Worth Reading: TLS and Data Center Monitoring
The post Worth Reading: TLS and Data Center Monitoring appeared first on rule 11 reader.
What is Notary and why is it important to CNCF?
As you may have heard, the Notary project has been invited to join the Cloud Native Computing Foundation (CNCF). Much like its real world namesake, Notary is a platform for establishing trust over pieces of content.
In life, certain important events such as buying a house are facilitated by a trusted third party called a “notary.” When buying a house, this person is typically employed by the lender to verify your identity and serve as a witness to your signatures on the mortgage agreement. The notary carries a special stamp and will also sign the documents as an affirmation that a notary was present and verified all the required information relating to the borrowers.
In a similar manner, the Notary project, initially sponsored by Docker, is designed to provide high levels of trust over digital content using strong cryptographic signatures. In addition to ensuring the provenance of the software, it also provides guarantees that the content is not modified without approval of the author anywhere in the supply chain. This then allows higher level systems like Docker Enterprise Edition (EE) with Docker Content Trust (which uses Notary) to establish clear policy on the usage of content. For instance, a Continue reading
Connecting The Dots With Graph Databases
Graph querying of data housed in massive data lakes and data warehouses has been part of the big data and analytics scene for many years, but it hasn’t always been a particularly easy process. Understanding with graphs has in many ways been a highly manual process, and not all data scientists have had access to the Cypher graph database query language. Executives at graph company Neo4j are looking to change that.
At the GraphConnect New York show this week, Neo4j announced it has donated an early version of its Cypher for Apache Spark language toolkit to the openCypher project, a …
Connecting The Dots With Graph Databases was written by Jeffrey Burt at The Next Platform.
Apple iOS 11 Cripples WLAN Troubleshooting Apps
WiFi networking pros say software update limits effectiveness of free apps like Fing on iPhones and iPads.
Apple iOS 11 Cripples WLAN Troubleshooting Apps
WiFi networking pros say software update limits effectiveness of free apps like Fing on iPhones and iPads.
Hello IPv6, Goodbye CGNs – Recent Discussions at a EU/Europol Meeting
Jan Zorz was recently invited to speak at a workshop held by the Estonian Presidency of the Council of the EU and Europol. Jan gave a well-received talk about how Slovenia widely deployed IPv6 and encouraged EU policymakers and law enforcement officials to do the same across Europe.
Per the press release, the workshop was “to address the increasing problem of non-crime attribution associated with the widespread use of Carrier Grade Network Address Translation (CGN) technologies by companies that provide access to the internet.”
With IPv4 address space depleting, CGNs have been widely implemented to conserve public IPv4 address space. In other words, many customers are sharing a single public IPv4 address that often also changes over time. Problems with sharing IP addresses (and therefore CGNs) are well outlined in RFC 6269: “Such issues include application failures, additional service monitoring complexity, new security vulnerabilities, and so on.”
CGNs also present a problem for law enforcement agencies looking to investigate and prosecute crimes online, as it’s much more difficult to narrow down the culprit. This workshop had several IPv6 experts speak of their experiences, partially on the assertion that IPv6 deployment would eliminate CGNs and once again Continue reading
CLI or API… Again (and Again and Again…)
Got this comment on one of my blog posts:
When looking at some of the CLIs just front-ending RESTAPIs, I wonder if "survival" of CLI isn't just in the eyes of the beholder.
It made me really sad because I wrote about this exact topic several times… obviously in vain. Or as one of my network automation friends said when I asked him to look at the draft of this blog post:
Read more ...Is my TPM affected by the Infineon disaster?
I made a tool to check if your TPM chip is bad. Well, it extracts the SRK public key and you can then use marcan’s tool to easily check if the key is good or bad.
Example use:
$ g++ -o check-srk -std=gnu++11 check-srk.cc -ltspi -lssl -lcrypto 2>&1 && ./check-srk
Size: 2048
Outputting modulus…
8490234823904890234823904823904890238490238490238490238490[…]893428490823904231
$ wget https://gist.githubusercontent.com/marcan/fc87aa78085c2b6f979aefc73fdc381f/raw/526bc2f2249a2e3f5d4450c7c412e0dbf57b2288/roca_test.py
[…]
$ python roca_test.py 8490234823904890234823904823904890238490238490238490238490[…]893428490823904231
Vuln!
(use -s if you have an SRK PIN)
If the SRK is weak then not only are very likely anything else you generated in the TPM weak, but also anything generated outside the TPM and imported is crackable, since your blobs are encrypted using this crackable SRK key.
How to Monkey-Patch the Linux Kernel
I have a weird setup. I type in Dvorak. But, when I hold ctrl or alt, my keyboard reverts to Qwerty.
You see, the classic text-editing hotkeys, ctrl+Z, ctrl+X, ctrl+C, and ctrl+V are all located optimally for a Qwerty layout: next to the control key, easy to reach with your left hand while mousing with your right. In Dvorak, unfortunately, these hotkeys are scattered around mostly on the right half of the keyboard, making them much less convenient. Using Dvorak for typing but Qwerty for hotkeys turns out to be a nice compromise.
But, the only way I could find to make this work on Linux / X was to write a program that uses X "grabs" to intercept key events and rewrite them. That was mostly fine, until recently, when my machine, unannounced, updated to Wayland. Remarkably, I didn't even notice at first! But at some point, I realized my hotkeys weren't working right. You see, Wayland, unlike X, actually has some sensible security rules, and as a result, random programs can't just man-in-the-middle all keyboard events anymore. Which broke my setup.
Yes, that's right, I'm that guy:
Source: xkcd 1172
So what was I to do? I began Continue reading
Denver Network Programmability User Group Meeting
If you live (or will be) in Denver next week—specifically, on Wednesday, November 1—I’ll be joining the Denver Network Programmability User Group (NPUG) to talk about network programmability and my recent book with Jason Edelman and Matt Oswalt around network programmability and automation. We’d love to have you join us!
Here are the meeting details:
When: Wednesday, November 1, at 4:00 Mountain Time
Where: GTRI, 990 S Broadway, Suite 300, Denver CO (free parking in and around GTRI)
What: Me joining the NPUG to share some thoughts on network programmability
Why: Because there will be food and drinks, and because you love talking about network programmability and automation
Who: You!
As I mentioned, there will be food and beverages provided for attendees so please take a few moments to RSVP (so that we can plan on how much food and drink to provide).
I’d love to see you there!
5 Things You Can Do With AWX
As you’ve probably already heard, Red Hat announced the release of the AWX project at AnsibleFest in San Francisco. AWX is the open source project behind Red Hat® Ansible® Tower, offering developers access to the latest features, and the opportunity to directly collaborate with the Ansible Tower engineering team.
AWX is built to run on top of the Ansible project, enhancing the already powerful automation engine. AWX adds a web-based user interface, job scheduling, inventory management, reporting, workflow automation, credential sharing, and tooling to enable delegation.
Even if you’re only managing a small infrastructure, here are 5 things you can do with AWX. And we promise, they’ll make your job as a system administrator a whole lot easier:
Delegate
Central to AWX is the ability to create users, and group them into teams. You can then assign access and rules to inventory, credentials, and playbooks at an individual level or team level. This makes it possible to setup push-button access to complex automation, and control who can use it, and where they can run it.
For example, when developers need to stand up a new environment, they don’t need to add another task to your already overbooked Continue reading