Introducing “Cooking with Cumulus” – Episode one

Alright, we know you’re hungry for more Cumulus goodness, so we’ve cooked up something new that we think will satiate your appetite for awesome technical content. It’s the perfect mix of one part technical deep-dive, one part fun and just a pinch of silliness. The wait is over — our latest project is hot, fresh and ready to serve!

Okay, enough teasing. Today we’re introducing the new Cumulus Networks video series “Cooking with Cumulus!”

“Wait, what does cooking have to do with networking??” you may think to yourself. Glad you asked. You may already know JR Rivers as the CTO and co-founder of Cumulus Networks, but did you know he’s also a master of the culinary arts? Here at the Mountain View office, we know it’s the start of a good day when JR brings in his homemade food to share. From chocolate chip cookies to paella, we’ve approved (and enjoyed) his many recipes. So, we decided that we wanted to share that gift with the rest of the Cumulus community by combining two of JR’s greatest passions — networking and cooking. The resulting brain child was a video series where we put two networking nerds in a Continue reading

Weekend Reads 040618: Kernel Programming, Secure Messaging, and Icebergs

Programming in user space is safer for a very small number of reasons, not the least of which is the virtual memory system, which tricks programs into believing they have full control over system memory and catches a small number of common C-language programming errors, such as touching a piece of memory that the program has no right to touch. Other reasons include the tried-and-true programming APIs that operating systems have now provided to programs for the past 30 years. All of which means programmers can possibly catch more errors before their code ships, which is great news—old news, but great news. What building code in user space does not do is solve the age-old problems of isolation, composition, and efficiency. —George V. Neville-Neil @ACM

There is no such thing as a perfect or one-size-fits-all messaging app. For users, a messenger that is reasonable for one person could be dangerous for another. And for developers, there is no single correct way to balance security features, usability, and the countless other variables that go into making a high-quality, secure communications tool. @EFF

Breaches of private information in hospital records are serious and expensive security events but remediating them can be deadly. Continue reading

New distributed database adds international and GDPR controls

The European Union’s General Data Protection Regulation (GDPR) will force very strict new privacy compliance rules on firms doing business in the EU, but a startup that has an atrocious company and product name has what it says is the solution to maintaining compliance.Cockroach Labs has introduced version 2.0 of its CockroachDB distributed database, which can be run in a data center or cloud. The company bills the product as “the SQL database for global cloud services.” It automatically scales, rebalances, and repairs databases spread over multiple locations.To read this article in full, please click here

New distributed database adds international and GDPR controls

The European Union’s General Data Protection Regulation (GDPR) will force very strict new privacy compliance rules on firms doing business in the EU, but a startup that has an atrocious company and product name has what it says is the solution to maintaining compliance.Cockroach Labs has introduced version 2.0 of its CockroachDB distributed database, which can be run in a data center or cloud. The company bills the product as “the SQL database for global cloud services.” It automatically scales, rebalances, and repairs databases spread over multiple locations.To read this article in full, please click here

New RFC 8360 – RPKI Validation Reconsidered – Offers Alternative Validation Procedures to Improve Routing Security

RFC 8360, Resource Public Key Infrastructure (RPKI) Validation Reconsidered, is now published in the RFC libraries.

What is RPKI?

Resource Public Key Infrastructure (RPKI) aims to improve the security of the Internet routing system, specifically the Border Gateway Protocol (BGP), by establishing a hierarchy of trust for BGP routes. Today, most organizations simply trust that routing updates they get are sent by authorized senders. This is how bad actors and misconfigurations can cause massive routing issues. With RPKI, the receiving organization can verify that the sending organization is authorized to send the routing update.

RPKI works by issuing X.509-based resource certificates to holders of IP addresses and AS numbers to prove assignment of these resources. These certificates are issued to Local Internet Registries (LIRs) by one of the five Regional Internet Registries (RIRs) who allocate and assign these resources in their service regions.

What Does This RFC Do?

In the IETF, participants have been discussing issues that may arise when resources move across registries. The problem happens when a subordinate certificate “over-claims” resources compared to its parent. According to the standard validation procedure specified in RFC 6487, the whole branch beneath would be invalidated. The closer to Continue reading

Cloudflare Argo Tunnel with Rust+Raspberry Pi

Cloudflare Argo Tunnel with Rust+Raspberry Pi

Yesterday Cloudflare launched Argo Tunnel. In the words of the product team:

Argo Tunnel exposes applications running on your local web server, on any network with an Internet connection, without adding DNS records or configuring a firewall or router. It just works.

Once I grokked this, the first thing that came to mind was that I could actually use one of my Raspberry Pi's sitting around to serve a website, without:

  • A flaky DDNS running on my router
  • Exposing my home network to the world
  • A cloud VM

Ooooh... so exciting.

The Rig

I'll assume you already have a Raspberry Pi with Raspbian on it.

Cloudflare Argo Tunnel with Rust+Raspberry Pi

Plug the Pi into your router. It should now have an IP address. Look that up in your router’s admin UI:

Cloudflare Argo Tunnel with Rust+Raspberry Pi

OK, that's promising. Let's connect to that IP using the default pi/raspberry credentials:

$ ssh 192.168.8.26 -l pi
[email protected]'s password: 

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sun Mar 18 23:24:11 2018 from  Continue reading

Stuffing the Camel into the Bikeshed

I’m sure that there are folk who believe that bodies like the IETF can exercise just the right level of restraint and process management to keep excessive levels of both camelling and bikeshedding out of the IETF and its Working Groups activities. Speaking personally, I just can’t see that happening.

Video Series: Modernizing Java Apps for Developers Part 4

Java Apps

Moving a monolithic application to a modern cloud architecture can be difficult and often result in a greenfield development effort. However, it is possible to move towards a cloud architecture using Docker Enterprise Edition (EE)  with no code changes and gain portability, security and efficiency in the process.

Java Apps

Part 4 takes advantage of the messaging service I added in part 3. In this installment, I’ll add self service analytics powered by the open source Elasticsearch / Kibana stack. The reporting database and analytics UI run in containers and the worker is updated to also store data in Elasticsearch. The Docker platform supports adding new components to a running deployment without shutting down the application containers that are currently running. You’ll learn how Docker lets you add new capabilities to the application with zero downtime in production.

Docker MTA Video Series: Modernizing Java Apps for Developers
Click To Tweet

To learn more about Docker for Java Developers:

The post Video Series: Modernizing Java Apps for Developers Part 4 appeared first on Docker Blog.

Juniper JET & Golang

Network programmability and network automation go hand-in-hand (pun intended) and I’ve been waiting for an opportunity to play with the Juniper IDL (.proto) files to build a JET (Juniper Extension Toolkit) application. Thanks to Marcel Wiget’s efforts, the opening I’ve been waiting for came along!

So what is JET?

JET is a couple of things:

  • Ability to run Python, C and C++ applications onboard both veriexec and non-veriexec enabled Junos
  • Ability to create an off-box application using GRPC and MQTT

JET allows you to program Junos out of the normal NETCONF, CLI, SNMP and ephemeral DB methods that we’re all fairly used to. The other thing is, it’s quick. Like really quick. With GRPC and MQTT, we can program a network element using mechanisms the software world is used to. I’ve been saying for a long time our data is no longer our own and JET allows us to bridge organisational worlds in multiple ways. Pretty cool.

So what did you do?

Not having a huge amount of time for this, I opted for off-box and took Marcel’s code as the base for how to use the APIs exposed via GRPC.

The application uses the “bgp_route_service” JET API Continue reading

1 1,664 1,665 1,666 1,667 1,668 3,849