Unikernels are secure. Here is why.

Per Buer is the CEO of IncludeOS. IncludeOS is a clean-slate unikernel written in C++ with performance and security in mind. Per Buer is the founder and previous CEO/CTO of Varnish Software.

We’ve created a video that explains this in 7 minutes, so you’ll have the option of watching it instead of reading it.

There have been put forth various arguments for why unikernels are the better choice security wise and also some contradictory opinions on why they are a disaster. I believe that from a security perspective unikernels can offer a level of security that is unprecedented in mainstream computing.

A smaller codebase

Classic operating systems are nothing if not generic. They support everything and the kitchen sink. Since they ship in their compiled form and since users cannot be expected to compile functionality as it is needed, everything needs to come prebuilt and activated. Case in point; your Windows laptop might come with various services activated (bluetooth, file sharing, name resolution, and similar services). You might not use them but they are there. Go to some random security conference and these services will likely be the attack vector that is used to break into your laptop — even Continue reading

Everything Has a Cost

Everything comes at a cost: steak dinners & pre-sales engineering has to get paid for somehow. That should be obvious to most. Feature requests also come at a cost, both upfront, and ongoing. Those ongoing costs are not always understood.

It’s easy to look at vendor gross margins, and assume that there is plenty of fat. But remember that Gross margin is just Revenue minus cost of goods sold. It’s not profit. It doesn’t include sales & marketing costs, or R&D costs. Those costs affect net income, which is ‘real’ income. Companies need to recoup those costs somehow if they want to make money. Gross margin alone doesn’t pay the bills.

Four-Legged SalesDroids, and Steak Dinners

A “four-legged sales call” is when two people show up for sales calls. The usual pattern is an Account Manager for the ‘relationship’ stuff, with a Sales Engineer acting as truth police. These calls can be very useful. It’s a good way to talk about the current business challenges, discuss product roadmaps, provide feedback on what’s working, and what’s not. The Sales Engineer can offer implementation advice, maybe help with some configuration issues.

Often a sales call includes lunch or dinner. Breaking bread together Continue reading

The Linux Migration: July 2017 Progress Report

I’m now roughly six months into using Linux as my primary laptop OS, and it’s been a few months since my last progress report. If you’re just now picking up this thread, I encourage you to go back and read my initial progress report, see which Linux distribution I selected, or check how I chose to handle corporate collaboration (see here, here, and here). In this post, I’ll share where things currently stand.

My configuration is unchanged from the last progress report. I’m still running Fedora 25, and may consider upgrading to Fedora 26 when it releases (due to be released tomorrow, I believe). I’m still using the Dell Latitude E7370, which continues—from a hardware perspective—to perform admirably. CPU power is a bit limited, but that’s to be expected from a mobile-focused chip. My line-up of applications also remains largely unchanged as well.

Some things are working really well:

  • Sublime Text runs really well and is quite fast, making it easy to continue using Markdown as my primary content format. Sublime Text’s performance and stability have been unparalleled.
  • I’ve had no performance or stability issues with Firefox (for browsing) or Enpass (for password management).
  • ODrive, Continue reading

The Linux Migration: July 2017 Progress Report

I’m now roughly six months into using Linux as my primary laptop OS, and it’s been a few months since my last progress report. If you’re just now picking up this thread, I encourage you to go back and read my initial progress report, see which Linux distribution I selected, or check how I chose to handle corporate collaboration (see here, here, and here). In this post, I’ll share where things currently stand.

My configuration is unchanged from the last progress report. I’m still running Fedora 25, and may consider upgrading to Fedora 26 when it releases (due to be released tomorrow, I believe). I’m still using the Dell Latitude E7370, which continues—from a hardware perspective—to perform admirably. CPU power is a bit limited, but that’s to be expected from a mobile-focused chip. My line-up of applications also remains largely unchanged as well.

Some things are working really well:

  • Sublime Text runs really well and is quite fast, making it easy to continue using Markdown as my primary content format. Sublime Text’s performance and stability have been unparalleled.
  • I’ve had no performance or stability issues with Firefox (for browsing) or Enpass (for password management).
  • ODrive, Continue reading

The Linux Migration: July 2017 Progress Report

I’m now roughly six months into using Linux as my primary laptop OS, and it’s been a few months since my last progress report. If you’re just now picking up this thread, I encourage you to go back and read my initial progress report, see which Linux distribution I selected, or check how I chose to handle corporate collaboration (see here, here, and here). In this post, I’ll share where things currently stand.

My configuration is unchanged from the last progress report. I’m still running Fedora 25, and may consider upgrading to Fedora 26 when it releases (due to be released tomorrow, I believe). I’m still using the Dell Latitude E7370, which continues—from a hardware perspective—to perform admirably. CPU power is a bit limited, but that’s to be expected from a mobile-focused chip. My line-up of applications also remains largely unchanged as well.

Some things are working really well:

  • Sublime Text runs really well and is quite fast, making it easy to continue using Markdown as my primary content format. Sublime Text’s performance and stability have been unparalleled.
  • I’ve had no performance or stability issues with Firefox (for browsing) or Enpass (for password management).
  • ODrive, Continue reading

Everything Has a Cost

Everything comes at a cost: steak dinners & pre-sales engineering has to get paid for somehow. That should be obvious to most. Feature requests also come at a cost, both upfront, and ongoing. Those ongoing costs are not always understood.

It’s easy to look at vendor gross margins, and assume that there is plenty of fat. But remember that Gross margin is just Revenue minus cost of goods sold. It’s not profit. It doesn’t include sales & marketing costs, or R&D costs. Those costs affect net income, which is ‘real’ income. Companies need to recoup those costs somehow if they want to make money. Gross margin alone doesn’t pay the bills.

Four-Legged SalesDroids, and Steak Dinners

A “four-legged sales call” is when two people show up for sales calls. The usual pattern is an Account Manager for the ‘relationship’ stuff, with a Sales Engineer acting as truth police. These calls can be very useful. It’s a good way to talk about the current business challenges, discuss product roadmaps, provide feedback on what’s working, and what’s not. The Sales Engineer can offer implementation advice, maybe help with some configuration issues.

Often a sales call includes lunch or dinner. Breaking bread together Continue reading

Three Issues of Being a Part-Time Security Professional

In Information Technology, we commonly hear the mantra of “doing more with less.” That may sound great, and in some cases it can actually be beneficial. It obviously drives the requirement of streamlining performance and the simplification of processes. It can drive innovators to innovate and the attrition of unnecessary systems. The predominate reason for this philosophy is cost cutting.

My argument would generally be that IT should NOT simply be keeping the lights on, it should be adding value by creating competitive differentiators for the business. Being able to execute on that effectively SHOULD change the perspective of IT as it is viewed by the rest of the leadership team. One particular concern I have in regards to those businesses that continue aggressively down this path of cost cutting (or don’t proper initially fund) IT, is in regards to Cybersecurity.

In many cases smaller shops, or shops that don’t fully understand the risks, tend to place their technical team members into split roles. Maybe the view is that someone should be a part-time security person and a part-time network or system administrator. This introduces several concerns and I wanted to quickly share three that are top of mind.

Issue One — What do I Continue reading

Participate in the Net Neutrality Day of Action

Participate in the Net Neutrality Day of Action

We at Cloudflare strongly believe in network neutrality, the principle that networks should not discriminate against content that passes through them.  We’ve previously posted on our views on net neutrality and the role of the FCC here and here.

In May, the FCC took a first step toward revoking bright-line rules it put in place in 2015 to require ISPs to treat all web content equally. The FCC is seeking public comment on its proposal to eliminate the legal underpinning of the 2015 rules, revoking the FCC's authority to implement and enforce net neutrality protections. Public comments are also requested on whether any rules are needed to prevent ISPs from blocking or throttling web traffic, or creating “fast lanes” for some internet traffic.

To raise awareness about the FCC's efforts, July 12th will be “Internet-Wide Day of Action to save Net Neutrality.” Led by the group Battle for the Net, participating websites will show the world what the web would look like without net neutrality by displaying an alert on their homepage. Website users will be encouraged to contact Congress and the FCC in support of net neutrality.

We wanted to make sure our users had an opportunity to participate in this Continue reading

Implementing VXLAN Routing- Arista Networks

Today I am talking about the VXLAN protocol routing. VXLAN routing is enabled by creating a VLAN interface (SVI) on a VLAN that is associated to a VNI. As you know that VXLAN is called as Virtual extensible LAN. VXLAN is a way to extend the Layer 2 subnets over layer 3 network. VXLAN is now one of the demanding way of extended the Layer 2 traffic. 

Earlier we have so many technologies to do so like we have VPLS, MPLS and OTV( Cisco) in the Datacenter network. But VXLAN is used for the fabric network where you can have end to end tunnels within your LAN network. Now a days if you are looking the enterprise network you will find that VXLAN is used in the Datacenter and Campus networks with the Software defined.

Let's talk about the VXLAN implementation routing on Arista devices. We have two switches connected via core routers and end devices are connected to that switches. In the case of VXLAN you should aware about the three things and these things are 

  • VLAN : Virtual LAN and i guess everybody knows about it
  • VNI: Virtual Network Identifier, VXLAN network identified by a unique VNI is Continue reading

Burner laptops for DEF CON

Hacker summer camp (Defcon, Blackhat, BSidesLV) is upon us, so I thought I'd write up some quick notes about bringing a "burner" laptop. Chrome is your best choice in terms of security, but I need Windows/Linux tools, so I got a Windows laptop.

I chose the Asus e200ha for $199 from Amazon with free (and fast) shipping. There are similar notebooks with roughly the same hardware and price from other manufacturers (HP, Dell, etc.), so I'm not sure how this compares against those other ones. However, it fits my needs as a "burner" laptop, namely:
  • cheap
  • lasts 10 hours easily on battery
  • weighs 2.2 pounds (1 kilogram)
  • 11.6 inch and thin
Some other specs are:
  • 4 gigs of RAM
  • 32 gigs of eMMC flash memory
  • quad core 1.44 GHz Intel Atom CPU
  • Windows 10
  • free Microsoft Office 365 for one year
  • good, large keyboard
  • good, large touchpad
  • USB 3.0
  • microSD
  • WiFi ac
  • no fans, completely silent
There are compromises, of course.
  • The Atom CPU is slow, thought it's only noticeable when churning through heavy webpages. Adblocking addons or Brave are a necessity. Most things are usably fast, such as using Microsoft Word.
  • Crappy sound and Continue reading

Arista vEOS Vagrant Box Install

This blog covers how to install Arista boxes for use with Vagrant. Although Arista does not provide Vagrant boxes on Vagrant cloud they do provide boxes that can be downloaded from the arista.com website. This post assumes that you already have a working vagrant install. Download Go to the...

Juniper Vagrant Box Install

This blog covers how to install Juniper boxes for use with Vagrant. This post assumes that you already have a working vagrant install. Plugins Firstly install the Juniper plugins to enable Vagrant to communicate to the boxes correctly. cmd vagrant plugin install vagrant-host-shell...

Using iTerm2 with Cisco VIRL

I love using VIRL to do quick self-check of a config, personal education, and learning the behavior of particular features. I also love using the iTerm2 Terminal Emulator on the Mac. Unfortunately, it isn’t obvious how to make the two play well together. I have had to re-educate myself on this over and over again as I get new computers, mess up my settings and do certain upgrades. I’m pretty sure I copied some of this configuration and the script that I will share from somewhere. So if this looks familiar, reach out to me and I will link back to the source.

This post meant to both share the config and caveats with others as well as to document the nuances for my future reference. In short, there is a standard configuration and a custom configuration for the terminal settings in VIRL’s VMMaestro. These are found in “VMMaestro -> Preferences.”

VMMaestroTerm2

These settings control whether the built-in (VMMaestro’s client) is used or an external terminal client should be used. I much prefer an external client and iTerm2 is my current client of choice. To eliminate the need of manually launching and connecting, I have customized the Applescript code found below. Continue reading

SD-Access ( Fabric Network, Automation and Analytics LAN ) – Campus Networks

Today I am going to talk about new generation technology which Cisco launches in the LAN Campus network. The Next generation is dedicated to the Software defined network and thats what Cisco takes this approach to the LAN network as well with orchestration. Cisco put the pillars and made a architecture around it which includes - Campus Fabric Network, Automation, Authentication and Analytics. All these features are built into the SD-Access technology and will going to replace the traditional approach of Campus Network.

I knew you have some questions around it like
How traffic flows in Campus Network?
What and how fabric works?
Is there VLAN approach works?
Do we need to have SVIs ?

Well take a look into SD-Access approach you will come to know what approach Cisco takes to make it successful in the Campus

SD-Access = Campus Fabric+ DNA Center

Campus Fabric
Campus Fabric have these three protocols works together to make it excellent way to communicate.

  • LISP- Location/Identifier Seperation Protocol- Control Plane 
  • VXLAN- Virtual Extensible LAN - Data Plane
  • Cisco Trustsec- Segmented Tags
I will explain all these protocols one by one in later articles and then i will come up with the solution with Continue reading

What’s new in Docker 17.06 Community Edition (CE)

Docker 17.06 CE (Community Edition) is the first version of Docker built entirely on the Moby Project. New features include Multi-Stage Build, new Networking features, a new metrics endpoint and more! In this Online Meetup, Sophia Parafina, Docker Developer Relations Engineer, demo’d and reviewed these new features. Check out the recording below and slides.

Learn More about Docker 17.06 CE

Check out the announcement blog post or watch the video summary below.

To find out more about these features and more:

 

Learn more about what’s new in #Docker 17.06 CE w/ @spara’s online #meetup video
Click To Tweet

The post What’s new in Docker 17.06 Community Edition (CE) appeared first on Docker Blog.

Pest-control IoT: Tough on rats

In 2012, Swedish pest control company Anticimex began a period of rapid expansion into 18 countries and now reaps revenues of $474 million thanks in part to an aggressive new technology plan that hinges in part on the Internet of Things.+ALSO ON NETWORK WORLD: DreamWorks: The animation studio's powerful network + What Cisco’s new programmable switches mean for youAnticimex’s embrace of IoT goes back to a regional manager in central Europe reading a story about rat infestations in Copenhagen and inventing a motion-detector-based rat trap for use in sewers, according to company’s CIO Daniel Spahr.To read this article in full or to leave a comment, please click here

Worth Reading: The next generation of whois

Similar to Internet DNS, WHOIS is not a single, centrally managed database. Rather, domain name registration data is held in disparate locations and administered by multiple Registries and Registrars. Further, a similar WHOIS service (maintained by Regional and National Internet Registries) exists for Numbering Resources (IPV4/V6 addresses, ASN numbers) on Internet. For the sake of simplicity and clarity, we will only talk about domain name WHOIS in this article. —APNIC

The post Worth Reading: The next generation of whois appeared first on rule 11 reader.

1 1,998 1,999 2,000 2,001 2,002 3,849