0

In-toto: providing farm-to-table guarantees for bits and bytes

in-toto: providing farm-to-table guarantees for bits and bytes Torres-Arias et al., USENIX Security Symposium 2019

Small world with high risks did a great job of highlighting the absurd risks we’re currently carrying in many software supply chains. There are glimmers of hope though. This paper describes in-toto, and end-to-end system for ensuring the integrity of a software supply chain. To be a little more precise, in-toto secures the end-to-end delivery pipeline for one product or package. But it’s only a small step from there to imagine using in-toto to also verify the provenance of every third-party dependency included in the build, and suddenly you’ve got something that starts to look very interesting indeed.

In-toto is much more than just a research project, it’s already deployed and integrated into a number of different projects and ecosystems, quietly protecting artefacts used by millions of people daily. You can find the in-toto website at https://in-toto.io.

In-toto has about a dozen different integrations that protect software supply chains for millions of end-users.

• If you install a Debian package using apt, in-toto is protecting it.
• If you use kubesec to analyze your Kubenetes configurations, in-toto is protecting it
• If you use the Continue reading

0

Learn more about Workers Sites at Austin & San Francisco Meetups

Last Friday, at the end of Cloudflare’s 9th birthday week, we announced Workers Sites.

Now, using the Wrangler CLI, you can deploy entire websites directly to the Cloudflare Network using Cloudflare Workers and Workers KV. If you can statically generate the assets for your site, think create-react-app, Jekyll, or even the WP2Static plugin, you can deploy it to our global network, which spans 194 cities in more than 90 countries.

If you’d like to learn more about how it was built, you can read more about this in the technical blog post. Additionally, I wanted to give you an opportunity to meet with some of the developers who contributed to this product and hear directly from them about their process, potential use cases, and what it took to build.

Check out these events. If you’re based in Austin or San Francisco (more cities coming soon!), join us on-site. If you’re based somewhere else, you can watch the recording of the events afterwards.

Growing Dev Platforms at Scale & Deploying Static Websites

Talk 1: Inspiring with Content: How to Grow Developer Platforms at Scale

Serverless platforms like Cloudflare Workers provide benefits like scalability, high performance, and lower costs. However, Continue reading

0

“What’s your IPv6 strategy?”

For many in enterprise networking, IPv6 is just a distant memory of a tedious mandatory training a few years back. Weird addresses, over-eager trainer, stories about v6 adoption that never came true. Why then for the last couple of years have I been presenting to Aruba audiences about IPv6 adoption? While many network engineers maybe unaware, IPv6 is very much upon us and numerous times this year I've heard from various sources, 'What's your IPv6 strategy?'

It's alive!

Turning back the clock a few years and IPv6 was for the specialist or for university campuses eager to deploy the latest technology. Live deployments of IPv6 outside of academia were largely unheard of. Then came the ISP deployments across the global, in roughly 2015-2017. Now IPv6 was out in the wild and in our homes. It was this transition of IPv6 from the textbook to the live networks around us that changed the nature of the protocol and breathed life into those 128 bits.
But this was a largely silent change. No big fanfare, hashtags or broadsheet ads. No proliferation of start-ups hunting VC money. No LinkedIn profiles being updated with 'IPv6 thought-leader'. For that reason I feel many network Continue reading

0

Flow metrics with Prometheus and Grafana

The Grafana dashboard above shows real-time network traffic flow metrics. This article describes how to define and collect flow metrics using the Prometheus time series database and build Grafana dashboards using those metrics.
Prometheus exporter describes an application that runs on the sFlow-RT analytics platform that converts real-time streaming telemetry from industry standard sFlow agents. Host, Docker, Swarm and Kubernetes monitoring describes how to deploy agents on popular container orchestration platforms.

The latest version of the Prometheus exporter application adds flow export.

global:
  scrape_interval:     15s
  evaluation_interval: 15s

rule_files:
  # - "first.rules"
  # - "second.rules"

scrape_configs:
  - job_name: 'sflow-rt-metrics'
    metrics_path: /prometheus/metrics/ALL/ALL/txt
    static_configs:
      - targets: ['10.0.0.70:8008']
  - job_name: 'sflow-rt-src-dst-bps'
    metrics_path: /app/prometheus/scripts/export.js/flows/ALL/txt
    static_configs:
      - targets: ['10.0.0.70:8008']
    params:
      metric: ['ip_src_dst_bps']
      key: ['ipsource','ipdestination']
      label: ['src','dst']
      value: ['bytes']
      scale: ['8']
      minValue: ['1000']
      maxFlows: ['100']
  - job_name: 'sflow-rt-countries-bps'
    metrics_path: /app/prometheus/scripts/export.js/flows/ALL/txt
    static_configs:
      - targets: ['10.0.0.70:8008']
    params:
      metric: ['ip_countries_bps']
      key: ['null:[country:ipsource]:unknown','null:[country:ipdestination]:unknown']
      label: ['src','dst']
      value: ['bytes']
      scale: ['8']
      aggMode: ['sum']
      minValue: ['1000']
      maxFlows: ['100']

The above prometheus.yml file extends the previous example to add two additional scrape jobs, sflow-rt-src-dst-bps and sflow-rt-countries-bps, that return flow metrics. Defining flows describes the attributes and settings available to build Continue reading

0

IBM Readies Power9 “Bandwidth Beast” Kicker

Big Blue has become a big believer in using differential signaling to attach everything – and we mean everything – to the processor. …

IBM Readies Power9 “Bandwidth Beast” Kicker was written by Timothy Prickett Morgan at The Next Platform.

0

Innovation Exercises to Increase Your Personal Creativity

To advance in most careers these days you need to be creative and able to think outside of the box, but this is easier said than done. As children, we freely use our imagination and our creativity, but as we mature we are often asked to leave our imagination behind in order to perform in the “real world.” So how do you get back that personal creativity as an adult? Here are some innovation exercises that will help you increase your personal creativity.

5 Innovation Exercises to Boost Brain Power and Creativity

Try Looking at Things from a New Perspective

Over time, it becomes ingrained in us to look at things from one given perspective; however, learning to look at things from a different perspective may help us to see things in a different light and spur creativity. For example, if you normally view that tree in your backyard from a distance, why not sit under its branches and look up. Close your eyes, inhale deeply, and touch its leaves and branches, “seeing” it not through your eyes but through your sense of touch or smell. This will help you to see the tree more creatively than by simply Continue reading

0

Cumulus content roundup: September 2019

And with that, September has come and gone. Did you miss some of the great content we published? In true Cumulus Networks fashion, we’ve made it easy for you to catch up on all the blog posts and articles we had to offer below so take a moment to settle in and then dive into all things open networking!

From Cumulus Networks:

How open standards help with defense in depth:Networking is a vital part of security, and of defense in depth in particular. So how would open standards help this approach to InfoSec? Read this blog to learn.

EVPN-PIM: BUM optimization using PIM-SM: Does “PIM” make you break out into hives? You’re not alone. In part one of a two part blog series we talk about using PIM-SM to optimize BUM flooding in a L2-VNI with single VTEPs.

EVPN-PIM: Anycast VTEPs: In part one we learned about EVPN-PIM. This second part of the two-part blog series we throw MLAG into the mix and break down the additional procedures needed for it.

 

News from the web:

The future of networks: switching to 100G: Pete Lumbis shares five tips on changing to 100G networking in the latest Continue reading

0

Nubix Shrinks Containers to Fit Edge, IoT Limitations

The company claims its containers are 100-times smaller than the size of traditional Linux...

Read More »

0

Cisco Hooks Up Altice With SD-WAN Package

Cisco Viptela will power cable network provider Altice USA's entrance into the managed SD-WAN...

Read More »

0

Will Extreme’s ‘Maniacal Enterprise Focus’ Propel It Past Cisco?

It recently closed its Aerohive acquisition, and CEO Ed Meyercord say the deal solidifies...

Read More »

0

Sponsored Post: Sisu, Educative, PA File Sight, Etleap, PerfOps, InMemory.Net, Triplebyte, Stream, Scalyr

Who's Hiring? 

• Sisu Data is looking for machine learning engineers who are eager to deliver their features end-to-end, from Jupyter notebook to production, and provide actionable insights to businesses based on their first-party, streaming, and structured relational data. Apply here.


• Triplebyte lets exceptional software engineers skip screening steps at hundreds of top tech companies like Apple, Dropbox, Mixpanel, and Instacart. Make your job search O(1), not O(n). Apply here.


• Need excellent people? Advertise your job here! 

Cool Products and Services

• Grokking the System Design Interview is a popular course on Educative.io (taken by 20,000+ people) that's widely considered the best System Design interview resource on the Internet. It goes deep into real-world examples, offering detailed explanations and useful pointers on how to improve your approach. There's also a no questions asked 30-day return policy. Try a free preview today.


• PA File Sight - Actively protect servers from ransomware, audit file access to see who is deleting files, reading files or moving files, and detect file copy activity from the server. Historical audit reports and real-time alerts are built-in. Try the 30-day free trial!


• For heads of IT/Engineering responsible for building Continue reading

0

Juniper Powers Telefonica UK’s Automated IP Network

The first phase of Telefonica UK’s migration to an automated and cloud-based IP network, which it...

Read More »

0

Top Reasons to Attend VMworld Europe 2019

In the digital age, everyone is responsible for the organization’s overall security.  DevSecOps brings together the disciplines of DevOps, Cloud and now Security toward a common goal of distributing security decisions with agility and scale.  At VMworld Europe, you will network, learn and practice the industry’s latest technology with industry insiders, experts and your fellow co-workers and peers.

We’ve put together a list of VMware’s networking and security business unit’s top sessions, hands-on-labs and keynote sessions that you can’t miss!

Networking and Security Showcase Keynotes at VMworld Europe

Showcase Keynote: Networking and Security for the Cloud Era 

•  Tuesday, 5 November, 13:00 – 14:00 (CET/GMT+2)
• Speaker: Tom Gillis (@_TomGillis), SVP and GM, Networking and Security,

Showcase Keynote: Intrinsic Security – How Your VMware Infrastructure Can Turn the Tide in Cybersecurity [SEC3412KE]

• Wednesday, 6 November, 15:30- 16:30
• Speakers: Tom Corn, SVP Security Products, VMware, Shawn Bass, VP & CTO EUC, VMware

 Cloud Networking Sessions at VMworld Europe

Tuesday, 5 November, 2019

 Edge to Hybrid Cloud, the Network Matters [CNET3628BES]

• Tuesday, 5 November, 11:00 – 12:00
• Speakers: Amit Pandey, VP, Head of NSX Service, VMware and Bob Ghaffari, General Manager, Intel

 Network Virtualization and NSX-T Continue reading

0

Arm’s Chances In Servers May Hinge On Success In HPC

It has been eight years since Arm announced its intentions to enter the server arena. …

Arm’s Chances In Servers May Hinge On Success In HPC was written by Michael Feldman at The Next Platform.

0

Network Break 254: Amazon Develops Wireless Gadget Protocol; Mellanox Gear Harmonizes With SONiC

Network Break feasts on a variety of tech news including a new wireless protocol proposed by Amazon, Mellanox support for the SONiC NOS, Palo Alto Networks saying it will build an SD-WAN offering, a dip in cloud infrastructure spending, and more.

0

Network Break 254: Amazon Develops Wireless Gadget Protocol; Mellanox Gear Harmonizes With SONiC

Network Break feasts on a variety of tech news including a new wireless protocol proposed by Amazon, Mellanox support for the SONiC NOS, Palo Alto Networks saying it will build an SD-WAN offering, a dip in cloud infrastructure spending, and more.

The post Network Break 254: Amazon Develops Wireless Gadget Protocol; Mellanox Gear Harmonizes With SONiC appeared first on Packet Pushers.

0

Kubernetes Shadow Hangs Over Docker Financial Squeeze

Company CEO Rob Bearden reportedly circulated a company-wide email stating that Docker Inc. has...

Read More »

0

Insider Threat Detection with NetFlow

The post Insider Threat Detection with NetFlow appeared first on Noction.

0

BiB082 – LPWANs, Amazon Sidewalk and Apple U1 Wideband

Last week we saw LPWAN announcements from Amazon and Apple, lets consider what that means.

0

BiB082 – LPWANs, Amazon Sidewalk and Apple U1 Wideband

Last week we saw LPWAN announcements from Amazon and Apple, lets consider what that means.

The post BiB082 – LPWANs, Amazon Sidewalk and Apple U1 Wideband appeared first on Packet Pushers.