Response: The Network Collective, Episode 1

The end of March brought with it the first episode of a neat new project called The Network Collective, a video roundtable for networking engineers. The hosts and co-founders of this escapade are Jordan Martin (@BCJordo), Eyvonne Sharp (@SharpNetwork) and Phil Gervasi (@Network_Phil).

Top 10 Ways To Break Your Network

Episode 1 brought three guests to the virtual table: Carl Fugate, Mike Zsiga and Jody Lemoine, the latter of whom (top right on the YouTube video) is actually blurry in real life, and this is not a video artifact. The topic for discussion was the Top 10 Ways To Break Your Network. Thankfully, the show didn’t actually provide tips on how to break your network — as if we need any help doing that — but instead looked at the shameful ways in which each participant had managed to cause network destruction in the past, and what lessons could be learned.

The fact that five of six experienced professionals are willing to own up to their blunders (one brought a colleague’s mistake to put up on the chopping block) actually signals one of the most important lessons that the episode highlighted, which is Continue reading

Future iMac Pro models to feature ‘server grade’ internals

It’s been a long while since we’ve seen any meaningful update to Apple’s iMac line, but as the company revealed a few weeks ago, there are some new and exciting updates in the works.As Apple executives told a handful of journalists recently, the company is working on a brand-new iMac Pro model. And while the company didn’t provide any significant details, they did make a point of stressing that a touchscreen iMac is not in the works.“Touch doesn’t even register on the list of things pro users are interested in talking about,” Phil Schiller said. “They're interested in things like performance and storage and expandability.”Now comes word via Digitimes that Apple’s new iMac Pro models—which will still measure in at 21.5 and 27-inches—will feature “server grade” internals.To read this article in full or to leave a comment, please click here

Tiny gadget roundup time!

Being little doesn’t necessarily mean that you aren’t important, but sometimes I get a bunch of little gadgets that do simple things that don’t warrant a fuller review/writeup. I save these for this type of post. Lots of little gadgets to help you along your journey in life. Let’s begin! Ventev The Ventev Chargestand 3000c combines a portable battery, power cable (Lightning or Micro USB, depending on which option you choose) and mini-stand in one small package. When the battery is charged via USB, you can flip open the lid (like an old-school flip phone) and rest your smartphone on the tip of the power cable.To read this article in full or to leave a comment, please click here

H-1B visa demand slips; analysts see Trump effect

The U.S. government today said it received 199,000 H-1B visa petitions for the upcoming 2018 fiscal year -- 37,000 less than in 2016.The government will issue 85,000 visas distributed via a computer-generated lottery. The winners will be able to use their visas at the start of the federal fiscal year, which begins Oct. 1.[ Further reading: Hottest jobs, cities and industries for IT pay in 2017 ] Industry analysts see President Donald Trump's actions and campaign rhetoric as having had an impact on the offshore outsourcing industry, which includes the largest users of H-1B visa workers. Firms considering shipping IT jobs overseas appear now to be more cautious than in recent years.To read this article in full or to leave a comment, please click here

The strange new world of hiring and employee tracking

Your employer wants to hire top salespeople and is counting on HR to deliver the best. There's the old-fashioned way: collect resumes, sort for keywords, check on social networks, get referrals and interview.But what about geotagging?Employers often have "top performer clubs" for their salespeople. Incentives for these top performers usually involve rewards such as trips to Hawaii, the Caribbean or Italy."That's fairly public knowledge," said Bertrand Dussert, vice president of Human Capital Management (HCM) transformation and thought leadership at Oracle. "You can assemble the known list of salespeople and compare it to geotagged tweets." (Clues can be found on the web. For instance, see this corporate blog post, Italy Awaits Adobe's Top Sales Performers).To read this article in full or to leave a comment, please click here

Five pitfalls to avoid when migrating to the cloud

Mistakes can be costly. They also can be so painful they keep you from venturing any further ahead.Of course, that's true with almost anything tech-related, but IT managers will tell you that there are some common, and potentially damaging, pitfalls that anyone looking at a cloud migration should work to avoid.Migration mistakes can cost the enterprise money and time, and eliminate or reduce any expected increases in agility as well as speed and cost savings.Those stumbles and losses could cause business execs to back off from a bigger cloud migration. It also could cause execs to lose faith in their IT leaders."This is part of the learning curve," said Deepak Mohan, an analyst with IDC. "The negatives are attributed to the cloud and not to these mistakes that need to be corrected... If a company does not realize the cost savings and they fail to see the results they thought they'd get, the result is that there is a drop in faith and a lowering of confidence in your cloud strategy. And that will cause a slowdown in adoption."To read this article in full or to leave a comment, please click here

How to prevent your mobile app from getting hacked

Trivial matter?Image by Steve Traynor/IDGThe average user has around 26 to 55 applications downloaded to his smartphone device. Most likely, you have entertainment and gaming apps, a banking app, a few social media apps, fitness apps, and eCommerce apps to shop at your favorite stores.To read this article in full or to leave a comment, please click here

Trump to order wholesale H-1B reform

President Donald Trump will sign an executive order Tuesday dubbed "Buy American, Hire American" that calls for sweeping reform of the H-1B visa process.Its centerpiece is the replacement of the H-1B lottery with a system that distributes visas on the basis of wages, skills and education."We want to switch away from a random lottery system, in which it's weighted toward the lowest wage workers, towards a system that prioritizes higher skilled, higher paid workers," said a senior administration official, in a background briefing to reporters on the condition that officials not be identified.Such an H-1B reform "would make it much more difficult to use it to replace American workers," the administration official said.To read this article in full or to leave a comment, please click here

How to prevent your mobile app from getting hacked

VMware NSX Unplugged: Networking Field Day (#NFD15)

Being a product of the 90’s, one of my favorite past times was MTV’s “Unplugged” series. Whether it was Pearl Jam, or 10,000 Maniacs, or Eric Clapton, there was something about the acoustic, raw, uncut nature of the show that drew me in and made me look at my favorite bands in a new way.

This is much the same experience we had recently here at VMware, as the folks from Gestalt IT brought Networking Field Day’s traveling band of IT enthusiasts to our Palo Alto campus. What ensued was 4+ hours of insight, illumination, witty banter, and from time to time, downright theoretical disagreements about things as simple as semantics and nomenclature.

But out of it all came a great show – which just like with MTV Unplugged – was ultimately all that mattered. So grab your favorite beverage and snack, put on your stereophonic headgear, and listen to the VMware Team as they walk through VMware’s networking strategy, demos and product direction.

VMware NSX Vision and Product Overview with Milin Desai

VMware NSX Technology Overview with Ray Budavari

VMware NSX Automation with Ray Budavari

VMware Security with NSX Micro-Segmentation with Wade Holmes

VMware Day 2 Operations with vRealize Network Insight Continue reading

Network Analysis: Large Packet Capture

In this video, Tony Fortunato shows how to avoid pitfalls when analyzing huge packets.

Automate Everything: ipSpace.net Is Coming Back to US

After the last US-based ipSpace.net workshop a lot of people asked me about the next one. It took a long time, but here it is: I’m running an on-site automation workshop together with several friends with outstanding hands-on experience in Colorado in late May.

How to protect against cross-site request forgery attacks

Cross-site request forgery (CSRF) attacks are becoming a more common attack method used by hackers. These attacks take advantage of the trust a website has for a user’s input and browser. The victim is tricked into performing a specific action they were not intending to do on a legitimate website; where they are authenticated to.CSRF attacks will use the identity and privileges that the victim has on the website to impersonate them and perform malicious activity or transactions. Attackers will attempt to take advantage of users who have login cookies stored in their browsers. Ecommerce sites that send cookies to store user authentication data are vulnerable to this attack.To read this article in full or to leave a comment, please click here

How to protect against cross-site request forgery attacks

5 Open Source companies to watch in 2017

As if getting venture funding themselves isn't exciting enough for open source-oriented startups, seeing an open source-focused company like Deis get snapped up by Microsoft must be a thrill as well.While it would be more thrilling, perhaps, if Microsoft disclosed how much it paid, I'm sure those in the startup world and their backers have ways of finding out that information. Not that the acquisition path is necessarily the exit route that all of these startups envision for themselves, but such money can obviously talk.To read this article in full or to leave a comment, please click here

Budapest (Hungary): Cloudflare Data Center #111

Hot on the heels of several recent data center additions in Yerevan, Quito, Rome, Kansas City, Belgrade, Curacao, Djibouti and Munich, we are delighted to announce our newest deployment in Budapest, making six million websites even faster and safer across Hungary.

Until today, Hungarian visitors to these Internet properties were principally served out of our Frankfurt data center 1,000 km away, or from Vienna. We are happy to further reduce their latency to over 8 million Internet users.

CC BY 2.0 image by Moyann Brenn

Beautiful Budapest

Budapest is one of the most beautiful cities in the world, with must-see sites such as Halászbástya (Fisherman's Bastion), Az Országház (House of the Nation - The Hungarian Parliament), and the Széchenyi Chain Bridge by the Danube. We love this aerial video with breathtaking views of the city created by Milan Heal (Drone Travel Guides).

We have new facilities in the works across five continents. Watch out for even more additions to our growing network.

-The Cloudflare Team

The Cloudflare network today

Simulating latency and packet loss on a Linux host

Every once and a great while there is a need to simulate bad network behavior. Simulating things like packet loss and high latency are often harder to do than you’d expect. However – if you’re dealing with a Linux host – there’s a simple solution. The ‘tc’ command which comes along with the ‘iproute2’ toolset can help you simulate symptoms of a bad network quite easily.

The tc command offers a lot of functionality but in this post we’re just going to walk through a couple of quick examples of using it in conjunction with the netem (network emulator) included in the Linux kernal . To do this, we’ll use just use two hosts…

To start with – let’s make sure that ‘tc’ is installed and that it’s working…

user@ubuntu-1:~$ sudo tc qdisc show dev ens32
qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
user@ubuntu-1:~$

So what did we just do here? Well we used the tc command to return the current qdisc configuration for our servers physical network interface named ‘ens32’. So what’s a qdisc? Qdisc is shorthand for ‘Queue discipline’ and defines the queuing Continue reading

Mirai, Bitcoin, and numeracy

Newsweek (the magazine famous for outing the real Satoshi Nakamoto) has a story about how a variant of the Mirai botnet is mining bitcoin. They fail to run the numbers.

The story repeats a claim by Mcafee that 2.5 million devices were infected with Mirai at some point in 2016. If they were all mining bitcoin, how much money would the hackers be earning?

I bought security cameras and infected them with Mirai. A typical example of the CPU running on an IoT device is an ARM926EJ-S processor.

As this website reports, such a processor running at 1.2 GHz can mine at a rate of 0.187-megahashes/second. That's a bit fast for an IoT device, most are slower, some are faster, we'll just use this as the average.

According to this website, the current hash-rate of all minters is around 4-million terahashes/second.

Bitcoin blocks are mined every 10 minutes, with the current (April 2016) reward set at 12.5 bitcoins per block, giving roughly 1800 bitcoins/day in reward.

The current price of bitcoin is $1191.

Okay, let's plug all these numbers in:

total Mirai hash-rate = 2.5 million bots times 0.185 megahash/sec = 0.468 terahashes/second
Continue reading

Liveblog: Creating Effective Images

This is a liveblog for the DockerCon 2017 session titled “Creating Effective Images.” The speaker is Abby Fuller, a Senior Technical Evangelist with Amazon Web Services. Abby is a former operations engineer who was an early consumer of Amazon’s Elastic Container Service (ECS), and some of her learnings came about the “hard way.” This session is from the “Using Docker” track.

Fuller starts with reviewing the agenda, and shares that she’s intent on providing some practical tips that attendees can put to work immediately.

The first topic that Fuller tackles is the topic of container layers. A Docker container is made up of the read-only layers from the image itself, and a read/write layer at “the top” of the layers. Why do we care? Fewer layers means a smaller image, and smaller images means faster builds and faster deploys. (You may also see a reduced attack surface.)

The differences in making smaller images is important, Fuller explains, because the frequency of deployments is increasing (more deployments happening more quickly), and more containers are being deployed (sometimes at the behest of a CI/CD pipeline). This can result in significant amounts of disk space being consumed unnecessarily.

Some high-level Continue reading

DockerCon 2017 Black Belt Session: Cilium for Network and Application Security

This is a liveblog of the DockerCon 2017 Black Belt session led by Thomas Graf on Cilium, a new startup that focuses on using eBPF and XDP for network and application security.

Graf starts by talking about how BPF (specifically, extended BPF or eBPF) can be used to rethink how the Linux kernel handles network traffic. Graf points out that there is another session by Brendan Gregg on using BPF to do analysis performance and profiling.

Why is it necessary to rethink how networking and security is handled? A lot of it has not evolved as application deployments have evolved from low complexity/low deployment frequency to high complexity/high deployment frequency. Further, the age of unique protocol ports (like SMTP on port 25 or SSH on port 22) is coming to a close, as now many different applications or services simply run over HTTP. This leads to “overloading” the HTTP port and a loss of visibility into which applications are talking over that port. Opening TCP port 80 in a situation like this means potentially exposing more privileges than desired (the example to use other HTTP verbs, like PUT or POST instead of just GET).

Graf quickly moves into a Continue reading

« Previous 1 … 2,144 2,145 2,146 2,147 2,148 … 3,848 Next »