Securing the AtSea App with Docker Secrets

Passing application configuration information as environmental variables was once considered best practice in 12 factor applications. However, this practice can expose information in logs, can be difficult to track how and when information is exposed, third party applications can access this information. Instead of environmental variables, Docker implements secrets to manage configuration and confidential information.

Secrets are a way to keep information such as passwords and credentials secure in a Docker CE or EE with swarm mode. Docker manages secrets and securely transmits it to only those nodes in the swarm that need access to it. Secrets are encrypted during transit and at rest in a Docker swarm. A secret is only accessible to those services which have been granted explicit access to it, and only while those service tasks are running.

The AtSea Shop is an example storefront application that can be deployed on different operating systems and can be customized to both your enterprise development and operational environments. The previous post showed how to use multi-stage builds to create small and efficient images. In this post, I’ll demonstrate how secrets are implemented in the application.

Creating Secrets

Secrets can be created using the command line or with a Compose file. The AtSea Continue reading

The X86 Battle Lines Drawn With Intel’s Skylake Launch

At long last, Intel’s “Skylake” converged Xeon server processors are entering the field, and the competition with AMD’s “Naples” Epyc X86 alternatives can begin and the ARM server chips from Applied Micro, Cavium, and Qualcomm and the Power9 chip from IBM know exactly what they are aiming at.

It is a good time to be negotiating with a chip maker for compute power.

The Skylake chips, which are formally known as the Xeon Scalable Processor family, are the result of the convergence of the workhorse Xeon E5 family of chips for two-socket and four-socket servers with the higher-end Xeon E7

The X86 Battle Lines Drawn With Intel’s Skylake Launch was written by Timothy Prickett Morgan at The Next Platform.

Sponsored Post: Apple, Domino Data Lab, Etleap, Aerospike, Loupe, Clubhouse, Stream, Scalyr, VividCortex, MemSQL, InMemory.Net, Zohocorp

Who's Hiring? 

  • Apple is looking for passionate VoIP engineer with a strong technical background to transform our Voice platform to SIP. It will be an amazing journey with highly skilled, fast paced, and exciting team members. Lead and implement the engineering of Voice technologies in Apple’s Contact Center environment. The Contact Center Voice team provides the real time communication platform for customers’ interaction with Apple’s support and retail organizations. You will lead the global Voice, SIP, and network cross-functional engineers to develop world class customer experience. More details are available here.

  • Advertise your job here! 

Fun and Informative Events

  • DBTA Roundtable OnDemand Webinar: Leveraging Big Data with Hadoop, NoSQL and RDBMS. Watch this recent roundtable discussion hosted by DBTA to learn about key differences between Hadoop, NoSQL and RDBMS. Topics include primary use cases, selection criteria, when a hybrid approach will best fit your needs and best practices for managing, securing and integrating data across platforms. Brian Bulkowski, CTO and Co-founder of Aerospike, presented along with speakers from Cask Data and Splice Machine. View now.

  • Advertise your event here!

Cool Products and Services

  • What engineering and IT leaders need to know about data science. As data science Continue reading

Worth Reading: Internet of Terror

Before we get to the question of encryption and key length, I would like to point out two things. An IoT device is nothing more than an embedded system with a TCP/IP stack. It is not a magical object that is somehow protected from attackers because of how cool, interesting, or colorful it is. Second, and I can’t believe I have to point this out to people who would read or write to KV, but the Internet has a lot of stuff on it, and it’s getting bigger every day. Once upon a time, there were fewer than 100 nodes on the Internet, and that time is long past. KV has three Internet-enabled devices within arm’s reach, and, if you think a billion users of the Internet aren’t scary, try multiplying that by 10 once every fridge, microwave, and hotel alarm clock can spew packets into the ether(net). Let’s get this straight: if you attach something to a network—any network—it had better be secured as well as possible, because I am quite tired of being awakened by the sound of the gnashing of teeth caused by each and every new network security breach. The Internet reaches everywhere, and if even Continue reading

AI heading back to the trough

I like Gartner’s concept of the technology hype cycle. It assumes that expectations of new technologies quickly ramp to an inflated peak, drop into a trough of disillusionment, then gradually ascend a slope of enlightenment until they plateau. Of course, not all technologies complete the cycle or transition through the stages at the same pace.Artificial intelligence (AI) has arguably been in the trough for 60 years. I am thinking of Kubrick’s HAL and Roddenberry’s “computer” that naturally interact with humans. That’s a long trough, and despite popular opinion, the end is nowhere in sight.+ Also on Network World: Using artificial intelligence to teach computers to see + There’s so much excitement and specialized research taking place that AI has fragmented into several camps such as heuristic programming for game-playing AI, natural language processing for conversational AI, and machine learning for statistical problems. The hype is building again, and just about every major tech company and countless startups are racing toward another inflated peak and subsequent trough.To read this article in full or to leave a comment, please click here

China Tunes Neural Networks for Custom Supercomputer Chip

Supercomputing centers around the world are preparing their next generation architectural approaches for the insertion of AI into scientific workflows. For some, this means retooling around an existing architecture to make capability of double-duty for both HPC and AI.

Teams in China working on the top performing supercomputer in the world, the Sunway TaihuLight machine with its custom processor, have shown that their optimizations for theSW26010 architecture on deep learning models have yielded a 1.91-9.75X speedup over a GPU accelerated model using the Nvidia Tesla K40m in a test convolutional neural network run with over 100 parameter configurations.

Efforts on

China Tunes Neural Networks for Custom Supercomputer Chip was written by Nicole Hemsoth at The Next Platform.

Who Controls The Internet?

The title of the paper Who controls the Internet? Analyzing global threats using property traversal graphs is enough to ensnare any Internet researcher. The control plane for a number of attacks, as the paper points out, is the DNS due to the role it plays in mapping names to resources. MX records in the DNS control the flow of mail, CNAME records are used to implement content delivery networks (CDN) services, and TXT records are used to confirm access to and control over a namespace when implementing third party services. This post will cover an interesting case where control is exercised first via the DNS and then using BGP.

Below the DNS, in the depths of internet plumbing, is the lizard brain of internet routing, which is governed by the border gateway protocol (BGP). A common term to describe BGP routing is “hot potato” routing. BGP conversations occur between autonomous systems, ASes, which are identified by their autonomous system number ASN. The ASN represents a system of networks and the policy associated with their routing. ASes are issued regionally by Regional Internet Registries (RIRs), which receive blocks of AS numbers to hand out from the Internet Assigned Numbers Authority Continue reading

33% off iRobot Roomba 652 Robotic Vacuum Cleaner – Prime Day Deal Alert

This is a Prime Day deal good for today only, and reserved for Amazon Prime members (or those with a free trial: sign up here). The Roomba 652 Vacuuming Robot provides a thorough clean at the push of a button. Preset Roomba to clean when it’s convenient for you, so you can keep up with everyday mess. The Roomba 652 is discounted a 33%, so you save a whopping $125 if you buy it today. If you've always wanted a robot to clean your house, see this deal on Amazon.To read this article in full or to leave a comment, please click here

35% off Bose SoundLink Mini Bluetooth Speaker II – Prime Day Deal Alert

Amazon Prime members save a generous 35% ($70) on the highly rated Bose SoundLink Mini Bluetooth Speaker II. This is a Prime Day deal, so good for today only until they run out of stock. The SoundLink Mini Bluetooth speaker II delivers full sound with dramatically deeper lows than you’d expect from a speaker that fits in the palm of your hand. And because it’s wireless and ultra-compact, it’s easy to take anywhere. The built-in speakerphone lets you take calls out loud with clear sound. And voice prompts make Bluetooth pairing easy. Plays unplugged for hours and can be charged from most USB power sources. Head over to Amazon and take advantage of this Prime Day deal. If you're not a Prime member, you can sign up for a free trial here to unlock the deals. To see our picks for today's best Prime Day deals, read our guide (on our sister site PCWorld.com) to the best deals: "Amazon Prime Day 2017: We pick the best electronics, PC, and mobile deals"To read this article in full or to leave a comment, please click here

OpenPower, Efficiency Tweaks Define Europe’s DAVIDE Supercomputer

When talking about the future of supercomputers and high-performance computing, the focus tends to fall on the ongoing and high-profile competition between the United States with its slowly eroding place as the kingpin in the industry and China and the tens of billions of dollars that the government has invested in recent years to rapidly expand the reach of the country’s tech community and the use of home-grown technologies in massive new systems.

Both trends were on display at the recent International Supercomputing Conference in Frankfurt, Germany, where China not only continued to hold the top two spots on the

OpenPower, Efficiency Tweaks Define Europe’s DAVIDE Supercomputer was written by Nicole Hemsoth at The Next Platform.

IPv6 Link-Local Addresses and VLAN Interfaces

One of my readers sent me an email that’s easiest paraphrased into: “Why can’t I have a different IPv6 link-local address (LLA) on every access port connected to a VLAN interface?

There’s probably nothing stopping someone from implementing such an approach, but it would go against the usual understanding of how bridging and routing interact in L2+L3 switches.

Read more ...

Interface basics on the Juniper MX

I’ve been spending more time on the MX recently and I thought it would be worthwhile to document some of the basics around interface configuration.  If you’re like me, and come from more of a Cisco background, some of configuration options when working with the MX weren’t as intuitive.  In this post, I want to walk through the bare bone basic of configuring interfaces on a MX router.

Basic L3 interface

ge-0/0/0 {
    unit 0 {
        family inet {
            address 10.20.20.16/24;
        }
    }
}

The most basic interface configuration possible is a simple routed interface. You’ll note that the interface address is configured under a unit. To understand what a unit is you need to understand some basic terminology that Juniper uses. Juniper describes a physical interface as an IFD (Interface Device). In our example above the IFD would be the physical interface ge-0/0/0. We can then layer one or more IFL (Interface Logical) on top of the IFD. In our example the IFL would be the unit configuration, in this case ge-0/0/0.0. Depending on the configuration of the IFD you may be able to provision additional units. These additional units (Logical interfaces (IFLs)) Continue reading

1 1,981 1,982 1,983 1,984 1,985 3,834