An Update on the Docker FIPS 140-2 Compliance Initiative

Last year, we announced our pursuit of FIPS 140-2 validation of the Docker Enterprise container platform. This meant starting with the included cryptography components at the Docker Engine foundation to better address the rigorous security requirements of government agencies and others in regulated industries. Over the last year, we’ve progressed through the NIST Cryptographic Module Validation Program (CMVP), from “Implementation Under Test” to “Module In Process” and are nearing full completion of validation. Track our progress online at NIST’s CMVP website and as of this post, we are “Module In Process, Coordination”. We are anticipating full validation of Docker Engine – Enterprise in the coming months.

Recently Docker Engine – Enterprise version 18.03 was released, our first to include the FIPS 140-2 compliant modules currently undergoing validation by the NIST CMVP. These modules cover the cryptography elements in Docker Engine – Enterprise and are used when Engines are deployed standalone or with Docker Swarm enabled.

Compliance from Docker Engine to Container Platform

Additionally we are working to bring the FIPS 140-2 compliant modules into the remainder of the Docker Enterprise container platform and make this available to our customers. This will include FIPS 140-2 compliance for the private registry and management Continue reading

When it comes to IP desk phones, the secondary market is the way to go

As I sit at my desk and stare at the phone in front of me, I think back to a time when “experts” predicted desk phones would no longer be needed.Well, those experts were certainly wrong. Instead, we have several options in desk phones — so many, in fact, that you may feel you need directory assistance just to get started. You're left wondering if you should go with an old favorite or try a newer model. And you're likely concerned about Cisco's announced end-of-sale and end-of-life dates for the Cisco Unified IP Phones 7945, 7965, 7975, and 7916. Are they still a good value, and will they still be available in the secondary market?Or maybe you're wondering if you should go with the Cisco 8800 Series models that came out a few years ago that were supposed to eventually replace the whole 7900 Series. Can you afford all the bells and whistles that go with the 8800 series?To read this article in full, please click here

How the L1 Terminal Fault vulnerability affects Linux systems

Announced just yesterday in security advisories from Intel, Microsoft and Red Hat, a newly discovered vulnerability affecting Intel processors (and, thus, Linux) called L1TF or “L1 Terminal Fault” is grabbing the attention of Linux users and admins. Exactly what is this vulnerability and who should be worrying about it?L1TF, L1 Terminal Fault, and Foreshadow The processor vulnerability goes by L1TF, L1 Terminal Fault, and Foreshadow. Researchers who discovered the problem back in January and reported it to Intel called it "Foreshadow". It is similar to vulnerabilities discovered in the past (such as Spectre).This vulnerability is Intel-specific. Other processors are not affected. And like some other vulnerabilities, it exists because of design choices that were implemented to optimize kernel processing speed but exposed data in ways that allowed access by other processes.To read this article in full, please click here

How the L1 Terminal Fault vulnerability affects Linux systems

Announced just yesterday in security advisories from Intel, Microsoft and Red Hat, a newly discovered vulnerability affecting Intel processors (and, thus, Linux) called L1TF or “L1 Terminal Fault” is grabbing the attention of Linux users and admins. Exactly what is this vulnerability and who should be worrying about it?L1TF, L1 Terminal Fault, and Foreshadow The processor vulnerability goes by L1TF, L1 Terminal Fault, and Foreshadow. Researchers who discovered the problem back in January and reported it to Intel called it "Foreshadow". It is similar to vulnerabilities discovered in the past (such as Spectre).This vulnerability is Intel-specific. Other processors are not affected. And like some other vulnerabilities, it exists because of design choices that were implemented to optimize kernel processing speed but exposed data in ways that allowed access by other processes.To read this article in full, please click here

How the L1 Terminal Fault vulnerability affects Linux systems

Announced just yesterday in security advisories from Intel, Microsoft and Red Hat, a newly discovered vulnerability affecting Intel processors (and, thus, Linux) called L1TF or “L1 Terminal Fault” is grabbing the attention of Linux users and admins. Exactly what is this vulnerability and who should be worrying about it?L1TF, L1 Terminal Fault, and Foreshadow The processor vulnerability goes by any of those names. Researchers who discovered the problem back in January and reported it to Intel called it "Foreshadow". It is similar to vulnerabilities discovered in the past (such as Spectre).This vulnerability is Intel-specific. Other processors are not affected. And like some other vulnerabilities, it exists because of design choices that were implemented to optimize kernel processing speed but exposed data in ways that allowed access by other processes.To read this article in full, please click here

Learning About Blockchain, Internet Governance, and Cryptocurrency

My first task as the Internet Society’s Regional Community Manager for the Middle East was to organize three events in a span of a week in three different cities around the Middle East about Blockchain with Dr. Walid Al Saqaf, Internet Society Board of Trustees, as the keynote speaker.

Amman, Beirut, and Dubai

July 8th was D-Day for Amman at the Grand Hyatt Hotel in partnership with Int@j Jordan and Tank by Omnia. July 19th was Beirut, Lebanon, at the Movenpick Beirut, co-organized with the Internet Society Lebanon Chapter. July 12th was Dubai, UAE, at DTEC Silicon Oasis Authority, co-organized with the ISOC UAE Chapter. All three cities differed in the type of attendees, but the subjects were the same: Blockchain, Internet Governance, and Cryptocurrency.

Dr. Walid Al Saqaf, along with Waheed Al Barghouti, a cryptocurrency expert, conducted a four-hour morning workshop with a live mining demo, “create your blockchain” exercise, and smart contract creation, rules, and regulations. Moreover, there was an open forum in the afternoon that included high-level government representatives as well as private and public sector attendees.

Blockchain had been ambiguous to me, yet after the first workshop I found myself knowing more and more about Continue reading

Automation Learning Approach

The world changes. The hit novel “Who moved my cheese?” written twenty years ago, has sold over 25 million copies to help with people experiencing change. For those who work with networking technology, we’re experiencing seismic activity in the world of change and new continents are forming from scattered islands. Some of these continents so to speak are unchartered and misunderstood. This generation of engineers are the explorers of the new world and the lands are ripe for pillaging.

Common feedback around learning includes:

  • I just don’t know where to begin
  • Is Python really where the world is going?
  • There is so much to learn
  • If learn a programming language, my problems are solved
  • I feel like I can’t catch up
  • There is nothing to hold on to
  • I can’t seem to drag myself out of despair

Some of this feedback has lead me to write and publish this article based on my own sanity saving methodology.

Change

The relationship between change and progress is interesting. Not all change is progress, but all progress is change. In IT, sometimes we’ve played both polar opposite parts in the “Change for change’s sake” murder novel.

Change, rate of change, disruption Continue reading

Examining partitions on Linux systems

Linux systems provide many ways to look at disk partitions. In this post, we'll look at a series of commands, each which shows useful information but in a different format and with a different focus. Maybe one will make your favorites list.lsblk One of the most useful commands is the lsblk (list block devices) command that provides a very nicely formatted display of block devices and disk partitions. In the example below, we can see that the system has two disks (sda and sdb) and that sdb has both a very small (500M) partition and a large one (465.3G). Disks and partitions (part) are clearly labeled, and the relationship between the disks and partitions is quite obvious. We also see that the system has a cdrom (sr0).To read this article in full, please click here

Data center power efficiency increases, but so do power outages

A survey from the Uptime Institute found that while data centers are getting better at managing power than ever before, the rate of failures has also increased — and there is a causal relationship.The Global Data Center Survey report from Uptime Institute gathered responses from nearly 900 data center operators and IT practitioners, both from major data center providers and from private, company-owned data centers.It found that the power usage effectiveness (PUE) of data centers has hit an all-time low of 1.58. By way of contrast, the average PUE in 2007 was 2.5, then dropped to 1.98 in 2011, and to 1.65 in the 2013 survey.To read this article in full, please click here

Data center power efficiency increases, but so do power outages

A survey from the Uptime Institute found that while data centers are getting better at managing power than ever before, the rate of failures has also increased — and there is a causal relationship.The Global Data Center Survey report from Uptime Institute gathered responses from nearly 900 data center operators and IT practitioners, both from major data center providers and from private, company-owned data centers.It found that the power usage effectiveness (PUE) of data centers has hit an all-time low of 1.58. By way of contrast, the average PUE in 2007 was 2.5, then dropped to 1.98 in 2011, and to 1.65 in the 2013 survey.To read this article in full, please click here

Are microservices about to revolutionize the Internet of Things?

Along with the rise of cloud computing, Agile, and DevOps, the increasing use of microservices has profoundly affected how enterprises develop software. Now, at least one Silicon Valley startup hopes the combination of microservices and edge computing is going to drive a similar re-think of the Internet of Things (IoT) and create a whole new software ecosystem.Frankly, that seems like a stretch to me, but you can’t argue with the importance of microservices to modern software development. To learn more, I traded emails with Said Ouissal, founder and CEO of ZEDEDA, which is all about “deploying and running real-time edge apps at hyperscale” using IoT devices.To read this article in full, please click here

What is data deduplication, and how is it implemented?

Deduplication is arguably the biggest advancement in backup technology in the last two decades.  It is single-handedly responsible for enabling the shift from tape to disk for the bulk of backup data, and its popularity only increases with each passing day.  Understanding the different kinds of deduplication, also known as dedupe, is important for any person looking at backup technology.What is data deduplication? Dedupe is the identification and elimination of duplicate blocks within a dataset. It is similar to compression, which only identifies redundant blocks in a single file. Deduplication can find redundant blocks of data between files from different directories, different data types, even different servers in different locations.To read this article in full, please click here

Obfuscated gradients give a false sense of security: circumventing defenses to adversarial examples

Obfuscated gradients give a false sense of security: circumventing defenses to adversarial examples Athalye et al., ICML’18

There has been a lot of back and forth in the research community on adversarial attacks and defences in machine learning. Today’s paper examines a number of recently proposed defences and shows that most of them rely on forms of gradient masking. The authors develop attack techniques to overcome such defences, and 9 analyse defences from ICLR 2018 claiming to protect against white-box attacks. 7 of these turn out to rely on obfuscated gradients, and 6 of these fall to the new attacks (and the other one partially succumbs). Athalye et al. won a best paper award at ICML’18 for this work.

One of the great things about work on adversarial attacks and defences, as we’ve looked at before, is that they illuminate the strengths and weaknesses of current technology. Depending on the threat model you choose, for my own part I’m currently of the opinion that we’re unlikely to find a robust adversarial defence without a more radical re-think of how we’re doing image classification. If we’re talking about the task of ‘find an image that doesn’t fool a human, but Continue reading

1 1,533 1,534 1,535 1,536 1,537 3,875