How Do You Provision a 500-Switch Network in a Few Days?
TL&DR: You automate the whole process. What else do you expect?
During the Tech Field Day Extra @ Cisco Live Europe 2019 we were taken on a behind-the-stage tour that included a chat with people who built the Cisco Live network, and of course I had to ask how they automated the whole thing. They said “well, we have the guy that wrote the whole system onsite and he’ll be able to tell you more”. Turns out the guy was my good friend Andrew Yourtchenko who graciously showed the system they built and explained the behind-the-scenes details.
Read more ...Invisible mask: practical attacks on face recognition with infrared
Invisible mask: practical attacks on face recognition with infrared Zhou et al., arXiv’18
You might have seen selected write-ups from The Morning Paper appearing in ACM Queue. The editorial board there are also kind enough to send me paper recommendations when they come across something that sparks their interest. So this week things are going to get a little bit circular as we’ll be looking at three papers originally highlighted to me by the ACM Queue board!
‘Invisible Mask’ looks at the very topical subject of face authentication systems. We’ve looked at adversarial attacks on machine learning systems before, including those that can be deployed in the wild, such as decorating stop signs. Most adversarial attacks against image recognition systems require you to have pixel-level control over the input image though. Invisible Mask is different, it’s a practical attack in that the techniques described in this paper could be used to subvert face authentication systems deployed in the wild, without there being any obvious visual difference (e.g. specially printed glass frames) in the face of the attacker to a casual observer. That’s the invisible part: to the face recognition system it’s as if you are wearing a mask, Continue reading
Keeping NATS Connections DRY in Go
In the previous posts, I covered the basics of connecting to NATS in Go and the different ways subscribers can request information is sent to them. In this post, I’d like to build on those concepts by exploring how to structure your NATS-powered Go code so that things are clean and DRY. I’ll also show that trying to make things too DRY can be problematic; as with everything, moderation is a good idea.Keeping NATS Connections DRY in Go
In the previous posts, I covered the basics of connecting to NATS in Go and the different ways subscribers can request information is sent to them. In this post, I’d like to build on those concepts by exploring how to structure your NATS-powered Go code so that things are clean and DRY. I’ll also show that trying to make things too DRY can be problematic; as with everything, moderation is a good idea.Women in Tech Week Profile: Renee Mascarinas
We’re continuing our celebration of Women in Tech Week into this week with another profile of one of many of the amazing women who make a tremendous impact at Docker – this week, and every week – helping developers build modern apps.
What is your job?
Product Designer.
How long have you worked at Docker?
11 months.
Is your current role one that you always intended on your career path?
The designer part, yes. But the software product part, not necessarily. My background is in architecture and industrial design and I imagined I would do physical product design. But I enjoy UX; the speed at which you can iterate is great for design.
What is your advice for someone entering the field?
To embrace discomfort. I don’t mean that in a bad way. A mentor once told me that the only time your brain is actually growing is when you’re uncomfortable. It has something to do with the dendrites being forced to grow because you’re forced to learn new things.
Tell us about a favorite moment or memory at Docker or from your Continue reading
Automation And Policy Drive Optimal Hybrid Cloud Spending
Hybrid cloud is gaining traction as organizations seek to realize the flexibility and scale of a joint public and on-premises model of IT provisioning while also changing the way their compute and storage infrastructure is funded, transferring costs from a capital expense (capex) to an operating expense (opex). …
Automation And Policy Drive Optimal Hybrid Cloud Spending was written by Timothy Prickett Morgan at The Next Platform.
‘These Are Our First Roadways’: Internet Access and Self-Determination in Pu`uhonua O Waimanalo
The establishment of Pu‘uhonua o Waimānalo in 1994 was a significant milestone in the native Hawaiian movement to regain independence from the United States, which overthrew its kingdom in 1893. The United States formally acknowledged its role in the overthrow of the Kingdom of Hawaii in a law adopted by Congress in 1993 known as the Apology Resolution. A quarter of a century later, the Nation of Hawai’i is levelling up with a new effort in the push for sovereignty: community-led Internet access.
The Nation of Hawai’i is excitedly gearing up for the upcoming build and launch of Hawai’i’s first independent community broadband network in our village of Pu`uhonua O Waimanalo on the island of O’ahu.
As an early adopter of the Internet, the Nation of Hawai’i quickly recognized its potential to support sovereignty and self-determination efforts.
In 1995, the Nation of Hawai’i launched hawaii-nation.org as a way to share its history and updates about current initiatives with the world. The website housed extensive primary-source historical documents, including the constitutions and treaties of the Hawaiian Kingdom. It hoped that by providing access to lesser known parts of history, Hawaiians and supporters around the world could learn and make up Continue reading
AWS Makes It Rain, Extends Credits to Open Source Projects
The promotional credits could help projects that directly feed into AWS' all-in cloud strategy.
Broadcom Aims to Bolster 10G PON Adoption With New Gear
Broadcom's flamboyantly named BCM68650 packs up to 16 passive optical network interfaces in three...
Huawei Dodges German 5G Ban Despite US-Led Campaign
Germany today declined to ban any vendors from participating in the design and buildout of 5G...
Commvault Dazzles With SaaS Backup Venture Metallic
Commvault GO kicked off with the launch of a new cloud-native data protection venture called...
Thoma Bravo Scoops Up Sophos for $3.9 Billion
The buyout firm spent nearly $3 billion purchasing other security vendors in 2018 including...
Designing Your First App in Kubernetes: An Overview
Kubernetes is a powerful container orchestrator and has been establishing itself as IT architects’ container orchestrator of choice. But Kubernetes’ power comes at a price; jumping into the cockpit of a state-of-the-art jet puts a lot of power under you, but knowing how to actually fly it is not so simple. That complexity can overwhelm a lot of people approaching the system for the first time.
I wrote a blog series recently where I walk you through the basics of architecting an application for Kubernetes, with a tactical focus on the actual Kubernetes objects you’re going to need. The posts go into quite a bit of detail, so I’ve provided an abbreviated version here, with links to the original posts.
Part 1: Getting Started
Just Enough Kube
With a machine as powerful as Kubernetes, I like to identify the absolute minimum set of things we’ll need to understand in order to be successful; there’ll be time to learn about all the other bells and whistles another day, after we master the core ideas. No matter where your application runs, in Kubernetes or anywhere else, there are four concerns we are going to have to address:
- Processes: In Kubernetes, that means Continue reading
Remove the macOS Catalina guilt trip from macOS Mojave | The Robservatory
remove the MacOS Catalina whining and nagging
The post Remove the macOS Catalina guilt trip from macOS Mojave | The Robservatory appeared first on EtherealMind.
The Week in Internet News: China and Russia Target ‘Illegal’ Content
Content crackdown: China and Russia plan to sign an agreement to crack down on what they consider “illegal” Internet content, The Register reports. It’s unclear what the agreement will cover but critics already fear the deal will enable the two countries to further crack down on free speech. China has even effectively banned cartoon character Winnie the Pooh because some people have compared the chubby bear to leader Xi Jinping.
Eyes on you: In more censorship-related news, Thailand has ordered restaurants and Internet cafes to log the Internet histories of users, Privacy News Online says. The Thai government already requires ISPs to keep a log of customers’ Internet histories for 90 days as part of the country’s Computer Crimes Act.
Poor access: Some of the U.S. states with the lowest levels of broadband access also have the highest poverty rates, notes a report from Axios. About 30 percent of low-income U.S. residents do not have access to broadband, says the story, citing a Census Bureau report.
Not so smart: A new “smart” doorbell may literally unlock a home’s doors to hackers, according to The Daily Swig. A security researcher found that the Wi-Fi connected doorbell had no authentication Continue reading
Network Features Coming Soon in Ansible Engine 2.9
The upcoming Red Hat Ansible Engine 2.9 release has some really exciting improvements, and the following blog highlights just a few of the notable additions. In typical Ansible fashion, development of Ansible Network enhancements are done in the open with the help of the community. You can follow along by watching the GitHub project board, as well as the roadmap for the Red Hat Ansible Engine 2.9 release via the Ansible Network wiki page.
As was recently announced, Red Hat Ansible Automation Platform now includes Ansible Tower, Ansible Engine, and all Ansible Network content. To date, many of the most popular network platforms are enabled via Ansible Modules. Here are just a few:
- Arista EOS
- Cisco IOS
- Cisco IOS XR
- Cisco NX-OS
- Juniper Junos
- VyOS
A full list of the platforms that are fully supported by Red Hat via an Ansible Automation subscription can be found at the following location: https://docs.ansible.com/ansible/2.9/modules/network_maintained.html#network-supported
What we’ve learned
In the last four years we’ve learned a lot about developing a platform for network automation. We’ve also learned a lot about how users apply these platform artifacts as consumed in end-user Ansible Playbooks and Roles. In the Continue reading
Junos Policy-Based VPNs – Part 1 of 4 – Security Policies
Policy-based VPNs are a pain most of the time, especially when compared to route-based VPNs. Many of the policy-based VPNs …
The post Junos Policy-Based VPNs – Part 1 of 4 – Security Policies appeared first on Fryguy's Blog.
SEC 1. Data plane and control plane protection in the networking (Nokia, Cisco and Mellanox/Cumulus) for IPv4.
Hello my friend,
This is the third article where we use the Mellanox SN 2010 running Cumulus Linux. And today we cover enormously important topic: network security. More precisely, we will speak about the data plane and the control plane protection. Cisco IOS XR and Nokia SR OS accompany us in this journey.
Thanks
Special thanks for Avi Alkobi from Mellanox and Pete Crocker and Attilla de Groot from Cumulus Networks for providing me the Mellanox switch and Cumulus license for the tests.
Disclaimer
This blogpost is the continuation of the previous one, where we have brought the Mellanox SN 2010 to the operational with Cumulus Linux 3.7.9 on board. If you want to learn the details about this process, you are welcomed to read that article.
Brief description
Each week you can find the news describing the security breaches. In the modern economy, where the Internet plays already a key role, all the connected businesses (and almost all businesses are connected) are on the risk caused by casual network scanning and brood force attacks. In addition to that, big companies and governments are quite often the attack targets for other companies, governments and criminals. Therefore, Continue reading
New Content: EVPN on Linux Hosts and External Azure Connectivity
Dinesh Dutt added another awesome chapter to the EVPN saga last week explaining how (and why) you could run VXLAN encapsulation with EVPN control plane on Linux hosts (TL&DR: think twice before doing it).
In the last part of current Azure Networking series I covered external VNet connectivity, including VNet peering, Internet access, Virtual Network Gateways, VPN connections, and ExpressRoute. The story continues on February 6th 2020 with Azure automation.
You’ll need Standard ipSpace.net Subscription to access both webinars.