Roughtime: Securing Time with Digital Signatures

Roughtime: Securing Time with Digital Signatures
Roughtime: Securing Time with Digital Signatures

When you visit a secure website, it offers you a TLS certificate that asserts its identity. Every certificate has an expiration date, and when it’s passed due, it is no longer valid. The idea is almost as old as the web itself: limiting the lifetime of certificates is meant to reduce the risk in case a TLS server’s secret key is compromised.

Certificates aren’t the only cryptographic artifacts that expire. When you visit a site protected by Cloudflare, we also tell you whether its certificate has been revoked (see our blog post on OCSP stapling) — for example, due to the secret key being compromised — and this value (a so-called OCSP staple) has an expiration date, too.

Thus, to determine if a certificate is valid and hasn’t been revoked, your system needs to know the current time. Indeed, time is crucial for the security of TLS and myriad other protocols. To help keep clocks in sync, we are announcing a free, high-availability, and low-latency authenticated time service called Roughtime, available at roughtime.cloudlare.com on port 2002.

Time is tricky

It may surprise you to learn that, in practice, clients’ clocks are heavily skewed. A recent study of Continue reading

Smart or Dumb NICs on Software Gone Wild

Hardware vendors are always making their silicon more complex and feature-rich. Is that a great idea or a disaster waiting to happen? We asked Luke Gorrie, the lead developer of Snabb Switch (an open-source user-land virtual switch written in Lua) about his opinions on the topic.

TL&DL version: Give me a dumb NIC, software can do everything else.

If you want to know more, listen to Episode 93 of Software Gone Wild.

Listen to the podcast

Same-different problems strain convolutional neural networks

Same-different problems strain convolutional neural networks Ricci et al., arXiv 2018

Since we’ve been looking at the idea of adding structured representations and relational reasoning to deep learning systems, I thought it would be interesting to finish off the week with an example of a problem that seems to require it: detecting whether objects in a scene are the same or different.

This image containing a flute was correctly classified by a CNN trained on millions of photographs. On ImageNet the network even surpassed the accuracy of a human observer.

This image contains two shapes that are the same, a relationship that is immediately obvious to a human observer. “Yet, the CNN failed to learn this relation even after seeing millions of training examples.

The above is an example of a same-different (SD) visual relation problem (output whether the objects in the scene are the same, or different). Spatial relation (SR) problems ask whether objects follow a certain spatial relation, e.g. in a line, horizontally stacked, vertically stacked, and so on. For example:

The synthetic visual reasoning test (SVRT) contains a collection of 23 binary classification problems along these lines. In each case opposing classes differ Continue reading

Business Solutions at AnsibleFest

AF-Business-Solutions-Blog

I’ve always enjoyed listening to how customers are solving their business challenges using Red Hat Ansible Automation. From the simple to the uniquely creative solutions, they’re always fun to hear. So every time AnsibleFest comes around, I get especially excited knowing that I’ll have the chance to hear far more than one or two stories.

This year’s AnsibleFest in Austin is expected to be the biggest ever. To cater for the many different interests of attendees, we’ve created six specific tracks with curated content sure to interest. I’ve managed to “bag” the Business Solutions track, which will contain ten talks in total.

Sifting through the hundreds of submissions (the job gets harder every year!) I’ve picked out three talks which I’m really looking forward to listening to.

1. Upgrading the backend database of a £3 billion business website on a Friday afternoon

However that panned out, it’s sure to be a great story! I’m grabbing some popcorn for this one :)

2. Using Ansible to Satisfy Compliance Controls

Security automation is a big topic these days, and the security community has come to realise the power in Ansible to help them get things done. I’ve lost count of the Continue reading

Learn How Tomorrow is Built: Sign Up for vForum Online Fall 2018

Some of the best things in life are at our fingertips: grocery delivery, the ability to schedule a cleaner with just a few clicks, hailing and tracking drivers from your phone – and now we’d like to add instantly and conveniently accessing information that can completely transform your organization’s IT infrastructure – all from the comfort of your own laptop, from wherever you happen to be.

That’s right – this year, VMware is delighted to present an online event designed to give you all the information you’ll need to help inspire serious changes to IT infrastructure within your organization. This half-day virtual IT event will feature incredible insight from vExperts that’s sure to inspire and educate IT professionals who are itching to deliver serious digital transformation around how to modernize data centers, integrate public clouds, transform networks and security, and secure digital workplaces.

 

vForum Online

Tuesday, October 9, 2018
9:00 am – 2:00 pm PDT / 12:00 pm – 3:00 pm EDT

The robust agenda and stellar lineup boasts everything from education and inspiration to actual implementation, including:

  • Keynote featuring VMware CEO Pat Gelsinger, “Technology Superpowers: Pushing Through the Boundaries of What’s Possible” that’s sure to inspire;
  • 28 technical Continue reading

Network automation helps more than just network admins

Systems administrators are the heart of any IT team. Since IT is arguably what keeps most modern organizations operating, then in some ways sysadmins are the heart of modern organizations. Of course network automation can make the lives of network engineers easier, but it can also benefit enterprises as a whole. Yet here’s an interesting quandary: does network automation even benefit systems administrators?

Sysadmins shepherd hardware, virtualization platforms, Operating System Environments (OSEs), and more.  They must master multiple disciplines within IT, and are under the constant pressure to learn even more. The life of a systems administrator is one of trying to carefully balance the solving of immediate problems while investing with their future via automation to prevent these problems from recurring, additionally with lifelong learning.

As a profession, systems administration has been cyclical. In one part of the cycle the generalist sysadmin is championed. In the next, specialization is all the rage.  The past decade has seen the generalist brought once more to the fore, as specialties such as “storage administrator” are automated away by clever software.

However, throughout the decades the physical networks have largely remained the jurisdiction of dedicated network administrators.  If the networks belong to Continue reading

Devops with Kubernetes

I did the following presentation “Devops with Kubernetes” in Kubernetes Sri Lanka inaugural meetup earlier this week. Kubernetes is one of the most popular open source projects in the IT industry currently. Kubernetes abstractions, design patterns, integrations and extensions make it very elegant for Devops. The slides delve little deep on these topics. How Kubernetes … Continue reading Devops with Kubernetes

NEXT 100 Webinar – Top 3 reasons why you should run your enterprise workloads on GKE

I presented this webinar “Top 3 reasons why you should run your enterprise workloads on GKE” at NEXT100 CIO forum earlier this week. Businesses are increasingly moving to Containers and Kubernetes to simplify and speed up their application development and deployment. The slides and demo covers the top reasons why Google Kubernetes engine(GKE) is one of … Continue reading NEXT 100 Webinar – Top 3 reasons why you should run your enterprise workloads on GKE
1 1,462 1,463 1,464 1,465 1,466 3,844