Net ring-buffers are essential to an OS

Even by OpenBSD standards, this rejection of 'netmap' is silly and clueless.

BSD is a Linux-like operating system that powers a lot of the Internet, from Netflix servers to your iPhone. One variant of BSD focuses on security, called "OpenBSD". A lot of security-related projects get their start on OpenBSD. In theory, it's for those who care a lot about security. In practice, virtually nobody uses it, because it makes too many sacrifices in the name of security.

"Netmap" is a user-space network ring-buffer. What that means is the hardware delivers network packets directly to an application, bypassing the operating system's network stack. Netmap currently works on FreeBSD and Linux. There are projects similar to this known as "PF_RING" and "Intel DPDK".


The problem with things like netmap is that it means the network hardware no longer is a shareable resource, but instead must be reserved for a single application. This violates many principles of a "general purpose operating system".

In addition, it ultimately means that the application is going to have to implement it's own TCP/IP stack. That means it's going to repeat all the same mistakes of the past, such as "ping of death" when a Continue reading

Cisco Merging IOS-XE Code Trains

Reliable sources tell me that Cisco is undergoing a huge internal transformation now that Chuck Robbins is in charge. I haven’t been able to see any evidence of this transformation and have been wondering when customers would see the results. Cisco Enterprise was presenting at Network Field Day 11 and this particular presentation from Cisco Enterprise […]

The post Cisco Merging IOS-XE Code Trains appeared first on EtherealMind.

Less porn-surfing corporate bosses, more execs taking phishing bait to infect networks

ThreatTrack Security wanted to know how the challenges facing malware analysts dealing with cyber threats have evolved in past two years. So the company had Opinion Matters conduct an independent blind survey of 207 security professionals dealing with malware analysis in the U.S. While the findings are not all sunshine and chocolate, only 11% said they investigated a data breach that was not disclosed to customers, compared to 57% who said the same back in 2013. Another piece of good news - fewer security analysts need to purge malware as a result of a company's senior leadership member visiting a porn site. In 2013, 40% of malware infections came from porn-surfing corporate bosses, compared to 26% in 2015.To read this article in full or to leave a comment, please click here

How not to be a better programmer

Over at r/programming is this post on "How to be a better programmer". It's mostly garbage.


Don't repeat yourself (reuse code)


Trying to reuse code is near the top of reasons why big projects fail. The problem is that while the needs of multiple users of a module may sound similar, they are often different in profound ways that cannot be reconciled. Trying to make the same bit of code serve divergent needs is often more complex and buggy than multiple modules written from the ground up for each specific need.

Yes, we adhere to code cleanliness principles (modularity, cohesion) that makes reuse easier. Yes, we should reuse code when the needs match close enough. But that doesn't mean we should bend over backwards trying to shove a square peg through a round hole, and the principle that all pegs/holes are the same.


Give variables/methods clear names


Programmers hate to read other code because the variable names are unclear. Hence the advice to use "clear names" that aren't confusing.

But of course, programmers already think they are being clear. No programmer thinks to themselves "I'm going to be deliberately obtuse here so that other programmers won't understand". Therefore, Continue reading

UpGuard offers a rating score of risk preparedness

UpGuard analyzes data about the state of corporate networks to devise a single numerical score that gives a quick sense of security risk, a number that could be used by insurance companies to set premiums for cyber insurance.The UpGuard platform includes a scanner that evaluates exposure of publicly facing Web interfaces and determines the risk of breaches. This is augmented by analysis of data about the internal network from sources including existing security platforms and software services via APIs or from Windows Remote Management.That is rolled up into a number – the Cybersecurity Threat Assessment Report (CSTAR) – that capsulizes how vulnerable a network is to attacks, the company says. In addition to the number, the platform enables drilling down into what weaknesses it has found so customers can take remedial action.To read this article in full or to leave a comment, please click here

Five Years After Egypt

egypt

This week marks a somber milestone in Internet history: the 5-year anniversary of former Egyptian President Hosni Mubarak’s order to shutdown his country’s access to the global Internet amid widespread protests.   Similar popular protests would sweep through the region during a time frame that became known as the Arab Spring.  Within days of the Egyptian blackout, Internet service would be restored and Mubarak would resign after 30 years in power.

egypt
As the Arab Spring protests spread to other countries, the trend of government-directed Internet blackouts continued in Syria, Libya, and Bahrain.  In the years since 2011, we have documented (on this blog and on our Twitter feed) government-directed blackouts in a number of countries, including Sudan, Iraq, and most recently Congo-Brazzaville.  While the protests in Tahrir Square came to exemplify the greater Arab Spring movement, the legacy of the Egyptian Internet blackout was that it ushered in the modern era of government-directed suppression of Internet communication.

Egypt

On the evening of 27 January 2011 (US Eastern Time), we were alerted to the Egyptian blackout by our BGP route monitoring system.  Within minutes, I was assisting my colleague Jim Cowie in Continue reading

PayPal is the latest victim of Java deserialization bugs in Web apps

PayPal has fixed a serious vulnerability in its back-end management system that could have allowed attackers to execute arbitrary commands on the server and potentially install a backdoor.The vulnerability is part of a class of bugs that stem from Java object deserialization and which security researchers have warned about a year ago.In programming languages, serialization is the process of converting data to a binary format for storing it or for sending it over the network. Deserialization is the reverse of that process.Deserialization is not an issue in itself, but like most processes that involve processing potentially untrusted input, measures need to be taken to ensure that it is performed safely. For example, an attacker could craft a serialized object that includes a Java class that the application accepts and which could be abused for something malicious.To read this article in full or to leave a comment, please click here

IDG Contributor Network: The new Rogue IT: A growing, invisible threat to your IT operations

Back in the day, "rogue IT" typically entailed departments building servers and putting them under their desks in an attempt to circumvent the IT department and all of the pesky security controls that came with IT-approved servers.Often, those servers sat under a desk, inside a closet or back room — unpatched, unprotected, and non-compliant — for long stretches of time before finally being discovered. Those were the good ol' days, compared to the new type of rogue IT that's quickly spreading through today's IT landscape. It's invisible, nearly undetectable, and completely unacceptable, to say the least. The new rogue IT involves departments buying things online (think Amazon Web Services, Google Services, and Microsoft Azure), and setting up off-the-books IT operations outside of your organization's boundaries. To read this article in full or to leave a comment, please click here

2016’s 25 geekiest 25th anniversaries

Back in 1991There was quite a collection of new technology and plain-old interesting geeky stuff in 1991. Included were the public debut of the World Wide Web, the introduction of Linux and the discovery of Otzi the Iceman. There was the lithium-ion battery, PGP encryption, Apple’s PowerBook, Terminator 2 and more. When through, if you’d like to catch up on the first nine installments of this series, check out 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008 and 2007.To read this article in full or to leave a comment, please click here

Technology ‘net: End-to-end Disaggregation?

Quite a lot seems to be going on on the technology side of things—as the morning paper points out, everything seems to be changing at once right now. Ever feel like you’re sipping from a firehose? Maybe there’s a reason… Let’s discuss just a few of these in a little more detail.

First, there has been a lot of discussion around IPv6 in the last year or so. The folks within the IETF who designed IPv6 decided to do “more than just” adding more address space, instead deciding to change some fundamental things about the way IP works in the process of developing a new protocol. For instance, fragmentation by network devices is gone in IPv6, and the option headers are much richer. These kind of fundamental changes in protocol design invariably lead to the question—what impact do these things have on performance? A recent series of tests set out to answer this question. The results are pretty clear; over time, as IPv6 has been deployed natively, the protocol’s performance has moved closer to the performance of IPv4. There are still some gaps, but they are narrowing. Those gaps may never be gone, but IPv6 may come close enough, over Continue reading

Look out, Cisco: Major telcos join Facebook’s open hardware push

Big telcos including Verizon and AT&T have joined a Facebook-led project to build low-cost computing hardware, posing a fresh challenge for network vendors like Cisco and Juniper.The telcos have signed onto the Open Compute Project, a non-profit set up by Facebook in which end-user companies get together and design their own, no-frills hardware including servers, network and storage gear.The OCP members can include just the capabilities they need in a product, free of the "gratuitous differentiation" that bumps up prices in equipment from traditional vendors. They enlist low-cost manufacturers in Asia to produce the equipment.To read this article in full or to leave a comment, please click here

Look out, Cisco: Major telcos join Facebook’s open hardware push

Big telcos including Verizon and AT&T have joined a Facebook-led project to build low-cost computing hardware, posing a fresh challenge for network vendors like Cisco and Juniper.The telcos have signed onto the Open Compute Project, a non-profit set up by Facebook in which end-user companies get together and design their own, no-frills hardware including servers, network and storage gear.The OCP members can include just the capabilities they need in a product, free of the "gratuitous differentiation" that bumps up prices in equipment from traditional vendors. They enlist low-cost manufacturers in Asia to produce the equipment.To read this article in full or to leave a comment, please click here

Ansible Galaxy 2.0 Launches

Ansible-Galaxy-2

The BETA sticker is off, and Galaxy 2.0 is live! This is our biggest release to date, and it’s packed with some great features you’re going to love.

Here’s a quick run-down:

Organizations

There really should be a drum roll playing as you read this, because this feature has been at the top of everyone’s wish list for as long as Galaxy has been around. But here it is… Organizations now have a home in Galaxy. Yes, you can import roles into an organization!

How, you ask? Just click the import button. Really. That’s it. The role will be imported exactly as the repository appears in GitHub. If the role belongs to ‘acmeco’ in GitHub, then it will appear under ‘acmeco’ in Galaxy.

You can import any repositories from GitHub where you are a collaborator or owner. Log in as yourself, and import your roles or your organization’s roles.

Existing roles prior to Galaxy 2.0 have not been changed. To move a role from your username to an organization, delete the role and import it again.

Semantic URLs

Sharing links to your content in Galaxy now makes sense with user-friendly URLs that include GitHub username or organization and Continue reading

1 3,020 3,021 3,022 3,023 3,024 3,696