Microsoft fixes record number of flaws, some publicly known

Microsoft's batch of security patches for March is one of the largest ever and includes fixes for several vulnerabilities that are publicly known and actively exploited.The company published 17 security bulletins covering 135 vulnerabilities in its own products and one separate bulletin for Flash Player, which has its security patches distributed through Windows Update. Nine bulletins are rated critical and nine are rated as important.The affected products include Windows, Internet Explorer, Microsoft Edge, Microsoft Office, Exchange, Skype for Business, Microsoft Lync, and Silverlight.To read this article in full or to leave a comment, please click here

Assert() in the hands of bad coders

Using assert() creates better code, as programmers double-check assumptions. But only if used correctly. Unfortunately, bad programmers tend to use them badly, making code worse than if no asserts were used at all. They are a nuanced concept that most programmers don't really understand.

We saw this recently with the crash of "Bitcoin Unlimited", a version of Bitcoin that allows more transactions. They used an assert() to check the validity of input, and when they received bad input, most of the nodes in the network crashed.

The Bitcoin code is full of bad uses of assert. The following examples are all from the file main.cpp.


Example #1this line of code:

  1.     if (nPos >= coins->vout.size() || coins->vout[nPos].IsNull())
  2.         assert(false); 

This use of assert is silly. The code should look like this:

  1.     assert(nPos < coins->vout.size());
  2.     assert(!coins->vout[nPos].IsNull());

This is the least of their problems. It understandable that Continue reading

Applied Networking Research Workshop – Paper Submission Deadline: 3 April

We’re excited to share news of the second Applied Networking Research Workshop (ANRW2017), which will take place in Prague, Czech Republic, on July 15. This one-day workshop will be co-sponsored by the Association for Computing Machinery (ACM), the Internet Society and the Internet Research Task Force (IRTF). The Call for Papers is open now, with a deadline of 3 April.

Mat Ford

Fast Convergence and the Fast Reroute – Definitions/Design Considerations in IP and MPLS

Fast Convergence and the Fast Reroute Network reliability is an important design aspect for deployability of time and loss sensitive applications. When a link, node or SRLG failure occurs in a routed network, there is inevitably a period of disruption to the delivery of traffic until the network reconverges on the new topology.   Fast reaction is essential […]

The post Fast Convergence and the Fast Reroute – Definitions/Design Considerations in IP and MPLS appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

AWS offers Alexa developers free cloud credits

Developers interested in extending the capabilities of Amazon’s Alexa virtual assistant have some more free tools in their arsenal, thanks to a program the company announced Wednesday.Developers with an active Alexa skill --  a service that expands the capabilities of the virtual assistant -- can apply for $100 in Amazon Web Services credits every month to help pay for what they’ve built. After that, they can receive up to $100 per month in additional credits if they incur usage charges for their skills.The credits are meant to build on AWS’s existing Free Tier, which offers developers a small bundle of free services every month, but charges them for any usage that goes over those low caps. According to a blog post by Amazon CTO Werner Vogels, the move is supposed to make it free for developers to operate most Alexa skills.To read this article in full or to leave a comment, please click here

Appeals court rules Americans have no legal recourse if hacked by foreign governments

Put aside the matter of Russian interference in our presidential election to instead consider this scenario: If Vladimir Putin ordered his government-employed hackers to plant spyware on your personal computer – stealing all your data and even recording your Skype calls – you would have no access to any legal remedy in the U.S. court system. Preposterous, you say? That’s the law, according to the United States Court of Appeals for the District of Columbia Circuit, which yesterday upheld a lower court decision denying even a day in court to an American citizen who moved here from Ethiopia 30 years ago and was victimized by that country’s government in the exact fashion described above.To read this article in full or to leave a comment, please click here

Appeals court rules Americans have no legal recourse if hacked by foreign governments

Put aside the matter of Russian interference in our presidential election to instead consider this scenario: If Vladimir Putin ordered his government-employed hackers to plant spyware on your personal computer – stealing all your data and even recording your Skype calls – you would have no access to any legal remedy in the U.S. court system. Preposterous, you say? That’s the law, according to the United States Court of Appeals for the District of Columbia Circuit, which yesterday upheld a lower court decision denying even a day in court to an American citizen who moved here from Ethiopia 30 years ago and was victimized by that country’s government in the exact fashion described above.To read this article in full or to leave a comment, please click here

Architecture of Probot – My Slack and Messenger Bot for Answering Questions

I programmed a thing. It’s called Probot. Probot is a quick and easy way to get high quality answers to your accounting and tax questions. Probot will find a real live expert to answer your question and handle all the details. You can get your questions answered over Facebook Messenger, Slack, or the web. Answers start at $10. That’s the pitch.

Seems like a natural in this new age of bots, doesn’t it? I thought so anyway. Not so much (so far), but more on that later.

I think Probot is interesting enough to cover because it’s a good example of how one programmer--me---can accomplish quite a lot using today’s infrastructure.

All this newfangled cloud/serverless/services stuff does in fact work. I was able to program a system spanning Messenger, Slack, and the web, in a way that is relatively scalabile, available, and affordable, while requiring minimal devops.

Gone are the days of worrying about VPS limits, driving down to a colo site to check on a sick server, or even worrying about auto-scaling clusters of containers/VMs. At least for many use cases.

Many years of programming experience and writing this blog is no protection against making mistakes. I made a Continue reading

Four charged, including Russian gov’t agents, for massive Yahoo hack

The U.S. Federal Bureau of Investigation has charged four people, including two Russian state intelligence agents, for their involvement in a massive hack of Yahoo that affected half a billion accounts.In September, Yahoo said hackers had managed to steal personal data on more than 500 million users during an attack in late 2014. The stolen data included names, email addresses, telephone numbers and hashed passwords. Blame for the attack was put on a "state-sponsored" group.On Wednesday, the FBI said that group was the Russian Federal Security Service, the FSB, and it identified agents Dmitry Dokuchaev and Igor Sushchin as leaders of the attack.To read this article in full or to leave a comment, please click here

Four charged, including Russian gov’t agents, for massive Yahoo hack

The U.S. Federal Bureau of Investigation has charged four people, including two Russian state intelligence agents, for their involvement in a massive hack of Yahoo that affected half a billion accounts.In September, Yahoo said hackers had managed to steal personal data on more than 500 million users during an attack in late 2014. The stolen data included names, email addresses, telephone numbers and hashed passwords. Blame for the attack was put on a "state-sponsored" group.On Wednesday, the FBI said that group was the Russian Federal Security Service, the FSB, and it identified agents Dmitry Dokuchaev and Igor Sushchin as leaders of the attack.To read this article in full or to leave a comment, please click here

Docker to donate containerd to the Cloud Native Computing Foundation

Today, Docker announced its intention to donate the containerd project to the Cloud Native Computing Foundation (CNCF). Back in December 2016, Docker spun out its core container runtime functionality into a standalone component, incorporating it into a separate project called containerd, and announced we would be donating it to a neutral foundation early this year. Today we took a major step forward towards delivering on our commitment to the community by following the Cloud Native Computing Foundation process and presenting a proposal to the CNCF Technical Oversight Committee (TOC) for containerd to become a CNCF project. Given the consensus we have been building with the community, we are hopeful to get a positive affirmation from the TOC before CloudNativeCon/KubeCon later this month.  

Over the past 4 years, the adoption of containers with Docker has triggered an unprecedented wave of innovation in our industry: we believe that donating containerd to the CNCF will unlock a whole new phase of innovation and growth across the entire container ecosystem. containerd is designed as an independent component that can be embedded in a higher level system, to provide core container capabilities. Since our December announcement, we have focused efforts on identifying the Continue reading

PII of 33,698,126 Americans leaked online

The personal identifying information (PII)—names, email addresses, phone numbers, physical addresses, employers and job titles—for 33,698,126 Americans has been leaked online.The data, a 52.2GB CSV file, came from a commercial corporate database. Security researcher Troy Hunt determined that the breach came from NetProspex, a service provided by Dun & Bradstreet, which ironically was named as a 2017 world’s most ethical company.To read this article in full or to leave a comment, please click here

PII of 33,698,126 Americans leaked online

The personal identifying information (PII)—names, email addresses, phone numbers, physical addresses, employers and job titles—for 33,698,126 Americans has been leaked online.The data, a 52.2GB CSV file, came from a commercial corporate database. Security researcher Troy Hunt determined that the breach came from NetProspex, a service provided by Dun & Bradstreet, which ironically was named as a 2017 world’s most ethical company.To read this article in full or to leave a comment, please click here

Worth Reading: Redundancy does not imply fault tolerance

It’s a tough life being the developer of a distributed datastore. Thanks to the wonderful work of Kyle Kingsbury (aka, @aphyr) and his efforts on Jepsen.io, awareness of data loss and related issues in the face of network delays and partitions is way higher than it used to be. Under the Jepsen tests, every single system tested other than ZooKeeper exhibited problems of some kind. But many teams are stepping up, commissioning tests, and generally working hard to fix the issues even if they’re not all there yet. —the morning paper

The post Worth Reading: Redundancy does not imply fault tolerance appeared first on 'net work.

Amazon Discounts its Fire Tablet Bundle an Additional $27.98 With This Code – Deal Alert

Through this Saturday, sink the 16GB Fire Tablet bundle's already discounted price to just $59.99 using the code FIREBUNDLE at checkout -- a significant deal considering its typical $107.97 value. The bundle includes the latest 16GB Fire 7" Tablet with special offers ($69.99), Amazon cover ($24.99), and Nupro screen protector ($12.99). Amazon's newest Fire tablet features a rich 7" IPS display and a 1.3 GHz quad-core processor. Integrated Alexa service lets you ask away with a button press. Enjoy millions of movies, TV shows, songs, Kindle e-books, apps and games, and enjoy them uninterrupted with Fire's long lasting 7-hour battery. See this deal on Amazon before it expires by adding to cart and applying FIREBUNDLE at checkout. To read this article in full or to leave a comment, please click here

1 2,218 2,219 2,220 2,221 2,222 3,834