It takes two to ChaCha (Poly)

Not long ago we introduced support for TLS cipher suites based on the ChaCha20-Poly1305 AEAD, for all our customers. Back then those cipher suites were only supported by the Chrome browser and Google's websites, but were in the process of standardization. We introduced these cipher suites to give end users on mobile devices the best possible performance and security.

CC BY-ND 2.0 image by Edwin Lee

Today the standardization process is all but complete and implementations of the most recent specification of the cipher suites have begun to surface. Firefox and OpenSSL have both implemented the new cipher suites for upcoming versions, and Chrome updated its implementation as well.

We, as pioneers of ChaCha20-Poly1305 adoption on the web, also updated our open sourced patch for OpenSSL. It implements both the older "draft" version, to keep supporting millions of users of the existing versions of Chrome, and the newer "RFC" version that supports the upcoming browsers from day one.

In this blog entry I review the history of ChaCha20-Poly1305, its standardization process, as well as its importance for the future of the web. I will also take a peek at its performance, compared to the other standard AEAD.

What Continue reading

So, you want to be a security pro? Read this first

Of all the high-demand areas in IT, security stands out at the top. According to DICE, the number of security jobs skyrocketed by more than 40% from 2014 to 2015, to 50,000 openings, compared with 16.8% growth the year before. “Security jobs are growing at a far more rapid pace than other areas of technology, which are also growing rapidly,” says Bob Melk, president at DICE. Meanwhile, in a 2015 survey by ISC2, 62% of respondents said they lacked adequate security staff, and 45% cannot find qualified candidates. In five years, the organization says, the shortfall in the global information security workforce will reach 1.5 million.To read this article in full or to leave a comment, please click here(Insider Story)

New products of the week 4.4.16

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.kiteworks (Microsoft Office 365 Enhancements)Key features: Accellion’s content platform, kiteworks, now extends Microsoft Office Online to content stored on-premise and in the cloud without having to duplicate files. These capabilities are largely enabled by Accellion’s ongoing collaboration with Microsoft and reflect a common interest in making enterprise employees productive and more secure. Features include full text search for documents (folder, name and contents), real-time collaboration editing / co-authoring for Office Online documents stored across the cloud and on-premise systems, and office online integration with access to files stored on SharePoint, Documentum, OpenText, Microsoft OneDrive, Box, Dropbox and other content systems. More info.To read this article in full or to leave a comment, please click here

New products of the week 4.4.16

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.kiteworks (Microsoft Office 365 Enhancements)Key features: Accellion’s content platform, kiteworks, now extends Microsoft Office Online to content stored on-premise and in the cloud without having to duplicate files. These capabilities are largely enabled by Accellion’s ongoing collaboration with Microsoft and reflect a common interest in making enterprise employees productive and more secure. Features include full text search for documents (folder, name and contents), real-time collaboration editing / co-authoring for Office Online documents stored across the cloud and on-premise systems, and office online integration with access to files stored on SharePoint, Documentum, OpenText, Microsoft OneDrive, Box, Dropbox and other content systems. More info.To read this article in full or to leave a comment, please click here

Most notable 2016 college commencement speakers from tech and science

Techiest speakersMaybe Bradley University in Illinois has the right idea in announcing it will not have any outside commencement speakers, in an effort to move things along. But at least those schools that have chosen technology-related speakers might teach new grads a thing or two before they head off into the wider world. Here’s a look at some of the techiest commencement speakers:To read this article in full or to leave a comment, please click here

FBI will help US agencies with tools to unlock encrypted devices

The FBI has promised to help local law enforcement authorities crack encrypted devices, in a letter that refers to the federal agency’s success in accessing the data on an iPhone 5c running iOS 9 that was used by one of the San Bernardino terrorists.The agency did not, however, explicitly promise investigators that it would deploy the same tool, said to have been developed by an outside organization, on other iPhones.The FBI had earlier demanded in court that Apple should assist it in its attempts to crack by brute force the passcode of the iPhone used by the terrorist, without triggering an auto-erase feature that could be activated after 10 unsuccessful tries.To read this article in full or to leave a comment, please click here

No, Internet should be capitalized

The AP Stylebook and others are now declaring that "Internet" should no longer be capitalized, that you should just say "internet" instead. This is wrong, because the Internet is just an internet.

Internet is short for internetwork. This was a term developed in the 1970s to describe interconnecting networks together.

There were many internetworks back then. Each major computer manufacturer had its own, incompatible internetworking "protocol". IBM with it's SNA, DEC with it's DECnet, Xerox with XNS, and later Apple with its AppleTalk.

Since it would be nice to interconnect all computers, and not be locked into a single manufacturer, many efforts were taken to standardize internetworking protocols, so that all computers could be placed on the same network. Most people put their support behind GOSIP, the "Government Open Systems Interconnect Profile", a standard created by the biggest corporations and the biggest governments.

However, in 1982, the DoD paid a consulting company to added Xerox's XNS and a research project called "TCP/IP" into an early form of Unix. This form of Unix, called "BSD", was popular among universities. The DoD's goal was to make it easier for researchers who it funded to talk to each other. After this point, universities Continue reading

Technology Short Take #64

Welcome to Technology Short Take #64. Normally, I try to publish Short Takes on Friday, but this past Friday was April Fools’ Day. Given the propensity for “real” information to get lost among all the pranks, I decided to push this article back to today. Unlike most of what is published around April Fools’ Day, hopefully everything here is helpful, informative, and useful!

Networking

Internet Exchange (IX) Metrics

IX Metrics has been released on GitHub, https://github.com/sflow-rt/ix-metrics. The application provides real-time monitoring of traffic between members in an Internet Exchange (IX).

Close monitoring of exchange traffic is critical to operations:
  1. Ensure that there is sufficient capacity to accommodate new and existing members.
  2. Ensure that all traffic sources are accounted for and that there are no unauthorized connections.
  3. Ensure that only allowed traffic types are present.
  4. Ensure that non-unicast traffic is strictly controlled.
  5. Ensure that packet size policies are controlled to avoid loss due to MTU mismatches.
IX Metrics imports information about exchange members using the IX Member List JSON Schema. The member information is used to create traffic analytics and traffic is checked against the schema to identify errors, for example, if a member is using a MAC address that isn't listed.

The measurements from the exchange infrastructure are useful to members since it allows them to easily see how much traffic they are exchanging with other members through their peering relationships. This information is easy to collect using the exchange infrastructure, but much harder for members to determine independently.

The sFlow standard has long been a popular method of monitoring exchanges for a number of reasons:
  1. sFlow Continue reading

Some notes on Ubuntu Bash on Windows 10

So the latest news is that you can run Ubuntu and bash on Windows 10. In other words, from the bash command-line, you execute apt-get to get/run any Ubuntu binary -- the same binary that runs on Linux. How do it work?

I don't know yet, but browsing around on the Internet suggests that it's a kernel driver in Windows that emulates Linux system calls.

Remember, the operating system is two parts: the kernel and user-space. The interaction between them is ~300 system-calls. Most of these are pretty straight-forward, such as opening a file, reading from the file, and closing the file.

To make a system call, you put the integer number in eax/rax register, fill in the other registers as needed, then calling the SYSENTER instruction.

Each process maintains a table of what the system calls do. In fact, a hacker/debugging/reversing technique is to edit that table in order to hook system calls, do some hackery things, then call the original system call.

That means Microsoft can write a driver, that runs in the kernel, that replaces the system calls for a process, from Windows ones to Linux ones. This driver then needs to emulate the Linux functionality. Continue reading

tl;dr of LambdaConf drama

Short: SJWs dont like person's politics, try to shutdown small programming con due to person being speaker. (from @jcase).

LongerLambdaConf (a tiny conference for LISP-like programming languages) accepted a speaker with objectionable political views, who under a pseudonym spouted Nazi-like propaganda. "Social justice" activists complained. The conference refused to un-invite the speaker, since his talk content was purely technical, not political. Also, because free-speech. Activists then leaned on sponsors, many of whom withdrew their support of the conference. Free-speech activists took up a collection, and replaced the lost money, so that the conference could continue.

Much longer:

LambaConf is just a tiny conference put on by a small number of people. It exists because, in the last few years, there has been a resurgent interest in "functional languages".

The speaker in question is Curtis Yarvin. He has weird views, like wanting to establish a monarchy. Last year, he was censored from a similar conference "Strangeloop" for a similar reason: a technical, non-political talk censored because people couldn't tolerate his politics. The current talk seems to be similar to last one, about his "Urbit" project.

LambdaConf, in the spirit of diversity, stripped the authors names when Continue reading

CCIE – Cisco Learning Network Sale on CCIE Training for the CCIE RS Lab

Are you preparing for the CCIE RS lab? Cisco 360 is the official training program for the CCIE. There are other training vendors out there which are also high quality, like INE and Narbik, Cisco 360 has an advantage in that they can leverage the real platform of the lab though. If you want to assess how ready you are you can take an assessment lab at Cisco 360. You will also have the opportunity to get more comfortable with the lab platform that is used in the lab. You will also have the opportunity to practice the TS and DIAG section to make sure you are comfortable with those sections of the lab when the big day comes.

CLN will have a sale during April and May which means that you can save between 10-20% on these products to help you prepare for the CCIE RS lab. For the CCIE there are currently three products on sale.

The first product is a bundle and it’s a starter and advanced mini bundle for 1599$ and contains the following.

  • Core and Advanced Workbooks with 25 Expert-level labs for hands-on practice. Labs 01–20 have troubleshooting and configuration sections each, labs 21–25 include Continue reading

GCP, and Regaining Trust

Google is telling us they’re serious about the cloud. They’re hiring the right people, spending the big bucks, and even (gasp!) talking to customers! (Oh how that must stick in their craw). They have great technology, they’ve proved it out at scale, and the price is right.

There’s just one nagging doubt in the back of our minds. Is Google serious about this? Are they going to turn around one day and say “GCP is too hard to maintain, we’re dropping it. Besides, self-driving Segways are the future.”

Fool me once…

Because they have form in this. I present Exhibit A, Google Reader. Yes, that old saw. Yes, yes I am still bitter. No, I won’t let it go.

I used Google Reader daily. I loved it. It came from a pre-Twitter, pre-Facebook time. A time when we used to have to visit a list of sites to keep up with things. We’d have to remember to check our friend’s travel blog every few weeks, just in case there was a new post. Sure, we used Slashdot as an aggregator, but everyone knows that’s been dead/dying since Rob Malda sold out to the man. (Has Netcraft has Continue reading

1 2,840 2,841 2,842 2,843 2,844 3,612