Weekly Show 414: Security Implications Of Home Automation
Today's Weekly Show podcast delves into home automation, IoT, and security with guest Chris Young. We talk about Chris's experience building and running his home automation network, how to reverse-engineer undocumented APIs, and the security implications of home automation.
The post Weekly Show 414: Security Implications Of Home Automation appeared first on Packet Pushers.
Stuff The Internet Says On Scalability For November 2nd, 2018
Wake up! It's HighScalability time:
Here's a dystopian vision of the future: A real announcement I recorded on the Beijing-Shanghai bullet train. (I've subtitled it so you can watch in silence.) pic.twitter.com/ZoRWtdcSMy
— James O'Malley (@Psythor) October 29, 2018
"The future is already here – it's just not evenly distributed." — William Gibson
Do you like this sort of Stuff? Please support me on Patreon. I'd really appreciate it. Know anyone looking for a simple book explaining the cloud? Then please recommend my well reviewed (30 reviews on Amazon and 72 on Goodreads!) book: Explain the Cloud Like I'm 10. They'll love it and you'll be their hero forever.
- $10 billion: Apple services revenue; 1.49B: Facebook daily active users; 34: cache sites for iOS rollout; 87M: paying Spotify users; 20k: Facebook's new large-scale dataset for video description as a new challenge for multi-sentence video description; 6 million: online court case dataset; 125 quadrillion: Sierra supercomputer calculations each second; 1500: per day automated chaos experiments run at Netflix; 12: neurons needed to park a car; 2025: boots on Mars; 600: free online courses; 94%: Continue reading
Docker Certified Logging Containers and Plugins from Partners
The Docker Certified Technology Program is designed for ecosystem partners and customers to recognize Containers and Plugins that excel in quality, collaborative support and compliance. Docker Certification gives organizations enterprises an easy way to run trusted software and components in containers on the Docker Enterprise container platform with support from both Docker and the publisher.
In this review, we’re looking at Docker Logging Containers and Plugins. Docker Enterprise provides built-in logging drivers to help users get information from docker nodes, running containers and services. The Docker Engine also exposes a Docker Logging Plugin API for use by Partner Docker logging plugins. The user’s needs are solved by innovations from the extensive Docker ecosystem that extend Docker’s logging capabilities which provide complete log management solutions that include searching, visualizing, monitoring, and alerting.
These solutions are validated by both Docker and the partner company and integrated into a seamless support pipeline that provide customers the world class support they have become accustomed to when working with Docker.
Check out the latest certified Docker Logging Containers and Plugins that are now available from our partners on Docker Store:
- Elastic – Elasticsearch Logging container
- Sematext – Sematext Agent Monitoring and Continue reading
Short Take – DNSSEC Deployment
What is DNSSEC? What does it do? How widely is it deployed? In a technological environment where DNS attacks are common, Russ explores why DNSSEC isn’t as widely deployed as one would hope and provides some suggestions on how to get some momentum behind this important technology.
The post Short Take – DNSSEC Deployment appeared first on Network Collective.
pkSIG 2018: A Fellow’s Perspective
The Pakistan School on Internet Governance 2018 (pkSIG) took place at the Regent Plaza Hotel in Karachi from 3-6 September 2018. It offered a four day intensive learning course, covering the political, legal, economic, socio-cultural, and technological dimensions of Internet Governance within the context of the Pakistani national imperatives. The program included theoretical sessions, role play, and participant engagement activities.
One of the objectives of the seminar was to develop a shared understanding of youth participation in Internet Governance by building expertise through the alumni of the school. A fellowship opportunity was offered to young applicants from the Sindh and Baluchistan provinces who presented a strong motivation to continue to work locally on IG issues after the pkSIG.
The involvement of students and young professionals, like the ICT engineer Sohaib Bukhari, is a successful example of meaningful participation in the shaping of the Internet. They are the generation that has been using the Internet since they were children, they are the ones who will be using it for the next 50 years. Sohaib was thrilled to have an open dialogue with the key stakeholders, while gaining access to comprehensive and structured knowledge on various aspects of the Internet Governance.
So, Continue reading
Clear Skys for IBM and Red Hat
There was a lot of buzz this week when IBM announced they were acquiring Red Hat. A lot has been discussed about this in the past five days, including some coverage that I recorded with the Gestalt IT team on Monday. What I wanted to discuss quickly here is the aspirations that IBM now has for the cloud. Or, more appropriately, what they aren’t going to be doing.
Build You Own Cloud
It’s funny how many cloud providers started springing from the earth as soon as AWS started turning a profit. Microsoft and Google seem to be doing a good job of challenging for the crown. But the next tier down is littered with people trying to make a go of it. VMware with vCloud Air before they sold it. Oracle. Digital Ocean. IBM. And that doesn’t count the number of companies offering a specific function, like storage, and are calling themselves a cloud service provider.
IBM was well positioned to be a contender in the cloud service provider (CSP) market. Except they started the race with a huge disadvantage. IBM was a company that was focused on selling solutions to their customers. Just like Oracle, IBM’s primary customer was Continue reading
Rough Guide to IETF 103: DNSSEC, DNS Security and DNS Privacy
As happened earlier this year at IETF 102 in Montreal, DNS privacy will receive a large focus in the DNSOP, DPRIVE and DNSSD working groups. Given the critical role DNS plays as part of the “public core” of the Internet in linking names and identifiers to IP addresses, the DNS must have stronger security and privacy controls. As part of our Rough Guide to IETF 103, here’s a quick view on what’s happening in the world of DNS.
Note – all times below are Indochina Time (ICT), which is UTC+7.
DNS Operations (DNSOP)
The DNS sessions at IETF 103 start on Monday afternoon from 13:50-15:50 with the DNS Operations (DNSOP) Working Group. As per usual, DNSOP has a packed agenda. The major security/privacy-related drafts include:
- DNS query minimisation – draft-ietf-dnsop-rfc7816bis – Back in 2016, RFC 7816 defined an experimental way to increase DNS privacy and limiting the exposure of DNS query information by simply not sending the entire query all the way up the DNS resolver chain. This new work is to move that RFC 7816 document from being an experiment to being an actual Internet standard.
- Running a DNS root server locally – draft-ietf-dnsop-7706bis – Continue reading
Is a Cloud-native Strategy Right for You?
A cloud-native approach offers an agile environment enabling organizations to meet ever-increasing customer demands and expectations. This allows companies to grow a product, service, or idea and deploy all these things as quickly as business plans change.
Worth Reading: Notes on Distributed Systems
I long while ago I stumbled upon an excellent resource describing why distributed systems are hard (what I happened to be claiming years ago when OpenFlow was at the peak of the hype cycle ;)… lost it and found it again a few weeks ago.
If you want to understand why networking is hard (apart from the obvious MacGyver reasons) read it several times; here are just a few points:
Read more ...Passed AWS Solutions Architect Associate
Hi,
Yesterday I took the AWS Solutions Architect Associate and passed it which means I’m now certified. I started studying for this exam around the August time frame. I had wanted to get some exposure to public cloud to broaden my skill set and AWS was the natural one to go after first considering their dominant position on the market. My goal is to do the networking specialty in order to know all of the networking products inside of AWS. I also have a project I’m working on now in AWS which helps with both motivation, knowledge and hands-on experience.
So, what was the exam like?
I don’t know if it was pure shock at first but I felt very uneasy in the beginning of the exam. The questions I got felt very different to the material and questions I had based my studies on. After a while I felt a bit better but it was still a tough exam for me. I had to really think through all of my answers and only a couple of questions, mostly the ones on networking, I felt confident answering immediately. The exam did feel balanced though covering a broad range of topics Continue reading
Why no cyber 9/11 for 15 years?
This The Atlantic article asks why hasn't there been a cyber-terrorist attack for the last 15 years, or as it phrases it:National-security experts have been warning of terrorist cyberattacks for 15 years. Why hasn’t one happened yet?As a pen-tester who has broken into power grids and found 0dayss in control center systems, I thought I'd write up some comments.
Instead of asking why one hasn't happened yet, maybe we should instead ask why national-security experts keep warning about them.
One possible answer is that national-security experts are ignorant. I get the sense that "national" security experts have very little expertise in "cyber" security. That's why I include a brief resume at the top of this article, I've actually broken into a power grid and found 0days in critical power grid products (specifically, the ABB implementation of ICCP on AIX -- it's rather an obvious buffer-overflow, *cough* ASN.1 *cough*, I don't know if they ever fixed it).
Another possibility is that they are fear mongering in order to support their agenda. That's the problem with "experts", they get their expertise by being employed to achieve some goal. The ones who know most about an issue are simultaneously the Continue reading
The FuzzyLog: a partially ordered shared log
The FuzzyLog: a partially ordered shared log Lockerman et al., OSDI’18
If you want to build a distributed system then having a distributed shared log as an abstraction to build upon — one that gives you an agreed upon total order for all events — is such a big help that it’s practically cheating! (See the “Can’t we all just agree” mini-series of posts for some of the background on consensus).
Services built over a shared log are simple, compact layers that map a high-level API to append/read operations on the shared log, which acts as the source of strong consistency, durability, failure atomicity, and transactional isolation. For example, a shared log version of ZooKeeper uses 1K lines of code, an order of magnitude lower than the original system.
There’s a catch of course. System-wide total orders are expensive to maintain. Sometimes it may be impossible (e.g. in the event of a network partition). But perhaps we don’t always need a total ordering. Oftentimes for example causal consistency is strong enough. FuzzyLog aims to provide the simplicity of a shared log without imposing a total order: it provides partial ordering instead. It’s designed for a world Continue reading
The Internet Society’s Hot Topics at IETF 103
The 103rd meeting of the IETF starts tomorrow in Bangkok which is the first time that an IETF meeting has been held in the city.
The Internet Society’s Internet Technology Team is as always highlighting the latest IPv6, DNSSEC, Securing BGP, TLS, and IoT related developments, and we’ll also be covering DNS Privacy and NTP Security from now on. This is discussed in detail in our Rough Guide to IETF 103, but we’ll also be bringing you daily previews of what’s happening each day as the week progresses.
Below are the sessions that we’ll be covering in the coming week. Note this post was written in advance so please check the official IETF 103 agenda for any updates, room changes, or final details.
Monday, 5 November 2018
- IPv6 Operations (v6ops) – Meeting 1 @ 09.00-11.00 UTC+7
- Routing Over Low power and Lossy networks (roll) – Boromphimarn 1/2 @ 09.00-11.00 UTC+7
- Crypto Forum (cfrg)- Chitlada 1 @ 11.20-12.20 UTC+7
- Domain Name System Operations (dnsop) – Chitlada 1 @ 13.50-15.50 UTC+7
- Transport Layer Security (tls) – Chitlada 2 @ 13.50-15.50 UTC+7
- IPv6 over Networks of Resource-constrained Node (6lo) – Meeting 2 @ 16.10-18.10 UTC+7
Tuesday, 6 November 2018
Large-scale network simulations in Kubernetes, Part 1 – Building a CNI plugin
Building virtualised network topologies has been one of the best ways to learn new technologies and to test new designs before implementing them on a production network. There are plenty of tools that can help build arbitrary network topologies, some with an interactive GUI (e.g. GNS3 or EVE-NG/Unetlab) and some “headless”, with text-based configuration files (e.g. vrnetlab or topology-converter). All of these tools work by spinning up multiple instances of virtual devices and interconnecting them according to a user-defined topology.
Problem statement
Most of these tools were primarily designed to work on a single host. This may work well for a relatively small topology but may become a problem as the number of virtual devices grows. Let’s take Juniper vMX as an example. From the official hardware requirements page, the smallest vMX instance will require:
- 2 VMs - one for control and one for data plane
- 2 vCPUs - one for each of the VMs
- 8 GB of RAM - 2GB for VCP and 6GB for VFP
This does not include the resources consumed by the underlying hypervisor, which can easily eat up another vCPU + 2GB of RAM. It’s easy to imagine how quickly Continue reading