Liveblog: Creating Effective Images

This is a liveblog for the DockerCon 2017 session titled “Creating Effective Images.” The speaker is Abby Fuller, a Senior Technical Evangelist with Amazon Web Services. Abby is a former operations engineer who was an early consumer of Amazon’s Elastic Container Service (ECS), and some of her learnings came about the “hard way.” This session is from the “Using Docker” track.

Fuller starts with reviewing the agenda, and shares that she’s intent on providing some practical tips that attendees can put to work immediately.

The first topic that Fuller tackles is the topic of container layers. A Docker container is made up of the read-only layers from the image itself, and a read/write layer at “the top” of the layers. Why do we care? Fewer layers means a smaller image, and smaller images means faster builds and faster deploys. (You may also see a reduced attack surface.)

The differences in making smaller images is important, Fuller explains, because the frequency of deployments is increasing (more deployments happening more quickly), and more containers are being deployed (sometimes at the behest of a CI/CD pipeline). This can result in significant amounts of disk space being consumed unnecessarily.

Some high-level Continue reading

DockerCon 2017 Black Belt Session: Cilium for Network and Application Security

This is a liveblog of the DockerCon 2017 Black Belt session led by Thomas Graf on Cilium, a new startup that focuses on using eBPF and XDP for network and application security.

Graf starts by talking about how BPF (specifically, extended BPF or eBPF) can be used to rethink how the Linux kernel handles network traffic. Graf points out that there is another session by Brendan Gregg on using BPF to do analysis performance and profiling.

Why is it necessary to rethink how networking and security is handled? A lot of it has not evolved as application deployments have evolved from low complexity/low deployment frequency to high complexity/high deployment frequency. Further, the age of unique protocol ports (like SMTP on port 25 or SSH on port 22) is coming to a close, as now many different applications or services simply run over HTTP. This leads to “overloading” the HTTP port and a loss of visibility into which applications are talking over that port. Opening TCP port 80 in a situation like this means potentially exposing more privileges than desired (the example to use other HTTP verbs, like PUT or POST instead of just GET).

Graf quickly moves into a Continue reading

DockerCon 2017 Day 1 Keynote

This is a liveblog of the day 1 keynote (general session) of DockerCon 2017 in Austin, TX.

At 9:05am, Ben Golub, CEO of Docker, Inc., takes the stage to kick off the general session and the conference. Golub starts the presentation by reviewing Docker’s four-year history and all the things that have changed over the last three years since the very first DockerCon—from the size of Gordon (Docker’s tortoise mascot) to the amount of growth in Docker usage (via statistics in the number of Docker hosts, the number of Docker-ized apps, the number of image pulls from Docker Hub, and so forth).

Golub continues by mentioning some of the various use cases for Docker. One use case mentioned is Intuit’s use of Docker, and Golub points out that the person responsible for running Intuit’s systems is confident enough in their systems that they’re attending DockerCon on Tax Day (when as many as 25 million tax returns are expected to be processed).

Shifting gears a bit, Golub talks a bit more about the changes over the last 3 years in regards to Docker (the open source project) itself. Stakeholders have changed, and the nature of the project (now projects) has Continue reading

‘Find My iPhone’ foils pickpocket who swiped 100 devices: police

You might think that a pickpocket skilled enough to steal 100 cellphones, pictured above, would also be savvy enough to know that at least the iPhones in that haul carry a means to foil his caper.Then again, you might be giving the crook too much credit.From a story on the website of a Boston television station: A New York man was arrested at the Coachella music festival in Southern California after he was found with more than 100 stolen cellphones, according to Indio police.During the concert festival on Friday, several people noticed their phones were missing and immediately activated the "Find My Phone" feature on their mobile devices.To read this article in full or to leave a comment, please click here

‘Find My iPhone’ foils pickpocket who swiped 100 devices: police

You might think that a pickpocket skilled enough to steal 100 cellphones, pictured above, would also be savvy enough to know that at least the iPhones in that haul carry a means to foil his caper.Then again, you might be giving the crook too much credit.From a story on the website of a Boston television station: A New York man was arrested at the Coachella music festival in Southern California after he was found with more than 100 stolen cellphones, according to Indio police.During the concert festival on Friday, several people noticed their phones were missing and immediately activated the "Find My Phone" feature on their mobile devices.To read this article in full or to leave a comment, please click here

Worth Reading: A new YANG module catalogue

From a high level point of this YANG catalog goal is to become a reference for all YANG modules available in the industry, for both YANG developers (to search on what exists already) and for operators (to discover the more mature YANG models to automate services). This YANG catalog should not only contain pointers to the YANG modules themselves, but also contains metadata related to those YANG modules: What is the module type (service model or not?) What is the maturity level? (for the IETF: is this a RFC, a working group document or an individual draft?), Is this module implemented? Who is the contact? Is there open-source code available? And we expect much more in the future. —Benoît Claise

The post Worth Reading: A new YANG module catalogue appeared first on rule 11 reader.

Intel scraps annual IDF event as it looks beyond PCs

After 20 years, Intel is scrapping its marquee annual Intel Developer Forum event, where tech enthusiasts gathered to load up on the chipmaker's news and technologies.IDF started off in 1997 as a small event in Palm Springs, California. The show was later moved to San Francisco and vastly expanded during a boom in the PC market.But with the PC market slowing down, the attraction of IDF has also dwindled. Intel's future isn't tied to PCs but instead to areas like data centers, autonomous cars, modems, the internet of things, and manufacturing. Last year, IDF events were held in San Francisco and Beijing, and neither will happen this year. An event was scheduled this year from Aug. 15 to 17 in San Francisco, according to a calendar for Moscone Convention Center, but it has been canceled.To read this article in full or to leave a comment, please click here

IoT malware clashes in a botnet territory battle

Mirai -- a notorious malware that's been enslaving IoT devices -- has competition.A rival piece of programming has been infecting some of the same easy-to-hack internet-of-things products, with a resiliency that surpasses Mirai, according to security researchers."You can almost call it Mirai on steroids," said Marshal Webb, CTO at BackConnect, a provider of services to protect against distributed denial-of-service (DDoS) attacks.Security researchers have dubbed the rival IoT malware Hajime, and since it was discovered more than six months ago, it's been spreading unabated and creating a botnet. Webb estimates it's infected about 100,000 devices across the globe.    To read this article in full or to leave a comment, please click here

IoT malware clashes in a botnet territory battle

Mirai -- a notorious malware that's been enslaving IoT devices -- has competition.A rival piece of programming has been infecting some of the same easy-to-hack internet-of-things products, with a resiliency that surpasses Mirai, according to security researchers."You can almost call it Mirai on steroids," said Marshal Webb, CTO at BackConnect, a provider of services to protect against distributed denial-of-service (DDoS) attacks.Security researchers have dubbed the rival IoT malware Hajime, and since it was discovered more than six months ago, it's been spreading unabated and creating a botnet. Webb estimates it's infected about 100,000 devices across the globe.    To read this article in full or to leave a comment, please click here

Virtual assistants hear everything, so watch what you say. I’m not kidding

The law of unintended consequences is once again rearing it’s ugly head: Google, Apple, Amazon and others now make virtual assitants that respond to commands, and recordings can trigger them.Burger King found out how, via a radio commercial, it could get Google’s attention. It produced an ad designed to trigger Google Home to advertise the Whopper. The ad featured a Burger King employee saying, “OK, Google. What is the Whopper burger?” The Google Home device would then read the Wikipedia definition of a Whopper. The trigger stopped working a few hours after the ad launched.To read this article in full or to leave a comment, please click here

Virtual assistants hear everything, so watch what you say. I’m not kidding

The law of unintended consequences is once again rearing it’s ugly head: Google, Apple, Amazon and others now make virtual assitants that respond to commands, and recordings can trigger them.Burger King found out how, via a radio commercial, it could get Google’s attention. It produced an ad designed to trigger Google Home to advertise the Whopper. The ad featured a Burger King employee saying, “OK, Google. What is the Whopper burger?” The Google Home device would then read the Wikipedia definition of a Whopper. The trigger stopped working a few hours after the ad launched.To read this article in full or to leave a comment, please click here

21% off ThermaCELL Mosquito Repellent Pest Control Outdoor and Camping Lantern – Deal Alert

The Thermacell Mosquito Repellent Lantern effectively repels mosquitoes and other biting insects in a 15 x 15-foot zone. It has no open flames, operates on a single butane cartridge, and is perfect for a deck, porch or campsite. It averages 4 out of 5 stars on Amazon and is currently discounted to $31.46. See it now on Amazon.To read this article in full or to leave a comment, please click here

Microsoft touts the Edge browser’s battery-friendly traits

Microsoft already has laid claim to its Edge browser being the most battery-efficient Web browser available on Windows 10, and now with the Creators Update, Microsoft touts even further gains in energy efficiency.According to Microsoft’s own tests, Microsoft Edge on Windows 10 Creators Update uses up to 31 percent less power than Google Chrome, and up to 44 percent less than Mozilla Firefox. Before you dismiss it as rather convenient that they did their own tests, they did make the methodology available and provided open-source testing tools for download, so you can run the tests yourself. To read this article in full or to leave a comment, please click here

Optimal Route Reflection


There are—in theory—three ways BGP can be deployed within a single AS. You can deploy a full mesh of iBGP peers; this might be practical for a small’ish deployment (say less than 10), but it quickly becomes a management problem in larger, or constantly changing, deployments. You can deploy multiple BGP confederations; creating internal autonomous systems that are invisible to the world because the internal AS numbers are stripped at the real eBGP edge.

The third solution is (probably) the only solution anyone reading this has deployed in a production network: route reflectors. A quick review might be useful to set the stage.

In this diagram, B and E are connected to eBGP peers, each of which is advertising a different destination; F is advertising the 100::64 prefix, and G is advertising the 101::/64 prefix. Assume A is the route reflector, and B,C, D, and E are route reflector clients. What happens when F advertises 100::/64 to B?

  • B receives the route and advertises it through iBGP to A
  • A adds its router ID to the cluster list, and reflect the route to C, D, and E
  • E receives this route and advertises it through its eBGP session towards G
  • Continue reading
1 2,150 2,151 2,152 2,153 2,154 3,853