Asigra evolves backup/recovery to address security, compliance needs

As backup and recovery products and solutions evolve, they are beginning to intersect with security and compliance. Online backup and recovery software company Asigra has announced a new version of its software that addresses the risks posed by ransomware and non-compliance with Article 17 of the European Union’s General Data Protection Regulation (GDPR). Both should be a concern for organizations of all sizes, from global enterprises on down to small/medium businesses.Let’s take a look at the new capabilities that Asigra is bringing to market with the version 14 release of its Cloud Backup software, and why these capabilities are an important evolution in backup and recovery.To read this article in full, please click here

Global Editathon: Making Women in Tech Visible

Why is it necessary to “edit” the biographies of women who are doing an incredible job on issues of technology and the Internet? Simple: the contributions of these women do not have visibility on the Internet.

At many Internet Governance forums, we often highlight the contributions of the founding fathers, but how do we inspire girls to join ICTs – information and communication technologies – if we never mention women?

For this year’s International Girls in ICT Day, the Internet Society’s Special Interest Group for Women organized the 1st Global Editathon Girls in ICT. With the support of Chapters and organizations from all around the world, this initiative had a clear goal: to create local content written about and by women to make their work in technology visible.

Read about the Editathon on Twitter!

Only 17% of the Wikipedia content is about women and approximately 8.8% of the content in Wikipedia in Spanish is about women scientists. Where are those women who make a difference in science and technology? Do they exist? Of course they do!

“First Global Editathon Girls in ICT, was a huge experience for us, especially because Cape Verde could participate in this event.

We Continue reading

The Week in Internet News: Email Encryption Has Efail Moment

Encryption fails: A couple of stories in the news this past week demonstrated problems with encryption, or at least, problems with deployment of encryption. One researcher demonstrated an exploitable loophole he called Efail in PGP/GPG and S/Mime software used by email clients, reports Engadget. Efail abuses the active content of HTML emails to access plain text. In addition, a malware called Telegrab is targeting the encrypted Telegram messaging service. Telegrab steals encryption keys and cache data from Telegram running on the desktop, Tom’s Hardware says.

Artificial investment: The Chinese city of Tianjin is getting serious about funding artificial intelligence projects, with an investment of about US$16 billion, reports Reuters via the Straits Times. Yes, that’s billion with a “b.” It’s part of a Chinese push to be the leading nation in AI development.

AI knows nudes: In other AI news, Facebook has released stats on the numbers of hate speech posts and posts containing nudity that its technology removed in the first quarter of 2018. In short, the social media provider’s AI is much better at flagging nudity than hate speech, reports CNBC. About 60 percent of hate speech taken down on Facebook required human intervention.

DNS attacks on Continue reading

IDG Contributor Network: Overcoming kludges to secure web applications

When it comes to technology, nothing is static, everything is evolving. Either we keep inventing mechanisms that dig out new security holes, or we are forced to implement existing kludges to cover up the inadequacies in security on which our web applications depend.The assault on the changing digital landscape with all its new requirements has created a black hole that needs attention. The shift in technology, while creating opportunities, has a bias to create security threats. Unfortunately, with the passage of time, these trends will continue to escalate, putting web application security at center stage.Business relies on web applications. Loss of service to business-focused web applications not only affects the brand but also results in financial loss. The web application acts as the front door to valuable assets. If you don’t efficiently lock the door or at least know when it has been opened, valuable revenue-generating web applications are left compromised.To read this article in full, please click here

IDG Contributor Network: Overcoming kludges to secure web applications

When it comes to technology, nothing is static, everything is evolving. Either we keep inventing mechanisms that dig out new security holes, or we are forced to implement existing kludges to cover up the inadequacies in security on which our web applications depend.The assault on the changing digital landscape with all its new requirements has created a black hole that needs attention. The shift in technology, while creating opportunities, has a bias to create security threats. Unfortunately, with the passage of time, these trends will continue to escalate, putting web application security at center stage.Business relies on web applications. Loss of service to business-focused web applications not only affects the brand but also results in financial loss. The web application acts as the front door to valuable assets. If you don’t efficiently lock the door or at least know when it has been opened, valuable revenue-generating web applications are left compromised.To read this article in full, please click here

Posts from the Past, May 2018

This month—May 2018—marks thirteen years that I’ve been generating content here on this site. It’s been a phenomenal 13 years, and I’ve enjoyed the opportunity to share information with readers around the world. To celebrate, I thought I’d do a quick “Posts from the Past” and highlight some content from previous years. Enjoy!

May 2017

A year ago, I touched on the topic of using a Makefile with Markdown documents to help streamline the process of generating various output formats.

I also explored the use of custom SSH configurations with SSH bastion hosts and uncovered a very basic (but important) error I’d previously overlooked.

May 2016

Two years ago in May I was using Terraform to build an etcd v2 cluster on OpenStack.

May 2015

Three years ago, I was doing a lot of work in my home lab, automating the setup of physical hosts. That led to a post on a fully automated Ubuntu install, which was also related to this post on using an Apt proxy (via apt-cacher-ng).

May 2014

Four years ago, I shared some useful Markdown tools for OS X. Of those tools, I still use pandoc pretty extensively.

May 2013

Five years ago, Continue reading

DNS in the cloud: Why and why not

As enterprises consider outsourcing their IT infrastructure, they should consider moving their public authoritative DNS services to a cloud provider’s managed DNS service, but first they should understand the advantages and disadvantages.To read this article in full, please click here(Insider Story)

DNS in the cloud: Why and why not

As enterprises consider outsourcing their IT infrastructure, they should consider moving their public authoritative DNS services to a cloud provider’s managed DNS service, but first they should understand the advantages and disadvantages.To read this article in full, please click here(Insider Story)

Response: Vendors Pushing Stretched Layer-2

Got this response to my Stretched Layer-2 Revisited blog post. It’s too good not to turn it into a blog post ;)

Recently I feel like it's really vendors pushing layer 2 solutions, rather than us (enterprise customer) demanding it.

I had that feeling for years. Yes, there are environment with legacy challenges (running COBOL applications on OS/370 with emulated TN3270 terminals comes to mind), but in most cases it’s the vendors trying to peddle unique high-priced non-interoperable warez.

Read more ...

Semantics and complexity of GraphQL

Semantics and complexity of GraphQL Hartig & Pérez, WWW’18

(If you don’t have ACM Digital Library access, the paper can be accessed either by following the link above directly from The Morning Paper blog site, or from the WWW 2018 proceedings page).

GraphQL has been gathering good momentum since Facebook open sourced it in 2015, so I was very interested to see this paper from Hartig and Pérez exploring its properties.

One of the main advantages (of GraphQL) is its ability to define precisely the data you want, replacing multiple REST requests with a single call…

One of the most interesting questions here is what if you make a public-facing GraphQL-based API (as e.g. GitHub have done), and then the data that people ask for happens to be very expensive to compute in space and time?

Here’s a simple GraphQL query to GitHub asking for the login names of the owners of the first two repositories where ‘danbri’ is an owner.

From here there are two directions we can go in to expand the set of results returned : we can increase the breadth by asking for more repositories to be considered (i.e., changing first:2 Continue reading

masscan, macOS, and firewall

One of the more useful features of masscan is the "--banners" check, which connects to the TCP port, sends some request, and gets a basic response back. However, since masscan has it's own TCP stack, it'll interfere with the operating system's TCP stack if they are sharing the same IPv4 address. The operating system will reply with a RST packet before the TCP connection can be established.

The way to fix this is to use the built-in packet-filtering firewall to block those packets in the operating-system TCP/IP stack. The masscan program still sees everything before the packet-filter, but the operating system can't see anything after the packet-filter.


Note that we are talking about the "packet-filter" firewall feature here. Remember that macOS, like most operating systems these days, has two separate firewalls: an application firewall and a packet-filter firewall. The application firewall is the one you see in System Settings labeled "Firewall", and it controls things based upon the application's identity rather than by which ports it uses. This is normally "on" by default. The packet-filter is normally "off" by default and is of little use to normal users.

Also note that macOS changed packet-filters around version 10.10. Continue reading

What Drives IPv6 Deployment?

It's been six years since World IPv6 Launch day on the 6th June 2012. In those six years we've managed to place ever increasing pressure on the dwindling pools of available IPv4 addresses, but we have still been unable to complete the transition to an all-IPv6 Internet.

A Hard Rain’s A-Gonna Fall In Public Cloud

Way back in the early days of the commercial Internet, when we all logged into what seemed to be new but what was actually a quite old service used by academic institutions and government agencies that rode on the backbones of the telecommunications network, there were many, many thousands of Internet service providers who provided the interface between our computers and the network capacity that was the onramp of the information superhighway.

Most of these ISPs are gone today, and have been replaced by a few major telco, cable, and wireless network operators who provide us with our Internet service.

A Hard Rain’s A-Gonna Fall In Public Cloud was written by Timothy Prickett Morgan at The Next Platform.

1 1,550 1,551 1,552 1,553 1,554 3,791