Think Like an Engineer, not a Cheerleader

When you see a chart like this—

—you probably think if I were staking my career on technologies, I would want to jump from the older technology to the new just at the point where that adoption curve starts to really drive upward.

Over at ACM Queue, Peter J. Denning has an article up on just this topic. He argues that if you understand the cost curve and tipping point of any technology, you can predict—with some level of accuracy—the point at which the adoption s-curve is going to begin its exponential growth phase.

Going back many years, I recognize this s-curve. It was used for FDDI, ATM, Banyan Vines, Novell Netware, and just about every new technology that has ever entered the market.

The problem with this curve, Continue reading

IDG Contributor Network: IoT alphabet soup: when should an enterprise use MQTT versus LWM2M?

There is tremendous interest from industrial enterprises to understand the nuances of the two most debated IoT data communications protocols: MQTT and LWM2M. MQTT and LWM2M are protocols that create a standard way to get device data to systems, platforms, applications, and other devices.Let’s talk a little about each protocol and when it’s best used in an enterprise IoT deployment.MQTT and when to use it Message queuing telemetry transport (MQTT) is an ISO standard which describes a publish/subscribe (pub/sub) messaging protocol. Nearly all IoT platforms support MQTT communication, making it the de facto standard for device-to-platform IoT communication.To read this article in full, please click here

Time-Saving Techniques for Deploying and Managing Kubernetes Applications

DevOps teams face a steep learning curve with best practices related to deploying, running, and managing the lifecycle of a containerized application.

Alibaba Co-Founder and Executive Chairman Jack Ma to Retire

Jack Ma is retiring to focus on philanthropic efforts in education. Current CEO Daniel Zhang will take over Ma’s role as chairman of the board.

Top Oracle Exec Thomas Kurian Takes ‘Extended’ Break

Kurian, who reports directly to CTO Larry Ellison, didn’t say when he’ll return or why he’s taking time off.

BrandPost: Ethernet Adventures: Learning to Thrive in a New World

Ciena Chris Sweetapple, Consultant, Managed Service Providers In our final post in this 3-part series covering one hero’s journey on the road to streamlined enterprise networking operations, Ciena’s Chris Sweetapple describes how Our Hero embraces business Ethernet to shed complexity and simplify operations, creating a network that grows with the business.To read this article in full, please click here

Public Cloud Postcentralization is the Thin Edge of the Wedge into the Enterprise

Like an amoeba the public cloud is extending fingerlike projections to the edge in a new kind of architecture that creates a world spanning distributed infrastructure under one centralized management, billing, and security domain.

This issue—the deep nature of centralization—came up as a comment on my article What Do You Believe Now That You Didn't Five Years Ago? Centralized Wins. Decentralized Loses.

Centralization can refer to the locus of computation, but it also refers to a boundary, to a domain of control.

Facebook, Netflix, and Google are all distributed across much of the world, but they are still centralized services because control is centralized. You know this because in a browser, no matter where you are in the world, you navigate to facebook.com, netflix.com, or google.com, you never enter the URL for independent shards, yet all your data and services magically follow you around like a hyperactive puppy. 

That's the world we've come to expect. That's how services built on a cloud work.

In an unexpected development, the public cloud is expanding control out to the edge. As I wrote in Stuff The Internet Says On Scalability For July 27th, 2018:

Worth Reading: Smaching up an IT Pangea

Back in 1995, the entire X86 server market accounted for about $5.7 billion in sales, but after the dot-com boom got into full swing by 1997, sales had more than doubled to $12 billion and shipments had also more than doubled to 1.8 million units. —Timothy Prickett Morgan @The Next Platform

Our Docker Certified Associate Training Series Is Here!

In this course, you’ll learn the technologies behind Docker, while following the requirements for the Docker Certified Associate exam. This Course is taught by Andrew Crouthamel and is 3hours and 17 minutes long.

In this training series, you will learn how Docker works, and how it compares to existing virtualization technologies. You will learn how to install and configure Docker, retrieve and create containers, as well as their required pieces, such as virtual networks, data volumes, and repositories. Lastly, you will learn how to orchestrate numerous dockers in clusters, and create your own container registries.

Interested in watching? You can view this course by logging into your members account. You can also purchase this course for download at ine.com.

The Week in Internet News: ‘Five Eyes’ Demand Access to Encrypted Information

Prying eyes: The so-called Five Eyes – the surveillance alliance of Australia, Canada, New Zealand, the U.K. and the U.S. – pledged not to weaken encryption, at the same time as the countries are pushing tech companies to give them access to encrypted evidence, notes SearchSecurity. Representatives of the five countries released a new “Statement of Principles on Access to Evidence and Encryption,” after a recent meeting in Australia. Encryption can help “child sex offenders, terrorists and organized crime groups … frustrate investigations and avoid detection and prosecution,” the statement suggests. More at ZDNet.

AI as public enemy No. 1? Artificial Intelligence is a bigger concern than climate change or terrorism, says the incoming president of the British Science Association, The Telegraph says. Really? AI progress is “happening too fast” without enough scrutiny or regulation, according to physics professor Jim Al-Khalili. It certainly wouldn’t be the first time technology has outpaced regulation.

AI vs. democracy: Meanwhile, AI is transforming social media, with major implications for democracy, worries Clint Watts, a distinguished research fellow at the Foreign Policy Research Institute, in an opinion piece at the Washington Post. “Over the long term, AI-driven campaigns may well be the undoing Continue reading

Life on the Network Edge

EU Copyright Vote: A Critical Juncture for the Open Internet

Back in June, we blogged about the draft EU copyright proposal which is currently making its way through the legislative process in Brussels.  We outlined how under one of the more controversial provisions within the draft Directive, Article 13, certain Internet platforms could be held legally responsible for any copyright content that their users upload and would effectively have to turn to automated filtering solutions to remove infringing content at the point of user upload. Moreover, in order to avoid potential legal liability, it is widely expected that content sharing providers would err on the side of caution and remove excessive amounts of content, resulting in a form of online censorship.

Since that blogpost, the European Parliament Plenary narrowly voted on 5th July to reject the proposal tabled by the Legal Affairs (JURI) Committee and a mandate to negotiate, and now the proposed Directive will undergo a full discussion and rescheduled vote in the next Plenary meeting on 12th September. This was a fantastic outcome, thanks in large part to a groundswell of support from those who value the fundamental right of freedom of expression online. It has presented a window of opportunity to correct the deeply flawed approach to Continue reading

Are BGPs security features working yet?

Are BGPs security features working yet?

Nagios Core monitoring software: lots of plugins, steep learning curve

The free and open-source network monitoring software Nagios Core has a long and strong reputation, providing the base for other monitoring suites - Icinga, Naemon and OP5 among them – and a history dating back to 2002 when it launched under the name NetSaint.For this review we tested Nagios Core version 4.4.2 for Linux, which monitors common network services such as HTTP, SMTP, POP3, NNTP and PING.There’s a Windows port that’s a plugin, but many users say it’s unstable. The version we tested also tracks the usage of host resources such as processor load, memory and disk utilization.[ Also see reviews of Icinga and Observium network-monitoring software. | For regularly scheduled insights sign up for Network World newsletters. ] Hardware requirements vary depending on the number and types of items being monitored, but generally speaking Nagios recommends a server configuration with at least two or four cores, 4-8 GB of RAM and adequate storage for the intended application.To read this article in full, please click here

Nagios Core monitoring software: lots of plugins, steep learning curve

The free and open-source network monitoring software Nagios Core has a long and strong reputation, providing the base for other monitoring suites - Icinga, Naemon and OP5 among them – and a history dating back to 2002 when it launched under the name NetSaint.For this review we tested Nagios Core version 4.4.2 for Linux, which monitors common network services such as HTTP, SMTP, POP3, NNTP and PING.There’s a Windows port that’s a plugin, but many users say it’s unstable. The version we tested also tracks the usage of host resources such as processor load, memory and disk utilization.[ Also see reviews of Icinga and Observium network-monitoring software. | For regularly scheduled insights sign up for Network World newsletters. ] Hardware requirements vary depending on the number and types of items being monitored, but generally speaking Nagios recommends a server configuration with at least two or four cores, 4-8 GB of RAM and adequate storage for the intended application.To read this article in full, please click here

Fixing an old hack – why we are bumping the IPv6 MTU

Back in 2015 we deployed ECMP routing - Equal Cost Multi Path - within our datacenters. This technology allowed us to spread traffic heading to a single IP address across multiple physical servers.

You can think about it as a third layer of load balancing.

• First we split the traffic across multiple IP addresses with DNS.
• Then we split the traffic across multiple datacenters with Anycast.
• Finally, we split the traffic across multiple servers with ECMP.

When deploying ECMP we hit a problem with Path MTU discovery. The ICMP packets destined to our Anycast IP's were being dropped. You can read more about that (and the solution) in the 2015 blog post Path MTU Discovery in practice.

To solve the problem we created a small piece of software, called pmtud (https://github.com/cloudflare/pmtud). Since deploying pmtud, our ECMP setup has been working smoothly.

Hardcoding IPv6 MTU

During that initial ECMP rollout things were broken. To keep services running until pmtud was done, we deployed a quick hack. We reduced the MTU of  IPv6 traffic to the minimal possible value: 1280 bytes.

This was done as a tag on a default route. This is Continue reading

Routing in Data Center: What Problem Are You Trying to Solve?

Here’s a question I got from an attendee of my Building Next-Generation Data Center online course:

As far as I understood […] it is obsolete nowadays to build a new DC fabric with routing on the host using BGP, the proper way to go is to use IGP + SDN overlay. Is my understanding correct?

Ignoring for the moment the fact that nothing is ever obsolete in IT, the right answer is it depends… this time on answer(s) to two seemingly simple questions “what services are we offering?” and “what connectivity problem are we trying to solve?”.

NAVEX: Precise and scalable exploit generation for dynamic web applications

NAVEX: Precise and scalable exploit generation for dynamic web applications Alhuzali et al., USENIX Security 2018

NAVEX (https://github.com/aalhuz/navex) is a very powerful tool for finding executable exploits in dynamic web applications. It combines static and dynamic analysis (to cope with dynamically generated web content) to find vulnerable points in web applications, determine whether inputs to those are appropriately sanitised, and then builds a navigation graph for the application and uses it to construct a series of HTTP requests that trigger the vulnerability.

It also works at real-world scale: NAVEX was used on 26 PHP applications with a total of 3.2M SLOC and 22.7K PHP files. It generated 204 concrete exploits across these applications in a total of 6.5 hours. While the current implementation of NAVEX targets PHP applications, the approach could be generalised to other languages and frameworks.

In this paper, our main contribution is a precise approach for vulnerability analysis of multi-tier web applications with dynamic features… our approach combines dynamic analysis of web applications with static analysis to automatically identify vulnerabilities and generate concrete exploits as proof of those vulnerabilities.

Here’s a example of what NAVEX can do. From the 64K Continue reading

Bob Ross, Lorem Ipsum, Heroku and Cloudflare Workers

It may not be immediately obvious how these things are related, but bear with me... It was 4pm Friday and one of the engineers on the Cloudflare Tools team came to me with an emergency. "Steve! The Bob Ross Ipsum generator is down!".

If you've not heard of Lorem Ipsum, it's an extract from a latin poem that designers use as placeholder text when designing the layout of a document. There are generators all over the web that will spit out as much text as you need.

Of course, the web being the web that we all love, there are also endless parodies of Lorem Ipsum. You can generate Hodor Ipsum, Cat Ipsum and Hipster Ipsum. I have a new, undisputed favourite: Bob Ross Ipsum.

Not growing up in the U.S., I hadn't come across the lovable, calm, serene and beautiful human that is Bob Ross. If you haven't spent 30 mins watching him paint a landscape, you should do that now. He built a following as host of the TV show “The Joy of Painting” which ran on the U.S. PBS channel from 1983-1994. He became famous for Continue reading

Introducing Real World Serverless – Practical advice on how to use Cloudflare Workers

We’re getting the best minds on serverless technology from Cloudflare together to lead a series of talks on practical use cases for Cloudflare Workers. Join any of these six global talks for stories of how companies and developers are using serverless in the real world.

San Francisco - London - Austin - Singapore - Sydney - Melbourne

Want a Real World Serverless event in your city? Interested in sharing your stories and experience deploying serverless apps in production? Email [email protected] and let’s put something together.

Check out the event details and register through the Eventbrite links below.

Real World Serverless - San Francisco

Sept 11th, 2018, 6:00pm-9:00pm
In partnership with Serverless Meetup
Location: Heavybit - 325 9th St, San Francisco, CA 94103

View Event Details & Register Here »

Real World Serverless - London

Sept 18th, 2018, 6:00pm-9:00pm
Location: Cloudflare London - 25 Lavington St, Second floor SE1 0NZ London

View Event Details & Register Here »

Real World Serverless - Austin

October 2nd, 2018, 6:00pm-9:00pm
In partnership with ATX Serverless Meetup
Location: Downtown Austin

View Event Details Continue reading