0

IDG Contributor Network: Chime: A lifeguard for vulnerable IoT devices

Smart appliances are supposed to be the next big thing. Analysts predict that it’s a multi-billion dollar market. Why aren’t we there yet? Security. It’s a challenge for both manufacturers and users.Once connected to the internet, IoT devices can do amazing things, but they also become vulnerable to hackers. There are two main reasons for this: Limited resources: Low-cost IoT toolkits simplify the task of developing new smart devices. The downside of these devices is that they’re often too underpowered to run security software or communicate securely. Lack of standards: Connected devices vary greatly in their security safeguards by manufacturer. If one device is hacked, it potentially compromises other devices on the same network. Cloud-enabled security Chime from Innovation Labs by AVG (the antivirus and online security company) protects smart appliances by ensuring network traffic is authorized only to approved websites and mobile apps. Chime is installed on Wi-Fi routers and uses an online directory to stay current with new malware and hacking threats. It applies security techniques originally developed for enterprise security to also protect connected devices:To read this article in full or to leave a comment, please click here

0

Amazon’s Elastic File System is now open for business

Following an extended preview period, Amazon's Elastic File System is now generally available in three geographical regions, with more on the way.Originally announced last year, EFS is a fully managed elastic file storage service for deploying and scaling durable file systems in the Amazon Web Services cloud. It's currently available in the U.S. East (northern Virginia), U.S. West (Oregon) and EU (Ireland) regions, the company announced Wednesday.Customers can use EFS to create file systems that are accessible to multiple Amazon Elastic Compute Cloud (Amazon EC2) instances via the Network File System (NFS) protocol. They can also scale those systems up or down without needing to provision storage or throughput.To read this article in full or to leave a comment, please click here

0

Juniper addresses both sides of the branch networking problem

The numerous struggles businesses must go through to address the network needs of a branch have been well documented on this site and many others. The importance of the branch can’t be understated either. The branch is where the majority of workers reside today—81 percent of employees, according to a recent ZK Research survey. For many businesses, such as retailers and banks, the branch is the business, so curing branch woes needs to be a top priority for business and IT leaders.+ Also on Network World: Annual State of the Network survey results +To read this article in full or to leave a comment, please click here

0

Juniper addresses both sides of the branch networking problem

The numerous struggles businesses must go through to address the network needs of a branch have been well documented on this site and many others. The importance of the branch can’t be understated either. The branch is where the majority of workers reside today—81 percent of employees, according to a recent ZK Research survey. For many businesses, such as retailers and banks, the branch is the business, so curing branch woes needs to be a top priority for business and IT leaders.+ Also on Network World: Annual State of the Network survey results +To read this article in full or to leave a comment, please click here

0

Scaling Hotjar’s Architecture: 9 Lessons Learned

Hotjar offers free website analytics so they have a challenging mission: handle hundreds of millions of requests per day from mostly free users. Marc von Brockdorff, Co-Founder & Director of Engineering at Hotjar, summarized the lessons they've learned in: 9 Lessons Learned Scaling Hotjar's Tech Architecture To Handle 21,875,000 Requests Per Hour.

In response to the criticism their architecture looks like a hot mess, Erik Näslund, Chief Architect at Hotjar, gives the highlights of their architecture:

• We use nginx + lua for the really hot code paths where python doesn't quite cut it. No language is perfect and you might have to break out of your comfort zone and use something different every now and then.
• Redis, Memcached, Postgres, Elasticsearch and S3 are all suitable for different kinds of data storage and we eventually needed them all to be able to query and store data in a cost effective way. We didn't start out using 5 different data-stores though...it's something that we "grew into".
• Each application server is a (majestic) monolith. Micro-services are one way of architecting things, monoliths are another - I'm still waiting to be convinced that one way is superior to the other when it comes Continue reading

0

ACLU lawsuit challenges US computer hacking law

The American Civil Liberties Union has filed a lawsuit challenging a 30-year-old hacking-crimes law, with the civil liberties group saying the law inhibits research about online discrimination.The ACLU on Wednesday filed a lawsuit challenging the Computer Fraud and Abuse Act on behalf of a group of academic researchers, computer scientists, and journalists. The CFAA limits online research because of its "overbroad criminal prohibitions," the ACLU said.The group of plaintiffs in the lawsuit want to investigate online discrimination in areas like housing and employment, "but they often can't," the ACLU said in a blog post. Courts have interpreted a provision of the CFAA prohibiting people from exceeding authorized access to a computer to include violations of website terms of service, the ACLU said.To read this article in full or to leave a comment, please click here

0

ACLU lawsuit challenges US computer hacking law

The American Civil Liberties Union has filed a lawsuit challenging a 30-year-old hacking-crimes law, with the civil liberties group saying the law inhibits research about online discrimination.The ACLU on Wednesday filed a lawsuit challenging the Computer Fraud and Abuse Act on behalf of a group of academic researchers, computer scientists, and journalists. The CFAA limits online research because of its "overbroad criminal prohibitions," the ACLU said.The group of plaintiffs in the lawsuit want to investigate online discrimination in areas like housing and employment, "but they often can't," the ACLU said in a blog post. Courts have interpreted a provision of the CFAA prohibiting people from exceeding authorized access to a computer to include violations of website terms of service, the ACLU said.To read this article in full or to leave a comment, please click here

0

Worth Reading: The great DevOps train wreck

Well, I see one coming, and I’m raising the alarm. Based on the conversations I’m hearing, it’s becoming dangerously fashionable to say: “All the interesting technology problems in DevOps are solved. We have Docker. We have Kubernetes. We have OpenStack. They’re stable, and they’re widely deployed. All that’s left to do is process transformation, teaching dullard enterprise IT teams how to consume the new-new IT.” -The New Stack

The post Worth Reading: The great DevOps train wreck appeared first on 'net work.

0

Container Networking Breaking Out

Docker containers are clearly transforming nearly every aspect of IT these days – and networking is no exception.

0

Delivering a Seamless Guest Experience

Author: Diana Shtil, Product Marketing Manager The Hospitality Industry Technology Exposition and Conference (HITEC) 2016 took place in New Orleans last week, bringing together over 300 companies who all specialize in products, services, and solutions for the hospitality industry. From...

0

DockerCon 2016: Part 1 of Top 10 Videos

DockerCon 2016 was packed lots with great conference sessions! Attendees enjoyed the variety of topics in the agenda including advanced technical deep dives in the Black Belt track and practical applications of Docker in the Use Case track.

Through the mobile app (powered by Docker of course!), DockerCon 2016 attendees voted on their favorite sessions at the conference. Here are 5 of the top 10 highest rated sessions at DockerCon 2016: Continue reading

0

Mapping firm invites auto industry to improve spec for sharing vehicle sensor data

A key specification for exchanging sensor data between vehicles has found a new sponsor, in a move that may help future drivers avoid dangers before they see them.New vehicles are increasingly laden with sensors -- accelerometers, thermometers, radar and lidar (light detection and range) -- and the best of them can use the streams of incoming data to warn of or even avoid hazards such as ice or obstacles.But what if they could share information about changes to a road since the map was last updated or even warn one another of a stopped vehicle hidden by a blind curve? Vehicles might then be able to choose more efficient routes or avoid the need for sudden braking.To read this article in full or to leave a comment, please click here

0

Wormable flaws in Symantec products expose millions of computers to hacking

A Google security researcher has found high severity vulnerabilities in enterprise and consumer products from antivirus vendor Symantec that could be easily be exploited by hackers to take control of computers.Symantec released patches for the affected products, but while some products were updated automatically, some affected enterprise products could require manual intervention.The flaws were found by Tavis Ormandy, a researcher with Google's Project Zero team who has found similar vulnerabilities in antivirus products from other vendors. They highlight the poor state of software security in the antivirus world, something that has been noted by researchers.To read this article in full or to leave a comment, please click here

0

Wormable flaws in Symantec products expose millions of computers to hacking

A Google security researcher has found high severity vulnerabilities in enterprise and consumer products from antivirus vendor Symantec that could be easily be exploited by hackers to take control of computers.Symantec released patches for the affected products, but while some products were updated automatically, some affected enterprise products could require manual intervention.The flaws were found by Tavis Ormandy, a researcher with Google's Project Zero team who has found similar vulnerabilities in antivirus products from other vendors. They highlight the poor state of software security in the antivirus world, something that has been noted by researchers.To read this article in full or to leave a comment, please click here

0

Emerging “Universal” FPGA, GPU Platform for Deep Learning

In the last couple of years, we have written and heard about the usefulness of GPUs for deep learning training as well as, to a lesser extent, custom ASICs and FPGAs. All of these options have shown performance or efficiency advantages over commodity CPU-only approaches, but programming for all of these is often a challenge.

Programmability hurdles aside, deep learning training on accelerators is standard, but is often limited to a single choice—GPUs or, to a far lesser extent, FPGAs. Now, a research team from the University of California Santa Barbara has proposed a new middleware platform that can combine …

Emerging “Universal” FPGA, GPU Platform for Deep Learning was written by Nicole Hemsoth at The Next Platform.

0

Oracle pledges ‘x86 economics’ with new Sparc servers

Larry Ellison doesn't do "cheap." The Oracle chairman isn't interested in selling the low-cost one- and two-socket servers that make up a huge slice of the server market but yield little profit for the companies that make them. Even if he did, that business is pretty much sewn up by Hewlett Packard Enterprise, Dell, and the "white box" makers from China and Taiwan.But Ellison's also a realist, and he knows customers are gradually turning away from his pricey Unix systems in favor of x86 boxes to build scale-out private and hybrid clouds. So to keep customers interested in Sparc, Ellison needs to come downmarket and provide more affordable options.To read this article in full or to leave a comment, please click here

0

What is Google Up To?

The astonishing rise and rise of the fortunes of Google has been one of the major features of both social and business life of the early 21st century. In the same way that Microsoft transformed the computer into a mainstream consumer product, Google has had a similar transformative effect upon its environment.

0

The complete guide to Go net/http timeouts

When writing an HTTP server or client in Go, timeouts are amongst the easiest and most subtle things to get wrong: there’s many to choose from, and a mistake can have no consequences for a long time, until the network glitches and the process hangs.

HTTP is a complex multi-stage protocol, so there's no one-size fits all solution to timeouts. Think about a streaming endpoint versus a JSON API versus a Comet endpoint. Indeed, the defaults are often not what you want.

In this post I’ll take apart the various stages you might need to apply a timeout to, and look at the different ways to do it, on both the Server and the Client side.

SetDeadline

First, you need to know about the network primitive that Go exposes to implement timeouts: Deadlines.

Exposed by net.Conn with the Set[Read|Write]Deadline(time.Time) methods, Deadlines are an absolute time which when reached makes all I/O operations fail with a timeout error.

Deadlines are not timeouts. Once set they stay in force forever (or until the next call to SetDeadline), no matter if and how the connection is used in the meantime. So to build a timeout with SetDeadline you'll have to Continue reading

0

Terrorism database of 2.2 million people leaked

Security researcher Chris Vickery has a knack for finding unprotected databases, but this time it’s an especially explosive discovery, as he came across a “terrorism blacklist” that contains the names of 2.2 million “heightened-risk individuals and organizations.”Vickery asked Reddit if he should share a copy of the Thomson Reuters World-Check database from mid-2014. He wrote, “This copy has over 2.2 million heightened-risk individuals and organizations in it. The terrorism category is only a small part of the database. Other categories consist of individuals suspected of being related to money laundering, organized crime, bribery, corruption, and other unsavory activities.”To read this article in full or to leave a comment, please click here

0

Terrorism database of 2.2 million people leaked

Security researcher Chris Vickery has a knack for finding unprotected databases, but this time it’s an especially explosive discovery, as he came across a “terrorism blacklist” that contains the names of 2.2 million “heightened-risk individuals and organizations.”Vickery asked Reddit if he should share a copy of the Thomson Reuters World-Check database from mid-2014. He wrote, “This copy has over 2.2 million heightened-risk individuals and organizations in it. The terrorism category is only a small part of the database. Other categories consist of individuals suspected of being related to money laundering, organized crime, bribery, corruption, and other unsavory activities.”To read this article in full or to leave a comment, please click here