GoBGP – A Control Plane Evolving Software Networking

If I have talked to you over the past year or two about networking, odds are I have mentioned a project to you called GoBGP. If we have spoken a lot, you are probably sick of me talking to you about GoBGP There is a reason, it’s because GoBGP is a missing link in networking that has been for a ... The post GoBGP – A Control Plane Evolving Software Networking appeared first on NetworkStatic | Brent Salisbury's Blog.

...

Comments on the FBI success in hacking Farook’s iPhone

Left-wing groups like the ACLU and the EFF have put out "official" responses to the news the FBI cracked Farook's phone without help from the Apple. I thought I'd give a response from a libertarian/technologist angle.

First, thank you FBI for diligently trying to protect us from terrorism. No matter how much I oppose you on the "crypto backdoors" policy question, and the constitutional questions brought up in this court case, I still expect you to keep trying to protect us.

Likewise, thank you FBI for continuing to be open to alternative means to crack the phone. I suppose you could've wrangled things to ignore people coming forward with new information, in order to pursue the precedent, in the longer term policy battle. I disagree with the many people in my Twitter timeline who believe this was some sort of FBI plot -- I believe it's probably just what the FBI says it is: they first had no other solution, then they did.

Though, I do wonder if the FBI's lawyers told them they would likely lose the appeal, thus setting a bad precedent, thus incentivizing the FBI to start looking for an alternative to get out of the case. Continue reading

Large US healthcare provider’s network shut down by malware

A large healthcare provider in the Washington, D.C., area said it has resorted to paper transactions after malware crippled part of its network early Monday.MedStar Health, a not-for-profit that runs 10 hospitals, said its clinical facilities were functioning and that it did not appear data had been compromised. The malware prevented "certain users from logging into our system.""MedStar acted quickly to prevent the virus from spreading throughout the organization," it said in a statement posted on Facebook. "We are working with our IT and cybersecurity partners to fully assess and address the situation."To read this article in full or to leave a comment, please click here

LACP is not Link Aggregation

So there’s a mistake I’ve been making, for years. I’ve referred to what is link aggregation as “LACP”.  As in “I’m setting up an LACP between two switches”. While you can certainly set up LACP between to switches, the more correct term for the technology is link aggregation (as defined by the IEEE), and an instance of that is generically called a LAG (Link Aggregation Group). LACP is an optional part of this technology.

Here I am explaining this and more in an 18 minute Youtube video.


FireEye says hackers are racing to compromise POS systems

Cybercriminals are redoubling efforts to steal payment card details from retailers before new defenses are put in place, according to FireEye.More than a dozen types of malware were found last year that target point-of-sale systems, the electronic cash registers the process payments at many retailers.Over the last few years, hackers have successfully breached the systems, targeting weaknesses or software vulnerabilities in order to extract card details to sell on the black market.As of last October, retailers are liable for fraudulent transactions that are not completed using EMV payment cards, which have a microchip and enhanced security defenses that better shield card data.  To read this article in full or to leave a comment, please click here

Configuring Macvlan and Ipvlan Linux Networking

Macvlan and Ipvlan are both Linux type networking interfaces that are both supported by the Linux kernel. They are unique for a few different reasons. One thing that makes them both very attractive is they do not use bridges in their implementation and natively namespace aware. It solves some painful problems such as getting access to a gateway from a ... The post Configuring Macvlan and Ipvlan Linux Networking appeared first on NetworkStatic | Brent Salisbury's Blog.

...

DOJ cracks San Bernardino shooter’s iPhone

The U.S. government has managed to access the iPhone used by San Bernardino gunman Syed Rizwan Farook, bypassing a passcode that had the FBI stymied for several weeks. "The government has now successfully accessed the data stored on Farook’s iPhone and therefore no longer requires the assistance from Apple," the Department of Justice said in a court filing on Monday. The filing didn’t detail the method used to access the phone, but U.S. Attorney Eileen M. Decker said in a statement that it had been accomplished with the help of a third party.To read this article in full or to leave a comment, please click here

Going to IETF 95? Join the TLS 1.3 hackathon

If you’re in Buenos Aires on April 2-3 and are interested in building, come join the IETF Hackathon. CloudFlare and Mozilla will be working on TLS 1.3, the first new version of TLS in eight years!

At the hackathon we’ll be focusing on implementing the latest draft of TLS 1.3 and testing interoperability between existing implementations written in C, Go, OCaml, JavaScript and F*. If you have experience with network programming and cryptography, come hack on the latest and greatest protocol and help find problems before it is finalized. If you’re planning on attending, add your name to the Hackathon wiki. If you can’t make it, but implementing cryptographic protocols is your cup of tea, apply to join the CloudFlare team!

We’re very excited about TLS 1.3, which brings both security and performance improvements to HTTPS. In fact, if you have a client that speaks TLS 1.3 draft 10, you can read this blog on our TLS 1.3 mirror: tls13.cloudflare.com.

We hope to see you there!

Macvlan vs Ipvlan

I’ve covered macvlans in the Bridge vs Macvlan post. If you are new to macvlan concept, go ahead and read it first.

Macvlan

To recap: Macvlan allows you to configure sub-interfaces (also termed slave devices) of a parent, physical Ethernet interface (also termed upper device), each with its own unique MAC address, and consequently its own IP address. Applications, VMs and containers can then bind to a specific sub-interface to connect directly to the physical network, using their own MAC and IP address.

Linux Macvlan

Macvlan is a near-ideal solution to natively connect VMs and containers to a physical network, but it has its shortcomings:

  • The switch the host is connected to may have a policy that limits the number of different MAC addresses on a physical port. Although you should really work with your network administrator to change the policy, there are times when this might not be possible (or you just need to set up a quick PoC).
  • Many NICs have a limit on the number of MAC addresses they support in hardware. Exceeding the limit may affect the performance.
  • IEEE 802.11 doesn’t like multiple MAC addresses on a single client. It is likely macvlan sub-interfaces will be blocked Continue reading

Worth Reading: Trademarking hashtags

Now companies are trademarking hashtags in the same way they trademark logos, catchphrases and other designs, to keep other entities from using them to market or sell certain goods or services. In 2010, four years after Twitter first launched, just seven companies applied to trademark specific hashtags, according to a report from Thomson Reuters CompuMark. Five of the seven trademarks were granted. -via MarketWatch

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: Trademarking hashtags appeared first on 'net work.

The Design Mindset (3)

So you’ve spent time asking what, observing the network as a system, and considering what has actually been done in the past. And you’ve spent time asking why, trying to figure out the purpose (or lack of purpose) behind the configuration and design choices made in the past. You’ve followed the design mindset to this point, so now you can jump in and make like a wrecking ball (or a bull in a china shop), changing things so they’re better, and the new requirements you have can fit right in. Right?

Wrong.

As an example, I want to take you back to another part of a story I told here about my early days in the networking world. Before losing the war over Banyan Vines, I actually encountered an obstacle that should have been telling—but I was too much of a noob at the time to recognize it for the warning it really was. At the time, I had written a short paper comparing Vines to Netware; the paper was, perhaps, ten pages long, and I thought it did a pretty good job of comparing the two network operating systems. Heck, I’d even put together a page showing how Vines Continue reading

NAND mirroring proof-of-concept show that FBI could use it to crack iPhone

So NAND mirroring doesn’t work to crack into Syed Farook's work iPhone and grab the contents, huh? Tell that to the security researcher’s proof-of-concept demonstration.iPhone forensics expert Jonathan Zdziarski previously suggested the FBI could use NAND mirroring to get information off the locked San Bernadino shooter’s iPhone; yet FBI Director James Comey claimed that making a copy of the phone’s chip to get around the passcode “doesn’t work” and the solution would be “software-based.”To read this article in full or to leave a comment, please click here

1 2,999 3,000 3,001 3,002 3,003 3,763