Can the FTC save the IoT?

Nobody in the IT industry would argue that the Internet of Things (IoT) is becoming more secure. Pretty much the opposite.But not for lack of effort. There have been multiple, ongoing initiatives over the past decade, both public and private. There have been dire warnings, publication of various standards and best practices, technology improvements, legislation to encourage threat information sharing and exhortations from government agencies, congressional committees, security firms and conference speakers.Unfortunately, none of them has worked very well so far.In spite of some of the best minds and technology improvements in the world focused on it, most of the IoT’s billions and billions of connected devices remain catastrophically insecure, lacking what experts call the most basic “security hygiene.” The flaws include hard-coded credentials, simple and default user names and passwords and the lack of any way to patch or update exploitable vulnerabilities.To read this article in full or to leave a comment, please click here

Can the FTC save the IoT?

Nobody in the IT industry would argue that the Internet of Things (IoT) is becoming more secure. Pretty much the opposite.But not for lack of effort. There have been multiple, ongoing initiatives over the past decade, both public and private. There have been dire warnings, publication of various standards and best practices, technology improvements, legislation to encourage threat information sharing and exhortations from government agencies, congressional committees, security firms and conference speakers.Unfortunately, none of them has worked very well so far.In spite of some of the best minds and technology improvements in the world focused on it, most of the IoT’s billions and billions of connected devices remain catastrophically insecure, lacking what experts call the most basic “security hygiene.” The flaws include hard-coded credentials, simple and default user names and passwords and the lack of any way to patch or update exploitable vulnerabilities.To read this article in full or to leave a comment, please click here

Integration of a Go service with systemd

Unlike other programming languages, Go’s runtime doesn’t provide a way to reliably daemonize a service. A system daemon has to supply this functionality. Most distributions ship systemd which would fit the bill. A correct integration with systemd is quite straightforward. There are two interesting aspects: readiness & liveness.

As an example, we will daemonize this service whose goal is to answer requests with nifty 404 errors:

package main

import (
    "log"
    "net"
    "net/http"
)

func main() {
    l, err := net.Listen("tcp", ":8081")
    if err != nil {
        log.Panicf("cannot listen: %s", err)
    }
    http.Serve(l, nil)
}

You can build it with go build 404.go.

Here is the service file, 404.service1:

[Unit]
Description=404 micro-service

[Service]
Type=notify
ExecStart=/usr/bin/404
WatchdogSec=30s
Restart=on-failure

[Install]
WantedBy=multi-user.target

Readiness

The classic way for an Unix daemon to signal its readiness is to daemonize. Technically, this is done by calling fork(2) twice (which also serves other intents). This is a very common task and the BSD systems, as well as some other C libraries, supply a daemon(3) Continue reading

Oracle settling with ex-worker over alleged fiddling of cloud accounts

Oracle has informed a federal court that it is settling a lawsuit in which a former employee had charged that she had been terminated from her job for refusing to go along with accounting principles that she did not consider lawful.In a joint submission Wednesday to the U.S. District Court for the Northern District of California, lawyers for Oracle and the former employee Svetlana Blackburn asked for the vacation of a case management conference scheduled for Thursday, while submitting a notice of settlement to notify the court “that the lawsuit has been settled in principle, and to request thirty (30) days in which to file a dismissal.”The lawsuit had drawn interest amid concern that companies could be dressing up their cloud revenue in a highly competitive environment. Gartner, for example, warned in December 2015, that “assessing vendor cloud revenue claims has become more challenging, with many vendors' IT-related businesses being complicated and nuanced.”To read this article in full or to leave a comment, please click here

Zingbox launches IoT protection for business

Zingbox, a cloud-based, internet-of-things security startup, is coming out with its first product that it says can tell good IoT behavior from bad and sends alerts when it finds activity outside the norm. Called Guardian, the solution consists of a virtual appliance that gathers and processes network traffic data and sends it to the Zingbox cloud, where it is analyzed for anomalies. When they are found, it can send alerts to security staff or intervene automatically via integration with firewalls, says May Wang, a founder of the company and its CTO.To read this article in full or to leave a comment, please click here

Zingbox launches IoT protection for business

Zingbox, a cloud-based, internet-of-things security startup, is coming out with its first product that it says can tell good IoT behavior from bad and sends alerts when it finds activity outside the norm. Called Guardian, the solution consists of a virtual appliance that gathers and processes network traffic data and sends it to the Zingbox cloud, where it is analyzed for anomalies. When they are found, it can send alerts to security staff or intervene automatically via integration with firewalls, says May Wang, a founder of the company and its CTO.To read this article in full or to leave a comment, please click here

Zingbox launhces IoT protection for business

Zingbox, a cloud-based, internet-of-things security startup, is coming out with its first product that it says can tell good IoT behavior from bad and sends alerts when it finds activity outside the norm.Called Guardian, the solution consists of a virtual appliance that gathers and processes network traffic data and sends it to the Zingbox cloud, where it is analyzed for anomalies. When they are found, it can send alerts to security staff or intervene automatically via integration with firewalls, says May Wang, a founder of the company and its CTO.To read this article in full or to leave a comment, please click here

Zingbox launhces IoT protection for business

Zingbox, a cloud-based, internet-of-things security startup, is coming out with its first product that it says can tell good IoT behavior from bad and sends alerts when it finds activity outside the norm.Called Guardian, the solution consists of a virtual appliance that gathers and processes network traffic data and sends it to the Zingbox cloud, where it is analyzed for anomalies. When they are found, it can send alerts to security staff or intervene automatically via integration with firewalls, says May Wang, a founder of the company and its CTO.To read this article in full or to leave a comment, please click here

Low-power IoT networks go global with a satellite backbone

Inmarsat says it’s built a global IoT network by combining land-based low-power networks with its mesh of communications satellites, bringing data connections to things like cattle in Australia and reservoirs in Malaysia.The system will combine global reach with one of an emerging class of networks designed for small, low-power devices like sensors. With cellular-or-better range but slower speeds than LTE, these networks can be an economical way to connect widely dispersed devices that use small amounts of data.The land networks that link to Inmarsat’s satellites will use LoRaWAN, a technology that enterprises can roll out on their own, including at sites that mobile operators don’t serve. Multiple vendors make equipment for LoRaWAN, which is based on a specification from the LoRa Alliance.To read this article in full or to leave a comment, please click here

Low-power IoT networks go global with a satellite backbone

Inmarsat says it’s built a global IoT network by combining land-based low-power networks with its mesh of communications satellites, bringing data connections to things like cattle in Australia and reservoirs in Malaysia.The system will combine global reach with one of an emerging class of networks designed for small, low-power devices like sensors. With cellular-or-better range but slower speeds than LTE, these networks can be an economical way to connect widely dispersed devices that use small amounts of data.The land networks that link to Inmarsat’s satellites will use LoRaWAN, a technology that enterprises can roll out on their own, including at sites that mobile operators don’t serve. Multiple vendors make equipment for LoRaWAN, which is based on a specification from the LoRa Alliance.To read this article in full or to leave a comment, please click here

What’s next for open-source Spark?

Boston -- A conference focused on a single open source project sounds like the sort of event that will feature a lone keynote speaker speaking to maybe 100 interested parties in a lecture hall at a local college. Spark Summit East was very much the opposite.A total of 1,503 people watched the five keynote speakers in a cavernous ballroom at the Hynes Convention Center lay out the future of Spark, the big data processing engine originally developed at the University of California – Berkeley by Matei Zaharia. Spark underlies huge data-driven applications being used by major players like Salesforce, Facebook, IBM and many others, helping organize, analyze, and surface specific grains of sand from beach-sized databases.To read this article in full or to leave a comment, please click here

Installing Sublime Text 3 on Fedora 25

Sublime Text is my current text editor of choice. I won’t go into why I chose it over other tools; instead, I encourage you to have a look for yourself. Installing Sublime Text 3 (ST3) on Fedora 25, though, isn’t as simple as running a dnf install. Fortunately, it’s not a difficult process, but it is a process I wanted to document here for the sake of others.

Here’s the process I followed:

  1. Download the latest tarball of ST3. As of this writing, it was build 3126, so this cURL command accomplishes what you need:

     curl -LO https://download.sublimetext.com/sublime_text_3_build_3126_x64.tar.bz2

    As build numbers change, though, you’ll want to verify the correct URL for the latest build. (A lot of sites I saw provide hard-coded scripts that help perform this process for you, but don’t account for changes in the download URL.)

  2. Extract the contents of the tarball with tar xvjf sublime_text_3_build_3126_x64.tar.bz2. This will create a directory called “sublime_text_3” with the contents of the tarball.

  3. Install the desktop launcher for ST3 by copying over the .desktop file in the tarball:

     sudo cp -rf sublime_text_3/sublime_text.desktop /usr/share/applications/sublime_text.desktop

  4. Edit the desktop launcher to specify the full path Continue reading

US idea to collect travelers’ passwords alarms privacy experts

To better vet foreign travelers, the U.S. might demand that some visa applicants hand over the passwords to their social media accounts, a proposal that’s alarming privacy experts.“If they don’t want to give us the information, then they don’t come,” said John Kelly, the head of the Department of Homeland Security, on Tuesday.Kelly mentioned the proposal in a congressional hearing when he was asked what his department was doing to look at visa applicants’ social media activity.He said it was “very hard to truly vet” the visa applicants from the seven Muslim-majority countries covered by the Trump administration's travel ban, which is now in legal limbo. Many of the countries are failed states with little internal infrastructure, he said.To read this article in full or to leave a comment, please click here

US idea to collect travelers’ passwords alarms privacy experts

To better vet foreign travelers, the U.S. might demand that some visa applicants hand over the passwords to their social media accounts, a proposal that’s alarming privacy experts.“If they don’t want to give us the information, then they don’t come,” said John Kelly, the head of the Department of Homeland Security, on Tuesday.Kelly mentioned the proposal in a congressional hearing when he was asked what his department was doing to look at visa applicants’ social media activity.He said it was “very hard to truly vet” the visa applicants from the seven Muslim-majority countries covered by the Trump administration's travel ban, which is now in legal limbo. Many of the countries are failed states with little internal infrastructure, he said.To read this article in full or to leave a comment, please click here

Inside That Big Silicon Valley Hyperscale Supermicro Deal

Among the major companies that design and sell servers with their own brands, which are called original equipment manufacturers or OEMs, and those that co-design machines with customers and then make them, which are called original design manufacturers or ODMs, Supermicro stands apart. It does not fall precisely into either category. The company makes system components, like motherboards and enclosures, for those who want to build their own systems or those who want to sell systems to others, and it also makes complete systems, sold in onesies or twosies or sold by the hundreds of racks.

Supermicro is also a

Inside That Big Silicon Valley Hyperscale Supermicro Deal was written by Timothy Prickett Morgan at The Next Platform.

Speaking at Red Hat Summit 2017

Hi Folks, I know it’s been a few weeks but I assure you I’ve been heads down on good stuff. You’ll get to see much of it on the blog, but also at Red Hat Summit 2017 in Boston, MA if you’re so inclined.

So what will I (and my colleagues) be talking about at “Summit” this year?Well, there are several RHV & KVM specific activities at Summit that I’ll have something to do with, 2 directly and multiple indirectly:

Breakout Session – High Availability for Red Hat Virtualization Manager 
This will be my primary presentation on RHV, where I talk about and provide demo’s on RHV Hosted Engine, mostly in the context of HA (why and how), but also in the context of how it’s used in a new Red Hat product… (cue dramatic music..)

Breakout Session – Red Hat Virtualization and KVM Roadmaps
This is my colleagues’ session, and typically standing room only. I may help organize, but the Product Managers (Moran & Yaniv) will knock this out. It lays out the future of both Red Hat Virtualization and the core technology, KVM.

Lightning Talk – Reporting and Metrics Update
Again, my colleague’s session (Yaniv), but Continue reading

1 2,105 2,106 2,107 2,108 2,109 3,625