The Industrial IoT will give us self-healing machinery

Production downtime’s days are limited thanks to the industrial Internet of Things (IoT). Machine-embedded, network-connected sensors along with the collection of massive amounts of data will allow for self-healing manufacturing, scientists say.That’s the concept behind an enthusiastic research project called SelSus currently being explored by multiple European academic institutions and manufacturers, including Ford.Also on Network World: How industrial IoT is making steel production smarter The idea that the team proposes is to not just detect weaknesses during production, but to also fix the potential issues automatically through a kind of mathematically calculated self-healing. The scientists say diagnostics should supply recommendations before a piece of equipment has failed. That self-healing aspect would take equipment monitoring to the next level.To read this article in full or to leave a comment, please click here

Fidelity Investment’s key to hybrid cloud: Application flexibility

From an infrastructure perspective, Fidelity Investments uses a combination of private cloud hosted in company data centers plus multiple public cloud platforms, leading to the question, how to manage this hybrid infrastructure?One key is being flexible, say Maria Azua Himmel, senior vice president of distributed systems at the 71-year old multi-national with $2.13 trillion in assets under management.Azua is attempting to implement strategies among Fidelity’s application developers to ensure that when new apps are built they can be run in almost any environment, whether it be one of the public clouds the company uses or inside its own data centers. To do this Azua is advocating for the use of application containers and software-defined infrastructure that can be controlled via application programming interfaces (APIs).To read this article in full or to leave a comment, please click here

Fidelity Investment’s key to hybrid cloud: Application flexibility

From an infrastructure perspective, Fidelity Investments uses a combination of private cloud hosted in company data centers plus multiple public cloud platforms, leading to the question, how to manage this hybrid infrastructure?One key is being flexible, say Maria Azua Himmel, senior vice president of distributed systems at the 71-year old multi-national with $2.13 trillion in assets under management.Azua is attempting to implement strategies among Fidelity’s application developers to ensure that when new apps are built they can be run in almost any environment, whether it be one of the public clouds the company uses or inside its own data centers. To do this Azua is advocating for the use of application containers and software-defined infrastructure that can be controlled via application programming interfaces (APIs).To read this article in full or to leave a comment, please click here

Hello IPv6, Goodbye CGNs – Recent Discussions at a EU/Europol Meeting

Jan Zorz was recently invited to speak at a workshop held by the Estonian Presidency of the Council of the EU and Europol. Jan gave a well-received talk about how Slovenia widely deployed IPv6 and encouraged EU policymakers and law enforcement officials to do the same across Europe.

Per the press release, the workshop was “to address the increasing problem of non-crime attribution associated with the widespread use of Carrier Grade Network Address Translation (CGN) technologies by companies that provide access to the internet.”

With IPv4 address space depleting, CGNs have been widely implemented to conserve public IPv4 address space. In other words, many customers are sharing a single public IPv4 address that often also changes over time. Problems with sharing IP addresses (and therefore CGNs) are well outlined in RFC 6269: “Such issues include application failures, additional service monitoring complexity, new security vulnerabilities, and so on.”

CGNs also present a problem for law enforcement agencies looking to investigate and prosecute crimes online, as it’s much more difficult to narrow down the culprit. This workshop had several IPv6 experts speak of their experiences, partially on the assertion that IPv6 deployment would eliminate CGNs and once again Continue reading

CLI or API… Again (and Again and Again…)

Got this comment on one of my blog posts:

When looking at some of the CLIs just front-ending RESTAPIs, I wonder if "survival" of CLI isn't just in the eyes of the beholder.

It made me really sad because I wrote about this exact topic several times… obviously in vain. Or as one of my network automation friends said when I asked him to look at the draft of this blog post:

Read more ...

Is my TPM affected by the Infineon disaster?

I made a tool to check if your TPM chip is bad. Well, it extracts the SRK public key and you can then use marcan’s tool to easily check if the key is good or bad.

Example use:

$ g++ -o check-srk -std=gnu++11 check-srk.cc -ltspi -lssl -lcrypto 2>&1 && ./check-srk
Size: 2048
Outputting modulus…
8490234823904890234823904823904890238490238490238490238490[…]893428490823904231
$ wget https://gist.githubusercontent.com/marcan/fc87aa78085c2b6f979aefc73fdc381f/raw/526bc2f2249a2e3f5d4450c7c412e0dbf57b2288/roca_test.py
[…]
$ python roca_test.py 8490234823904890234823904823904890238490238490238490238490[…]893428490823904231
Vuln!

(use -s if you have an SRK PIN)

If the SRK is weak then not only are very likely anything else you generated in the TPM weak, but also anything generated outside the TPM and imported is crackable, since your blobs are encrypted using this crackable SRK key.

How to Monkey-Patch the Linux Kernel

How to Monkey-Patch the Linux Kernel

I have a weird setup. I type in Dvorak. But, when I hold ctrl or alt, my keyboard reverts to Qwerty.

You see, the classic text-editing hotkeys, ctrl+Z, ctrl+X, ctrl+C, and ctrl+V are all located optimally for a Qwerty layout: next to the control key, easy to reach with your left hand while mousing with your right. In Dvorak, unfortunately, these hotkeys are scattered around mostly on the right half of the keyboard, making them much less convenient. Using Dvorak for typing but Qwerty for hotkeys turns out to be a nice compromise.

But, the only way I could find to make this work on Linux / X was to write a program that uses X "grabs" to intercept key events and rewrite them. That was mostly fine, until recently, when my machine, unannounced, updated to Wayland. Remarkably, I didn't even notice at first! But at some point, I realized my hotkeys weren't working right. You see, Wayland, unlike X, actually has some sensible security rules, and as a result, random programs can't just man-in-the-middle all keyboard events anymore. Which broke my setup.

Yes, that's right, I'm that guy:

How to Monkey-Patch the Linux Kernel

Source: xkcd 1172

So what was I to do? I began Continue reading

Denver Network Programmability User Group Meeting

If you live (or will be) in Denver next week—specifically, on Wednesday, November 1—I’ll be joining the Denver Network Programmability User Group (NPUG) to talk about network programmability and my recent book with Jason Edelman and Matt Oswalt around network programmability and automation. We’d love to have you join us!

Here are the meeting details:

When: Wednesday, November 1, at 4:00 Mountain Time
Where: GTRI, 990 S Broadway, Suite 300, Denver CO (free parking in and around GTRI)
What: Me joining the NPUG to share some thoughts on network programmability
Why: Because there will be food and drinks, and because you love talking about network programmability and automation
Who: You!

As I mentioned, there will be food and beverages provided for attendees so please take a few moments to RSVP (so that we can plan on how much food and drink to provide).

I’d love to see you there!

HPE gives up the battle for tier 1 data center customers

A few weeks back I told you how white box vendors, those Chinese-made, unbranded server vendors that compete with HP Enterprise and Dell EMC, were taking a sizable chunk of the business from the brand-name vendors.Well, now HPE has made it official and announced it will no longer try to sell commodity hardware — the cheap, low-end servers used in abundance in public-facing data centers — to tier 1 customers like Amazon, Facebook, Google and Microsoft. Also on Network World: How HPE plans to spin out its software assets HPE president Antonio Neri made the announcement at HPE’s analyst day event last week. He added that HPE would continue to sell higher-end servers to those vendors.To read this article in full or to leave a comment, please click here

HPE gives up the battle for tier 1 data center customers

A few weeks back I told you how white box vendors, those Chinese-made, unbranded server vendors that compete with HP Enterprise and Dell EMC, were taking a sizable chunk of the business from the brand-name vendors.Well, now HPE has made it official and announced it will no longer try to sell commodity hardware — the cheap, low-end servers used in abundance in public-facing data centers — to tier 1 customers like Amazon, Facebook, Google and Microsoft. Also on Network World: How HPE plans to spin out its software assets HPE president Antonio Neri made the announcement at HPE’s analyst day event last week. He added that HPE would continue to sell higher-end servers to those vendors.To read this article in full or to leave a comment, please click here

5 Things You Can Do With AWX

5 Things you can do with AWX

As you’ve probably already heard, Red Hat announced the release of the AWX project at AnsibleFest in San Francisco. AWX is the open source project behind Red Hat® Ansible® Tower, offering developers access to the latest features, and the opportunity to directly collaborate with the Ansible Tower engineering team.

AWX is built to run on top of the Ansible project, enhancing the already powerful automation engine. AWX adds a web-based user interface, job scheduling, inventory management, reporting, workflow automation, credential sharing, and tooling to enable delegation.

Even if you’re only managing a small infrastructure, here are 5 things you can do with AWX. And we promise, they’ll make your job as a system administrator a whole lot easier:

Delegate

Central to AWX is the ability to create users, and group them into teams. You can then assign access and rules to inventory, credentials, and playbooks at an individual level or team level. This makes it possible to setup push-button access to complex automation, and control who can use it, and where they can run it.

For example, when developers need to stand up a new environment, they don’t need to add another task to your already overbooked Continue reading

IDG Contributor Network: The 4 SD-WAN architectures for network security

SD-WAN might have begun as a networking technology, but the SD-WAN’s future lies in security. Integrating branch security features into SD-WAN, allow leaner, simpler remote office deployments.  To those ends, security vendors have introduced SD-WAN capabilities — and SD-WAN vendors add security capabilities.1. SD-WAN appliances with basic firewalling Many SD-WAN vendors deliver basic firewalling capabilities in their SD-WAN appliances. These firewalls are roughly equivalent to the stateful firewalls you might see in a branch office router. Capabilities will include policy-based filtering and blocking applications based on port or IP addresses. Examples include Cisco (Viptela), Silver Peak and Velocloud.To read this article in full or to leave a comment, please click here

BSC Builds 21st Century HPC In A 19th Century Cathedral

This summer, the Partnership for Advanced Computing in Europe (PRACE) added to its roster another of the world’s most powerful high performance computing systems. The Barcelona Computing Center’s new MareNostrum 4, delivered by IBM with the help of partners Lenovo and Fujitsu, and fueled by HPC technologies from Intel, will facilitate extensive engineering and scientific research in fields like astrophysics, weather forecasting, and genome research. Nestled within a unique building – the Torre Girona chapel, which fell out of use – the fourth generation MareNostrum system relies on a general purpose cluster working with three specialized clusters to achieve its

BSC Builds 21st Century HPC In A 19th Century Cathedral was written by Timothy Prickett Morgan at The Next Platform.

Cray Supercomputers One Step Closer to Cloud Users

Supercomputer maker Cray is always looking for ways to extend its reach outside of the traditional academic and government markets where the biggest deals are often made.

From its forays into graph analytics appliances and more recently, machine and deep learning, the company has potential to exploit its long history building some of the world’s fastest machines. This has expanded into some new ventures wherein potential new Cray users can try on the company’s systems, including via an on-demand partnership with datacenter provider, Markley, and now, inside of Microsoft’s Azure datacenters.

For Microsoft Azure cloud users looking to bolster modeling

Cray Supercomputers One Step Closer to Cloud Users was written by Nicole Hemsoth at The Next Platform.

Think Of Your Audience

One of the challenges technical authors face is that of peer respect. That is, technical people who took a lot of time to learn what they know want to be respected by their peers when they write. They want to be recognized for their knowledge, wisdom, and insights.

In that context, there’s often fear before pressing “Publish.” Was every detail correct? Was every scenario considered? Was the very latest information about a topic included?

The fear of hitting publish is well-founded for technical authors, because technical folks have a way of being nit-picky, pedantic, and annoying. One small detail wrong, one badly stated premise, and the angry comment and critical tweet claws come out, slashing at your ego.

Will they like me? I just want everyone to like me.

One solution, of course, is to have a thick skin. If you view criticisms as a way to improve a piece, that’s the best route to go, especially when the commenter has a good point. Being able to ignore critics is another useful skill, because there are plenty of folks who say a lot while adding no value whatsoever.

However, I think the most important point to keep in mind Continue reading

Think Of Your Audience

One of the challenges technical authors face is that of peer respect. That is, technical people who took a lot of time to learn what they know want to be respected by their peers when they write. They want to be recognized for their knowledge, wisdom, and insights.

In that context, there’s often fear before pressing “Publish.” Was every detail correct? Was every scenario considered? Was the very latest information about a topic included?

The fear of hitting publish is well-founded for technical authors, because technical folks have a way of being nit-picky, pedantic, and annoying. One small detail wrong, one badly stated premise, and the angry comment and critical tweet claws come out, slashing at your ego.

Will they like me? I just want everyone to like me.

One solution, of course, is to have a thick skin. If you view criticisms as a way to improve a piece, that’s the best route to go, especially when the commenter has a good point. Being able to ignore critics is another useful skill, because there are plenty of folks who say a lot while adding no value whatsoever.

However, I think the most important point to keep in mind Continue reading

1 1,846 1,847 1,848 1,849 1,850 3,833