An Update on the Docker FIPS 140-2 Compliance Initiative

Recently Docker Engine – Enterprise version 18.03 was released, our first to include the FIPS 140-2 compliant modules currently undergoing validation by the NIST CMVP. These modules cover the cryptography elements in Docker Engine – Enterprise and are used when Engines are deployed standalone or with Docker Swarm enabled.

Compliance from Docker Engine to Container Platform

Additionally we are working to bring the FIPS 140-2 compliant modules into the remainder of the Docker Enterprise container platform and make this available to our customers. This will include FIPS 140-2 compliance for the private registry and management Continue reading

When it comes to IP desk phones, the secondary market is the way to go

As I sit at my desk and stare at the phone in front of me, I think back to a time when “experts” predicted desk phones would no longer be needed.Well, those experts were certainly wrong. Instead, we have several options in desk phones — so many, in fact, that you may feel you need directory assistance just to get started. You're left wondering if you should go with an old favorite or try a newer model. And you're likely concerned about Cisco's announced end-of-sale and end-of-life dates for the Cisco Unified IP Phones 7945, 7965, 7975, and 7916. Are they still a good value, and will they still be available in the secondary market?Or maybe you're wondering if you should go with the Cisco 8800 Series models that came out a few years ago that were supposed to eventually replace the whole 7900 Series. Can you afford all the bells and whistles that go with the 8800 series?To read this article in full, please click here

How the L1 Terminal Fault vulnerability affects Linux systems

Announced just yesterday in security advisories from Intel, Microsoft and Red Hat, a newly discovered vulnerability affecting Intel processors (and, thus, Linux) called L1TF or “L1 Terminal Fault” is grabbing the attention of Linux users and admins. Exactly what is this vulnerability and who should be worrying about it?L1TF, L1 Terminal Fault, and Foreshadow The processor vulnerability goes by L1TF, L1 Terminal Fault, and Foreshadow. Researchers who discovered the problem back in January and reported it to Intel called it "Foreshadow". It is similar to vulnerabilities discovered in the past (such as Spectre).This vulnerability is Intel-specific. Other processors are not affected. And like some other vulnerabilities, it exists because of design choices that were implemented to optimize kernel processing speed but exposed data in ways that allowed access by other processes.To read this article in full, please click here

How the L1 Terminal Fault vulnerability affects Linux systems

Announced just yesterday in security advisories from Intel, Microsoft and Red Hat, a newly discovered vulnerability affecting Intel processors (and, thus, Linux) called L1TF or “L1 Terminal Fault” is grabbing the attention of Linux users and admins. Exactly what is this vulnerability and who should be worrying about it?L1TF, L1 Terminal Fault, and Foreshadow The processor vulnerability goes by L1TF, L1 Terminal Fault, and Foreshadow. Researchers who discovered the problem back in January and reported it to Intel called it "Foreshadow". It is similar to vulnerabilities discovered in the past (such as Spectre).This vulnerability is Intel-specific. Other processors are not affected. And like some other vulnerabilities, it exists because of design choices that were implemented to optimize kernel processing speed but exposed data in ways that allowed access by other processes.To read this article in full, please click here

How the L1 Terminal Fault vulnerability affects Linux systems

Announced just yesterday in security advisories from Intel, Microsoft and Red Hat, a newly discovered vulnerability affecting Intel processors (and, thus, Linux) called L1TF or “L1 Terminal Fault” is grabbing the attention of Linux users and admins. Exactly what is this vulnerability and who should be worrying about it?L1TF, L1 Terminal Fault, and Foreshadow The processor vulnerability goes by any of those names. Researchers who discovered the problem back in January and reported it to Intel called it "Foreshadow". It is similar to vulnerabilities discovered in the past (such as Spectre).This vulnerability is Intel-specific. Other processors are not affected. And like some other vulnerabilities, it exists because of design choices that were implemented to optimize kernel processing speed but exposed data in ways that allowed access by other processes.To read this article in full, please click here

Learning About Blockchain, Internet Governance, and Cryptocurrency

My first task as the Internet Society’s Regional Community Manager for the Middle East was to organize three events in a span of a week in three different cities around the Middle East about Blockchain with Dr. Walid Al Saqaf, Internet Society Board of Trustees, as the keynote speaker.

Amman, Beirut, and Dubai

July 8th was D-Day for Amman at the Grand Hyatt Hotel in partnership with Int@j Jordan and Tank by Omnia. July 19th was Beirut, Lebanon, at the Movenpick Beirut, co-organized with the Internet Society Lebanon Chapter. July 12th was Dubai, UAE, at DTEC Silicon Oasis Authority, co-organized with the ISOC UAE Chapter. All three cities differed in the type of attendees, but the subjects were the same: Blockchain, Internet Governance, and Cryptocurrency.

Dr. Walid Al Saqaf, along with Waheed Al Barghouti, a cryptocurrency expert, conducted a four-hour morning workshop with a live mining demo, “create your blockchain” exercise, and smart contract creation, rules, and regulations. Moreover, there was an open forum in the afternoon that included high-level government representatives as well as private and public sector attendees.

Blockchain had been ambiguous to me, yet after the first workshop I found myself knowing more and more about Continue reading

Dictionary: Golf Induced Recommendations

What is Golf Induced Recommendations ?

Istio Aims To Be The Mesh Plumbing For Containerized Microservices

In the wonderful world of software containers, it can feel like the ground is constantly shifting beneath your feet as new projects spring up to address problems that you thought had been solved long ago. …

Istio Aims To Be The Mesh Plumbing For Containerized Microservices was written by Daniel Robinson at .

Automation Learning Approach

The world changes. The hit novel “Who moved my cheese?” written twenty years ago, has sold over 25 million copies to help with people experiencing change. For those who work with networking technology, we’re experiencing seismic activity in the world of change and new continents are forming from scattered islands. Some of these continents so to speak are unchartered and misunderstood. This generation of engineers are the explorers of the new world and the lands are ripe for pillaging.

Common feedback around learning includes:

• I just don’t know where to begin
• Is Python really where the world is going?
• There is so much to learn
• If learn a programming language, my problems are solved
• I feel like I can’t catch up
• There is nothing to hold on to
• I can’t seem to drag myself out of despair

Some of this feedback has lead me to write and publish this article based on my own sanity saving methodology.

Change

The relationship between change and progress is interesting. Not all change is progress, but all progress is change. In IT, sometimes we’ve played both polar opposite parts in the “Change for change’s sake” murder novel.

Change, rate of change, disruption Continue reading

Examining partitions on Linux systems

Linux systems provide many ways to look at disk partitions. In this post, we'll look at a series of commands, each which shows useful information but in a different format and with a different focus. Maybe one will make your favorites list.lsblk One of the most useful commands is the lsblk (list block devices) command that provides a very nicely formatted display of block devices and disk partitions. In the example below, we can see that the system has two disks (sda and sdb) and that sdb has both a very small (500M) partition and a large one (465.3G). Disks and partitions (part) are clearly labeled, and the relationship between the disks and partitions is quite obvious. We also see that the system has a cdrom (sr0).To read this article in full, please click here

Data center power efficiency increases, but so do power outages

A survey from the Uptime Institute found that while data centers are getting better at managing power than ever before, the rate of failures has also increased — and there is a causal relationship.The Global Data Center Survey report from Uptime Institute gathered responses from nearly 900 data center operators and IT practitioners, both from major data center providers and from private, company-owned data centers.It found that the power usage effectiveness (PUE) of data centers has hit an all-time low of 1.58. By way of contrast, the average PUE in 2007 was 2.5, then dropped to 1.98 in 2011, and to 1.65 in the 2013 survey.To read this article in full, please click here

Data center power efficiency increases, but so do power outages

A survey from the Uptime Institute found that while data centers are getting better at managing power than ever before, the rate of failures has also increased — and there is a causal relationship.The Global Data Center Survey report from Uptime Institute gathered responses from nearly 900 data center operators and IT practitioners, both from major data center providers and from private, company-owned data centers.It found that the power usage effectiveness (PUE) of data centers has hit an all-time low of 1.58. By way of contrast, the average PUE in 2007 was 2.5, then dropped to 1.98 in 2011, and to 1.65 in the 2013 survey.To read this article in full, please click here

Are microservices about to revolutionize the Internet of Things?

Along with the rise of cloud computing, Agile, and DevOps, the increasing use of microservices has profoundly affected how enterprises develop software. Now, at least one Silicon Valley startup hopes the combination of microservices and edge computing is going to drive a similar re-think of the Internet of Things (IoT) and create a whole new software ecosystem.Frankly, that seems like a stretch to me, but you can’t argue with the importance of microservices to modern software development. To learn more, I traded emails with Said Ouissal, founder and CEO of ZEDEDA, which is all about “deploying and running real-time edge apps at hyperscale” using IoT devices.To read this article in full, please click here

NVMe over Fabrics: Fibre Channel vs. RDMA

What is data deduplication, and how is it implemented?

Deduplication is arguably the biggest advancement in backup technology in the last two decades.  It is single-handedly responsible for enabling the shift from tape to disk for the bulk of backup data, and its popularity only increases with each passing day.  Understanding the different kinds of deduplication, also known as dedupe, is important for any person looking at backup technology.What is data deduplication? Dedupe is the identification and elimination of duplicate blocks within a dataset. It is similar to compression, which only identifies redundant blocks in a single file. Deduplication can find redundant blocks of data between files from different directories, different data types, even different servers in different locations.To read this article in full, please click here

Obfuscated gradients give a false sense of security: circumventing defenses to adversarial examples

Obfuscated gradients give a false sense of security: circumventing defenses to adversarial examples Athalye et al., ICML’18

There has been a lot of back and forth in the research community on adversarial attacks and defences in machine learning. Today’s paper examines a number of recently proposed defences and shows that most of them rely on forms of gradient masking. The authors develop attack techniques to overcome such defences, and 9 analyse defences from ICLR 2018 claiming to protect against white-box attacks. 7 of these turn out to rely on obfuscated gradients, and 6 of these fall to the new attacks (and the other one partially succumbs). Athalye et al. won a best paper award at ICML’18 for this work.

One of the great things about work on adversarial attacks and defences, as we’ve looked at before, is that they illuminate the strengths and weaknesses of current technology. Depending on the threat model you choose, for my own part I’m currently of the opinion that we’re unlikely to find a robust adversarial defence without a more radical re-think of how we’re doing image classification. If we’re talking about the task of ‘find an image that doesn’t fool a human, but Continue reading

How NTT DoCoMo Is Cutting Costs and Increasing Efficiency Based on ETSI NFV

DoCoMo’s implementation runs on Ericsson-provided OpenStack-based virtualized infrastructure managers and includes VNFs from multiple vendors such as NEC, Nokia, and Fujitsu.

IBM Hackers, Cloud Security Alliance Take On IoT at Black Hat

Armis surveyed security professionals at Black Hat and found 93 percent expect nation-states will target or exploit connected devices in the next year. So it really feels like an understatement to say IoT security was a hot topic at the event.

50 Shades of Open Source: How to Determine What’s Suitable for Enterprise White Box Networking

To date, the open source community has been quite successful in terms of coming up with scalable and reliable implementations for enterprise servers, databases and more. Yet many enterprises remain skittish about implementing open source software, probably no more so than in the networking space.

Part of the reason is that there are so many different implementations of open source software, many of them backed by different entities with different agendas. Having many minds contribute to an open source project can be a good thing – until it comes time to make a decision about something and stick with it, so you can get a working product out the door. Enterprises need practical implementations that they can count on day in and day out to get a job done.

Defining the shades of open source
Open source essentially comes in different shades that are not all created equal. Understanding them will help you determine whether the open source implementation you have in mind has the kind of reliability and stability you need in any enterprise IT tool or application.

At a base level is the “pure” open source community, where like-minded people contribute their time and knowledge to a project. Continue reading

Why DHCP’s days might be numbered

Dynamic Host Configuration Protocol (DHCP) is the standard way network administrators assign IP addresses in IPv4 networks, but eventually organizations will have to pick between two protocols created specifically for IPv6 as the use of this newer IP protocol grows.DHCP, which dates back to 1993, is an automated way to assign IPv4 addresses, but when IPv6 was designed, it was provided with an auto-configuration feature dubbed SLAAC that could eventually make DHCP irrelevant. To complicate matters, a new DHCP – DHCPv6 – that performs the same function as SLAAC was independently created for IPv6.[ Now read 20 hot jobs ambitious IT pros should shoot for. ] Deciding between SLAAC and DHCPv6 isn’t something admins will have to do anytime soon, since the uptake of IPv6 has been slow, but it is on the horizon.To read this article in full, please click here