T-25 days until Chrome starts flagging HTTP sites as “Not Secure”
Less than one month from today, on July 23, Google will start prominently labeling any site loaded in Chrome without HTTPS as "Not Secure".
When we wrote about Google’s plans back in February, the percent of sites loaded over HTTPS clocked in at 69.7%. Just one year prior to that only 52.5% of sites were loaded using SSL/TLS—the encryption protocol behind HTTPS—so tremendous progress has been made.
Unfortunately, quite a few Continue reading
Data Center Tech ‘Graduation’: What IT Pros Have Learned
What new technologies have IT pros deployed and experimented with this year? SolarWinds finds out what tech its THWACK community members have tried out in 2018.
Techniques of a Network Detective: A New Series
Put your detective hat on your head and your Network Detective badge on your lapel. Introducing a new blog series – Techniques of a Network Detective. This series will focus on the detective work (troubleshooting side) of our jobs as network engineers.
For over 30 years I’ve been playing in the “world of IT”. During those years there have been a lot of changes in our world. But through all that change, there has been a thread, for me, that has always remained constant. A thread and a passion that always seemed to be with me in every job over all these years.
Troubleshooting!
Being a “Network Detective” is much the same as being a regular detective in many ways. As a Network Detective we get put on a “case” – the “Case of the Missing Packets” maybe. We go to the crime scene and try to find answers so we can solve the “who done it”
When a “crime” happens you need to be right there interviewing the suspects, surveying the crime scene, asking the right questions. Trying to quickly figure out what is happening, where it is happening, and why it Continue reading
More Handy CLI Tools for JSON
In late 2015 I wrote a post about a command-line tool named jq, which is used for parsing JSON data. Since that time I’ve referenced jq in a number of different blog posts (like this one). However, jq is not the only game in town for parsing JSON data at the command line. In this post, I’ll share a couple more handy CLI tools for working with JSON data.
(By the way, if you’re new to JSON, check out this post for a gentle introduction.)
JMESPath and jp
JMESPath is used by both Amazon Web Services (AWS) in their AWS CLI as well as by Microsoft in the Azure CLI. For examples of JMESPath in action, see the AWS CLI documentation on the --query functionality, which makes use of server-side JMESPath queries to reduce the amount of data returned by an AWS CLI command (as opposed to filtering on the client side).
However, you can also use JMESPath on the client-side through the jp command-line utility. As a client-side parsing tool, jp is similar in behavior to jq, but I find the JMESPath query language to be a bit easier to use than jq in Continue reading
Network Infrastructure as Code in Network Automation Online Course
In mid-May, I ran an onsite network automation workshop, and the manager organizing the workshop for his team invited me to a dinner with his peers. Not surprisingly, they wanted to hear about the topics covered in the workshop, and as soon as I mentioned Network-Infrastructure-as-Code several of them said “yes, that definitely needs to be covered.”
Read more ...How not to structure your database-backed web applications: a study of performance bugs in the wild
How not to structure your database-backed web applications: a study of performance bugs in the wild Yang et al., ICSE’18
This is a fascinating study of the problems people get into when using ORMs to handle persistence concerns in their web applications. The authors study real-world applications and distil a catalogue of common performance anti-patterns. There are a bunch of familiar things in the list, and a few that surprised me with the amount of difference they can make. By fixing many of the issues that they find, Yang et al., are able to quantify how many lines of code it takes to address the issue, and what performance improvement the fix delivers.
To prove our point, we manually fix 64 performance issues in [the latest versions of the applications under study] and obtain a median speed-up of 2x (and up to 39x max) with fewer than 5 lines of code change in most cases.
The Hyperloop website provides access to a tool you can use to identify and solve some of the common performance issues in your own (Rails) apps.
I’m going to skip the intro parts about what ORMs do and how a typical web app Continue reading
Qualcomm’s Edge Platform Will Upgrade IoT Modules
Companies can deploy 2G IoT modules today and upgrade them to NB-IoT or CAT-M when network coverage is more comprehensive.
A New Direction for HPC Math Libraries
HPC luminary Jack Dongarra (University Distinguished Professor University of Tennessee) presented a new direction for math libraries at the International Supercomputing conference (ISC) in Frankfurt Germany in his presentation “Numerical Linear Algebra for Future Extreme-Scale Systems (NLAFET)”. …
A New Direction for HPC Math Libraries was written by Nicole Hemsoth at .
Lessons from nPetya one year later
This is the one year anniversary of NotPetya. It was probably the most expensive single hacker attack in history (so far), with FedEx estimating it cost them $300 million. Shipping giant Maersk and drug giant Merck suffered losses on a similar scale. Many are discussing lessons we should learn from this, but they are the wrong lessons.An example is this quote in a recent article:
"One year on from NotPetya, it seems lessons still haven't been learned. A lack of regular patching of outdated systems because of the issues of downtime and disruption to organisations was the path through which both NotPetya and WannaCry spread, and this fundamental problem remains."This is an attractive claim. It describes the problem in terms of people being "weak" and that the solution is to be "strong". If only organizations where strong enough, willing to deal with downtime and disruption, then problems like this wouldn't happen.
But this is wrong, at least in the case of NotPetya.
NotPetya's spread was initiated through the Ukraining company MeDoc, which provided tax accounting software. It had an auto-update process for keeping its software up-to-date. This was subverted in order to deliver the initial NotPetya Continue reading
Packet Size, It Matters
As I mentioned in a previous post, I have been studying the materials for the Cisco CCDE. One thing that has come up only a time or two is that of MTU. MTU, or maximum transmission unit, is the maximum size a chunk of data can be for a given interface. In this article, we are speaking specifically of IP MTU and this is an important distinction that I will clarify later. Network design should incorporate a clear understanding of MTU challenges and operators need to understand what to look for when it is not properly built and configured.
A simplistic example of a problematic design is when there is a link with a smaller MTU somewhere between two endpoints capable of creating larger packets (see the image below). While this environment may work fine, understanding the interaction required between the hosts and the network devices is very important to network design.
A few years ago I wrote an article that outlined some of the behavior that can be witnessed when there are MTU discovery issues. Let’s quickly recount what path MTU discovery (PMTU-D) is, how it works, how it fails and some logic around appropriate design.
General Facts Around Continue reading
Pain in the XaaS: Rise of FaaS, CaaS Adds to Cloud Orchestration Woes
The latest cloud orchestration report indicates that CIOs, cloud architects, and other IT infrastructure managers need to educate themselves on an increasingly wide variety of options.
Deutsche Telekom Demonstrates 5G Network Architecture With Third-Party VNFs
DT deployed a network data layer using HPE’s shared data environment. The shared layering helps the network handle a large variety of workloads while maintaining agility.