How to and why you should disable LLMNR with Windows Server

Link-Local Multicast Name Resolution could enable a man-in-the-middle attack, so it’s best to disable the protocol when setting up Windows Server 2019.

Learning certifiably optimal rule lists for categorical data

Learning certifiably optimal rule lists for categorical data Angelino et al., JMLR 2018

Today we’re taking a closer look at CORELS, the Certifiably Optimal RulE ListS algorithm that we encountered in Rudin’s arguments for interpretable models earlier this week. We’ve been able to create rule lists (decision trees) for a long time, e.g. using CART, C4.5, or ID3 so why do we need CORELS?

…despite the apparent accuracy of the rule lists generated by these algorithms, there is no way to determine either if the generated rule list is optimal or how close it is to optimal, where optimality is defined with respect to minimization of a regularized loss function. Optimality is important, because there are societal implications for lack of optimality.

Rudin proposed a public policy that for high-stakes decisions no black-box model should be deployed when there exists a competitive interpretable model. For the class of logic problems addressable by CORELS, CORELS’ guarantees provide a technical foundation for such a policy:

…we would like to find both a transparent model that is optimal within a particular pre-determined class of models and produce a certificate of its optimality, with respect Continue reading

The ease and importance of scaling in the enterprise

Networks are growing, and growing fast. As enterprises adopt IoT and mobile clients, VPN technologies, virtual machines (VMs), and massively distributed compute and storage, the number of devices—as well as the amount of data being transported over their networks—is rising at an explosive rate. It’s becoming apparent that traditional, manual ways of provisioning don’t scale. Something new needs to be used, and for that, we look toward hyperscalers; companies like Google, Amazon and Microsoft, who’ve been dealing with huge networks almost since the very beginning.

The traditional approach to IT operations has been focused on one server or container at a time. Any attempt at management at scale frequently comes with being locked into a single vendor’s infrastructure and technologies. Unfortunately, today’s enterprises are finding that even the expensive, proprietary management solutions provided by the vendors who have long supported traditional IT practices simply cannot scale, especially when you consider the rapid growth of containerization and VMs that enterprises are now dealing with.

In this blog post, I’ll take a look at how an organization can use open, scalable network technologies—those first created or adopted by the aforementioned hyperscalers—to reduce growing pains. These issues are increasingly relevant as new Continue reading

Watson IoT chief: AI can broaden IoT services

IBM thrives on the complicated, asset-intensive part of the enterprise IoT market, according to Kareem Yusuf, GM of the company’s Watson IoT business unit. From helping seaports manage shipping traffic to keeping technical knowledge flowing within an organization, Yusuf said that the idea is to teach artificial intelligence to provide insights from the reams of data generated by such complex systems.Predictive maintenance is probably the headliner in terms of use cases around asset-intensive IoT, and Yusuf said that it’s a much more complicated task than many people might think. It isn’t simply a matter of monitoring, say, pressure levels in a pipe somewhere and throwing an alert when they move outside of norms. It’s about aggregate information on failure rates and asset planning, that a company can have replacements and contingency plans ready for potential failures.To read this article in full, please click here

Deep Divides Between AI Chip Startups, Developers

It’s par for the course for AI chip startups to focus on peak performance on outdated benchmarks to appeal to the hardware folks who might give their gear a go for deep learning training or inference. …

Deep Divides Between AI Chip Startups, Developers was written by Nicole Hemsoth at The Next Platform.

Network Analytics Without Probes, TAPs and Packet Brokers

Getting the Unified Cloud Experience

Adaptiv Delivers SD-WAN to SkySwitch uCaaS Customers

Understanding Kubernetes Security on Docker Enterprise 3.0

This is a guest post by Javier Ramírez, Docker Captain and IT Architect at Hopla Software. You can follow him on Twitter @frjaraur or on Github.

Docker began including Kubernetes with Docker Enterprise 2.0 last year. The recent 3.0 release includes CNCF Certified Kubernetes 1.14, which has many additional security features. In this blog post, I will review Pod Security Policies and Admission Controllers.

What are Kubernetes Pod Security Policies?

Pod Security Policies are rules created in Kubernetes to control security in pods. A pod will only be scheduled on a Kubernetes cluster if it passes these rules. These rules are defined in the  “PodSecurityPolicy” resource and allow us to manage host namespace and filesystem usage, as well as privileged pod features. We can use the PodSecurityPolicy resource to make fine-grained security configurations, including:

• Privileged containers.
• Host namespaces (IPC, PID, Network and Ports).
• Host paths and their permissions and volume types.
• User and group for containers process execution and setuid capabilities inside container.
• Change default containers capabilities.
• Behaviour of Linux security modules.
• Allow host kernel configurations using sysctl.

The Docker Universal Control Plane (UCP) 3.2 provides two Pod Security Policies by default – which is helpful Continue reading

When Persistence Is A Virtue, MRAM Is An Alternative To DRAM And SRAM

Magneto-resistive random access memory (MRAM) is one of those technologies that is often talked about as having the potential to change the computer memory landscape. …

When Persistence Is A Virtue, MRAM Is An Alternative To DRAM And SRAM was written by Michael Feldman at The Next Platform.

T-Mobile US Expects Sprint Merger to Close in Early 2020

CloudEvents Hits 1.0 Release, Gains CNCF Promotion

Google Cloud ‘Strong’ Q3 Revenue Disappoints Wall Street

How to Improve MySQL AWS Performance 2X Over Amazon RDS at The Same Cost

AWS is the #1 cloud provider for open-source database hosting, and the go-to cloud for MySQL deployments. As organizations continue to migrate to the cloud, it’s important to get in front of performance issues, such as high latency, low throughput, and replication lag with higher distances between your users and cloud infrastructure. While many AWS users default to their managed database solution, Amazon RDS, there are alternatives available that can improve your MySQL performance on AWS through advanced customization options and unlimited EC2 instance type support. ScaleGrid offers a compelling alternative to hosting MySQL on AWS that offers better performance, more control, and no cloud vendor lock-in and the same price as Amazon RDS. In this post, we compare the performance of MySQL Amazon RDS vs. MySQL Hosting at ScaleGrid on AWS High Performance instances.

TLDR

Sponsored Post: Fauna, Sisu, Educative, PA File Sight, Etleap, PerfOps, Triplebyte, Stream

Who's Hiring? 

• Sisu Data is looking for machine learning engineers who are eager to deliver their features end-to-end, from Jupyter notebook to production, and provide actionable insights to businesses based on their first-party, streaming, and structured relational data. Apply here.


• Triplebyte lets exceptional software engineers skip screening steps at hundreds of top tech companies like Apple, Dropbox, Mixpanel, and Instacart. Make your job search O(1), not O(n). Apply here.


• Need excellent people? Advertise your job here! 

Cool Products and Services

• Stateful JavaScript Apps. Effortlessly add state to your Javascript apps with FaunaDB. Generous free tier. Try now!


• Grokking the System Design Interview is a popular course on Educative.io (taken by 20,000+ people) that's widely considered the best System Design interview resource on the Internet. It goes deep into real-world examples, offering detailed explanations and useful pointers on how to improve your approach. There's also a no questions asked 30-day return policy. Try a free preview today.


• PA File Sight - Actively protect servers from ransomware, audit file access to see who is deleting files, reading files or moving files, and detect file copy activity from the server. Historical audit reports Continue reading

Full Stack Journey 035: Testing And Validation For Infrastructure As Code

Full Stack Journey 035: Testing And Validation For Infrastructure As Code

Today's episode of Full Stack Journey focuses on the benefits of testing and validation for Infrastructure-as-Code (IaC). We discuss types of testing, available tools, and why IaC has value even for smaller shops. My guest is Gareth Rushgrove.

The post Full Stack Journey 035: Testing And Validation For Infrastructure As Code appeared first on Packet Pushers.

Viewing network bandwidth usage with bmon

Bmon is a monitoring and debugging tool that runs in a terminal window and captures network statistics, offering options on how and how much data will be displayed and displayed in a form that is easy to understand.To check if bmon is installed on your system, use the which command:$ which bmon /usr/bin/bmon [Get regularly scheduled insights by signing up for Network World newsletters.] Getting bmon On Debian systems, use sudo apt-get install bmon to install the tool.To read this article in full, please click here

IDG Contributor Network: JEDI award signals a critical ‘perception of parity’ in the cloud wars

AWS, Amazon’s cloud business, has enjoyed a long run as undisputed heavyweight champion of the cloud wars. With revenue run rate nearing 36 Billion and continuous double-digit market growth it was difficult to see anyone catching up. Until just like that, in the blink of an eye, a $10 Billion Federal cloud contract for the DoD known as JEDI (Joint Enterprise Defense Infrastructure) was awarded to Amazon’s crosstown rival, Microsoft. With this award, I believe the game has changed, and the market perception of such a substantial win will provide Microsoft the opportunity to apply significant pressure to AWS’s number one market position.This week’s earnings may have been the first domino Microsoft has been on an unparalleled run, and this past week the company delivered well above expectations on earnings coming in at $1.38 per share vs. $1.25 expected while also substantially beating revenue targets by nearly $800 million at $33.06 Billion. The cloud business, Azure, grew 59%*, which was actually viewed as a mooted result compared to previous quarters in the 60-70% range, but with margins up, revenues up and earnings up, Microsoft is flying high.To read this article in full, please click here

Programmatically Creating Kubernetes Manifests

A while ago I came across a utility named jk, which purported to be able to create structured text files—in JSON, YAML, or HCL—using JavaScript (or TypeScript that has been transpiled into JavaScript). One of the use cases was creating Kubernetes manifests. The GitHub repository for jk describes it as “a data templating tool”, and that’s accurate for simple use cases. In more complex use cases, the use of a general-purpose programming language like JavaScript in jk reveals that the tool has the potential to be much more than just a data templating tool—if you have the JavaScript expertise to unlock that potential.

The basic idea behind jk is that you could write some relatively simple JavaScript, and jk will take that JavaScript and use it to create some type of structured data output. I’ll focus on Kubernetes manifests here, but as you read keep in mind you could use this for other purposes as well. (I explore a couple other use cases at the end of this post.)

Here’s a very simple example:

const service = new api.core.v1.Service('appService', {
    metadata: {
        namespace: 'appName',
        labels: {
            app: 'appName',
            team: 'blue',
        },
    },
    spec: {
        selector:  Continue reading