Blame privacy activists for the Memo??

Former FBI agent Asha Rangappa @AshaRangappa_ has a smart post debunking the Nunes Memo, then takes it all back again with an op-ed on the NYTimes blaming us privacy activists. She presents an obviously false narrative that the FBI and FISA courts are above suspicion.

I know from first hand experience the FBI is corrupt. In 2007, they threatened me, trying to get me to cancel a talk that revealed security vulnerabilities in a large corporation's product. Such abuses occur because there is no transparency and oversight. FBI agents write down our conversation in their little notebooks instead of recording it, so that they can control the narrative of what happened, presenting their version of the converstion (leaving out the threats). In this day and age of recording devices, this is indefensible.

She writes "I know firsthand that it’s difficult to get a FISA warrant". Yes, the process was difficult for her, an underling, to get a FISA warrant. The process is different when a leader tries to do the same thing.

I know this first hand having casually worked as an outsider with intelligence agencies. I saw two processes in place: one for the flunkies, and Continue reading

Top 5 moments from Networking Field Day 2017

Did you miss Cumulus Networks’ session at Networking Field Day 2017 on February 26th? Or maybe you tuned in, and you want to reminisce on the best moments? Don’t worry, we’ve got you covered! Check out our top five favorite highlights from Technical Marketing Engineer Pete Lumbis’ presentation about managing EVPN/VXLAN. (You can also watch the whole session here, if you’d prefer to hear it from the man himself. Prepare for an intelligent demonstration peppered with some good laughs!)

5) The Legos of Linux

It makes sense to start with the basics, and that’s exactly how we begin the presentation. In a daring move, Pete decides to illustrate Cumulus Linux’s capabilities sans-Powerpoint, and whiteboards the architecture of a Mellanox switch running our OS.

managing EVPN/VXLAN

One of the great things about Cumulus technology is that it’s all based in Linux. So, any configurations you would make on a Linux device are exactly the same on Cumulus Linux. Simple, right? That’s exactly our goal — allowing customers to easily customize their network as they see fit with basic building blocks. As Pete describes it, building the network is like “taking those Lego pieces and turning them into Saturn V.” Continue reading

What It Takes to Build a Quantum Computing Startup

If you thought the up-front costs and risks were high for a silicon startup, consider the economics of building a full-stack quantum computing company from the ground-up—and at a time when the applications are described in terms of their potential and the algorithms still in primitive stages.

Quantum computing company, D-Wave managed to bootstrap its annealing-based approach and secure early big name customers with a total of $200 million over the years but as we have seen with a range of use cases, they have been able to put at least some funds back in investor pockets with system sales

What It Takes to Build a Quantum Computing Startup was written by Nicole Hemsoth at The Next Platform.

Up and Running with oVirt 4.2 and Gluster Storage

In December, the oVirt Project shipped version 4.2 of its open source virtualization management system. With a new release comes an update to this howto for running oVirt together with Gluster storage using a trio of servers to provide for the system's virtualization and storage needs, in a configuration that allows you to take one of the three hosts down at a time without disrupting your running VMs.

If you're looking instead for a simpler, single-machine option for trying out oVirt, your best bet is the oVirt Live ISO page. This is a LiveCD image that you can burn onto a blank CD or copy onto a USB stick to boot from and run oVirt. This is probably the fastest way to get up and running, but once you're up, this is definitely a low-performance option, and not suitable for extended use or expansion.

Read on to learn about my favorite way of running oVirt.

oVirt, Glusterized

Prerequisites

Hardware: You’ll need three machines with 16GB or more of RAM and processors with hardware virtualization extensions. Physical machines are best, but you can test oVirt using nested KVM as well. I've written this howto using VMs running on my "real" Continue reading

Up and Running with oVirt 4.2 and Gluster Storage

In December, the oVirt Project shipped version 4.2 of its open source virtualization management system. With a new release comes an update to this howto for running oVirt together with Gluster storage using a trio of servers to provide for the system's virtualization and storage needs, in a configuration that allows you to take one of the three hosts down at a time without disrupting your running VMs.

If you're looking instead for a simpler, single-machine option for trying out oVirt, your best bet is the oVirt Live ISO page. This is a LiveCD image that you can burn onto a blank CD or copy onto a USB stick to boot from and run oVirt. This is probably the fastest way to get up and running, but once you're up, this is definitely a low-performance option, and not suitable for extended use or expansion.

Read on to learn about my favorite way of running oVirt.

oVirt, Glusterized

Prerequisites

Hardware: You’ll need three machines with 16GB or more of RAM and processors with hardware virtualization extensions. Physical machines are best, but you can test oVirt using nested KVM as well. I've written this howto using VMs running on my "real" Continue reading

A Behind the Scenes Look at Mobile Ad Fraud

How did I use over a gigabyte of mobile data in a single day? Why is my phone as warm as a hot plate? If you have ever asked yourself either of these questions, you might be the victim of a malicious application that is using your device and consuming your mobile bandwidth to facilitate ad fraud. We have recently identified a large population of apps being distributed from the Google Play Store that support this behavior.  These apps are installed on devices on a majority of the major cell phone carriers around the world.  These carriers operate in the US (AT&T, Verizon, Sprint, and T-Mobile), Europe (KPN, Vodafone, Ziggo, Sky, Virgin, Talk Talk, BT, O2, and T-Mobile), and the Asia Pacific region (Optus, Telstra, iinet, and others) [Note: Mobile providers and Google have been notified]. Just this morning, before this article was published, Buzzfeed broke another ad fraud story.

The Mechanics of the Grift

Online advertising consists of a complex ecosystem of ad buyers, sellers, exchanges, and data providers. Operators of websites and application authors have available space in their content layout and interaction in the user experience that can be integrated to include various forms of Continue reading

Weekends Reads 020218: GDPR, taxes, and security

The regulatory environment for brands and retailers that do business online is getting stricter thanks to regulatory changes in Europe with the General Data Protection Regulation (GDPR), as well as existing regulations in th ompanies that adapt quickly can turn these changes into a competitive advantage. —Christopher Rence @CircleID

Europe’s General Data Protection Regulation (GDPR) will come into effect in May 2018, and with it, a new set of tough penalties for companies that fail to adequately protect the personal data of European users. Amongst those affected are domain name registries and registrars, who are required by ICANN, the global domain name authority, to list the personal information of domain name registrants in publicly-accessible WHOIS directories. ICANN and European registrars have clashed over this long-standing contractual requirement, which does not comply [PDF] with European data protection law. —Jeremy Malcom @EFF

Security is always changing and failure always exists. This toxic scenario requires a fresh perspective on how we think about operational security. We must understand that we are often the primary cause of our own security flaws. The industry typically looks at cybersecurity and failure in isolation or as separate matters. We believe that our lack of insight and operational Continue reading

AMD plans silicon fix for Spectre vulnerability

Comeback kid AMD announced on its quarterly earnings call that it intends to have a silicon fix for the variant 2 of the Spectre exploit, the only one of the Meltdown and Spectre exploits it’s vulnerable to, by 2019 with its new Zen 2 core.The company also said it will ramp up GPU card production to meet the insane demand these days thanks to cryptominers, although it said the biggest challenge will be to find enough memory to make the cards.Also read: Meltdown and Spectre: How much are ARM and AMD exposed? It's hard to believe that in 2018 we are seeing such shortages in computing hardware, but there you have it.To read this article in full, please click here

AMD plans silicon fix for Spectre vulnerability

Comeback kid AMD announced on its quarterly earnings call that it intends to have a silicon fix for the variant 2 of the Spectre exploit, the only one of the Meltdown and Spectre exploits it’s vulnerable to, by 2019 with its new Zen 2 core.The company also said it will ramp up GPU card production to meet the insane demand these days thanks to cryptominers, although it said the biggest challenge will be to find enough memory to make the cards.Also read: Meltdown and Spectre: How much are ARM and AMD exposed? It's hard to believe that in 2018 we are seeing such shortages in computing hardware, but there you have it.To read this article in full, please click here

IDG Contributor Network: Multicloud mania: what to know

When enterprises started moving workloads and applications to the public cloud, it made sense to adapt existing networking technologies to the new domain. But while compute and storage have successfully become ‘cloud-like,’ networking hasn't.Cloud networking solutions being offered by companies including Aviatrix, Cisco, and Juniper Network are all vying to help organizations solve networking challenges when transforming their infrastructure to public cloud. But as cloud implementations become more complex, it’s becoming clear that cloud connectivity solutions based on virtualized datacenter networking technologies lack the agility and elasticity required to   build and scale in the public cloud.To read this article in full, please click here

IDG Contributor Network: Multicloud mania: what to know

When enterprises started moving workloads and applications to the public cloud, it made sense to adapt existing networking technologies to the new domain. But while compute and storage have successfully become ‘cloud-like,’ networking hasn't.Cloud networking solutions being offered by companies including Aviatrix, Cisco, and Juniper Network are all vying to help organizations solve networking challenges when transforming their infrastructure to public cloud. But as cloud implementations become more complex, it’s becoming clear that cloud connectivity solutions based on virtualized datacenter networking technologies lack the agility and elasticity required to   build and scale in the public cloud.To read this article in full, please click here

OpenSwitch

OpenSwitch is a Linux Foundation project providing an open source white box control plane running on a standard Linux distribution. The diagram above shows the OpenSwitch architecture.

This article describes how to enable industry standard sFlow telemetry using the open source Host sFlow agent. The Host sFlow agent uses Control Plane Services (CPS) to configure sFlow instrumentation in the hardware and gather metrics. CPS in turn uses the Open Compute Project (OCP) Switch Abstraction Interface (SAI) as a vendor independent method of configuring the hardware. Hardware support for sFlow is a standard feature supported by Network Processing Unit (NPU) vendors (Barefoot, Broadcom, Cavium, Innovium, Intel, Marvell, Mellanox, etc.) and vendor neutral sFlow configuration is part of the SAI.

Installing and configuring Host sFlow agent

Installing the software is simple. Log into the switch and type the following commands:
wget --no-check-certificate https://github.com/sflow/host-sflow/releases/download/v2.0.17-1/hsflowd-opx_2.0.17-1_amd64.deb
sudo dpkg -i hsflowd-opx_2.0.17-1_amd64.deb
The sFlow agent requires very little configuration, automatically monitoring all switch ports using the following default settings:

Link SpeedSampling RatePolling Continue reading

What is the Industrial IoT? And why the stakes are so high

Everyone’s heard of the IoT – smart thermostats, Internet-connected refrigerators, connected lightbulbs – but there’s a subset called industrial IoT that has a much more significant day-to-day impact on businesses, safety and even lives.The term IIoT refers to the Industrial Internet of Things. In broad strokes, it’s the application of instrumentation and connected sensors and other devices to machinery and vehicles in the transport, energy and industrial sectors.What that means in practice varies widely. One IIoT system could be as simple as a connected rat trap that texts home to say that it’s been activated, while another might be as complicated as a fully automated mass production line that tracks maintenance, productivity and even ordering and shipping information across a huge, multi-layered network.To read this article in full, please click here

Live Training at Safari Books: How the Internet Really Works

I will be teaching my first live training course at Safari Books Online on the 9th of March, starting at noon ET: How the Internet Really Works. It’s hard to describe the level and background for this training, as it will be all over the place; this is a bit of an experiment in this realm. The course description is—

This live training will provide an overview of the systems, providers, and standards bodies important to the operation of the global Internet, including the Domain Name System (DNS), the routing and transport systems, standards bodies, and registrars. For DNS, the process of a query will be considered in some detail, who pays for each server used in the resolution process, and tools engineers can use to interact DNS. For routing and transport, the role of each kind of provider will be considered, along with how they make money to cover their costs, and how engineers can interact with the global routing table (the Default Free Zone, of DFZ). Finally, registrars and standards bodies will be considered, including their organizational structure, how they generate revenue, and how to find their standards.

You can find more information here.

Is ACI Coming For The CLI?

I’m soon to depart from Cisco Live Barcelona. It’s been a long week of fun presentations. While I’m going to avoid using the words intent and context in this post, there is one thing I saw repeatedly that grabbed my attention. ACI is eating Cisco’s world. And it’s coming for something else very soon.

Devourer Of Interfaces

Application-Centric Infrastructure has been out for a while and it’s meeting with relative success in the data center. It’s going up against VMware NSX and winning in a fair number of deals. For every person that I talk to that can’t stand it I hear from someone gushing about it. ACI is making headway as the tip of the spear when it comes to Cisco’s software-based networking architecture.

Don’t believe me? Check out some of the sessions from Cisco Live this year. Especially the Software-Defined Access and DNA Assurance ones. You’re going to hear context and intent a lot, as those are the key words for this new strategy. You know what else you’re going to hear a lot?

Contract. Endpoint Group (EPG). Policy.

If you’re familiar with ACI, you know what those words mean. You see the parallels between the data center Continue reading

1 1,746 1,747 1,748 1,749 1,750 3,851