Networking Is Infrastructure – Get Used to It

Jeff Sicuranza left a great comment to one of my blog posts:

Still basically the same old debate from 25 years ago that experienced Network Architects and Engineers understood during technology changes; "Do you architect your network around an application(s) or do you architect your application(s) around your network"

I would change that to “the same meaningless debate”. Networking is infrastructure; it’s time we grow up and get used to it.

Read more ...

Windows 10 browser beatdown: Who’s got the edge?

Not all web browsers are created equal. In fact, it might startle you a little to realize how diverse the range of top-end browser software has become, if you came of age in the era of “Internet Explorer or go home.” With about a third of all Windows traffic on the web coming from Windows 10 installs, according to figures from U.K.-based analytics firm GoSquared, and with Microsoft distancing itself from Internet Explorer in favor of the Edge just as fast as it can, it seems like as good a time as any to survey a few of the best browsing options for Windows 10 users. A word on methodology – I ran each contestant here through three benchmarks (higher scores are better in all of them – see graphic below) to give a broad sense of overall performance, and put each of them through their paces by using them for both work and play. With the exception of the benchmarks, what follows are the subjective opinions of a working reporter who nevertheless does a great deal of web browsing. The five browsers – note that Apple Safari isn't a real option on Win10 -- are Continue reading

ARM has a new weapon in race to build world’s fastest computers

ARM conquered the mobile market starting with Apple's iPhone, and now wants to be in the world's fastest computers.A new ARM chip design being announced on Monday is targeted at supercomputers, a lucrative market in which the company has no presence. ARM's new chip design, which has mobile origins, has extensions and tweaks to boost computing power.The announcement comes a few weeks after Japanese company Softbank said it would buy ARM for a mammoth US$32 billion. With the cash, ARM is expected to sharpen its focus on servers and the internet of things.To read this article in full or to leave a comment, please click here

A lesson in social engineering: president debates

In theory, we hackers are supposed to be experts in social engineering. In practice, we get suckered into it like everyone else. I point this out because of the upcoming presidential debates between Hillary and Trump (and hopefully Johnson). There is no debate, there is only social engineering.

Some think Trump will pull out of the debates, because he's been complaining a lot lately that they are rigged. No. That's just because Trump is a populist demagogue. A politician can only champion the cause of the "people" if there is something "powerful" to fight against. He has to set things up ahead of time (debates, elections, etc.) so that any failure on his part can be attributed to the powerful corrupting the system. His constant whining about the debates doesn't mean he'll pull out any more than whining about the election means he'll pull out of that.

Moreover, he's down in the polls (What polls? What's the question??). He therefore needs the debates to pull himself back up. And it'll likely work -- because social-engineering.

Here's how the social engineering works, and how Trump will win the debates.

The moderators, the ones running the debate, will do their best Continue reading

Researchers create 3D faces from online photos to defeat face authentication systems

Security researchers continue to find ways around biometric-based security features, including a new attack which can defeat face authentication systems.You might be careful about posting photos of yourself online, either refraining from it or setting the images to private, but your “friends” might post pictures of you online. It wouldn’t matter if those pictures of you are low quality or there were as few as three publicly available photos of you, researchers from the University of North Carolina have developed a virtual reality-based attack that can reproduce your face well enough to trick face authentication systems.In “Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos” (pdf), the researchers called “the ability of an adversary to recover an individual’s facial characteristics through online photos” an “immediate and very serious threat.” The team devised an attack which can bypass “existing defenses of liveness detection and motion consistency.”To read this article in full or to leave a comment, please click here

Researchers create 3D faces from online photos to defeat face authentication systems

Security researchers continue to find ways around biometric-based security features, including a new attack which can defeat face authentication systems.You might be careful about posting photos of yourself online, either refraining from it or setting the images to private, but your “friends” might post pictures of you online. It wouldn’t matter if those pictures of you are low quality or there were as few as three publicly available photos of you, researchers from the University of North Carolina have developed a virtual reality-based attack that can reproduce your face well enough to trick face authentication systems.In “Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos” (pdf), the researchers called “the ability of an adversary to recover an individual’s facial characteristics through online photos” an “immediate and very serious threat.” The team devised an attack which can bypass “existing defenses of liveness detection and motion consistency.”To read this article in full or to leave a comment, please click here

12% off Amazon Tap Alexa-Enabled Portable Bluetooth Speaker – Deal Alert

Amazon is currently discounting its Tap speaker by 12% to $114.99. It averages 4 out of 5 stars from 2,545 customers (read reviews). The Tap is a more portable version of their popular Echo speaker. The tap lasts for up to 9 hours on a single charge and is Alexa-Enabled, so you just "tap" and ask it to play your favorite music from most streaming music services, check sports scores, request an Uber, order a pizza, and much more. Learn more about the discounted Tap and explore buying options now on Amazon.To read this article in full or to leave a comment, please click here

Bugs don’t come from the Zero-Day Faerie

This WIRED "article" (aka. thinly veiled yellow journalism) demonstrates the essential thing wrong with the 0day debate. Those arguing for NSA disclosure of 0days believe the Zero-Day Faerie brings them, that sometimes when the NSA wakes up in the morning, it finds a new 0day under its pillow.

The article starts with the sentences:
WHEN THE NSA discovers a new method of hacking into a piece of software or hardware, it faces a dilemma. Report the security flaw it exploits to the product’s manufacturer so it gets fixed, or keep that vulnerability secret—what’s known in the security industry as a “zero day”—and use it to hack its targets, gathering valuable intelligence.
But the NSA doesn't accidentally "discover" 0days -- it hunts for them, for the purpose of hacking. The NSA first decides it needs a Cisco 0day to hack terrorists, then spends hundreds of thousands of dollars either researching or buying the 0day. The WIRED article imagines that at this point, late in the decision cycle, that suddenly this dilemma emerges. It doesn't.

The "dilemma" starts earlier in the decision chain. Is it worth it for the government to spend $100,000 to find and disclose a Cisco 0day? Continue reading

IoT Engineering Tip: Simplifying SSH Host ECDSA Key Checking

Those of you new to Internet of Things (IoT) engineering and using boards such as the Raspberry Pi will probably have come across an irritation: Every time you wipe the operating system on your IoT device and then try to use the Secure Shell (SSH) to access it, SSH will complain with something along the lines of:RedQueen:~ mgibbs$ ssh [email protected]@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @To read this article in full or to leave a comment, please click here

QoS? Really?

I wrote this post during Cisco Live and said “I’ll just give it a once-over tonight and publish it.”  That was something like 6 weeks ago now. What a loser I am.

Yes, really. QoS has actually gotten some attention this year. After how many years of living in the dark and being feared by junior and senior engineers alike, we’re seeing some really cool technologies coming out for it.

I was honored to be invited to Tech Field Day Extra this morning while I’m at Cisco Live.  If you don’t know about TFD, you’re missing out.  A group of influencers gather in a room and get very deep and very technical presentations from vendors.  Today, Cisco came and talked about a couple of topics including branch security and QoS.  Obviously, the QoS was the big hitter for me.

Tim Szigeti (@tim_szigeti) kicked off the QoS conversation by talking about some of the recent advancements in QoS in both hardware and software. In hardware, he discussed the programmability of the new ASICs that Cisco is using in their switches and routers.  These ASICs are dumb out of the box, but they are very willing to learn.  Want it Continue reading

Machine learning and forgery

There’s no doubt that pretty much everything humans do can be sliced, diced, and replicated by algorithms so it’s not surprising that recent work by Tom S. F. Haines, Oisin Mac Aodha, and Gabriel J. Brostow, researchers at University College London, has resulted in the fall of yet another bastion of being human: Handwriting. How did they do it? Machine learning.Their paper, called "My Text in Your Handwriting," describes software that semi-automatically analyzes a sample of a handwriting, then generates whatever text you want in what looks like the identical style of the original handwriting sample. UCL’s press release explains:To read this article in full or to leave a comment, please click here

Google is killing Chrome apps on Mac, Windows and Linux

Three years after introducing special apps that run inside the Chrome browser, Google announced Friday that it will be removing them from Windows, Mac and Linux by early 2018. Google introduced those apps in 2013 as a way to offer new functions that weren't otherwise available on the web. Chrome browser apps also gave developers a way to write one app that would run across Windows, Mac, Linux and Chrome OS.The apps come in two flavors: Hosted Apps, which are essentially installable web apps, and Packaged Apps, which are closer to a traditional app like those you might find in the iOS App Store or Google Play Store. To read this article in full or to leave a comment, please click here

Weekly Roundup: Top 5 Docker articles of the week

 

This week, we announced the launch of the Docker Scholarship program, got to know our featured Docker Captains, and aired the first #Dockercast episode. As we begin a new week, let’s recap our top 5 most-read stories for the week of August 14, 2016:

 

5 #docker stories you don’t want to miss this week cc @chanwit @vfarcic @idomyowntricks Continue reading

These are the lessons Trulia learned from building a chatbot

It's a competitive real-estate rental market out there, and Trulia wanted to capitalize on the interest with a new Facebook Messenger bot it launched earlier this month.The bot lets users search for rental properties and keep up to date on new properties when they become available. Trulia's bot came out of a quarterly hackathon project hosted by at real estate tech firm this past May, and the company learned a lot about bot-building. The experience showed that businesses should give bot-making a shot, even if they're not tech companies, said Yardley Ip, general manager for Trulia Rentals."Given that the tools are so easy to use, and it's so lightweight to develop [a bot], I think businesses should try it," Ip said. "At least, at minimum, from the customer service angle. Because there are frequently asked questions that users and customers have, and why not use a bot as a way to respond to your users quickly?"To read this article in full or to leave a comment, please click here

Your Docker Agenda for LinuxCon North America

Hey Dockers! We’re excited to be back at LinuxCon this year in Toronto and hope you are, too! We’ve a got a round-up of many of our awesome Docker speakers, as well as a booth. Come visit us in between the sessions at booth #41 inside “The Hub”. You may even be able to score yourself some Docker swag.

 

linuxcon-containercon-north-america-2016-62

Monday:

11:45am – Curious about the Cloud Native Computing Foundation, Open Container Initiative, Cloud Foundry Foundation and their role in the cloud ecosystem? Docker’s Stephen Walli joins other panelists to deliver So CFF, CNCF, and OCI Walk into a Room (or ‘Demystifying the Confusion: CFF, CNCF, OCI).

3:00pm – Docker Captain Phil Estes will describe and demonstrate the use of the new schema format’s capabilities for multiple platform-specific image references in his More than x86_64: Docker Images for Multi-Platform session.

4:20 pm – Join Docker’s Mike Coleman for Containers, Physical, and virtual, Oh My! insight on what points businesses need to consider as they decide how and where to run their Docker containers.

 

Tuesday:

2:00pm – Docker Captain Phil Estes is back with Runc: The Little (Container) Engine that Could where he will 1) give an overview Continue reading

The NBA is holding its first hackathon – should your company, too?

Companies large and small have already embraced the hackathon as a way to foster collaboration and innovation, and now the NBA has announced that it's jumping on board.Scheduled to take place next month in New York, the NBA's first-ever event is open to undergraduate and graduate student statisticians, developers and engineers in the U.S. who are interested in building basketball analytics tools. Participants will present their work to a panel of expert judges and an audience of NBA League Office and team personnel. Prizes will be awarded to the top three teams, including a tour of the NBA League Office and a lunch with NBA staff.To read this article in full or to leave a comment, please click here

See the powerful megachips that will clash at Hot Chips

Speed is kingImage by University of California, DavisThis year's Hot Chips conference is all about chips that can rake, power efficiency be damned. That's because virtual reality, machine learning, and self-driving cars demand heaps of processing power, not low power consumption. Here are some the fastest chips being detailed at the conference, starting Sunday in Cupertino, California.To read this article in full or to leave a comment, please click here

Worth Reading: Lawless government hacking

In our society, the rule of law sets limits on what government can and cannot do, no matter how important its goals. To give a simple example, even when chasing a fleeing murder suspect, the police have a duty not to endanger bystanders. The government should pay the same care to our safety in pursuing threats online, but right now we don’t have clear, enforceable rules for government activities like hacking and “digital sabotage.” And this is no abstract question—these actions increasingly endanger everyone’s security. —Deep Links

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Lawless government hacking appeared first on 'net work.

1 2,723 2,724 2,725 2,726 2,727 3,835