Meeting Report: ICANN DNS Symposium
ICANN held a DYN Symposium in May. These are my notes from this meeting.More DOH
DOH is not going away. It seems that the previous article on DOH has generated some reaction, and also there is some further development that should be reported, all of which I'll cover here.Five Functional Facts about AWS Identity and Access Management
This post is part of an open-ended series I'm writing where I take a specific protocol, app, or whatever-I-feel-like and focus on five functional aspects of that thing in order to expose some of how that thing really works.
The topic in this post is the AWS Identity and Access Management (IAM) service. The IAM service holds a unique position within AWS: it doesn't get the attention that the machine learning or AI services get, and doesn't come to mind when buzzwords like “serverless” or “containers” are brought up, yet it's used by-or should be used by-every single AWS customer (and if you're not using it, you're not following best practice, tsk, tsk) so it's worthwhile to take the time to really get to know this service.
Let's begin!
The Long View On The Intel Xeon Architecture
Incremental change is the secret to the success of the human race, and it is also its most difficult aspect in some regards. …
The Long View On The Intel Xeon Architecture was written by Timothy Prickett Morgan at .
Network Break 230: Google Anthos Targets Hybrid Cloud; Cisco Puts ACI In AWS
Today's Network Break issues a few corrections, and then delves into hybrid cloud news from Google and Cisco, examines a new SD-WAN service from Juniper, discusses Sungard's bankruptcy, and other tech news.
The post Network Break 230: Google Anthos Targets Hybrid Cloud; Cisco Puts ACI In AWS appeared first on Packet Pushers.
Japan’s 5G Future Takes Shape
Japan's telecom regulator also imposed a condition that effectively bans Chinese vendors Huawei and...
China Investigating Ericsson Over Licensing Model
The Wall Street Journal reported that the investigation included a raid on Ericsson’s offices in...
Why You Should Block Notifications and Close Your Browser
Every so often, while browsing the web, you run into a web page that asks if you would like to allow the site to push notifications to your browser. Apparently, according to the paper under review, about 12% of the people who receive this notification allow notifications. What, precisely, is this doing, and what are the side effects?
Allowing notifications allows the server to kick off one of two different kinds of processes on the local computer, a service worker. There are, in fact, two kinds of worker apps that can run “behind” a web site in HTML5; the web worker and the service worker. The web worker is designed to calculate or locally render some object that will appear on the site, such as unencrypting a downloaded audio file for local rendition. This moves the processing load (including the power and cooling use!) from the server to the client, saving money Continue reading
Is Google’s Cloud Strategy the Ultimate Trojan Horse?
Google is saying we're OK with being your No. 2 choice — for now. While Amazon and Microsoft...
Homeland Security Uncovers VPN Flaw in Cisco, F5, Palo Alto Networks, Pulse Secure
The products insecurely store authentication and/or session cookies, giving hackers access to a...
The Hallway Track Is Open For Scheduling
The Hallway Track at DockerCon is an innovative space designed to help facilitate those valuable conversations that come from chance hallway encounters. Instead of leaving it to chance, we’ve partnered with e180 to provide a platform that helps you find like-minded people to meet and learn from, discussing topics you are both interested in.
The Hallway Track is open Monday through Thursday, and it’s best to schedule your meetings in advance. Register for DockerCon and then follow these steps to log in and start scheduling your Hallway Tracks today:
- Explore the Market – where all participants post knowledge offers of topics they are willing to share, or questions they want to brainstorm.
- Pick a topic from the list and/or create your own offers or questions. You don’t have to be an expert to post!
- Schedule your Hallway Tracks and meet in person at the Hallway Track Lounge at DockerCon (Lobby, Level 2).
The Hallway Track is your opportunity to meet and share knowledge with other attendees, Docker Staff, Speakers, and Docker Captains. Register for DockerCon today and look out for email instructions to log into the Hallway Track platform.
Arriving for early registration before the Welcome Reception on Monday? Continue reading
Short Take – Flowspec and BCP38
In this Short Take, Russ discusses a couple tools we have in the network for DDoS mitigations and explores some of the reasons they may not be as pervasively used as we would like.
The post Short Take – Flowspec and BCP38 appeared first on Network Collective.
The Week in Internet News: Tech Giants’ ‘Ethical AI’ Efforts Scrutinized
Building nice AIs: Efforts by large tech vendors to think about ways to design “ethical Artificial Intelligence” systems have hit some speedbumps along the way, says Insurance Journal. Google abandoned its newly formed ethical AI council after employee complaints about its membership. Some critics say efforts to create ethical AI teams are attempts by companies to avoid regulations.
No smoking or bikinis: Business Insider India has a look at the efforts of the Chinese government to police Internet and social media content, with smoking, excessive tattoos, and in some cases, bikinis prohibited. At Inke, one of China’s largest livestreaming companies, a group of about 1,200 moderators attempt to keep up with the government’s rules, the story says.
Fake news arms race: Facebook has announced a new round of efforts to fight fake news with updates to updates to News Feed, Messenger, and Instagram, Fortune reports. The social media giant is expanding its fact-checking capabilities, and it is trying to limit the reach of groups that repeatedly spread misinformation. Facebook also says it’s getting better at identifying click-bait.
Comments gone wild: YouTube shut down comments on the livestream of a U.S. Congress hearing on white nationalism after the comments section Continue reading
The High-Performance Network (Cloud Next ’19) – YouTube
Presentation on Google's internal network from the show floor
The post The High-Performance Network (Cloud Next ’19) – YouTube appeared first on EtherealMind.
Privacy First for Security Companies
Privacy has become a major issue around the world. Hopeful presidential candidates, such as Elizabeth Warren, have proposed privacy legislation and European countries are beginning to issue their first judgements based on GDPR violations. Given this evolving environment, the Internet Society participated in a panel on data privacy at the ISC-West conference on 11 April 2019.
The conference was sponsored by ADT, one of the largest home security companies and an Internet Society organizational member. The panel included Frank Cona from ADT, Dylan Gilbert from Public Knowledge, Brandon Board from Resideo, and Kenneth Olmstead from the Internet Society.
The discussion focused on two main themes. The first was that in the data-driven economy, user agency is more important than ever. Users must be able to ask companies what data they have about them and be able to update or delete that data. The second was that companies must put privacy at the forefront of their business practices. Privacy cannot be an afterthought, but must be the starting point.
There was not consensus among panelists regarding whether there will be Federal privacy legislation at some point, but it was clear that the security industry should do its best to implement privacy Continue reading
Automating 802.1x (Part One)
This is a guest blog post by Albert Siersema, senior network and cloud engineer at Mediacaster.nl. He’s always busy broadening his horizons and helping his customers in (re)designing and automating their infrastructure deployment and management.
We’d like to be able to automate our network deployment and management from a single source of truth, but before we get there from a running (enterprise, campus!) network, we’ll have to take some small steps first.
These posts are not focused on 802.1x, but it serves as a nice use case in which I’ll show you how automation can save time and bring some consistency and uniformity to the network (device) configuration.
Read more ...Time protection: the missing OS abstraction
Time protection: the missing OS abstraction Ge et al., EuroSys’19
Ever since the prominent emergence of timing-based microarchitectural attacks (e.g. Spectre, Meltdown, and friends) I’ve been wondering what we can do about them. When a side-channel is based on observing improved performance, a solution that removes the improved performance can work, but is clearly undesirable. In today’s paper choice, for which the authors won a best paper award at EuroSys’19 last month, Ge et al., set out a principled basis for protecting against this class of attacks. Just as today’s systems offer memory protection, they call this time protection. The paper sets out what we can do in software given today’s hardware, and along the way also highlights areas where cooperation from hardware will be needed in the future.
Timing channels, and in particular microarchitectural channels, which exploit timing variations due to shared use of caches and other hardware, remain a fundamental OS security challenge that has eluded a comprehensive solution to date… We argue that it is time to take temporal isolation seriously, and make the OS responsible for time protection, the prevention of temporal inference, just as memory protection prevents spatial inference.