End-to-End Integrity with IPFS

This post describes how to use Cloudflare's IPFS gateway to set up a website which is end-to-end secure, while maintaining the performance and reliability benefits of being served from Cloudflare’s edge network. If you'd rather read an introduction to the concepts behind IPFS first, you can find that in our announcement. Alternatively, you could skip straight to the developer docs to learn how to set up your own website.

By 'end-to-end security', I mean that neither the site owner nor users have to trust Cloudflare to serve the correct documents, like they do now. This is similar to how using HTTPS means you don't have to trust your ISP to not modify or inspect traffic.

CNAME Setup with Universal SSL

The first step is to choose a domain name for your website. Websites should be given their own domain name, rather than served directly from the gateway by root hash, so that they are considered a distinct origin by the browser. This is primarily to prevent cache poisoning, but there are several functional advantages as well. It gives websites their own instance of localStorage and their own cookie jar which are sandboxed from inspection and manipulation by malicious third-party documents. Continue reading

The Week in Internet News: Facebook to Fact-Check Videos and Photos

Fight against fakes: Facebook plans to fact-check videos and photos posted on the social media platform in an effort to combat misinformation, reports the Associated Press on SeattleTimes.com. Fact-checkers will use several methods, including analyzing image metadata, to determine accuracy, and Facebook will label photos and videos that are fakes, the company said.

Regulating IoT: A controversial Internet of Things security bill has passed the California legislature, ZDNet reports. The bill requires IoT device makers to build in “reasonable security,” but the legislation is vague about what that might entail, critics say. Still, it’s the first bill passed in the U.S. that addresses IoT security.

Fake reports of fake news law’s demise: Malaysia’s opposition party has blocked efforts to repeal a controversial law that penalizes the spread of fake news, StraitsTimes.com reports. Critics say the law, which includes penalties of up to six years in prison for spreading misleading information, is an attack on free speech, but the Senate blocked the repeal in a challenge to the new government of Prime Minister Mahathir Mohamad.

Angry Birds tackles blockchain: We’ve talked about a lot of potential uses of blockchain technology here, but this is a new one. The Continue reading

Lumina Networks Snags Cisco, Ericsson Executives to Lead Its Engineering

The SDN company hired Cisco's Avinash Parwaney as VP of engineering.

Trading Off Security And Performance Thanks To Spectre And Meltdown

The revelations by Google’s Project Zero team earlier this year of the Spectre and Meltdown speculative execution vulnerabilities in most of processors that have powered servers and PCs for the past couple of decades shook the industry as Intel and other chip makers scrambled to mitigate the risk of the threats in the short term and then implement plans to incorporate the mitigation techniques into future versions of the silicon. …

Trading Off Security And Performance Thanks To Spectre And Meltdown was written by Jeffrey Burt at .

Why banks didn’t ‘rip and replace’ their mainframes

Consumer demand for instant 24-hour access to personal bank data has taken the financial world in a new direction in less than one generation. Not only do bank IT departments now rival those of software development companies, but banking networks and infrastructure are at least as complex as a tech firm’s. Personal financial information has become one of the most protected and heavily regulated types of data in the world, and security measures and compliance programs consume the largest percentage of a financial institution’s IT budget.Knowing all this, it’s no wonder the “rip and replace” fad of the early 2000’s never materialized in the banking world. With everyone assuming the turn of the millennium meant “out with the old and in with the new,” companies were ready to rip the mainframes out of their infrastructure to prepare for whatever was next. But what came next never really materialized — or continued to prove inferior to the sheer processing power of the mainframe, which remains the only real choice for high-demand business computing.To read this article in full, please click here

Lenovo, NetApp team up vs. Dell EMC, HPE on storage

Lenovo and NetApp's storage alliance, joint venture in China, and new series of all-flash and hybrid flash products announced at Lenovo's Transform event, put them both in a much stronger position in the data center against rivals Dell EMC and HPE.The storage offerings include two familes, each subdivided into all-fash and hybrid -flash products, jointly developed by Lenovo and NetApp and available now worldwide. Several of the products support NVMe (non-volatile memory express), the extremely fast communications protocol and controller able to move data to and from SSDs via the PCIe-bus standard. NVMe SSDs are designed to provide two orders of magnitude speed improvement over prior SSDs.To read this article in full, please click here

Neat Cisco Nexus Features You Might Have Missed

A brief review of some new Cisco Nexus features you may have missed hearing about.

Why banks didn’t ‘rip and replace’ their mainframes

Lenovo, NetApp team up vs. Dell EMC, HPE on storage

Openswitch OPX 3.0.0 Installation On Ubuntu 18.04.1 LTS

I have covered installation of Openswitch OPX 2.3.2 on Linux Ubuntu 16.04 in a previous article. I will go further with this time and cover installation of Openswitch 3.0.0 on Ubuntu 18.04 (upgrade from 16.04). Firstly, it is worth to add that I haven't been successful with installation of any OPX version on Ubuntu 18.0.4.1. I have done several test with different Oracle VirtualBox versions (5.1, 5,2) but I have always got the error message VBoxManage: error: Code NS_ERROR_FACTORY_NOT_REGISTERED (0x80040154) - Class not registered (extended info not available). According to the words of developers installation of OPX 3.0.0 has been tested with Ubuntu 16.04 and Oracle VirtualBox 5.2.

1. Openswitch OPX 3.0.0 Installationon Ubuntu 18.04.1 Using Nested Virtualization

As I do not posses any spare hardware I decided to do a little workaround with the help of nested virtualization. Nested virtualization refers to virtualization that runs inside an already virtualized environment. In other words, it is the ability to run a hypervisor inside of a virtual machine (VM), which itself runs on a hypervisor. I installed Openswitch OPX 3.0.0 Continue reading

Valley-Free Routing in Data Center Fabrics

You might have noticed that almost every BGP as Data Center IGP design uses the same AS number on all spine switches (there are exceptions coming from people who use BGP as RIP with AS-path length serving as hop count… but let’s not go there).

There are two reasons for that design choice:

The seven tools of causal inference with reflections on machine learning

The seven tools of causal inference with reflections on machine learning Pearl, CACM 2018

With thanks to @osmandros for sending me a link to this paper on twitter.

In this technical report Judea Pearl reflects on some of the limitations of machine learning systems that are based solely on statistical interpretation of data. To understand why? and to answer what if? questions, we need some kind of a causal model. In the social sciences and especially epidemiology, a transformative mathematical framework called ‘Structural Causal Models’ (SCM) has seen widespread adoption. Pearl presents seven example tasks which the model can handle, but which are out of reach for associational machine learning systems.

The three layer causal hierarchy

A useful insight unveiled by the theory of causal models is the classification of causal information in terms of the kind of questions that each class is capable of answering. This classification forms a 3-level hierarchy in the sense that questions at level i (i = 1, 2 ,3 ) can only be answered if information from level j (j &geq; i) is available.

The lowest (first) layer is called Association and it involves purely statistical relationships defined by the naked data. This Continue reading

EVPN behind the curtains

Is EVPN magic? Well, like Arthur C Clarke said, any considerable leap in technology is indistinguishable from magic. On that premise, moving from a traditional layer 2 environment to VXLAN driven by EVPN has much of that same hocus pocus feeling. To help demystify the sorcery, this blog aims to help users new to EVPN create some step-by-step understanding of how EVPN works and how the control plane converges. In this blog post, we’ll focus on basic layer 2 (L2) building blocks then work our way up to layer 3 (L3) connectivity and the control plane.

We’ll be using the “reference topology” as our cable plan and foundation to build our understanding of the traffic flow. Our infrastructure will try to demystify a symmetric mode EVPN environment using distributed gateways. All the configurations are defined in this github repo.

If you’d like to follow along as we go, feel free to launch your own CITC blank slate and deploy the above playbook:

EVPN message types

Like any good protocol, EVPN has a robust process for exchanging information with its peers. In EVPN this process uses message types. If you already know OSPF and the LSA messages you can Continue reading

JAMstack podcast episode: Listen to Cloudflare’s Kenton Varda speak about originless code

JAMstack Radio is a show all about the JAMstack, a new way to build fast & secure apps or websites. In the most recent episode, the host, Brian Douglas, met with Kenton Varda, tech lead for Cloudflare Workers and author of Sandstorm.io to discuss some of the infinite uses for running code at the edge.

Listen to what Kenton had to say about serverless technology in this twenty two minute podcast here:

Here's the transcript of the podcast as well:

Brian Douglas: Welcome to another installment of JAMstack Radio. In the room I've got Kenton Varda from Cloudflare.

Kenton Varda: Thanks for having me.

Brian: Thanks for coming all the way across San Francisco to chat with me in person. I'm curious who Kenton is, but I'm also curious what Cloudflare is. Can you answer both questions? Let's start with, "Who is Kenton?"

Kenton: I'm an engineer. I'm the architect of Cloudflare Workers. In a past life I worked for Google for several years. I was once known as the "protocol buffers guy," I was the one who open sourced that. And I founded a company called Sandstorm that was later acquired by Cloudflare.

Brian: I'm Continue reading

How to install LUKS encrypted Ubuntu 18.04.x Server and enable remote unlocking

Much has been changed since my last post about LUKS remote unlock workaround (Particularly, The bug is finally fixed in cryptsetup 2:2.0.2-1ubuntu1.1 and no more workaround is needed). This, is the updated version on how to set things up properly.

UPDATE: Well, it turned out that while the previous bug is fixed, another one still exists. You can find the required workaround for it at the end of this article

In this post, I’m going to show you the required steps and downfalls on running a LUKS encrypted Ubuntu Server setup and how it can be extended to allow remote unlocking.

Prerequisites

A server to install on
Static public IP address
The so called Alternative Ubuntu Server installer¹
Some patience ?

Installing and Setting up encrypted LVM

It is assumed that you already know your way around ISO files and how to boot them on your server.

We will also use the simplest possible setup: A server with a single disk

These steps would completely remove any leftover partitions and their associated data on the drive without the possibility to recover. Consider yourself warned!

We are going to use LVM inside the LUKS container, it is Continue reading

Base Go packages

The Go standard library is generally great, but some parts have replacements that are just plain better and remove frustrations that you may have not even realised were frustrations. Here are my recommendations for every Go program.

I wouldn’t recommend that anyone use the standard library version of these for any purpose, since better alternatives exist.

This list may expand in the future.

gorilla/mux

The standard router is fine, but very low level. Here’s some of the features that makes it vital.

Filter on HTTP method

With the standard router you have to manually check that the method is what you expect it to be, and if the same endpoint has both GET and POST then you have to route that yourself. With gorilla/mux it’s as simple as:

r := mux.NewRouter()
get := r.Method("GET").Subrouter()
post := r.Method("POST").Subrouter()
get.HandleFunc("/", handleRoot)
get.HandleFunc("/items", handleListItems)
post.HandleFunc("/items", handleUploadItem)

You can also assert that headers are in place, for example to check X-Requested-With because some API endpoints should not be allowed in cross-domain XHR requests. Adding it to the router instead of manual checks simplifies code and reduces risk of forgetting to add the check.

Pattern URLs

With Continue reading

Celebrating One Year With Our New Website

It is hard for me to believe, but it was one year ago today that we launched this new website! On September 14, 2017, James Wood began our flow of news with a welcoming blog post – and just a few days later the site was heavily used as part of our massive 25th Anniversary celebration. It was the culmination of a rather insane several months in which a whole crew of people within the Internet Society, as well as at our partners Moving Brands and ATTCK, all burned countless hours to make this site a reality.

One year later, we’ve published over 500 news articles and blog posts; published over 120 new resources and tutorials; promoted many events, and maintained a consistent flow of content on the critical issues affecting the Internet.

We’ve built campaign pages, integrated video and graphics (ex. our GIR page), showcased the amazing work our Chapters are doing, integrated social components (ex. our IoT page and Instagram), and pushed the limits of how many links any sane person should have on a page. I continue to be impressed by the beauty of pages like our Issues page (just move Continue reading

We’ve Added Another Google Cloud Course To Our Video Library!

Tune into Joseph Holbrook’s Associate GCP Cloud Engineer Course to learn about the requirements of the GCP Cloud Engineer Associate Exam.

About the Course:

An Associate Cloud Engineer deploys applications, monitors operations, and manages enterprise solutions. This individual is able to use Google Cloud Console and the command-line interface to perform common platform-based tasks to maintain one or more deployed solutions that leverage Google-managed or self-managed services on Google Cloud. The GCP Cloud Engineer Associate is one of Google’s newest certifications, this course will walk you through everything you need to know to ace your certification exam.

Prerequisites:

Basic knowledge of cloud technologies
Basic Knowledge of GCP Cloud
A will to learn GCP Cloud
Access to a free trial account with GCP
Ability to use Codelabs and Quiklabs

Wireless Execs High on 5G Distributed Network Architecture

Virtualization is the key to making new 5G use cases a reality, according to top tech chiefs at U.S. wireless operators.

AWS vs. Azure: Users Share Their Experiences

Enterprise IT professionals offer their insights into two of the leading cloud platforms, AWS and Azure.

« Previous 1 … 1,413 1,414 1,415 1,416 1,417 … 3,788 Next »