FBI will help US agencies with tools to unlock encrypted devices

The FBI has promised to help local law enforcement authorities crack encrypted devices, in a letter that refers to the federal agency’s success in accessing the data on an iPhone 5c running iOS 9 that was used by one of the San Bernardino terrorists.The agency did not, however, explicitly promise investigators that it would deploy the same tool, said to have been developed by an outside organization, on other iPhones.The FBI had earlier demanded in court that Apple should assist it in its attempts to crack by brute force the passcode of the iPhone used by the terrorist, without triggering an auto-erase feature that could be activated after 10 unsuccessful tries.To read this article in full or to leave a comment, please click here

No, Internet should be capitalized

The AP Stylebook and others are now declaring that "Internet" should no longer be capitalized, that you should just say "internet" instead. This is wrong, because the Internet is just an internet.

Internet is short for internetwork. This was a term developed in the 1970s to describe interconnecting networks together.

There were many internetworks back then. Each major computer manufacturer had its own, incompatible internetworking "protocol". IBM with it's SNA, DEC with it's DECnet, Xerox with XNS, and later Apple with its AppleTalk.

Since it would be nice to interconnect all computers, and not be locked into a single manufacturer, many efforts were taken to standardize internetworking protocols, so that all computers could be placed on the same network. Most people put their support behind GOSIP, the "Government Open Systems Interconnect Profile", a standard created by the biggest corporations and the biggest governments.

However, in 1982, the DoD paid a consulting company to added Xerox's XNS and a research project called "TCP/IP" into an early form of Unix. This form of Unix, called "BSD", was popular among universities. The DoD's goal was to make it easier for researchers who it funded to talk to each other. After this point, universities Continue reading

Technology Short Take #64

Welcome to Technology Short Take #64. Normally, I try to publish Short Takes on Friday, but this past Friday was April Fools’ Day. Given the propensity for “real” information to get lost among all the pranks, I decided to push this article back to today. Unlike most of what is published around April Fools’ Day, hopefully everything here is helpful, informative, and useful!

Networking

Internet Exchange (IX) Metrics

IX Metrics has been released on GitHub, https://github.com/sflow-rt/ix-metrics. The application provides real-time monitoring of traffic between members in an Internet Exchange (IX).

Close monitoring of exchange traffic is critical to operations:
  1. Ensure that there is sufficient capacity to accommodate new and existing members.
  2. Ensure that all traffic sources are accounted for and that there are no unauthorized connections.
  3. Ensure that only allowed traffic types are present.
  4. Ensure that non-unicast traffic is strictly controlled.
  5. Ensure that packet size policies are controlled to avoid loss due to MTU mismatches.
IX Metrics imports information about exchange members using the IX Member List JSON Schema. The member information is used to create traffic analytics and traffic is checked against the schema to identify errors, for example, if a member is using a MAC address that isn't listed.

The measurements from the exchange infrastructure are useful to members since it allows them to easily see how much traffic they are exchanging with other members through their peering relationships. This information is easy to collect using the exchange infrastructure, but much harder for members to determine independently.

The sFlow standard has long been a popular method of monitoring exchanges for a number of reasons:
  1. sFlow Continue reading

Some notes on Ubuntu Bash on Windows 10

So the latest news is that you can run Ubuntu and bash on Windows 10. In other words, from the bash command-line, you execute apt-get to get/run any Ubuntu binary -- the same binary that runs on Linux. How do it work?

I don't know yet, but browsing around on the Internet suggests that it's a kernel driver in Windows that emulates Linux system calls.

Remember, the operating system is two parts: the kernel and user-space. The interaction between them is ~300 system-calls. Most of these are pretty straight-forward, such as opening a file, reading from the file, and closing the file.

To make a system call, you put the integer number in eax/rax register, fill in the other registers as needed, then calling the SYSENTER instruction.

Each process maintains a table of what the system calls do. In fact, a hacker/debugging/reversing technique is to edit that table in order to hook system calls, do some hackery things, then call the original system call.

That means Microsoft can write a driver, that runs in the kernel, that replaces the system calls for a process, from Windows ones to Linux ones. This driver then needs to emulate the Linux functionality. Continue reading

tl;dr of LambdaConf drama

Short: SJWs dont like person's politics, try to shutdown small programming con due to person being speaker. (from @jcase).

LongerLambdaConf (a tiny conference for LISP-like programming languages) accepted a speaker with objectionable political views, who under a pseudonym spouted Nazi-like propaganda. "Social justice" activists complained. The conference refused to un-invite the speaker, since his talk content was purely technical, not political. Also, because free-speech. Activists then leaned on sponsors, many of whom withdrew their support of the conference. Free-speech activists took up a collection, and replaced the lost money, so that the conference could continue.

Much longer:

LambaConf is just a tiny conference put on by a small number of people. It exists because, in the last few years, there has been a resurgent interest in "functional languages".

The speaker in question is Curtis Yarvin. He has weird views, like wanting to establish a monarchy. Last year, he was censored from a similar conference "Strangeloop" for a similar reason: a technical, non-political talk censored because people couldn't tolerate his politics. The current talk seems to be similar to last one, about his "Urbit" project.

LambdaConf, in the spirit of diversity, stripped the authors names when Continue reading

CCIE – Cisco Learning Network Sale on CCIE Training for the CCIE RS Lab

Are you preparing for the CCIE RS lab? Cisco 360 is the official training program for the CCIE. There are other training vendors out there which are also high quality, like INE and Narbik, Cisco 360 has an advantage in that they can leverage the real platform of the lab though. If you want to assess how ready you are you can take an assessment lab at Cisco 360. You will also have the opportunity to get more comfortable with the lab platform that is used in the lab. You will also have the opportunity to practice the TS and DIAG section to make sure you are comfortable with those sections of the lab when the big day comes.

CLN will have a sale during April and May which means that you can save between 10-20% on these products to help you prepare for the CCIE RS lab. For the CCIE there are currently three products on sale.

The first product is a bundle and it’s a starter and advanced mini bundle for 1599$ and contains the following.

  • Core and Advanced Workbooks with 25 Expert-level labs for hands-on practice. Labs 01–20 have troubleshooting and configuration sections each, labs 21–25 include Continue reading

GCP, and Regaining Trust

Google is telling us they’re serious about the cloud. They’re hiring the right people, spending the big bucks, and even (gasp!) talking to customers! (Oh how that must stick in their craw). They have great technology, they’ve proved it out at scale, and the price is right.

There’s just one nagging doubt in the back of our minds. Is Google serious about this? Are they going to turn around one day and say “GCP is too hard to maintain, we’re dropping it. Besides, self-driving Segways are the future.”

Fool me once…

Because they have form in this. I present Exhibit A, Google Reader. Yes, that old saw. Yes, yes I am still bitter. No, I won’t let it go.

I used Google Reader daily. I loved it. It came from a pre-Twitter, pre-Facebook time. A time when we used to have to visit a list of sites to keep up with things. We’d have to remember to check our friend’s travel blog every few weeks, just in case there was a new post. Sure, we used Slashdot as an aggregator, but everyone knows that’s been dead/dying since Rob Malda sold out to the man. (Has Netcraft has Continue reading

4 major IoT challenges that stand in the way of success

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Heralded for driving positive transformations in consumer products, retailing, healthcare, manufacturing and more, the Internet of Things (IoT) promises a “smart” everything, from refrigerators, to cars, to buildings, to oil fields. But there’s a dark side to IoT, and if we don’t overcome the challenges it presents, we will be heading for trouble.

The easiest way to see these challenges in action is to explore a possible IoT deployment. Let’s assume the following. A very large industrial food storage warehouse and distribution center is using Internet-connected devices to ensure the proper temperature of various zones, such as a massive refrigeration area for items requiring constant, non-freezing cooling and a massive freezer area for items requiring constant freezing.

To read this article in full or to leave a comment, please click here

Show 282: Why We’re Stuck With Middleboxes And How To Improve Them

Middleboxes--that is, non-routing and non-switching network devices such as firewalls and caches--can be expensive, hard to manage, and prone to failure. But they're also widely deployed, and show no signs of going away. Today's Weekly Show episode goes deep on middleboxes to explore why these devices have proliferated, and find ways to make them more reliable and easier to manage.

The post Show 282: Why We’re Stuck With Middleboxes And How To Improve Them appeared first on Packet Pushers.

Show 282: Why We’re Stuck With Middleboxes And How To Improve Them

Middleboxes--that is, non-routing and non-switching network devices such as firewalls and caches--can be expensive, hard to manage, and prone to failure. But they're also widely deployed, and show no signs of going away. Today's Weekly Show episode goes deep on middleboxes to explore why these devices have proliferated, and find ways to make them more reliable and easier to manage.

The post Show 282: Why We’re Stuck With Middleboxes And How To Improve Them appeared first on Packet Pushers.

How to improve the RFP process

Although vendor-written, this contributed piece does not promote a product or service and has been edited and approved by Network World editors.Requests for Proposal (RFPs) are rarely easy or even straightforward. No one wants to forget anything, so RFPs typically become long, unwieldy lists of questions -- the proverbial kitchen sink.And that translates into even more work when the answers come back -- hours and hours of scrutinizing answers to narrow down the field to the short list.  Sadly enough, all too often the RFP process raises even more questions and adds to general confusion. It’s not uncommon for a business to re-issue an RFP for a second round due to inadequate submissions.To read this article in full or to leave a comment, please click here

Worth Reading: Don’t ask what you can measure

One of the most striking things about the “big data” world of today is the focus on mining data over answering questions. So many projects start with asking what data is easily obtainable and which tools are most easily amenable to working with that dataset, rather than asking what question the analysis is trying to answer. The result is a landscape littered with data-intensive projects that prioritize technical prowess of execution over the robustness of the findings derived from the analysis. What does this mean for the future evolution of the field? -via Forbes

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: Don’t ask what you can measure appeared first on 'net work.

The vagaries of FTP: What to look for in a secure large file transfer alternative

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

FTP turns 45 this year. And, while this original protocol for transferring files over the Internet is still widely used, many companies are looking for a more modern alternative. Initially, concerns about FTP centered on security. But, as IP technology became ubiquitous for global data exchange, FTP’s more fundamental performance limitations also became apparent.

Because FTP was originally designed without security features like data integrity and confidentiality, the first security concerns arose around privacy of control channel data like user IDs and passwords, and then spread to the actual data being transferred. “Secure” FTP (FTPS) was developed in response. FTPS is FTP with Transport Layer Security (TLS), which protects file content and user names and passwords while in transit over the Internet from eavesdropping and modification.

To read this article in full or to leave a comment, please click here

1 2,991 2,992 2,993 2,994 2,995 3,763