Bugs don’t come from the Zero-Day Faerie

This WIRED "article" (aka. thinly veiled yellow journalism) demonstrates the essential thing wrong with the 0day debate. Those arguing for NSA disclosure of 0days believe the Zero-Day Faerie brings them, that sometimes when the NSA wakes up in the morning, it finds a new 0day under its pillow.

The article starts with the sentences:
WHEN THE NSA discovers a new method of hacking into a piece of software or hardware, it faces a dilemma. Report the security flaw it exploits to the product’s manufacturer so it gets fixed, or keep that vulnerability secret—what’s known in the security industry as a “zero day”—and use it to hack its targets, gathering valuable intelligence.
But the NSA doesn't accidentally "discover" 0days -- it hunts for them, for the purpose of hacking. The NSA first decides it needs a Cisco 0day to hack terrorists, then spends hundreds of thousands of dollars either researching or buying the 0day. The WIRED article imagines that at this point, late in the decision cycle, that suddenly this dilemma emerges. It doesn't.

The "dilemma" starts earlier in the decision chain. Is it worth it for the government to spend $100,000 to find and disclose a Cisco 0day? Continue reading

IoT Engineering Tip: Simplifying SSH Host ECDSA Key Checking

Those of you new to Internet of Things (IoT) engineering and using boards such as the Raspberry Pi will probably have come across an irritation: Every time you wipe the operating system on your IoT device and then try to use the Secure Shell (SSH) to access it, SSH will complain with something along the lines of:RedQueen:~ mgibbs$ ssh [email protected]@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @To read this article in full or to leave a comment, please click here

QoS? Really?

I wrote this post during Cisco Live and said “I’ll just give it a once-over tonight and publish it.”  That was something like 6 weeks ago now. What a loser I am.

Yes, really. QoS has actually gotten some attention this year. After how many years of living in the dark and being feared by junior and senior engineers alike, we’re seeing some really cool technologies coming out for it.

I was honored to be invited to Tech Field Day Extra this morning while I’m at Cisco Live.  If you don’t know about TFD, you’re missing out.  A group of influencers gather in a room and get very deep and very technical presentations from vendors.  Today, Cisco came and talked about a couple of topics including branch security and QoS.  Obviously, the QoS was the big hitter for me.

Tim Szigeti (@tim_szigeti) kicked off the QoS conversation by talking about some of the recent advancements in QoS in both hardware and software. In hardware, he discussed the programmability of the new ASICs that Cisco is using in their switches and routers.  These ASICs are dumb out of the box, but they are very willing to learn.  Want it Continue reading

Machine learning and forgery

There’s no doubt that pretty much everything humans do can be sliced, diced, and replicated by algorithms so it’s not surprising that recent work by Tom S. F. Haines, Oisin Mac Aodha, and Gabriel J. Brostow, researchers at University College London, has resulted in the fall of yet another bastion of being human: Handwriting. How did they do it? Machine learning.Their paper, called "My Text in Your Handwriting," describes software that semi-automatically analyzes a sample of a handwriting, then generates whatever text you want in what looks like the identical style of the original handwriting sample. UCL’s press release explains:To read this article in full or to leave a comment, please click here

Google is killing Chrome apps on Mac, Windows and Linux

Three years after introducing special apps that run inside the Chrome browser, Google announced Friday that it will be removing them from Windows, Mac and Linux by early 2018. Google introduced those apps in 2013 as a way to offer new functions that weren't otherwise available on the web. Chrome browser apps also gave developers a way to write one app that would run across Windows, Mac, Linux and Chrome OS.The apps come in two flavors: Hosted Apps, which are essentially installable web apps, and Packaged Apps, which are closer to a traditional app like those you might find in the iOS App Store or Google Play Store. To read this article in full or to leave a comment, please click here

Weekly Roundup: Top 5 Docker articles of the week

 

This week, we announced the launch of the Docker Scholarship program, got to know our featured Docker Captains, and aired the first #Dockercast episode. As we begin a new week, let’s recap our top 5 most-read stories for the week of August 14, 2016:

 

5 #docker stories you don’t want to miss this week cc @chanwit @vfarcic @idomyowntricks Continue reading

These are the lessons Trulia learned from building a chatbot

It's a competitive real-estate rental market out there, and Trulia wanted to capitalize on the interest with a new Facebook Messenger bot it launched earlier this month.The bot lets users search for rental properties and keep up to date on new properties when they become available. Trulia's bot came out of a quarterly hackathon project hosted by at real estate tech firm this past May, and the company learned a lot about bot-building. The experience showed that businesses should give bot-making a shot, even if they're not tech companies, said Yardley Ip, general manager for Trulia Rentals."Given that the tools are so easy to use, and it's so lightweight to develop [a bot], I think businesses should try it," Ip said. "At least, at minimum, from the customer service angle. Because there are frequently asked questions that users and customers have, and why not use a bot as a way to respond to your users quickly?"To read this article in full or to leave a comment, please click here

Your Docker Agenda for LinuxCon North America

Hey Dockers! We’re excited to be back at LinuxCon this year in Toronto and hope you are, too! We’ve a got a round-up of many of our awesome Docker speakers, as well as a booth. Come visit us in between the sessions at booth #41 inside “The Hub”. You may even be able to score yourself some Docker swag.

 

linuxcon-containercon-north-america-2016-62

Monday:

11:45am – Curious about the Cloud Native Computing Foundation, Open Container Initiative, Cloud Foundry Foundation and their role in the cloud ecosystem? Docker’s Stephen Walli joins other panelists to deliver So CFF, CNCF, and OCI Walk into a Room (or ‘Demystifying the Confusion: CFF, CNCF, OCI).

3:00pm – Docker Captain Phil Estes will describe and demonstrate the use of the new schema format’s capabilities for multiple platform-specific image references in his More than x86_64: Docker Images for Multi-Platform session.

4:20 pm – Join Docker’s Mike Coleman for Containers, Physical, and virtual, Oh My! insight on what points businesses need to consider as they decide how and where to run their Docker containers.

 

Tuesday:

2:00pm – Docker Captain Phil Estes is back with Runc: The Little (Container) Engine that Could where he will 1) give an overview Continue reading

The NBA is holding its first hackathon – should your company, too?

Companies large and small have already embraced the hackathon as a way to foster collaboration and innovation, and now the NBA has announced that it's jumping on board.Scheduled to take place next month in New York, the NBA's first-ever event is open to undergraduate and graduate student statisticians, developers and engineers in the U.S. who are interested in building basketball analytics tools. Participants will present their work to a panel of expert judges and an audience of NBA League Office and team personnel. Prizes will be awarded to the top three teams, including a tour of the NBA League Office and a lunch with NBA staff.To read this article in full or to leave a comment, please click here

See the powerful megachips that will clash at Hot Chips

Speed is kingImage by University of California, DavisThis year's Hot Chips conference is all about chips that can rake, power efficiency be damned. That's because virtual reality, machine learning, and self-driving cars demand heaps of processing power, not low power consumption. Here are some the fastest chips being detailed at the conference, starting Sunday in Cupertino, California.To read this article in full or to leave a comment, please click here

Worth Reading: Lawless government hacking

In our society, the rule of law sets limits on what government can and cannot do, no matter how important its goals. To give a simple example, even when chasing a fleeing murder suspect, the police have a duty not to endanger bystanders. The government should pay the same care to our safety in pursuing threats online, but right now we don’t have clear, enforceable rules for government activities like hacking and “digital sabotage.” And this is no abstract question—these actions increasingly endanger everyone’s security. —Deep Links

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Lawless government hacking appeared first on 'net work.

Chinese approval clears the way for Dell’s huge EMC buy

Dell’s massive acquisition of EMC reportedly has passed legal muster in China, clearing what is expected to be its last hurdle.The acquisition, announced last October with an estimated value of US$67 billion, has been approved by Chinese regulators, according to the New York Post. That’s expected to be the last step toward closing the deal, though the companies may not announce its completion formally until next week. The combined company will be called Dell Technologies, while its PC business will keep the pure Dell name.To read this article in full or to leave a comment, please click here

Hyundai in talks with Google on developing self-driving cars

Hyundai President Jeong Jin Haeng said this week his company is talking to Alphabet's Google unit about helping it develop a self-driving car.The world's fifth largest automaker hopes to enter into a symbiotic relationship, where it will bring its manufacturing prowess to Google and the Silicon Valley giant will help the automaker's autonomous technology development."Hyundai is lagging behind the competition to develop autonomous vehicles," Ko Tae Bong, senior auto analyst at Hi Investment & Securities Co, told Bloomberg News. "It's not a choice but a critical prerequisite for Hyundai to cooperate with IT companies, such as Google, to survive in the near future."To read this article in full or to leave a comment, please click here

Why Vietnam is an attractive IT offshoring destination

Vietnam’s technical talent, retention rates and modern tech infrastructure has attracted the likes of IBM, Microsoft and Intel to set up operations there. While it will never be able to offer the scale of IT services hubs in India and China, Vietnam is increasingly an attractive alternative for IT organizations that are frustrated with high turnover and rising costs in the usual offshore locations.[ Related: Is Vietnam a viable offshore outsourcing alternative? ]To read this article in full or to leave a comment, please click here

Why Vietnam is an attractive IT offshoring destination

Vietnam’s technical talent, retention rates and modern tech infrastructure has attracted the likes of IBM, Microsoft and Intel to set up operations there. While it will never be able to offer the scale of IT services hubs in India and China, Vietnam is increasingly an attractive alternative for IT organizations that are frustrated with high turnover and rising costs in the usual offshore locations.[ Related: Is Vietnam a viable offshore outsourcing alternative? ]To read this article in full or to leave a comment, please click here

FBI: Bank robbery? There’s an app for that

The FBI today said it released a new application easier for the public—as well as financial institutions, law enforcement agencies, and others—to view photos and information about bank robberies in different geographic areas of the country.+More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2016 (so far!)+The Bank Robbers application runs on iPhones and iPads (Apple iTunes) as well as Android smartphones (Google Play) and lets users sort bank robberies by the date they occurred, the category they fall under (i.e., armed serial bank robber), the FBI field office working the case, or the state where the robbery occurred.To read this article in full or to leave a comment, please click here

FBI: Bank robbery? There’s an app for that

The FBI today said it released a new application easier for the public—as well as financial institutions, law enforcement agencies, and others—to view photos and information about bank robberies in different geographic areas of the country.+More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2016 (so far!)+The Bank Robbers application runs on iPhones and iPads (Apple iTunes) as well as Android smartphones (Google Play) and lets users sort bank robberies by the date they occurred, the category they fall under (i.e., armed serial bank robber), the FBI field office working the case, or the state where the robbery occurred.To read this article in full or to leave a comment, please click here

Apple releases another iOS 10 beta

Did you install the recently-released iOS 10 beta (version 6 for developers, Public Beta 5 for anyone in the Apple Public Beta Program? Well, it’s time again to update it. Apple on Friday released iOS 10 beta 7 for developers, and iOS 10 Public Beta 6 for beta testers in the general public.The update is available by running Software Update in the Settings app. Since it’s only a 60MB download, this update is probably filled with bug fixes and optimizations. If you are running dev beta 6/Public Beta 5, you should install it.To read this article in full or to leave a comment, please click here

1 2,730 2,731 2,732 2,733 2,734 3,841