Top 5 Blog Post of 2018: Docker Enterprise 2.0 with Kubernetes

Day 2 of our top blog posts of 2018 and coming in at Number 4 is the launch of Docker Enterprise 2.0 (formerly Docker Enterprise Edition). Docker’s industry-leading container platform is the only platform that simplifies Kubernetes and manages and secures applications on Kubernetes in multi-Linux, multi-OS and multi-cloud customer environments. To learn more about our Docker Enterprise, read on…

 

 

We are excited to announce Docker Enterprise Edition 2.0 – a significant leap forward in our enterprise-ready container platform. Docker Enterprise Edition (EE) 2.0 is the only platform that manages and secures applications on Kubernetes in multi-Linux, multi-OS and multi-cloud customer environments. As a complete platform that integrates and scales with your organization, Docker EE 2.0 gives you the most flexibility and choice over the types of applications supported, orchestrators used, and where it’s deployed. It also enables organizations to operationalize Kubernetes more rapidly with streamlined workflows and helps you deliver safer applications through integrated security solutions. In this blog post, we’ll walk through some of the key new capabilities of Docker EE 2.0.

Eliminate Your Fear of Lock-in

As containerization becomes core to your IT strategy, the importance of having a platform Continue reading

Strong identity is strong security


I think of classical firewall-based security like a community with a common manned gate, but where the homes in the community don’t have locks on their doors.   Strong locks on strong doors is better if you ask me.

Traditional firewall security matches on patterns in the packet header to determine what action to take on the matching application flows.  I'd equate this to the security guard allowing people into the gated community based by how they look.  If a person looks like someone who belongs to the community, then let them in.   In the same way, if a bad person crafts packet headers to match permit rules in the firewall, then it is allowed through.

One might say that’s where app-based firewalls come in.  They go deeper than just the packet header to determine what application is being transported.  How do these firewalls know what application a transport session belongs to?  Well, they do Continue reading

Top 5 Post: Improved Docker Container Integration with Java 10

As 2018 comes to a close, we looked back at the top five blogs that were most popular with our readers. For those of you that had difficulties with memory and CPU sizing/usage when running Java Virtual Machine (JVM) in a container, we are kicking off the week with a blog that explains how to get improved Docker container integration with Java 10 in Docker Desktop ( Mac or Windows) and Docker Enterprise environments.

Docker and Java

Many applications that run in a Java Virtual Machine (JVM), including data services such as Apache Spark and Kafka and traditional enterprise applications, are run in containers. Until recently, running the JVM in a container presented problems with memory and cpu sizing and usage that led to performance loss. This was because Java didn’t recognize that it was running in a container. With the release of Java 10, the JVM now recognizes constraints set by container control groups (cgroups). Both memory and cpu constraints can be used manage Java applications directly in containers, these include:

  • adhering to memory limits set in the container
  • setting available cpus in the container
  • setting cpu constraints in the container

Java 10 improvements are realized in both Docker Desktop ( Mac Continue reading

The Wired Nursery

This month, we’ve asked parents to share their experiences of raising kids in the tech age. Today’s guest author is Kimberly Rae Miller, author of Beautiful Bodies and the bestselling memoir Coming Clean.

Being a parent means living with constant, underlying anxiety over just about everything from how to slice hot dogs, to the age old winter jacket vs. car seat conundrum, to whether all the tech used to keep kids alive/make life with them easier is actually going to screw them up/destroy your life.

The latter takes a fair bit of cognizant dissonance. Most of us know at least some of the pitfalls of our wired life. After all, the digital assistant in my living room knew that I was pregnant again about five seconds after I did (and yes, there are Bluetooth-enabled home pregnancy tests), and voila, almost immediately targeted ads for diapers and nursery furniture started showing up when I shopped online. Most of the time I brush aside how uncomfortable it all makes me, because the gizmos and gadgets that make momming slightly easier are maybe worth the invasion of privacy.

When I was pregnant with my now two-year-old son, I knew that I didn’t know Continue reading

Improving HTML Time to First Byte

Improving HTML Time to First Byte

The Time to First Byte (TTFB) of a site is the time from when the user starts navigating until the HTML for the page they requested starts to arrive. A slow TTFB has been the bane of my existence for more than the ten years I have been running WebPageTest.

There is a reason why TTFB appears as one of the few “grades” that WebPageTest scores a site on and, specifically, why it is the first grade in the list.

Improving HTML Time to First Byte

If the first byte is slow, EVERY other metric will also be slow. Improving it is one of the few cases where you can predict what the impact will be on every other measurement. Every millisecond improvement in the TTFB translates directly into a millisecond of savings in every other measurement (i.e. first paint will be 500ms faster if TTFB improves by 500ms). That said, a fast ttfb doesn't guarantee a fast experience but a slow ttfb does guarantee a slow Continue reading

The Week in Internet News: India Rethinks Frequent Internet Shutdowns

Keep the pipes flowing: The Indian government’s Department of Telecommunications has told state governments they should avoid Internet shutdowns in situations not involving an emergency or public safety, Business Insider India reports. There were about 130 Internet shutdowns in the country in 2018, up from 79 the year before. But shutdowns close off residents’ access to banking and other online services, the agency said in its notice.

A fragmenting Internet: The global Internet is fracturing with governments increasingly exerting their influence on digital companies, markets, and rights, Foreign Policy says. The authors see a future Internet Warring States Period, in which several countries jockey for influence on the Internet, which could lead to a fragmented Internet in areas where there was once common ground.

Fake crackdown: Egypt is using a crackdown on so-called fake news to detain or jail “scores” of journalists, bloggers, and social media users, the Los Angeles Times reports. In 2018, Egypt jailed 19 journalists for allegedly “disseminating false information,” while all other countries jailed a total of nine journalists.

Beware the cryptominers: Internet users saw a 4,000 percent increase in crytomining malware in 2018, The Next Web says. MacAfee Labs noted more than 4 million new Continue reading

The Internet Mince Pie Data Base: 2018 Edition

The Internet Mince Pie Data Base: 2018 Edition

In December 2017 we unveiled the true potential of Cloudflare’s scale: to find the best commercially available mince pie and let the world know about it. In 2018 we’ve all been extremely busy helping Cloudflare & our customers and therefore we left it very late this year. Uncomfortably late.

If you want to know the best mince pie to buy in 2018 right now, skip straight to the bottom of this post where we reveal the winner. If you want to understand more about what makes a mince pie great and how we can learn this at Cloudflare’s scale - read on.

How do you review 42 varieties of mince pie in an hour?

With a very short amount of time to get this research out to a discerning and demanding public, we engaged the entire Cloudflare London team to help. Team members diligently went out and purchased mince pies from all over the South East of England for everyone to taste.

The Internet Mince Pie Data Base: 2018 Edition

On Monday the team assembled for a “Mince Pie Jam”, where we would taste & consistently review each pie:

The Internet Mince Pie Data Base: 2018 Edition

A quick refresher - what is a mince pie?

The Internet Mince Pie Data Base: 2018 Edition

As we can see from even the most cursory Internet Continue reading

DNS Security & Privacy discussed at e-AGE18

The Internet Society continued its engagement with Middle East networking community by participating in the e-AGE18 Conference, where we took the opportunity to promote the importance of DNS Security and Privacy. The conference was held on 2-3 December 2018 at the Marriott Hotel in Amman, Jordan and was organised by the Arab States Research and Education Network (ASREN) and co-sponsored by the Internet Society.

Kevin Meynell from the Internet Society’s Middle East Bureau, highlighted the importance of implementing DNSSEC which allows DNS resolvers to authenticate the origin of data in the DNS through a verifiable chain-of-trust. This reduces the possibility of spoofing where incorrect or corrupt data is introduced into a resolver, or a man-in-the-middle attack whereby DNS queries are re-directed to a name server returning forged responses.

Unfortunately, only the Saudi Arabia ccTLD (.sa) has operationally deployed DNSSEC in the Middle East region at the present time, although Iran (.ir) and Iraq (.iq) have deployed it on an experimental basis. On the positive side, around 18% of DNS queries originated from Middle East countries are being validated compared to 12% globally, with Yemen (45.1%), Saudi Arabia (32.1%), Iraq (30.6%), Bahrain (23.2%) and Continue reading

Death by a thousand scripts


Early on in my automation journey, I learned some basic lessons from observing what happens when multiple scripting newbies independently unleash their own notions of automation on the network.  I was one of them. 

Our earliest automations were largely hacky shell scripts that spat out snippets of config which would then be shoved into routers by other scripts.  We’re talking mid 1990s.   It started out fun and exciting, but with more vendors, hardware, use cases, issues, and so on, things went sideways.  

We ended up with a large pile of scripts with different owners, often doing similar things to the network in different ways.  Each script tailored for some narrow task on a specific vendor hardware in a specific role.  As folks who wrote the scripts came and went, new scripts of different kinds showed up, while other scripts became orphaned.  Other scripts ran in the shadows, only known Continue reading

Verify Your Segmentation is Working with Stealthwatch

Network segmentation…. air gap segmentation… the names go on and on.  But no matter what you call it, you designed it and deployed it for a reason.  Likely a very good reason.  Potentially even a reason with fines and consequences should the segmentation not work.  So once you deploy it…. what then?  Just trust it is working and will always stay working?

 Trust, But Verify

I admit I am likely viewed as boringly logical when it comes to the network.  It just doesn’t seem logical to me to spend so many hours in the design and the deploy phase and then just trust that it is working.   

Don’t just trust.  Verify. 

Use whatever tool you want.  Just please… know what is really going on in your network.  Know reality.   

In this blog I’m going to show you how you can use Stealthwatch to get visibility into what is REALLY going on in your networking in reference to your segmentation.  

How can Stealthwatch tell you if your segmentation is working or not?  I refer to Stealthwatch as “Your Network Detective Command Center”.  If Continue reading

The Linux Migration Series

In early 2017 I kicked off an effort to start using Linux as my primary desktop OS, and I blogged about the journey. That particular effort ended in late October 2017. I restarted the migration in April 2018 (when I left VMware to join Heptio), and since that time I’ve been using Linux (Fedora, specifically) full-time. However, I thought it might be helpful to collect the articles I wrote about the experience together for easy reference. Without further ado, here they are.

Initial Progress Report

Final Linux Distro Selection

Virtualization Provider

Other Users’ Stories: Part 1, Part 2, Part 3, Part 4

Creating Presentations

Corporate Collaboration: Part 1, Part 2, Part 3

April 2017 Progress Report

July 2017 Progress Report

Wrap-Up

These are only the articles directly related to the migration efforts, but many more articles were spawned as a result of the project. Browse through all the Fedora-tagged articles to see some related articles.

If you have any questions about migrating to Linux or about any of these articles (or related articles), you’re welcome to contact me on Twitter. I look forward to hearing from you!

Merry Christmas!

We are now at the 22nd of December, and it is time to take a break to spend time with family and friends (as well as prepping up a lot of work for next year). From my family to yours, we wish you the merriest of Christmas’, and a very happy new year.

Remember, at this time of year, “He who made the blind men see, and the lame men walk,” as Tiny Tim would say.

A bit of retrospect from 2018, and prospect for 2019…

  • I posted 295 items (not including worth reading) here on Rule11 in 2018.
  • Rule11 had more than 128,000 views in 2018.
  • I am shifting roles in the new year; you can expect to see more on this in early January.
  • I am planning to move rule11 off WordPress in 2019; I am trying to find a developer to help me do the initial work to move to either Ghost or Craft, but have not had any luck in finding someone to kick start the process.

As Marley might say: “Look to see me no more, and expect the first post in the new year…”

Find Rogue DNS Servers in your Network with Stealthwatch

Rogue DNS kinda reminds of me of a crime scene show I saw once.  The killer was hijacking the GPS mapping system in the rental cars of their victims.

Imagine that who you think is your valid DNS server actually isn’t.  Yeah… i know – scary.   …. If you are not familiar with the term “Rogue DNS” … maybe you might know the exposure via other terms like DNS hijacking or DNS redirection to name just a few.

In this blog I’m not going to teach about what Rogue DNS… DNS hijacking… or DNS redirection. Nor am I going to talk about solutions like OpenDNS (Cisco’s Umbrella).  I’m going to just show you how you can use Stealthwatch to get visibility into what is REALLY going on in your network in reference to DNS.  We are going to cover 2 situations where having a tool like Stealthwatch could help you with your DNS.

  1. Finding Rogue DNS
  2. DNS Server Cutover:  Checking Reality before Decommissioning DNS Servers

How does Stealthwatch do this?  I refer to Stealthwatch as “Your Network Detective Command Center”.  If there are rogue DNS in your network and your end devices are Continue reading

Docker Certified Containers From IBM

The Docker Certified Technology Program is designed for ecosystem partners and customers to recognize containers and plugins that excel in quality, collaborative support and compliance. Docker Certification gives enterprises an easy way to run trusted software and components in containers on Docker Enterprise with support from both Docker and the publisher.  

As cloud computing continues to transform every business and industry, developers at global enterprises and emerging startups alike are increasingly leveraging container technologies to accelerate how they build modern web, mobile and IoT applications.  

IBM has achieved certification of its flagship Db2 database, Websphere-Liberty middleware server and Security Access Manager products now available on Docker Hub. These Certified Containers enable developers to accelerate building cloud-native applications for the Docker Enterprise platform.  Developers can deploy these solutions from IBM to any on-premises infrastructure or public cloud.  They are designed to assist in the modernization of traditional applications moving from on-premises monoliths into hybrid cloud microservices.

These solutions are validated by both Docker and IBM and are integrated into a seamless support pipeline that provides customers the world-class support they have become accustomed to when working with Docker and IBM.

Check out the latest certified technology available from IBM Continue reading

Athenian Project Turns One: Are Election Websites Safer?

Athenian Project Turns One: Are Election Websites Safer?
Athenian Project Turns One: Are Election Websites Safer?

One year ago, Cloudflare launched the Athenian Project to provide free Enterprise-level service to election and voter registration websites run by state and local governments in the United States. Through this project, we have helped over 100 entities in 24 states protect their websites from denial of service attacks, SQL injection, and other malicious efforts aimed at undermining the integrity of their elections. With the end of the year approaching, and the November 6th US midterm elections behind us, we wanted to look back at the project and what we have learned as we move towards 2020.

US Midterm Election Day

The morning of November 6th was full of anticipation for the Athenian Project team with the policy, engineering and support teams ready as polls opened in the East. Early in the day, we were notified by our partner at the CDT that some elections websites were experiencing downtime. Mobilizing to help these groups, we reached out to the website administrators and, through the course of the day, on-boarded over 30 new county-level websites to the Athenian Project and helped them manage the unpredictably large amounts of legitimate traffic.

This last-minute effort would not have been possible without the help Continue reading

Weekly Show 421: Containing Breaches With Illumio’s Microsegmentation (Sponsored)

On today's Weekly Show we dive into microsegmentation with our sponsor, Illumio. We discuss how Illumio builds an app dependency map in the data center to inform security policies, and leverages existing controls on hosts and in networking gear to cordon high-value workloads and contain attacks.

The post Weekly Show 421: Containing Breaches With Illumio’s Microsegmentation (Sponsored) appeared first on Packet Pushers.

1 1,313 1,314 1,315 1,316 1,317 3,790