IoT Tales of Horror (Inspired by Real-Life Events)

Happy Halloween! In some parts of the world, people are celebrating this holiday of horror by dressing up as monsters or other frights and watching scary movies. But sometimes these tales can be just a little boring. Pod people? Headless horsemen? Replicant children? Whatever.

I present the real horror stories of Halloween – and every other day of the year. These tales are inspired by real-life events and are guaranteed to give you a chill. (And not just because your smart thermostat is being controlled by a shapeshifting clown who lives in the sewer!)

I(o)T
In the fall of 2018, a group of kids work together to destroy an evil malware, which infects connected toys and preys on the children of their small town.

Inspired by the terrifying vulnerabilities found in everyday connected toys.

Night of the Living Devices
There’s panic across the Internet as connected devices suddenly begin attacking critical Internet infrastructure. The film follows a group of network operators as they frantically work to protect the Internet from these packet spewing, infected devices.

Inspired by the harrowing events of the 2016 Dyn attack.

Rosemary’s Baby Monitor
A young family moves into a house billed as the “smart Continue reading

Broadening The Appeal Of Distributed NVM-Express Storage

NVM-Express has been creating a quiet revolution in servers for several years now, providing a way for flash storage to bypass the traditional storage stack and the limitations of interfaces such as SATA and SAS, and instead pipe data directly into and out of the CPU through the high-speed PCI Express bus.

Broadening The Appeal Of Distributed NVM-Express Storage was written by Daniel Robinson at .

Network Troubleshooting at Safari Books Online

I am giving my network troubleshooting class over at Safari Books Online on the 6th of December for those who are interested. I consider this a foundational session, covering the time components of an outage, a taxonomy of reactions to outages, the half-split method of searching for the root cause, and how models can help you understand the right questions to ask to narrow a problem down quickly. A lot of this course is based on formal methods of troubleshooting I learned in electronic engineering, adapted for the networking world.

This is one of three webinars I give at Safari Books on a periodic basis; I hope to be adding a fourth in the near future.

Cisco WLC for Wired to Wireless mDNS and Bonjour

Bonjour and mDNS are discovery mechanisms that generally work effortlessly within a single VLAN. Those attempting to implement these protocols in a multi subnet environment often run into some significant challenges. The typical use of CAPWAP in an enterprise wireless network adds to the segmentation between wired and wireless domains and requires special attention with devices like Applet TVs and Bonjour based printers. In this article, I will address the use case of allowing a wired Apple TV to be seen and used by a wireless client. We will also do some basic filtering to contain those advertisements to a single building.

The Starting Topology

The Scenario

Operating with a baseline configuration, users on the BigU SSID are complaining that they cannot access the Apple TV in BLDG – 3. The first task is to make that device available to those users. While the underlying infrastructure is irrelevant to this configuration method, it is MPLS and cannot be changed in our process. All APs are running in LOCAL mode. This mode creates a compulsory CAPWAP tunnel for the data plane through the controller. In the above diagram, VLAN 110 is trunked out of the controller on to the network in Continue reading

The Shifting Landscape of E-Commerce

It’s no surprise that buying behaviors have seen significant change over the past several years. Global online e-commerce sales are expected to double between 2016 and 2020. According to the U.S. Bureau of Economic Analysis (BEA), personal income increased $54.8 billion (0.3%) in July of 2018, while disposable personal income (DPI) increased $52.5 billion (0.3%) and personal consumption expenditures (PCE) increased $49.3 billion (0.4%). July’s increase in personal income was a result of salary increases, rental income, and personal dividend income. The $29.6 billion increase in PCE in July led to an increase of $10.9 billion in spending for goods and a $18.9 billion increase in spending for services.

Online shoppers are experiencing a new wave of e-commerce, one that’s highly personalized to that individual’s shopping interests and behaviors. Brands are putting more dollars behind personalization, where they capture customer data points and present those customers with relevant content and products to encourage an online sale. By capturing search queries, shopping cart, geographic location, purchase history, social behavior, and customer segments, brands are able to alter their site’s content to best serve each individual customer. More than ever, e-commerce companies Continue reading

Episode 38 – DDoS Mitigation

In this Community Roundtable episode of Network Collective, Roland Dobbins and Nick Buraglio join us to talk about the current state of DDoS on the Internet and some strategies you can use to mitigate these risks on your network.

 

We would like to thank VIAVI Solutions for sponsoring this episode of Network Collective. VIAVI Solutions is an application and network management industry leader focusing on end-user experience by providing products that optimize performance and speed problem resolution. Helping to ensure delivery of critical applications for businesses worldwide, Viavi offers an integrated line of precision-engineered software and hardware systems for effective network monitoring and analysis. Learn more at www.viavisolutions.com/networkcollective.

 

Roland Dobbins
Guest
Nick Buraglio
Guest
Jordan Martin
Host
Eyvonne Sharp
Host
Russ White
Host

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post Episode 38 – DDoS Mitigation appeared first on Network Collective.

Digital Development Is the Way Forward: The Suusamyr Community Network Launches at CNX

Asylbek Sanarbekov, a social worker in the village of Suusamyr, Kyrgyzstan, can often be seen standing outside of his office building, phone in hand. He goes there to connect to the new Suusamyr Community Network, which has antennas on a nearby water tower. The Suusamyr Community Network officially launches today at the Community Network Xchange (CNX) in New Delhi. It’s a big improvement over Sanarbekov‘s connection at home, where he uses expensive and sometimes unreliable mobile data.

The village of Suusamyr is located in the Suusamyr Valley, a remote region in the Tian Shan Mountains. It’s a popular tourist destination thanks to its breathtaking landscape and its sparse population, with just over 3,000 residents. During the warmer months, they’re employed in agriculture, but by winter, thanks to heavy snowfall and subfreezing temperatures, many are unemployed.

“We are a small, landlocked mountainous country, so the traditional economic models do not necessarily work for us,” says Talant Sultanov, chair of the Internet Society‘s Kyrgyz Chapter. “We decided that digital development is the way forward.”

There’s a mobile connection in the village of Suusamyr, but according to Mairambek Ismailov, deputy head of the local self-government body, it’s not necessarily fast, reliable, or Continue reading

Improving RubyDocs with Cloudflare Workers and Workers KV

Improving RubyDocs with Cloudflare Workers and Workers KV
Improving RubyDocs with Cloudflare Workers and Workers KV

The following is a guest post from Manuel Meurer, Berlin based web developer, entrepreneur, and Ruby on Rails enthusiast. In 2010, he founded Kraut Computing as a one-man web dev shop and launched Uplink, a network for IT experts in Germany, in 2015.

RubyDocs is an open-source service that generates and hosts “fancy docs for any Ruby project”, most notably for the Ruby language itself and for Rails, the most popular Ruby framework. The nifty thing about it is that the docs can be generated for any version of a project — so let’s say you’re working on an old Rails app that still uses version 3.2.22 (released June 16, 2015), then you can really benefit from having access to the docs of that specific version, since a lot of the methods, classes, and concepts of the current Rails version (5.2.1 at the time of writing) don’t exist in that old version.

Scratching an itch

I built RubyDocs back in 2013 to scratch my own itch — a few similar services that I had used over the years had disappeared or hadn’t been regularly updated. After the initial work to get RubyDocs up and running, I continued Continue reading

Docker Achieves FIPS 140-2 Validation

 

We are excited to share that we have achieved formal FIPS 140-2 validation (Certificate #3304) from the National Institute of Standards and Technology (NIST) for our Docker Enterprise Edition Crypto Library. With this validation and industry-recognized seal of approval for cryptographic modules, we are able to further deliver on the fundamental confidentiality, integrity and availability objectives of information security and provide our commercial customers with a validated and secure platform for their applications. As required by the Federal Information Security Management Act (FISMA) and other regulatory technology frameworks like HIPAA and PCI, FIPS 140-2 is an important validation mechanism for protecting the sensitivity and privacy of information in mission-critical systems.

As we highlighted in a previous blog post, Docker Engine – Enterprise version 18.03 and above includes this now-validated crypto module. This module has been validated at FIPS 140-2 Level 1. The formal Docker Enterprise Edition Crypto Library’s Security Policy calls out the specific security functions in Docker Engine – Enterprise supported by this module and includes the following:

  • ID hashes
  • Swarm Mode distributed state store and Raft log (securely stores Docker Secrets and Docker Configs)
  • Swarm Mode overlay networks (control plane only)
  • Swarm Mode mutual TLS implementation
  • Docker daemon socket Continue reading

Moment-based quantile sketches for efficient high cardinality aggregation queries

Moment-based quantile sketches for efficient high cardinality aggregation queries Gan et al., VLDB’18

Today we’re temporarily pausing our tour through some of the OSDI’18 papers in order to look at a great sketch-based data structure for quantile queries over high-cardinality aggregates.

That’s a bit of a mouthful so let’s jump straight into an example of the problem at hand. Say you have telemetry data from millions of heterogenous mobile devices running your app. Each device tracks multiple metrics such as request latency and memory usage, and is associated with dimensional metadata (categorical variables) such as application version and hardware model.

In applications such as A/B testing, exploratory data analysis, and operations monitoring, analysts perform aggregation queries to understand how specific user cohorts, device types, and feature flags are behaving.

We want to be able to ask questions like “what’s the 99%-ile latency over the last two weeks for v8.2 of the app?

SELECT percentile(latency, 99) FROM requests
WHERE time > date_sub(curdate(), 2 WEEK)
AND app_version = "v8.2"

As well as threshold queries such as “what combinations of app version and hardware platform have a 99th percentile latency exceeding 100ms?

SELECT app_version, hw_model, PERCENTILE(latency,  Continue reading

Rough Guide to IETF 103: IPv6

In this post for the Internet Society Rough Guide to IETF 103, I’m reviewing what’ll be happening at the IETF in Bangkok next week.

IPv6 deployment hit another milestone recently, reaching 25% adoption globally. The almost total depletion of the pool of unallocated IPv4 addresses has seen the cost of an IPv4 address on the transfer market rise from USD 15 to 18 in just a few months, which has encouraged network operators to further step-up their deployment efforts.

There was some good news from the UK with the largest mobile operator EE and the incumbent provider of broadband Internet BT, increasing to nearly 30% and 46% respectively. Other mobile operators deploying IPv6 also saw a boost this month with the release of Apple’s iOS 12 update that adds IPv6 support for cellular data.

Belgium still leads the way, but Germany is rapidly catching up, followed by Greece, the US and India. France, Malaysia, Finland and Australia also seem to have seen a surge in deployment recently.

IPv6 is always an important focus for the IETF, and this meeting will see a lot of work with respect to deployment-related improvements and the Internet-of-Things.

The IPv6 Operations (v6ops) Working Group is Continue reading

Analyzing the KSK Roll

It's been more than two weeks since the roll of the Key Signing Key (KSK) of the root zone on October 11 2018, and it's time to look at the data to see what we can learn from the first roll of the root zone's KSK.

Terraform Install Ubuntu 1804

Terraform is an infrastructure as code tool from the wonderful people at Hashicorp. Terraform makes it really enjoyable to manage infrastructure on platforms such as AWS, Azure, VMware vSphere and OpenStack among many others. This short post will run through installing Terraform on Ubuntu...
1 1,368 1,369 1,370 1,371 1,372 3,794