Network Security Vulnerabilities: the Root Causes

Sometime last autumn, I was asked to create a short “network security challenges” presentation. Eventually, I turned it into a webinar, resulting in almost four hours of content describing the interesting gotchas I encountered in the past (plus a few recent vulnerabilities like turning WiFi into a thick yellow cable).

Each webinar section started with a short “This is why we have to deal with these stupidities” introduction. You’ll find all of them collected in the Root Causes video starting the Network Security Fallacies part of the How Networks Really Work webinar.

Watch the video
You need Free ipSpace.net Subscription to watch the video.

Resizing images on the Linux command line

The convert command from the ImageMagick suite of tools provides ways to make all sorts of changes to image files. Among these is an option to change the resolution of images. The syntax is simple, and the command runs extremely quickly. It can also convert a image from one format to another (e.g., jpg to png) as well as blur, crop, despeckle, dither, flip and join images and more.Although the commands and scripts in this post mostly focus on jpg files, the convert command also works with a large variety of other image files, including png, bmp, svg, tiff, gif and such.Basic resizing To resize an image using the convert, you would use a command like this:To read this article in full, please click here

Resizing images on the Linux command line

The convert command from the ImageMagick suite of tools provides ways to make all sorts of changes to image files. Among these is an option to change the resolution of images. The syntax is simple, and the command runs extremely quickly. It can also convert a image from one format to another (e.g., jpg to png) as well as blur, crop, despeckle, dither, flip and join images and more.Although the commands and scripts in this post mostly focus on jpg files, the convert command also works with a large variety of other image files, including png, bmp, svg, tiff, gif and such.Basic resizing To resize an image using the convert, you would use a command like this:To read this article in full, please click here

Unbounded memory usage by TCP for receive buffers, and how we fixed it

Unbounded memory usage by TCP for receive buffers, and how we fixed it
Unbounded memory usage by TCP for receive buffers, and how we fixed it

At Cloudflare, we are constantly monitoring and optimizing the performance and resource utilization of our systems. Recently, we noticed that some of our TCP sessions were allocating more memory than expected.

The Linux kernel allows TCP sessions that match certain characteristics to ignore memory allocation limits set by autotuning and allocate excessive amounts of memory, all the way up to net.ipv4.tcp_rmem max (the per-session limit). On Cloudflare’s production network, there are often many such TCP sessions on a server, causing the total amount of allocated TCP memory to reach net.ipv4.tcp_mem thresholds (the server-wide limit). When that happens, the kernel imposes memory use constraints on all TCP sessions, not just the ones causing the problem. Those constraints have a negative impact on throughput and latency for the user. Internally within the kernel, the problematic sessions trigger TCP collapse processing, “OFO” pruning (dropping of packets already received and sitting in the out-of-order queue), and the dropping of newly arriving packets.

This blog post describes in detail the root cause of the problem and shows the test results of a solution.

TCP receive buffers are excessively big for some sessions

Our journey began when we started noticing a lot Continue reading

People Aren’t Stupid Just Because They Don’t Understand Tech

As technical people, we spend immense time and energy mastering the nuances of specific technologies. Esoteric knowledge is our currency, and we often measure our personal value against the yardstick of technical nuance. And sometimes (maybe lots of times) we gauge other people with the same yardstick, and dismiss those who don’t measure up. This […]

The post People Aren’t Stupid Just Because They Don’t Understand Tech appeared first on Packet Pushers.

Kubernetes Unpacked 026: Data Backup And Recovery In Kubernetes

On today's Kubernetes Unpacked podcast, Michael and Kristina catch up with with Geoff Burke, Senior Cloud Solutions Architect, to talk about running backups for Kubernetes, how to recover those backups, and which tools to use for backup and disaster recovery. We're also pleased to welcome Kristina Devochko as full-time co-host of the podcast!

The post Kubernetes Unpacked 026: Data Backup And Recovery In Kubernetes appeared first on Packet Pushers.

Intel revises its XPU strategy

Intel has announced a shift in strategy that impacts its XPU and data-center product roadmap.XPU is an effort by Intel to combine multiple pieces of silicon into one package. The plan was to combine CPU, GPU, networking, FPGA, and AI accelerator and use software to choose the best processor for the task at hand.That’s an ambitious project, and it looks like Intel is admitting that it can’t do it, at least for now.Jeff McVeigh, corporate vice president and general manager of the Super Compute Group at Intel, provided an update to the data-center processor roadmap that involves taking a few steps back. Its proposed combination CPU and GPU, code-named Falcon Shores, will now be a GPU chip only.To read this article in full, please click here

Intel revises its XPU strategy

Intel has announced a shift in strategy that impacts its XPU and data-center product roadmap.XPU is an effort by Intel to combine multiple pieces of silicon into one package. The plan was to combine CPU, GPU, networking, FPGA, and AI accelerator and use software to choose the best processor for the task at hand.That’s an ambitious project, and it looks like Intel is admitting that it can’t do it, at least for now.Jeff McVeigh, corporate vice president and general manager of the Super Compute Group at Intel, provided an update to the data-center processor roadmap that involves taking a few steps back. Its proposed combination CPU and GPU, code-named Falcon Shores, will now be a GPU chip only.To read this article in full, please click here

Inter-VRF DHCP Relaying with Redundant DHCP Servers

Previous posts in this series covered numerous intricacies of DHCP relaying:

Now for the final bit of the puzzle: what if we want to do inter-VRF DHCP relaying with redundant DHCP servers?

Read more …

Inter-VRF DHCP Relaying with Redundant DHCP Servers

Previous posts in this series covered numerous intricacies of DHCP relaying:

Now for the final bit of the puzzle: what if we want to do inter-VRF DHCP relaying with redundant DHCP servers?

Read more …

Why it makes sense to converge the NOC and SOC

It’s been 17 years and counting since Nemertes first wrote about the logic of integrating event response in the enterprise: bringing together the security operations center (SOC) and network operations center (NOC) at the organizational, operational, and technological levels. Needless to say, this has not happened at most organizations, although there has been a promising trend toward convergence in the monitoring and data management side of things. It’s worth revisiting the issue.Why converge? The arguments for convergence remain pretty compelling: Both the NOC and SOC are focused on keeping an eye on the systems and services comprising the IT environment; spotting and understanding anomalies; and spotting and responding to events and incidents that could affect or are affecting services to the business. Both are focused on minimizing the effects of events and incidents on the business. The streams of data they watch overlap hugely. They often use the same systems (e.g. Splunk) in managing and exploring that data. Both are focused on root-cause analysis based on those data streams. Both adopt a tiered response approach, with first-line responders for “business as usual” operations and occurrences, and anywhere from one to three tiers of escalation to more senior engineers, Continue reading

Why it makes sense to converge the NOC and SOC

It’s been 17 years and counting since Nemertes first wrote about the logic of integrating event response in the enterprise: bringing together the security operations center (SOC) and network operations center (NOC) at the organizational, operational, and technological levels. Needless to say, this has not happened at most organizations, although there has been a promising trend toward convergence in the monitoring and data management side of things. It’s worth revisiting the issue.Why converge? The arguments for convergence remain pretty compelling: Both the NOC and SOC are focused on keeping an eye on the systems and services comprising the IT environment; spotting and understanding anomalies; and spotting and responding to events and incidents that could affect or are affecting services to the business. Both are focused on minimizing the effects of events and incidents on the business. The streams of data they watch overlap hugely. They often use the same systems (e.g. Splunk) in managing and exploring that data. Both are focused on root-cause analysis based on those data streams. Both adopt a tiered response approach, with first-line responders for “business as usual” operations and occurrences, and anywhere from one to three tiers of escalation to more senior engineers, Continue reading

Automating Green-House Photos through Event-Bridge Pipes and Lambda

< MEDIUM: https://medium.com/towards-aws/automating-green-house-photos-through-event-bridge-pipes-and-lambda-434461b89f55 >

Image sent to Telegram

I have a small greenhouse which was in the pipeline for over 2 years and I finally decided to build it. Whoever is in gardening will agree that anything grows better in the greenhouse at least it appears to be so.

Now, the initial impression is all good but I have plans to learn and explore both the plant sides of things and also some using some part of image analysis for a predictive action, for all that to happen I need a camera and a picture to start with.

Hardware —

  1. Raspberry Pi — I have an old one at home, you can technically have any shape or size as long as it fits your need, My recommendation — is Raspberry Pi Zero

What are the other simplest alternatives:

  • I could have written a Python script which directly could have sent the image to Telegram storing the image locally or uploading it to S3

The reason I choose to go with Event-bridge Pipe is to put this more into practice and from there on connect more Lambda and step-functions for future expansion of the project.

Architecture Diagram for sending Images Continue reading

1 239 240 241 242 243 3,791