0

Going Keyless Everywhere

Time flies. The Heartbleed vulnerability was discovered just over five and a half years ago. Heartbleed became a household name not only because it was one of the first bugs with its own web page and logo, but because of what it revealed about the fragility of the Internet as a whole. With Heartbleed, one tiny bug in a cryptography library exposed the personal data of the users of almost every website online.

Heartbleed is an example of an underappreciated class of bugs: remote memory disclosure vulnerabilities. High profile examples other than Heartbleed include Cloudbleed and most recently NetSpectre. These vulnerabilities allow attackers to extract secrets from servers by simply sending them specially-crafted packets. Cloudflare recently completed a multi-year project to make our platform more resilient against this category of bug.

For the last five years, the industry has been dealing with the consequences of the design that led to Heartbleed being so impactful. In this blog post we’ll dig into memory safety, and how we re-designed Cloudflare’s main product to protect private keys from the next Heartbleed.

Memory Disclosure

Perfect security is not possible for businesses with an online component. History has shown us that no matter how Continue reading

0

Delegated Credentials for TLS

Today we’re happy to announce support for a new cryptographic protocol that helps make it possible to deploy encrypted services in a global network while still maintaining fast performance and tight control of private keys: Delegated Credentials for TLS. We have been working with partners from Facebook, Mozilla, and the broader IETF community to define this emerging standard. We’re excited to share the gory details today in this blog post.

Also, be sure to check out the blog posts on the topic by our friends at Facebook and Mozilla!

Deploying TLS globally

Many of the technical problems we face at Cloudflare are widely shared problems across the Internet industry. As gratifying as it can be to solve a problem for ourselves and our customers, it can be even more gratifying to solve a problem for the entire Internet. For the past three years, we have been working with peers in the industry to solve a specific shared problem in the TLS infrastructure space: How do you terminate TLS connections while storing keys remotely and maintaining performance and availability? Today we’re announcing that Cloudflare now supports Delegated Credentials, the result of this work.

Cloudflare’s TLS/SSL features are among the top reasons Continue reading

0

What women want in the IT workplace: 6 key factors for hiring and retention

Women are exiting IT in droves, as companies struggle to hire and engage these valuable employees. The first step to change? Listening to what women want.(Insider Story)

0

Why Are You Always so Negative?

During the last Tech Field Day Extra @ CLEUR, one of the fellow delegates asked me about my opinion on technology X (don’t remember the details, it was probably one of those over-hyped four-letter technologies). As usual, I started explaining the drawbacks, and he quickly stopped me with a totally unexpected question: “Why do you always tend to be so negative?”

That question has been haunting me for months… and here are a few potential answers I came up with.

Read more ...

0

Optimized risk scores

Optimized risk scores Ustun & Rudin, KDD’17

On Monday we looked at the case for interpretable models, and in Wednesday’s edition of The Morning Paper we looked at CORELS which produces provably optimal rule lists for categorical assessments. Today we’ll be looking at RiskSLIM, which produces risk score models together with a proof of optimality.

A risk score model is a a very simple points-based system designed to be used (and understood by!) humans. Such models are widely used in e.g. medicine and criminal justice. Traditionally they have been built by panels of experts or by combining multiple heuristics . Here’s an example model for the CHADS₂ score assessing stroke risk.

Even when you don’t consider interpretability as a goal (which you really should!), “doing the simplest thing which could possibly work” is always a good place to start. The fact that CORELS and RiskSLIM come with an optimality guarantee given the constraints fed to them on model size etc. also means you can make informed decisions about model complexity vs performance trade-offs if a more complex model looks like it may perform better. It’s a refreshing change of mindset to shift from “finding an Continue reading

0

Big Four carriers want to rule IoT by simplifying it

The Internet of Things promises a transformative impact on a wide range of industries, but along with that promise comes an enormous new level of complexity for the network and those in charge of maintaining it. For the major mobile data carriers in the U.S., that fact suggests an opportunity.The core of the carriers’ appeal for IoT users is simplicity. Opting for Verizon or AT&T instead of in-house connectivity removes a huge amount of the work involved in pulling an IoT implementation together.[Get regularly scheduled insights by signing up for Network World newsletters.] Operationally, it’s the same story. The carrier is handling the network management and security functionality, and everything involved in the connectivity piece is available through a centralized management console.To read this article in full, please click here

0

JNCIS-SP

I recently passed the JNCIS Service Provider (JN0-361) certification exam on my second attempt. This post will cover the materials and methods I used to tackle this exam. First Attempt Juniper had a free cert day on the 17th of September 2019 here in Australia. From the time it was...

0

JNCIS-SP

How to play the JNCIS-SP game and win!

0

Dell Technologies and VMware Deliver the Roadmap to 5G Network Architecture

Dell Technologies and VMware deliver an adaptable edge architecture tailored to the challenges...

Read More »

0

Career roadmap: Network architect

With the growing use of mobile devices and apps, edge computing,and IoT, the network architect role has become more complex and more important to the success of the enterprise.

0

IPv6 Buzz 038: IPv6 In The Federal Government

Today's episode explores how the US federal government views IPv6 adoption. We also explore the use of IPv6 by the U.S. Department of Defense, including innovations, and how the DoD's use affects its work with civilian entities. Our guest is Jeremy Duncan, founder and leading partner of the consultancy Tachyon Dynamics.

0

IPv6 Buzz 038: IPv6 In The Federal Government

Today's episode explores how the US federal government views IPv6 adoption. We also explore the use of IPv6 by the U.S. Department of Defense, including innovations, and how the DoD's use affects its work with civilian entities. Our guest is Jeremy Duncan, founder and leading partner of the consultancy Tachyon Dynamics.

The post IPv6 Buzz 038: IPv6 In The Federal Government appeared first on Packet Pushers.

0

Hypercalers Lead The Way To The Future With SmartNICs

The consensus is growing among the big datacenter operators of the world that CPU cores are such a precious commodity that they should never do network, storage, or hypervisor housekeeping work but rather focus on the core computation that they are really acquired to do. …

Hypercalers Lead The Way To The Future With SmartNICs was written by Timothy Prickett Morgan at The Next Platform.

0

Don’t Be Scared of Kubernetes

5 Reasons You Might Be Afraid to Get Started with Kubernetes

Kubernetes has the broadest capabilities of any container orchestrator available today, which adds up to a lot of power and complexity. That can be overwhelming for a lot of people jumping in for the first time – enough to scare people off from getting started. There are a few reasons it can seem intimidating:

• It’s complicated, isn’t it? As we noted in a previous post, jumping into the cockpit of a state-of-the-art jet puts a lot of power under you, but how to actually fly the thing is not obvious. If you’ve never done more than play a flight simulator game, it can be downright scary.
• Is it production-ready? Everyone is talking about Kubernetes, but it’s only emerged as a major technology in the past few years. Many companies take a wait-and-see approach on new technologies. Building out a Kubernetes deployment on your own means solving challenging problems without enterprise support. 
• Do I have the people and skills to support it? IT teams are just beginning to learn Kubernetes. If it’s complicated, it means you’ll need people with the right experience to support it. According to industry Continue reading

0

Intel, Sony, NTT Forge Optical, Wireless Initiative

The forum envisions a future where technologies like silicon photonics, edge computing, and...

Read More »

0

Ericsson, Huawei Win Top Ratings on 5G Mobile Core

“The gap that distinguishes leaders from the rest of the pack is very small, and the market is...

Read More »

0

Install Azure CLI on your Android Phone

I installed the Azure CLI in the Termux app on my Android phone. This post describes all the steps required to successfully run Azure CLI on most Android phones.

Installing Azure CLI on Termux on your Android phone is an alternative to using Azure Cloud Shell on Chrome or Firefox, or to using the Cloud Shell feature on the Azure mobile app. It’s also a cool thing to try.

This post is based on the excellent work done by Matthew Emes, who wrote a blog post about installing Azure CLI on a Chromebook. Matthew’s procedure got me started, but I had to modify it to make Azure CLI work in Termux on my Android phone. Also, Azure CLI has changed since Matthew wrote about it and some of his steps, while they still work, are no longer necessary.

Termux

Install Termux on your Android phone. Termux is a terminal emulator and Linux environment that runs on most Android devices with no rooting or setup required. You can use Termux as a terminal emulator to manage remote systems and it will run a large number of Linux utilities and programming languages directly on your phone. Install it from the Google Continue reading

0

Developers Going All-In On Kubernetes

To learn more about containerized infrastructure and cloud native technologies, consider coming to...

Read More »

0

Nokia’s SOAR Lineup Tackles 5G, IoT Security

“Basically 60% of the devices we are monitoring are IoT devices, and 78% of the malware we are...

Read More »

0

What Scary Movies Can Teach Us About Internet Trust

Mad geniuses. Evil dolls. Slow zombies. This Halloween, we’ll see all of these horror film clichés come to life. Sure they’re fun, but are there lessons we can learn from them? What if they could teach us what not to do? We looked at seven scary tropes and what they might teach us about Internet trust.

The call is coming from inside the house.

The phone calls keep coming, each one scarier than the last. Ring. “Are you home alone?” Ring. “Have you locked the doors?” Ring. “Look in the basement.” It’s only then you realize the stalker has been in the house all along.

We lock our doors to make our homes more secure, but we don’t always think about the security of the things we connect to our home networks. An insecure connected device can put your whole network and the devices on it at risk. Meaning, yes, the cybersecurity threat could be coming from inside the house. By protecting your home network, you limit your devices’ exposure to online threats and help mitigate the risk they may pose to others. You can make your network more secure by using encryption, a strong password, and Continue reading