0

Worth Reading: The Marriage of the Ecosystem

New technology is like dating. You get excited and giddy about where things are going and all the potential you see. You enjoy spending time together just talking or existing. As you start to get more serious you start to see issues crop up the need to be solved. Eventually you take the plunge and make things super serious. What you don’t want to have happen at this point is the trap that some people fall into. via networking nerd

The post Worth Reading: The Marriage of the Ecosystem appeared first on 'net work.

0

FBI director renews push for back doors, urging vendors to change business models

The FBI still wants backdoors into encrypted communications, it just doesn’t want to call them backdoors and it doesn’t want to dictate what they should look like.FBI Director James Comey told the Senate Judiciary Committee that he’d been in talks with unspecified tech leaders about his need to crack encrypted communications in order to track down terrorists and that these leaders understood the need.In order to comply, tech companies need to change their business model – by selling only communications gear that enables law enforcement to access communications in unencrypted form, he says, rather than products that only the parties participating in the communication can decrypt.To read this article in full or to leave a comment, please click here

0

When APIs and DevOps Meet Cybersecurity

Cybersecurity professionals often complain about the number of disparate tools they’ve deployed on their networks.  Ask any enterprise CISOs and he or she will come up with a list of around 60 to 80 various security tools from a myriad of distinct vendors.This has become a nagging problem as an enterprise cybersecurity architecture based upon point tools can’t scale and requires way too much operational overhead to maintain.  Thus, CISOs are moving in another direction – a tightly-coupled cybersecurity technology architecture based upon software integration.I’ve been following this transition for years and always thought it would look something like the departmental application to ERP migration of the 1990s.  Oracle, SAP, and lots of professional services built an interoperable software infrastructure connecting applications across the enterprise and soon dominated the market.  This is happening in cybersecurity to some extent as ecosystems form around the biggest vendors like Blue Coat, Cisco, IBM, Intel Security, Raytheon, Splunk, Symantec, and Trend Micro. To read this article in full or to leave a comment, please click here

0

Yokohama

The post Yokohama appeared first on 'net work.

0

SHA-1 cutoff could block millions of users from encrypted websites

Millions of Web users could be left unable to access websites over the HTTPS protocol if those websites only use digital certificates signed with the SHA-2 hashing algorithm.The warning comes from Facebook and CloudFlare as browser makers are considering an accelerated retirement of the older and increasingly vulnerable SHA-1 function.The two companies have put mechanisms in place to serve SHA-1 certificates from their websites to old browsers and operating systems that don't support SHA-2, but are still widely used in some regions of the world.These include Windows versions older than Windows XP with Service Pack 3, Android versions older than 2.3 (Gingerbread) and any applications that rely on OpenSSL 0.9.8 for encrypted communications.To read this article in full or to leave a comment, please click here

0

Network Automation, Programming, And Scale

How do you write custom network automation programs that will endure? Here are some ideas.

0

HTTP/2 For Web Developers

HTTP/2 changes the way web developers optimize their websites. In HTTP/1.1, it’s become common practice to eek out an extra 5% of page load speed by hacking away at your TCP connections and HTTP requests with techniques like spriting, inlining, domain sharding, and concatenation.

Life’s a little bit easier in HTTP/2. It gives the typical website a 30% performance gain without a complicated build and deploy process. In this article, we’ll discuss the new best practices for website optimization in HTTP/2.

Web Optimization in HTTP/1.1

Most of the website optimization techniques in HTTP/1.1 revolved around minimizing the number of HTTP requests to an origin server. A browser can only open a limited number of simultaneous TCP connections to an origin, and downloading assets over each of those connections is a serial process: the response for one asset has to be returned before the next one can be sent. This is called head-of-line blocking.

As a result, web developers began squeezing as many assets as they could into a single connection and finding other ways to trick browsers into avoiding head-of-line blocking. In HTTP/2, some of these practices can actually hurt page load times.

The New Web Optimization Continue reading

0

The Grumpy Old Network Architects and Facebook

Nuno wrote an interesting comment to my Stretched Firewalls across L3 DCI blog post:

You're an old school, disciplined networking leader that architects networks based on rock-solid, time-tested designs. But it seems that the prevailing fashion in network design and availability go against your traditional design principles: inter-site firewall clustering, inter-site vMotion, DCI, etc.

Not so fast, my young padawan.

Let’s define prevailing fashion first. You might define it as Kool-Aid id peddled by snake oil salesmen or cool network designs by people who know what they’re doing. If we stick with the first definition, you’re absolutely right.

Now let’s look at the second camp: how people who know what they’re doing build their network (Amazon VPC, Microsoft Azure or Bing, Google, Facebook, a number of other large-scale networks). You’ll find L3 down to ToR switch (or even virtual switch), and absolutely no inter-site vMotion or clustering – because they don’t want to bet their service, ads or likes on the whims of technology that was designed to emulate thick yellow cable.

Want to know how to design an application to work over a stable network? Watch my Designing Active-Active and Disaster Recovery Data Centers webinar.

This isn't the first Continue reading

0

Vonage Deploys SD-WAN to Optimize Broadband

VeloCloud finds a better use for extra VoIP lines.

0

Four Trouble Ticket Survival Tips

Sometimes the phrase ‘working the ticket queue’ is code for ‘doing meaningless work’. If you find yourself playing whack-a-mole with your ticket queue, then this is the post for you. You should strive to do meaningful work and this post discusses … Continue reading →

The post Four Trouble Ticket Survival Tips appeared first on The Network Sherpa.

0

Risky Business #393 — So who’s Satoshi this week?

On this week's show -- in addition to covering the latest claims about the true identity of Satoshi Nakamoto -- we're taking a look at a recent deal between a very large bank in Australia and Sydney's University of New South Wales.

read more

0

A Few Easy Steps: Cisco Switch, Setup IP Device Tracking

In this session of A Few Easy Steps, we will be setting up IP Device Tracking on a Cisco IOS Switch. In General this will work on any Cisco IOS switch.  Session Prerequisites: You have terminal or console access to your Cisco device. Session Assumptions: You have host devices connected to your switch Our goals of …

0

Companies scramble to fix lack of encryption on mobile apps

Several companies have moved quickly to add encryption to their mobile apps after it was discovered they failied to encrypt payment card information in transit, putting users at risk. The apps were not using SSL/TLS (Secure Sockets Layer/Transport Layer Security), an encryption protocol that scrambles data as it's sent across the Internet, according to Wandera, a cloud and mobile security vendor. "With so many breaches and costly data loss incidents in the news, it's hard to believe that any business would fail to take such a basic precaution as to encrypt sensitive traffic as it's transmitted to or from a website," said Michael J. Covington, senior product manager, in a video posted Wednesday.To read this article in full or to leave a comment, please click here

0

NASA’s not so keen to talk about quantum computer security

The D-Wave 2X quantum computer at NASA's Advanced Supercomputing facility in Silicon Valley is an impressive machine. Engineers from NASA and Google are using it to research a whole new area of computing -- one that's years from commercialization but could revolutionize the way computers solve complex problems.The machine is also being used by researchers at universities, and it's hooked up to the Internet, like other NASA supercomputers made available to academics.Engineers who showed the machine to the media on Tuesday were keen to talk about its capabilities, but less so about the security measures in place to stop hackers.To read this article in full or to leave a comment, please click here

0

NASA on quantum computer security

NASA's Rupak Biswas speaks at Ames Research Center on Dec. 8, 2015.

0

Arista mitigating Cisco patents in question

As litigation continues in the patent infringement case Cisco filed against Arista Networks, the defendant is developing “work arounds” for its customers should the courts rule in Cisco’s favor. Arista said during its Q3 earnings call on Nov. 5 that it has developed “design arounds” for each of the patents in question in the event of an adverse outcome.From Marc Taxay, Arista vice president and general counsel:To read this article in full or to leave a comment, please click here

0

Ex-US State Dept. worker pleads guilty to extensive “sextortion,” hacking and cyberstalking acts

The former US Department of State man accused of hacking into hundreds of victims’ e-mail and social media accounts, stealing thousands of sexually explicit photographs, and threatening at least 75 victims that he would post those photos and other personal information unless they agreed to his “sextortionate” demands has entered a guilty plea to the nefarious attacks.+More on Network World: 20 years ago: Hot sci/tech images from 1995+Michael C. Ford, 36, of Atlanta, was indicted by a grand jury in the U.S. District Court for the Northern District of Georgia on Aug. 18, 2015, with nine counts of cyberstalking, seven counts of computer hacking to extort and one count of wire fraud.To read this article in full or to leave a comment, please click here

0

OPNFV Gives a Thumbs-Up to NFV MANO

Free the MANO! The OPNFV board agrees to let projects expand to higher layers.

0

DockerCon EU 2015 Videos: Day 2 of Wild Card

Even more videos from DockerCon EU 2015 are now available! Below are the recorded videos and slides from the sessions on Day 2 in the Wild Card track at DockerCon EU 2015. Stay tuned for more videos from the Use Case, Ecosystem … Continued

0

Some notes on fast grep

This thread on the FreeBSD mailing discusses why GNU grep (that you get on Linux) is faster than the grep on FreeBSD. I thought I'd write up some notes on this.

I come from the world of "network intrusion detection", where we search network traffic for patterns indicating hacker activity. In many cases, this means solving the same problem of grep with complex regexes, but doing so very fast, at 10gbps on desktop-class hardware (quad-core Core i7). We in the intrusion-detection world have seen every possible variation of the problem. Concepts like "Boyer-Moore" and "Aho-Corasick" may seem new to you, but they are old-hat to us.

Zero-copy

Your first problem is getting the raw data from the filesystem into memory. As the thread suggests, one way of doing this is "memory-mapping" the file. Another option would be "asynchronous I/O". When done right, either solution gets you "zero-copy" performance. On modern Intel CPUs, the disk controller will DMA the block directly into the CPU's L3 cache. Network cards work the same way, which is why getting 10-gbps from the network card is trivial, even on slow desktop systems.

Double-parsing

Your next problem is stop with the line parsing, idiots. All these Continue reading