Learn to Code?

A long, long time ago, in a galaxy far away, I went to school to learn art and illustration. In those long ago days, folks in my art and illustration classes would sometimes get into a discussion about what, precisely, to do with an art degree. My answer was, ultimately, to turn it into a career building slides and illustrations in the field of network engineering. ? And I’m only half joking.

The discussion around the illustration board in those days was whether it was better to become an art teacher, or to focus just on the art and illustration itself. The two sides went at it hammer and tongs over weeks at a time. My only contribution to the discussion was this: even if you want to be the ultimate in the art world, a fine artist, you must still have a subject. While much of modern art might seem to be about nothing much at all, it has always seemed, to me, that art must be about something.

This week I was poking around one of the various places I tend to poke on the ‘net and ran across this collage. Click to see the full image.

Get the Continue reading

Red Hat announces container flaw CVE-2019-5736

Red Hat announced a vulnerability this morning – one that can be exploited if a user runs malicious or modified containers. The flaw in runC (a lightweight portable container runtime) and Docker that this vulnerability exposes allows an attacker to escape a container and access the underlying file system. That might sound bad, but there's more.The good news is that this vulnerability cannot be exploited if SELinux is enabled and that this is the default on Red Hat systems. To check whether your Red Hat system is enforcing SELinux, use one of the following commands:$ /usr/sbin/getenforce Enforcing <== $ sestatus SELinux status: enabled <== SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 31 [ Read also: Linux hardening: A 15-step checklist for a secure Linux server ] This vulnerability also requires local access to the system. Affected Red Hat systems include:To read this article in full, please click here

Red Hat announces container flaw CVE-2019-5736

Red Hat announced a vulnerability this morning – one that can be exploited if a user runs malicious or modified containers. The flaw in runC (a lightweight portable container runtime) and Docker that this vulnerability exposes allows an attacker to escape a container and access the underlying file system. That might sound bad, but there's more.The good news is that this vulnerability cannot be exploited if SELinux is enabled and that this is the default on Red Hat systems. To check whether your Red Hat system is enforcing SELinux, use one of the following commands:$ /usr/sbin/getenforce Enforcing <== $ sestatus SELinux status: enabled <== SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 31 [ Read also: Linux hardening: A 15-step checklist for a secure Linux server ] This vulnerability also requires local access to the system. Affected Red Hat systems include:To read this article in full, please click here

Red Hat announces container flaw CVE-2019-5736

Red Hat announced a vulnerability this morning – one that can be exploited if a user runs malicious or modified containers. The flaw in runC (a lightweight portable container runtime) and Docker that this vulnerability exposes allows an attacker to escape a container and access the underlying file system. That might sound bad, but there's more.The good news is that this vulnerability cannot be exploited if SELinux is enabled and that this is the default on Red Hat systems. To check whether your Red Hat system is enforcing SELinux, use one of the following commands:$ /usr/sbin/getenforce Enforcing <== $ sestatus SELinux status: enabled <== SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Memory protection checking: actual (secure) Max kernel policy version: 31 [ Read also: Linux hardening: A 15-step checklist for a secure Linux server ] This vulnerability also requires local access to the system. Affected Red Hat systems include:To read this article in full, please click here

Network Break 221: Cisco Calls Privacy A Human Right; VMware Revamps Recertification

Today's Network Break podcast analyzes Cisco's call for privacy legislation and CEO Chuck Robbins' assertion that privacy is a human right. We also dive into VMware's revamped recertification policy, a new Sprint/Meraki partnership, tactical Azure Stack hardware, and more tech news.

The post Network Break 221: Cisco Calls Privacy A Human Right; VMware Revamps Recertification appeared first on Packet Pushers.

The Week in Internet News: Google Moves to Make it Easier to Encrypt Cheap Android Devices

Easier encryption? Google engineers have created a new encryption regime that can run on cheap and underpowered smartphones, Wired.com reports. The Google effort takes established cryptographic tools and implements them in a more efficient way.

Email encryption required: The EU’s GDPR privacy regulation requires encryption at least at the transport layer for email, according to a recent ruling by Germany’s data protection authority. The ruling also suggests that transport layer encryption may not be enough for sensitive personal information, TechDirt says.

Encryption proposal questioned: India’s proposal to require tech companies to hand over encrypted communications is “not possible,” WhatsApp has said. The proposed rules are “not possible today given the end-to-end encryption that we provide and it would require us to re-architect WhatsApp, leading to a different product, one that would not be fundamentally private,” WhatsApp said in a Financial Times story.

Federal action: The U.S. White House is planning to take executive action to promote research and development related to Artificial Intelligence, advanced manufacturing, quantum computing, and 5G wireless technology, Reuters reports. There’s some concern that the U.S. is losing ground to countries like China.

AI could go awry: Microsoft has warned investors that its AI Continue reading

Site Maintenance

I am performing some site maintenance in conjunction with a move to a new VPS server. (Thank you Hetzner (some irony may be involved)).

Hopefully everything should be reachable, but some minor UI tweaks may occur.

Thanks for understanding.

/Kim

Last Week on ipSpace.net (2019W6)

Last week Howard Marks completed the Hyperconverged Infrastructure Deep Dive trilogy covering smaller HCI players (including Cisco’s Hyperflex) and explaining the intricacies of costing and licensing HCI solutions.

On Thursday I finally managed to start the long-overdue Data Center Interconnects update. The original webinar was recorded in 2011, and while the layer-3 technologies haven’t changed much (with LISP still being mostly a solution in search of a problem), most of the layer-2 technologies I described at that time vanished, with OTV being a notable exception. Keep that in mind the next time your favorite $vendor starts promoting another wonderful technology.

You can get access to both webinars with standard ipSpace.net subscription.

ExFaKT: a framework for explaining facts over knowledge graphs and text

ExFaKT: a framework for explaining facts over knowledge graphs and text Gad-Elrab et al., WSDM’19

Last week we took a look at Graph Neural Networks for learning with structured representations. Another kind of graph of interest for learning and inference is the knowledge graph.

Knowledge Graphs (KGs) are large collections of factual triples of the form \langle subject\ predicate\ object \rangle (SPO) about people, companies, places etc.

Today’s paper choice focuses on the topical area of fact-checking : how do we know whether a candidate fact, which might for example be harvested from a news article or social media post, is likely to be true? For the first generation of knowledge graphs, fact checking was performed manually by human reviewers, but this clearly doesn’t scale to the volume of information published daily. Automated fact checking methods typically produce a numerical score (probability the fact is true), but these scores are hard to understand and justify without a corresponding explanation.

To better support KG curators in deciding the correctness of candidate facts, we propose a novel framework for finding semantically related evidence in Web sources and the underlying KG, and for computing human—comprehensible explanations for facts. We refer to our framework as ExFaKT (Ex Continue reading

How to run stunnel on your Android device

Overview

In this post we’re going to talk about how to run the amazing stunnel program on your Android device, and do so properly!

Later, this would allow us to setup a lot of cool things like:

  • Wrapping OpenVPN traffic with it
  • Using it as a SOCKS VPN
  • Adding proper IMAPS/SMTPS support to our old email apps

For this, we’re not going to use the old and very limited SSLDroid. It’s a bad idea, I don’t know why different sites still keep pushing it. It almost certainly has unpatched vulnerabilities. Please don’t use it.

Instead, we are going to use the official stunnel program, with the help of a proper wrapper.

stunnel Android binary

stunnel already supports Android devices and even the compiled version of it is available in it’s download page.

This file is compiled for ARM architecture. Even though most Android devices run on ARM, this is particularly important to note for those devices that are not (e.g, Android-x86).

Since we’ll be using the compiled binary, you may need to compile stunnel yourself for your specific Android architecture before continuing1. Chances are though, that your device is running on ARM and you are ready Continue reading

Juniper eBGP

6 steps to configure eBGP. Configure a router-id Configure an autonomous system number Configure a BGP group and define the peer type Add neighbors to the peer group Define a routing policy to export routes Assign the routing policy to the BGP group Configuration ...continue reading

Building static routes with ExaBGP

In our last post we covered the basic setup and configuration of ExaBGP. While we were able to make use of ExaBGP for dynamic route advertisement, it wasn’t able to help us when it came to actually programming the servers routing table. In this post, I want to show you how you can leverage ExaBGP from a more programatic perspective. We’ll start by handling route advertisement to our peer and then tackle reading and processing received route updates. We’ll also start using another Python module (pyroute2) to program the routing table of the bgp_server host so that it begins acting more like a normal router. Enough talk – let’s dive in!

Im going to assume you’re starting off at the end of the last post. So the first thing we need to do is clean up a couple of items. We’re not going to rely on the static route we provisioned so to clean that up we can simply reapply the netplan network configuration using the command sudo netplan apply

user@bgp_peer:~$ ip route
default via 192.168.127.100 dev ens3 proto static 
10.10.10.0/30 dev ens7 proto kernel scope link src 10.10.10.1 
10. Continue reading
1 1,275 1,276 1,277 1,278 1,279 3,797