VMware’s Ayyar Promoted to Accelerate Telco & NFV Initiatives
The company claims more than 80 NFV product deployments.
The false-false-balance problem
Until recently, journalism in America prided itself on objectivity -- to report the truth, without taking sides. That's because big debates are always complexed and nuanced, and that both sides are equally reasonable. Therefore, when writing an article, reporters attempt to achieve balance by quoting people/experts/proponents on both sides of an issue.But what about those times when one side is clearly unreasonable? You'd never try to achieve balance by citing those who believe in aliens and big-foot, for example.Thus, journalists have come up with the theory of false-balance to justify being partisan and one-sided on certain issues.
Typical examples where journalists cite false-balance is reporting on anti-vaxxers, climate-change denialists, and Creationists. More recently, false-balance has become an issue in the 2016 Trump election.
But this concept of false-balance is wrong. It's not that anti-vaxxers, denialists, Creationists, and white supremacists are reasonable. Instead, the issue is that the left-wing has reframed the debate. They've simplified it into something black-and-white, removing nuance, in a way that shows their opponents as being unreasonable. The media then adopts the reframed debate.
Let's talk anti-vaxxers. One of the policy debates is whether the government has the power to force vaccinations on people (or on Continue reading
Palo Alto Disappoints With Its Q2 Forecast
Yet again, the stock dives after Palo Alto beats expectations.
Symantec Offers $2.3B for Consumer Security Firm LifeLock
The deal includes LifeLock's colorful history, like it or not.
Oracle to Acquire DNS Provider Dyn
Dyn made headlines in October when it was targeted in a DDoS attack that caused widespread outages.
Reverese Shell on Linux
Reverse shell is technique when a client connects to a server and the client provides its shell to the server. Clients is typically a host hidden behind the NAT or a firewall having an access to the server but not vice versa. Thanks to a reverse shell the server controls a client's shell having an access to the client's network even the client is hidden behind the NAT. They are several methods how to create a reverse shell used depending on software available on the client. I will show how to create a reverse shell using SSH, Ncat and Bash.
Picture 1 - Network Topology
Picture 1 shows our testing topology. The client (Ubuntu Server 16.04) is located behind the NAT with the IP address 192.168.1.4/24. The server (Kubuntu 16.04) has assigned the IP address 172.17.100.7/16.
1. Reverse Shell Using SSH Reverse Tunnel
This method is based on the fact that the client has knowledge of the server SSH login credentials and vice versa. SSH server must be running on both the server and client. Client must be allowed to access server through firewall.
Client:
$ ssh -R 10000:127.0.0.1:22 [email protected]. Continue reading
Technology Short Take #73
Welcome to Technology Short Take #73. Sorry for the long delay since the last Technology Short Take; personal matters have been taking quite the toll (if you follow me on Twitter, you’ll know to what personal matters I’m referring). In any case, enough of that—here’s some data center-related content that I hope you find useful!
Networking
- Ansible has made some good progress in supporting network automation in the latest release (2.2), according to this blog post. This is an area where I hope to spend more time in the coming weeks before years’ end.
- Tomas Fojta shows how to use a PowerShell script to monitor the health of NSX Edge gateways.
- Jeremy Stretch mulls over the (perceived) problem of getting traffic into and out of overlay networks. I recommend reading this article, as well as reading the comments. Many commenters suggest just using L3 and having the hosts participate in a routing protocol like BGP, but as Jeremy points out many switches don’t have the capacity to handle that many routes. (Or, if they do, they’re quite expensive.) Seems like there’s this company in Palo Alto making a product that handles this issue pretty decently…(hint).
- Cumulus Continue reading
Security Firm Prevalent Closes $60M in Funding
The company helps small and mid-size companies reduce threats and risks from third-party vendors.
Q&A with Kelly Ahuja, the New CEO at Versa Networks
The former Cisco exec likes the security aspect of Versa's SD-WAN.
IBM Drops $200M on New Security Capabilities
This includes its acquisition of Resilient Systems.
Siemplify Raises $10M for Its Security Platform
The company has raised $14M since its launch in February.
Reactive Malicious Domain Detection (ENTRADA)
One interesting trend of the last year or two is the rising use of data analytics and ANI (Artificial Narrow Intelligence) in solving network engineering problems. Several ideas (and/or solutions) were presented this year at the IETF meeting in Seoul; this post takes a look at one of these. To lay the groundwork, botnets are often controlled through a set of domain names registered just for this purpose. In the same way, domain names are often registered just to provide a base for sending bulk mail (SPAM), phishing attacks, etc. It might be nice for registrars to make some attempt to remove such domains abused for malicious activities, but it’s difficult to know what “normal” activity might look like, or for the registrar to even track the usage of a particular domain to detect malicious activity. One of the papers presented in the Software Defined Network Research Group (SDNRG) addresses this problem directly.
The first problem is actually collecting enough information to analyze in a useful way. DNS servers, even top level domain (TLD) servers collect a huge amount of data—much more than most engineers might suspect. In fact, the DNS system is one of those vast sources of information Continue reading
Introducing Image Signing Policy in Docker Datacenter
My colleague colleague Ying Li and I recently blogged about Securing the Software Supply Chain and drew the analogy between traditional physical supply chains and the creation, building, and deployment involved in a software supply chain. We believe that a software pipeline that can be verified at every stage is an important step in raising the security bar for all software, and we didn’t stop at simply presenting the idea.
Integrated Content Trust and Image Signing Policy
In the recent release of Docker Datacenter, we announced a new feature that starts to brings these security capabilities together along the software supply chain. Built on Notary, a signing infrastructure based on The Update Framework (TUF), along with Docker Content Trust (DCT), an integration of the Notary toolchain into the Docker client, DDC now allows administrators to set up signing policies that prevent untrusted content from being deployed.
In this release of DDC, the Docker Trusted Registry (DTR) now also ships with integrated Notary services. This means you’re ready to start using DCT and the new Signing Policy features out of the box! No separate server and database to install, configure and connect to the registry.
Bringing it all together
Image Continue reading
Comments for my biracial niece
I spent the night after Trump’s victory consoling my biracial niece worried about the election. Here are my comments. You won’t like them, expecting the opposite given the title. But it’s what I said.
I preferred Hillary, but that doesn’t mean Trump is an evil choice.
Don’t give into the hate. You get most of your news via social media sites like Facebook and Twitter, which are at best one-sided and unfair. At worst, they are completely inaccurate. Social media posts are driven by emotion, not logic. Sometimes that emotion is love of cute puppies. Mostly it’s anger, fear, and hate. Instead of blindly accepting what you read, challenge it. Find the original source. Find a better explanation. Search for context.
Don’t give into the hate. The political issues that you are most concerned about are not simple and one-sided with obvious answers. They are complex and nuanced. Just because somebody disagrees with you doesn’t mean they are unreasonable or evil. In today’s politics, it has become the norm that we can’t simply disagree with somebody, but must also vilify and hate them. We’ve redefined politics to be the fight between the virtuous (whatever side we are on) and the Continue reading
How to teach endian
On /r/programming is this post about byte-order/endianness. It gives the same information as most documents on the topic. It is wrong. It's been wrong for over 30 years. Here's how it should be taught.One of the major disciplines in computer science is parsing/formatting. This is the process of converting the external format of data (file formats, network protocols, hardware registers) into the internal format (the data structures that software operates on).
It should be a formal computer-science discipline, because it's actually a lot more difficult than you'd expect. That's because the majority of vulnerabilities in software that hackers exploit are due to parsing bugs. Since programmers don't learn about parsing formally, they figure it out for themselves, creating ad hoc solutions that are prone to bugs. For example, programmers assume external buffers cannot be larger than internal ones, leading to buffer overflows.
An external format must be well-defined. What the first byte means must be written down somewhere, then what the second byte means, and so on. For Internet protocols, these formats are written in RFCs, such as RFC 791 for the "Internet Protocol". For file formats, these are written in documents, such as those describing GIF files, JPEG Continue reading
Know What You’re Sinking Your Teeth Into—Eliminate Virtual Network Blind Spots
Don’t blindly bite down on something until you know it’s just right.
Docker Datacenter adds enterprise orchestration, security policy and refreshed UI
Today we are excited to introduce new additions to Docker Datacenter, our Container as a Service (CaaS) platform for enterprise IT and application teams. Docker Datacenter provides an integrated platform for developers and IT operations teams to collaborate securely on the application lifecycle. Built on the foundation of Docker Engine, Docker Datacenter (DDC) also provides integrated orchestration, management and security around managing resources like access, images, applications, networks and more across the cluster.
This latest release of Docker Datacenter includes a number of new features and improvements focused in the following areas:
- Enterprise orchestration and operations to make running and operating multi container applications simple, secure and scalable
- Integrated end to end security to cover all of the components and people that interact with the application pipeline
- User experience and performance improvements ensure that even the most complex operations are handled efficiently
Let’s dig into some of the new features.
Enterprise orchestration with backward compatibility
This release of Docker Datacenter not only integrates the built in orchestration capabilities of Docker Engine 1.12 utilizing swarm mode and services, but also provides backwards compatibility for standalone containers using the docker run commands. To help enterprise application teams migrate, it is important Continue reading
Reliability of Clustered Solutions: Another Data Point
A while ago I wrote:
I haven’t seen any hard data, but intuition suggests that apart from hardware failures a standalone firewall might be more stable than a state-sharing firewall cluster.
Guillaume Sachot (working for a web hosting company) sent me his first-hand experience on this topic:
Read more ...RiskIQ Rakes in $30.5M in Series C Funding
RiskIQ customers include Facebook and DocuSign.
Accelerating the Journey to an Agile, Hybrid Cloud Infrastructure
Rip and replace tactics almost always results in failure.