From the Trenches: Rampant MacGyver-ism
Here’s a response I got from Simon Milhomme on my Why Is Network Automation So Hard article:
Read more ...ForkBase: an efficient storage engine for blockchain and forkable applications
ForkBase: an efficient storage engine for blockchain and forkable applications Wang et al., arXiv’18
ForkBase is a data storage system designed to support applications that need a combination of data versioning, forking, and tamper proofing. The prime example being blockchain systems, but this could also include collaborative applications such as GoogleDocs. Today for example Ethereum and HyperLedger build their data structures directly on top of a key-value store. ForkBase seeks to push these properties down into the storage layer instead:
One direct benefit is that it reduces development efforts for applications requiring any combination of these features. Another benefit is that it helps applications generalize better by providing additional features, such as efficient historical queries, at no extra cost. Finally, the storage engine can exploit performance optimization that is hard to achieve at the application layer.
Essentially what we end up with is a key-value store with native support for versioning, forking, and tamper evidence, built on top of an underlying object storage system. At the core of ForkBase is a novel index structure called a POS-Tree (pattern-oriented-split tree).
The ForkBase stack
From the bottom-up, ForkBase comprises a chunk storage layer that performs chunking and deduplication, a Continue reading
Today we mitigated 1.1.1.1
On May 31, 2018 we had a 17 minute outage on our 1.1.1.1 resolver service; this was our doing and not the result of an attack.
Cloudflare is protected from attacks by the Gatebot DDoS mitigation pipeline. Gatebot performs hundreds of mitigations a day, shielding our infrastructure and our customers from L3/L4 and L7 attacks. Here is a chart of a count of daily Gatebot actions this year:
In the past, we have blogged about our systems:
Today, things didn't go as planned.
Gatebot
Cloudflare’s network is large, handles many different types of traffic and mitigates different types of known and not-yet-seen attacks. The Gatebot pipeline manages this complexity in three separate stages:
- attack detection - collects live traffic measurements across the globe and detects attacks
- reactive automation - chooses appropriate mitigations
- mitigations - executes mitigation logic on the edge
The benign-sounding "reactive automation" part is actually the most complicated stage in the pipeline. We expected that from the start, which is why we implemented this stage using a custom Functional Reactive Programming (FRP) framework. If you want to know more about it, see the talk and the presentation.
Is open source software a network security risk?
Networks are changing. More and more we’re hearing terms like whitebox, britebox, disaggregation, NOS, commodity hardware and open source when we talk about the future of networking. Since you’re reading this on the Cumulus Networks blog, I’ll assume you get that and spare you a description of these terms here. If you do want a crash course on network disaggregation and how it relates to orchestration/SDN, check out my previous post on the Packet Pushers blog.
With that bit of housekeeping out of the way, let’s dig right into today’s topic: open source software security.
First, why does security matter? If you’re like most network engineers, your primary goal typically is to get bits of data from one place to another. Anything that interferes with the free flow of packets and frames is a potential problem. So the goals of security can at first appear contrary to those of the network. Raise your hand if you’ve ever been frustrated by a firewall rule or some seemingly arcane security policy!
Unfortunately, we no longer have the luxury of ignoring security. Today’s network is one of the most crucial pieces of IT infrastructure for any organization and for the economies we operate in. Continue reading
FBI Blames North Korea for Malware, Kaspersky Lawsuits Dismissed
The two malware families target U.S. media, aerospace, financial, and critical infrastructure sectors’ networks.
Viewer’s Guide: Virtual Cloud Network Online Event
Start Building the Virtual Cloud Network Today, join the online event June 5 at 11am PDT
You might not know it yet, but your network is holding you back. Unconnected clouds and data silos prevent your enterprise from securing and mining valuable data. VMware creates connections from your data center to the cloud to the edge – providing a secure, consistent foundation that drives business forward, rather than holding it back.
VMware recently announced our vision for the next era of networking – the Virtual Cloud Network. Join us for an exclusive online event to learn about how your organization can start building the network of the future. To prepare for this event, I not only spent time with the customers, technical leads and executives you hear from, but also behind the scenes, I have been part of many more conversations that I was not able to share. Pulling from those conversations, I’ve created your viewer’s guide for each segment of the event.
An overview of the Virtual Cloud Network by Rajiv Ramaswami, Chief Operating Officer, Products and Cloud Services
Rajiv and Pat share their executive views on the Virtual Cloud Network at the beginning of the event. To Continue reading
The First Lady’s bad cyber advice
First Lady Melania Trump announced a guide to help children go online safely. It has problems.Melania's guide is full of outdated, impractical, inappropriate, and redundant information. But that's allowed, because it relies upon moral authority: to be moral is to be secure, to be moral is to do what the government tells you. It matters less whether the advice is technically accurate, and more that you are supposed to do what authority tells you.
That's a problem, not just with her guide, but most cybersecurity advice in general. Our community gives out advice without putting much thought into it, because it doesn't need thought. You should do what we tell you, because being secure is your moral duty.
This post picks apart Melania's document. The purpose isn't to fine-tune her guide and make it better. Instead, the purpose is to demonstrate the idea of resting on moral authority instead of technical authority.
<-- --="" more="">
Strong Passwords
"Strong passwords" is the quintessential cybersecurity cliché that insecurity is due to some "weakness" (laziness, ignorance, greed, etc.) and the remedy is to be "strong".
The first flaw is that this advice is outdated. Ten years ago, important websites would frequently get hacked and Continue reading
Sprint Uses 5G Network Preparations to Overhaul Its IoT Business
Sprint hired former Vodafone IoT executive Ivo Rook to revamp its IoT business. Rook joined the company in January.
AT&T and Tech Mahindra Sponsor an Artificial Intelligence Contest
They're working with the Linux Foundation to host the Acumos AI Challenge, which seeks innovative open source AI solutions.
T-Mobile, Sprint Combo to Spike 5G Uptake, Report Predicts
Strategy Analytics predicts the combined entity will boost adoption by 17 percent compared with the two continuing on their own.
Connect Ansible Tower and Jenkins in under 5 minutes
We often hear from customers that they are using Jenkins in some capacity or another. And since I'm a consultant, I'm lucky to hear first hand what our customers are using and how they need to integrate Ansible Tower. There has always been a way to integrate the Ansible Tower and Jenkins using tower-cli, but I thought there could be a neater, closer to native, way of doing it.
So here we go. I've recorded this short screencast to show you just how easy it is:
Below you will find a few links from the video and a link to how to try Ansible Tower.
plugins.jenkins.io/ansible-tower
wiki.jenkins.io/display/JENKINS/Ansible+Tower+Plugin
VMware Unleashes R&D Innovation Revolution at RADIO
For the first time in its history VMware invited outsiders to its annual R&D conference.
See How Docker Accelerates Digital Transformation in the Enterprise at DockerCon 2018
DockerCon has everything you and your company need in order to understand how to accelerate digital and multi-cloud initiatives with containerization. Come to network and learn from your peers, as well as gain access to leaders and innovators in the container industry.
DockerCon isn’t just for developers and this year we have unique experiences that cater to a variety of tech professionals, from developers to sys admins to enterprise architects and technical executives.
Join us in San Francisco this June to hear how industry leading organization are transforming business and IT with Docker’s container platform, Docker Enterprise Edition. To help with planning, here are our top four recommendations:
- Keynotes with the latest announcements from Docker and spotlight feature of how Liberty Mutual transformed their enterprise
- Breakout sessions for business executives including How to Build Your Containerization Strategy, Modernizing Traditional Applications with Docker, and Building a Docker Center of Excellence: Panel Discussion with MetLife, PayPal, and Splunk
- Networking with technical leaders who have already partnered with Docker, including Lockheed Martin, JCPenney and GE, Bosch, McKesson, MetLife, and more.
- Schedule time with a Docker specialist for a container maturity assessment
Containerization is one of the fastest growing cloud enabling technologies and Continue reading