.



That post just repeats the common, and wrong, left-wing talking points. I mean, there might be a libertarian case for some broadband regulation, but this isn't it.

This thing they call "net neutrality" is just left-wing politics masquerading as some sort of principle. It's no different than how people claim to be "pro-choice", yet demand forced vaccinations. Or, it's no different than how people claim to believe in "traditional marriage" even while they are on their third "traditional marriage".

Properly defined, "net neutrality" means no discrimination of network traffic. But nobody wants that. A classic example is how most internet connections have faster download speeds than uploads. This discriminates against upload traffic, harming innovation in upload-centric applications like DropBox's cloud backup or BitTorrent's peer-to-peer file transfer. Yet activists never mention this, or other types of network traffic discrimination, because they no more care about "net Continue reading

Make SSL boring again

It may (or may not!) come as surprise, but a few months ago we migrated Cloudflare’s edge SSL connection termination stack to use BoringSSL: Google's crypto and SSL implementation that started as a fork of OpenSSL.

CTO tweet

We dedicated several months of work to make this happen without negative impact on customer traffic. We had a few bumps along the way, and had to overcome some challenges, but we ended up in a better place than we were in a few months ago.

TLS 1.3

We have already blogged extensively about TLS 1.3. Our original TLS 1.3 stack required our main SSL termination software (which was based on OpenSSL) to hand off TCP connections to a separate system based on our fork of Go's crypto/tls standard library, which was specifically developed to only handle TLS 1.3 connections. This proved handy as an experiment that we could roll out to our client base in relative safety.

However, over time, this separate system started to make our lives more complicated: most of our SSL-related business logic needed to be duplicated in the new system, which caused a few subtle bugs to pop up, and made it Continue reading

Come Visit Us at AWS re:Invent!

We’ll be at AWS re:INVENT in Las Vegas all week (Nov 27 – Dec 1, 2017)!

Come say hi to the NSX Team at the VMware booth (#900 right as you walk in the main entrance) in the Expo Hall at the Venetian Hotel.  Stop by our booth to…

  • Check out a quick demo on VMware NSX Cloud
  • Attend a 30-minute in-booth session about VMware NSX Cloud (Thursday, Nov 30 at 11:30am)
  • Grab some swag
  • Play one of our booth games and win a prize – Apple iPhone 8, AWS Credits, Amazon Echo, T-Shirts, and more!
VMware Booth at AWS re:Invent

As always, continue the conversation with us on Twitter @vmwarensx or use the hashtag #RunNSX or #NSXMindset‏. We hope to see you at the show!

The post Come Visit Us at AWS re:Invent! appeared first on Network Virtualization.

Terminology Tuesday Presents: Blockchain

Think of Blockchain as primarily two things.  1) A peer-to-peer technology 2) A way of keeping a public record.

The technological backing of Blockchain is the ability to have many (many) computers host the same information.  Snippets of code (known as blocks) are duplicated and maintained in so many different places rendering fraud impossible.  The fact that each of these blocks is timestamped and unique makes it increasingly challenging to outsmart.  If you’re interested in learning more about the technological specifics there are a number of great resources online including this presentation by Binh Nguyen, IBM’s Blockchain Fabric Chief Architect.

Today, Blockchain is most commonly thought of in connection to Bitcoin as it describes the technology and process that we’ve all come to know as being so secure.  Bitcoin’s past affiliations with illegalities of all sorts have given a bad name to Blockchain but there are many benefits to secure transactions all with a public record as our purchases and currency become increasingly digital.

Want to learn more?  Check out these sources:

 

Terminology Tuesday is a new blog series.  What would you like Continue reading

A Thanksgiving Carol: How Those Smart Engineers at Twitter Screwed Me

Thanksgiving Holiday is a time for family and cheer. Well, a time for family. It's the holiday where we ask our doctor relatives to look at that weird skin growth, and for our geek relatives to fix our computers. This tale is of such computer support, and how the "smart" engineers at Twitter have ruined this for life.

My mom is smart, but not a good computer user. I get my enthusiasm for science and math from my mother, and she has no problem understanding the science of computers. She keeps up when I explain Bitcoin. But she has difficulty using computers. She has this emotional, irrational belief that computers are out to get her.

This makes helping her difficult. Every problem is described in terms of what the computer did to her, not what she did to her computer. It's the computer that needs to be fixed, instead of the user. When I showed her the "haveibeenpwned.com" website (part of my tips for securing computers), it showed her Tumblr password had been hacked. She swore she never created a Tumblr account -- that somebody or something must have done it for her. Except, I was Continue reading

Don Jr.: I’ll bite

So Don Jr. tweets the following, which is an excellent troll. So I thought I'd bite. The reason is I just got through debunk Democrat claims about NetNeutrality, so it seems like a good time to balance things out and debunk Trump nonsense.

The issue here is not which side is right. The issue here is whether you stand for truth, or whether you'll seize any factoid that appears to support your side, regardless of the truthfulness of it. The ACLU obviously chose falsehoods, as I documented. In the following tweet, Don Jr. does the same.

It's a preview of the hyperpartisan debates are you are likely to have across the dinner table tomorrow, which each side trying to outdo the other in the false-hoods they'll claim.

What we see in this number is a steady trend of these statistics since the Great Recession, with no evidence Continue reading

Want to try Warp? We just enabled the beta for you

Tomorrow is Thanksgiving in the United States. It’s a holiday for getting together with family characterized by turkey dinner and whatever it is that happens in American football. While celebrating with family is great, if you use a computer for your main line of work, sometimes the conversation turns to how to setup the home wifi or can Russia really use Facebook to hack the US election. Just in case you’re a geek who finds yourself in that position this week, we wanted to give you something to play with. To that end, we’re opening the Warp beta to all Cloudflare users. Feel free to tell your family there’s been an important technical development you need to attend to immediately and enjoy!

Hello Warp! Getting Started

Warp allows you to expose a locally running web server to the internet without having to open up ports in the firewall or even needing a public IP address. Warp connects a web server directly to the Cloudflare network where Cloudflare acts as your web server’s network gateway. Every request reaching your origin must travel to the Cloudflare network where you can apply rate limits, access policies and authentication before the request hits your Continue reading

NetNeutrality vs. limiting FaceTime

In response to my tweets/blogs against NetNeutrality, people have asked: what about these items? In this post, I debunk the fourth item.
The issue the fourth item addresses is how AT&T restrict the use of Apple's FaceTime on its network back in 2012. This seems a clear NetNeutrality issue.

But here's the thing: the FCC allowed these restrictions, despite the FCC's "Open Internet" order forbidding such things. In other words, despite the graphic's claims it "happened without net neutrality rules", the opposite is true, it happened with net neutrality rules.

The FCC explains why they allowed it in their own case study on the matter. The short version is this: AT&T's network couldn't handle the traffic, so it was appropriate to restrict it until some time in the future (the LTE rollout) until it could. The issue wasn't that AT&T was restricting FaceTime in favor of its own video-calling service (it didn't have one), but it was instead an issue of "bandwidth management".

When Apple released FaceTime, they Continue reading

NetNeutrality vs. Verizon censoring Naral

In response to my anti-NetNeutrality blogs/tweets, people ask what about this? In this post, I address the second question.
Firstly, it's not a NetNeutrality issue (which applies only to the Internet), but an issue with text-messages. In other words, it's something that will continue to happen even with NetNeutrality rules. People relate this to NetNeutrality as an analogy, not because it actually is such an issue.

Secondly, it's an edge/content issue, not a transit issue. The details in this case is that Verizon provides a program for sending bulk messages to its customers from the edge of the network. Verizon isn't censoring text messages in transit, but from the edge. You can send a text message to your friend on the Verizon network, and it won't be censored. Thus the analogy is incorrect -- the correct analogy would be with content providers like Twitter and Facebook, not ISPs like Comcast.

Like all cell phone vendors, Verizon polices this content, canceling accounts that abuse the system, like spammers. Continue reading

NetNeutrality vs. AT&T censoring Pearl Jam

So in response to my anti-netneutrality tweets/blogs, Jose Pagliery asks "what about this?"

Let's pick the first one. You can read about the details by Googling "AT&T Pearl Jam".

First of all, this obviously isn't a Net Neutrality case. The case isn't about AT&T acting as an ISP transiting network traffic. Instead, this was about AT&T being a content provider, through their "Blue Room" subsidiary, whose content traveled across other ISPs. Such things will continue to happen regardless of the most stringent enforcement of NetNeutrality rules, since the FCC doesn't regulate content providers.

Second of all, it wasn't AT&T who censored the traffic. It wasn't their Blue Room subsidiary who censored the traffic. It was a third party company they hired to bleep things like swear words and nipple slips. You are blaming AT&T for a decision by a third party that went against AT&T's wishes. It was an accident, not AT&T policy.

Thirdly, and this is the funny bit, Tim Wu, the guy who defined the Continue reading

The FCC has never defended Net Neutrality

This op-ed by a "net neutrality expert" claims the FCC has always defended "net neutrality". It's garbage.

This wrong on its face. It imagines decades ago that the FCC inshrined some plaque on the wall stating principles that subsequent FCC commissioners have diligently followed. The opposite is true. FCC commissioners are a chaotic bunch, with different interests, influenced (i.e. "lobbied" or "bribed") by different telecommunications/Internet companies. Rather than following a principle, their Internet regulatory actions have been ad hoc and arbitrary -- for decades.

Sure, you can cherry pick some of those regulatory actions as fitting a "net neutrality" narrative, but most actions don't fit that narrative, and there have been gross net neutrality violations that the FCC has ignored.


There are gross violations going on right now that the FCC is allowing. Most egregiously is the "zero-rating" of video traffic on T-Mobile. This is a clear violation of the principles of net neutrality, yet the FCC is allowing it -- despite official "net neutrality" rules in place.

The op-ed above claims that "this [net neutrality] principle was built into the architecture of the Internet". The opposite is true. Traffic discrimination was built into the architecture since Continue reading

Securing Native Cloud Workloads with VMware NSX Cloud Blog Series – Part 1: Getting Started

Introduction

As businesses evaluate their applications in the constantly evolving world of IT, new strategies are emerging for delivery. These strategies include keeping applications on-premises or moving them to one or more public cloud providers.

These public clouds come with their own networking and security constructs and policy management. This results in a new set of technology siloes that increases expense, complexity and risk:

This blog series will discuss the challenges of providing consistent networking and security policies for native cloud workloads, the value of VMware NSX Cloud, and walk through the process of securing and connecting applications running natively in the public cloud.

VMware NSX Cloud

VMware’s strategy is to enable businesses to create and deliver applications. To support new delivery strategies, VMware NSX Cloud provides consistent networking and security for native applications running in multiple public and private clouds. Utilizing a single management console and a common application programming interface, VMware NSX Cloud offers numerous benefits:

  • Unified Micro-Segmentation Security Policies – VMware NSX Cloud provides control over East-West traffic between native workloads running in public clouds. Security policies are defined once and applied to native workloads. These policies are supported in multiple AWS accounts, regions, and VPCs. Policies are Continue reading

Your Holiday Cybersecurity Guide

Many of us are visiting parents/relatives this Thanksgiving/Christmas, and will have an opportunity to help our them with cybersecurity issues. I thought I'd write up a quick guide of the most important things.

1. Stop them from reusing passwords

By far the biggest threat to average people is that they re-use the same password across many websites, so that when one website gets hacked, all their accounts get hacked.

To demonstrate the problem, go to haveibeenpwned.com and enter the email address of your relatives. This will show them a number of sites where their password has already been stolen, like LinkedIn, Adobe, etc. That should convince them of the severity of the problem.

They don't need a separate password for every site. You don't care about the majority of website whether you get hacked. Use a common password for all the meaningless sites. You only need unique passwords for important accounts, like email, Facebook, and Twitter.

Write down passwords and store them in a safe place. Sure, it's a common joke that people in offices write passwords on Post-It notes stuck on their monitors or under their keyboards. This is a common security mistake, but that's only because the Continue reading
1 112 113 114 115 116 182