The Full Stack Journey podcast tackles service meshes and Linkerd. Joining to help explain is George Miranda from Buoyant.io.
The post Full Stack Journey 016: George Miranda, Service Meshes & Linkerd appeared first on Packet Pushers.
Phishing is the absolute worst.
Unfortunately, sometimes phishing campaigns use Cloudflare for the very convenient, free DNS. To be clear –– there’s a difference between a compromised server being leveraged to send phishing emails and an intentionally malicious website dedicated to this type of activity. The latter clearly violates our terms of service.
In the past, our Trust and Safety team would kick these intentional phishers off the platform, but now we have a new trick up our sleeve and a way for their malicious emails to mysteriously disappear into the ether.
SMTP - the protocol used for sending email - was finalized in 1982, when it was just a small community online. Many of them knew and trusted each other, and so the protocol was built entirely on trust. In an SMTP message, the MAIL FROM field can be arbitrarily defined. That means you could send an email from any email address, even one you don’t own.
This is great for phishers, and bad for everyone else.
The solution to prevent email spoofing was to create the Sender Policy Framework (SPF). SPF allows the domain owner to specify which servers are allowed to send Continue reading
APIs enable network automation and provide visibility in the cloud era.
Two weeks ago, a small Internet Society delegation was in Delhi to participate in a number of events that contained the word ‘Global’ and ‘Cyber’. In this post, I’ll share some of our perspectives on the first two events – the GCCS and the GFCE.
The first meeting of the week was the Global Conference on Cyberspace. This was originally a government-initiated conference series and is also commonly known as the London Process.
Part of the strength of these meetings is that they create a trusted environment for governments to discuss global issues that are usually state-centric, such as international aspects of security and stability. Over time, these meetings have opened up to other stakeholders, with the 2015 meeting in The Hague being the most inclusive so far. However, inclusive participation is not a given. Inclusion is important because these types of meetings ultimately are where norms for inter-state behaviour emerge, not necessarily in writing but through the development of a common narrative. But such narratives are only strong and impactful if those who implement and are impacted by those norms have a seat at the table. Although inclusive, multi-stakeholder participation has historically Continue reading
Ok, this is a continuation of two streams of articles here, first my recent NETCONF tutorial here, and secondly my very old project (back then in Java) of visualization of network topologies using SNMP information called “HelloRoute”. So this is a resurrection of a very old ideas, just using newer methods and tools. But first a foreword on visualization.
Well, as far as I would say, automated network visualization or documentation never really took of as primary source of documentation, everywhere I look we still maintain manually created maps with version control, trying to keep them up-to-date in change process and etc… , the reason why this is so is the context that human author can give the map, for example office networks mapped by purpose or parts of buildings, or by legal organizations. Have a look on the picture below, this is a difference between human and automated maps in most generic network modeling tools.
Human vs computer generated network diagrams
Now to not completely kill the point of you finishing this tutorial, I BELIEVE THE PROBLEM IS THAT VISUALIZATION TOOLS ON MARKET ARE MOSTLY GENERIC PRODUCTS, Continue reading
One of my readers sent me this question:
One thing that I notice is you mentioned moving the complexity to the upper layer. I was wondering why browsers don't support multiple IP addresses for a single site – when a browser receives more than one IP address in a DNS response, it could try to perform TCP SYN to the first address, and if it fails it will move to the other address. This way we don't need an anycast solution for DR site.
Of course I pointed out an old blog post ;), and we all know that Happy Eyeballs work this way.
Read more ...
TL;DR - Net neutrality is under attack. There's an app on Cloudflare Apps that empowers site owners to host a popup on their sites, encouraging users to contact their congresspeople to fight back. Everyone should be doing this right now, before the December 14th FCC vote.
Use Battle for the Net to Call your Congressperson »
Attend Cloudflare's Save the Internet! Net Neutrality Call-A-Thon »
The Federal Communications Commission (FCC) has scheduled a vote to kill its net neutrality rules this Thursday, December 14th. Unfortunately, the expectation is that the FCC will vote to repeal its net neutrality rules. Read about this on Business Insider, Bloomberg, or TechCrunch.
Net neutrality is the principle that networks should not discriminate against content that passes through them. The FCC’s net neutrality rules protect the Internet, users, and companies from abusive behavior by the largest Internet Service Providers (ISPs). Without net neutrality rules in place, ISPs may be able to legally create a "pay to play" system and charge websites to provide content to their customers more quickly. This will create a disadvantage for startups, bloggers, and everyone else who cannot afford to pay fees for their websites to offer faster service.
This tutorial shows how to set up the Cloonix network emulator on a Packet.net server. It builds on top of my previous post about how to set up a virtualization server on Packet.net. Now, I focus on a specific case: setting up the Cloonix network emulator on the virtualization server. You should read my previous post before reading this one.
Running Cloonix on a remote server enables users to work with more complex network emulation scenarios than would be possible on a standard laptop computer. For example. Cloonix recently added a feature which allows users to run Cisco router images in a Cloonix network emulation scenario. Cisco router images require a large amount of computer resources so I cannot run more than a few on my personal laptop computer. If I use a remote Packet server, I could run dozens of Cisco images in a network emulation scenario if I wanted to.
In this post, I will set up a Cloonix network emulation server on Packet.net so it can be started, stopped, and restarted relatively quickly.
In this post, I’ll describe how to use Vagrant with Azure. You can consider this article an extension of some of my earlier Vagrant articles; namely, the posts on using Vagrant with AWS and using Vagrant with OpenStack. The theme across all these posts is examining how one might use Vagrant to simplify/streamline the consumption of resources from a provider using the familiar Vagrant workflow.
If you aren’t already familiar with Vagrant, I’d highly recommend first taking a look at my introduction to Vagrant, which provides an overview of the tool and how it’s used.
Naturally, you’ll need to first ensure that you have Vagrant installed. This is really well-documented already, so I won’t go over it here. Next, you’ll need to install the Azure provider for Vagrant, which you can handle using this command:
vagrant plugin install vagrant-azure
You’ll also (generally) want to have the Azure CLI installed. (You’ll need it for a one-time configuration task I’ll mention shortly.) I’ve published a couple posts on installing the Azure CLI; see here or here.
Once you’ve installed the vagrant-azure plugin and the Azure CLI, you’ll next need to install a box that Vagrant can use. Here, the Continue reading
Five key facts to know about McAllen, Texas
While McAllen is close to the Mexican border, its importance goes well beyond that simple fact. The city is halfway between Dallas, Texas (where Cloudflare has an existing datacenter) and Mexico City, the center and capital of Mexico. This means that any Cloudflare traffic delivered into Mexico is better served from McAllen. Removing 500 miles from the latency equation is a good thing. 500 miles equates to around 12 milliseconds of round-trip latency and when a connection operates (as all connections should), as a secure connection, then there can be many round trip communications before the first page starts showing up. Improving latency is key, even if we have Continue reading
Big Mon uses a technology called GPRS tunneling protocol (GTP) to keep an eye on traffic.
We recently shared Part One and Part Two of Vashkar Bhattacharjee’s story. Vashkar is the National Consultant, Accessibility, A2i, Prime Minister’s Office of Bangladesh, and the Program Manager, Young Power in Social Action (YPSA). Here is Part Three.
Our research at Young People in Social Action (YPSA), Bangladesh revealed that developing multimedia talking books would not be enough to ensure proper learning among students. For that to happen, the students required access to rich vocabulary libraries for proper understanding of language. (We have been supported by a2i program’s Service Innovation Fund to develop Bangladesh’s first accessible dictionaries in English and Bangla available in both online and offline modes.)
People are amazed to see persons with visual impairment using computers and smartphones. This has been made easy thanks to the open-source screen-reading software that can convert text to speech. People with visual impairment can also use the standard QWERTY keyboard just like everybody else as it has become second nature. Among the 50 people working at YPSA, 32 have a disability. ICTs have helped them overcome physical barriers.
In the role of a2i’s national consultant for disability, I am working on making different websites accessible for all following W3C’s Web Content Accessibility Continue reading
Burst buffers are carving out a significant space for themselves in the HPC arena as a way to improve data checkpointing and application performance at a time when traditional storage technologies are struggling to keep up with the increasingly large and complex workloads including traditional simulation and modeling and new things like as data analytics.
The fear has been that storage technologies such as parallel file systems could become the bottleneck that limits performance, and burst buffers have been designed to manage peak I/O situations so that organizations aren’t forced to scale their storage environments to be able to support …
Burst Buffers Blow Through I/O Bottlenecks was written by Jeffrey Burt at The Next Platform.
We have done a few talks in the past on different features of containerd, how it was designed, and some of the problems that we have fixed along the way. Containerd is used by Docker, Kubernetes CRI, and a few other projects but this is a post for people who may not know what containerd actually does within these platforms. I would like to do more posts on the feature set and design of containerd in the future but for now, we will start with the basics.
I think the container ecosystem can be confusing at times. Especially with the terminology that we use. Whats this? A runtime. And this? A runtime… containerd (pronounced “container-dee”) as the name implies, not contain nerd as some would like to troll me with, is a container daemon. It was originally built as an integration point for OCI runtimes like runc but over the past six months it has added a lot of functionality to bring it up to par with the needs of modern container platforms like Docker and orchestration systems like Kubernetes.
So what do you actually get using containerd? You get push and pull functionality as well as image Continue reading
Ericsson will provide pre-standard 5G Core and RAN.
AT&T's Device Supplier program began as Domain 1.0 in 2009.
