Cloudflare is adding Drupal WAF Rule to Mitigate Critical Drupal Exploit

Drupal has recently announced an update to fix a critical remote code execution exploit (SA-CORE-2018-002/CVE-2018-7600). This patch is to disallow forms and form fields from starting with the “#” character which results in remote code execution.

We have also in accordance, just pushed out a rule to block requests matching these exploit conditions for our Web Application Firewall (WAF). You can find this rule in the Cloudflare ruleset in your dashboard under the Drupal category with the rule ID of D0003.

Drupal Advisory: https://www.drupal.org/sa-core-2018-002

Getting to the Heart of HPC and AI at the Edge in Healthcare

For more than a decade, GE has partnered with Nvidia to support their healthcare devices. Increasing demand for high quality medical imaging and mobile diagnostics alone has resulted in building a $4 billion segment of the $19 billion total life sciences budget within GE Healthcare.

This year at the GPU Technology Conference (GTC18), The Next Platform sat in as Keith Bigelow, GM & SVP of Analytics, and Erik Steen, Chief Engineer at GE Healthcare, discussed the challenges of deploying AI focusing on cardiovascular ultrasound imaging.

There are a wide range of GPU accelerated medical devices as well as those that

Getting to the Heart of HPC and AI at the Edge in Healthcare was written by James Cuff at The Next Platform.

Building Our New Website: POSSE and Sharing on Facebook, Twitter, LinkedIn, Google+ and More

As we built our new website, one of my own guiding principles was “POSSE“, a content publishing model from the “IndieWeb” movement. The idea is:

Publish on your
Own
Site,
Syndicate
Elsewhere

Essentially, make sure you own your own content – and then share it out onto other sites and services. (See the IndieWeb page about POSSE for more discussion.) Make your own website the “hub” for all your content, and then have spokes going out to all the other places where people might discover and learn about your content.

To me, this model is the best way to support the principles of the open Internet, while engaging people in the places where they already are.

This is part of a series of posts about the evolution of our new site.

Why does this matter?

We aren’t just publishing reports, papers, blog posts and articles for the sake of talking about what we are doing.

We are publishing content to bring about change that ensures the Internet remains open, globally connected, and secure. As we said in our vision statement for the new website:

Our website is a driving force in Continue reading

Policing, Shaping, and Performance

Policing traffic and shaping traffic are two completely different things, but it is hard to know, in the wild, what the impact of one or the other will have on a particular traffic flow, or on the performance of applications in general. While the paper under review here, An Internet-Wide Analysis of Traffic Policing, is largely focused on the global ‘net, specifically from a content provider’s perspective, it contains lessons for just about every network operator who needs to manage Quality of Service (QoS) in a sane and meaningful way.

Flach, Tobias, Pavlos Papageorge, Andreas Terzis, Luis Pedrosa, Yuchung Cheng, Tayeb Karim, Ethan Katz-Bassett, and Ramesh Govindan. 2016. “An Internet-Wide Analysis of Traffic Policing.” In Proceedings of the 2016 ACM SIGCOMM Conference, 468–482. SIGCOMM ’16. New York, NY, USA: ACM. https://doi.org/10.1145/2934872.2934873.

Traffic policing involves setting up a queue with a pool of tokens. For some unit of traffic—assume a packet here—received, a token is consumed. When a packet is transmitted, the token is added back to the pool. If the pool is sized correctly, short bursts in the traffic stream will be allowed through, but if the application attempts to establish a session using more bandwidth Continue reading

A First Look at Summit Supercomputer Application Performance

Big iron aficionados packed the room when ORNL’s Jack Wells gave the latest update on the upcoming 207 petaflop Summit supercomputer at the GPU Technology Conference (GTC18) this week.

In just eight years, the folks at Oak Ridge have pushed the high performance bar from the 18.5 teraflop Phoenix system to the 27 petaflop Titan. That’s a 1000x + improvement in eight years.

Summit will deliver 5-10x more performance than the existing Titan machine, but what is noteworthy is how Summit will do this. The system is set to have far fewer nodes (18,688 for Titan vs. ~4,800 for Summit)

A First Look at Summit Supercomputer Application Performance was written by Nicole Hemsoth at The Next Platform.

Let’s Encrypt Offers Free Multi-Domain HTTPS Certificates

Let’s Encrypt, a nonprofit certificate authority launched in 2016, has delivered on its pledge to offer free certificates that enable secure HTTP connections for complete domains.

The organization’s new wildcard certificate service, allowing website operators to secure all subdomains of a domain with a single certificate, should help the Internet become more secure by enabling wider deployment of HTTPS, Josh Aas, executive director of the Internet Security Research Group, wrote in a blog post. (Full disclosure: the Internet Society is a major sponsor of Let’s Encrypt.)

Last July, Let’s Encrypt had promised that it would offer free wildcard certificates. With the recent release of the ACMEv2 [Automatic Certificate Management Environment] Protocol, the organization delivered on that promise.

“Wildcard certificates can make certificate management easier in some cases, and we want to address those cases in order to help get the Web to 100% HTTPS,” Aas wrote. “We’re excited about the prospect of a 100% HTTPS Web and we’re working hard to get there.”

A wildcard certificate isn’t recommended for all websites, Aas noted. In most cases, other certificates, such as single-domain ones, will be more appropriate.

Although wildcard certificates enable streamlined management of HTTPS, some security Continue reading

Au revoir

Today I’m announcing my departure from Docker, the company I helped create ten years ago and have been building ever since. A founder’s departure is usually seen as a dramatic event. Sadly, I must report that reality is far less exciting in this case. I’ve had many roles at Docker over the years, and today I have a new, final one – as an active board member, a major shareholder and, I expect, a high maintenance Docker user. But I will no longer be part of day-to-day operations. Instead, after obsessing for so many years over my own ideas, I am rediscovering the joys of putting myself at the service of others – my friends, my family, and the brilliant entrepreneurs I’ve been lucky enough to advise and invest in over the years. Over the coming months I plan to use my experience to help them in any way I can.

This transition is simply another chapter in a long story of change, growth, hard work… and a lot of luck.

Ten years ago, I quit my job, returned to live with my mother in Paris and, together with my friends Kamel Founadi and Sebastien Pahl, started a company called Continue reading

We’ve Added a New Google Cloud Platform Course to Our Video Library!

This course introduces AWS professionals to the core capabilities of Google Cloud Platform (GCP) in the four technology pillars: networking, compute, storage, and database. It is designed for AWS Solution Architects and SysOps Administrators familiar with AWS features and setup, who want to gain experience configuring GCP products.

The Google Cloud Platform for AWS Professionals is 6 hours and 9 minutes long and is taught by Joseph Holbrook. If you’re interested in watching, you can view the course using your All Access Pass or buy the course at ine.com.

About the Instructor:

Joe Holbrook has been in the IT field since 1993 when he was exposed to several HPUX systems on board a US Navy flagship. He has migrated from UNIX world to Storage Area Networking (SAN) and then onto Enterprise Virtualization and Cloud Architecture. He worked for numerous companies like HDS, 3PAR Data, Brocade, Dimension Data, EMC, Northrup Grumman, ViON, Ibasis.net, Chematch.com, SAIC and Siemens Nixdorf. Currently he works as a Subject Matter Expert specializing in Cloud/IT Security focused on Data Storage infrastructure services and Data migrations to the Cloud.

He holds Industry leading certifications from Amazon Web Services, Google Cloud Platform, Brocade, Hitachi Data Systems, Continue reading

History Of Networking – Dinesh Dutt – Divergence of Compute and Networking

The operation and management of compute and networking are unique in the the tools and skill-sets required, but do they necessarily need to be? Dinesh Dutt joins Network Collective to talk about the divergence of compute and networking, how it hasn’t always been this way, and why he believes it should return to being a unified effort.

Dinesh Dutt
Guest
Russ White
Host
Jordan Martin
Host
Donald Sharp
Host

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post History Of Networking – Dinesh Dutt – Divergence of Compute and Networking appeared first on Network Collective.

Applications Now Open for Hackathon@AIS

The application process for the Hackathon@AIS is now open. The Hackathon@AIS is an event aimed at exposing engineers from the African region to Open Internet Standards development and is co-organized by the Internet Society and AFRINIC. This will be the second event in the series following a successful event held in Nairobi last year during the Africa Internet Summit.

A list of the topics that will be covered this year can be found here.

Network/Systems engineers, software developers, and computer science students are encouraged to apply as engagement in open Internet standards development can help further their careers.

The event will be held on the 9th and 10th of May 2018 in Dakar, Senegal. If you are interested in participating AND can commit to being available over the 2 days, please complete the application form. Space is limited and successful applicants will be notified and then be enrolled in various online training sessions in the build up to the event.

Fellowships will be awarded to strong applicants where possible.

Applications close on the 8th of April 2018.

Apply here!

 

The post Applications Now Open for Hackathon@AIS appeared first on Internet Society.

People are really worried about IoT data privacy and security—and they should be

A new study from the Economist Intelligence Unit (EIU) shows that consumers around the world are deeply worried about in how their personal information is collected and shared by the Internet of Things (IoT). But let’s be honest, the problem isn’t that unsophisticated consumers are panicking for no reason. In fact, consumers are merely picking up on the very real inherent risks and uncertainties surrounding IoT data.Businesses are also worried about IoT security I’ll get into the results and implications of the survey in a moment, but first I want to note that business and professionals are equally concerned. Perhaps that’s why Gartner just predicted that IoT security spending will hit $1.5 billion by the end of the year, up 28 percent from 2017, and more than double to $3.1 billion by 2021.To read this article in full, please click here

People are really worried about IoT data privacy and security—and they should be

A new study from the Economist Intelligence Unit (EIU) shows that consumers around the world are deeply worried about in how their personal information is collected and shared by the Internet of Things (IoT). But let’s be honest, the problem isn’t that unsophisticated consumers are panicking for no reason. In fact, consumers are merely picking up on the very real inherent risks and uncertainties surrounding IoT data.Businesses are also worried about IoT security I’ll get into the results and implications of the survey in a moment, but first I want to note that business and professionals are equally concerned. Perhaps that’s why Gartner just predicted that IoT security spending will hit $1.5 billion by the end of the year, up 28 percent from 2017, and more than double to $3.1 billion by 2021.To read this article in full, please click here

1 1,662 1,663 1,664 1,665 1,666 3,835