NetworkingNexus.net

QOTW: Ignorance

Contrary to folk wisdom, ignorance is usually not blissful. Generally, it produces the very opposite of bliss. Just ask the frightened hiker lost in some remote mountain blizzard who never paid attention to his Boy Scout instruction; or ask the new employee who never did her math homework, frantically trying to figure out the correct change for customers; or, worse yet, ask the frustrated and annoyed patrons waiting in the ever-increasing line as this new employee bumbles one purchase after another.
Phillip Dow, Virtuous Minds

The post QOTW: Ignorance appeared first on 'net work.

Worth Reading: The Cryptech Project

The Snowden and subsequent revelations have called into question the integrity of some of the implementations of basic cryptographic functions and of the cryptographic devices used to secure applications and communications on the Internet. There are serious questions about algorithms and about implementations of those algorithms in software and particularly in hardware. … To fill this need the CrypTech project is developing an open-source hardware cryptographic engine design that meets the needs of high assurance Internet infrastructure systems that use cryptography. via the cryptech project

The post Worth Reading: The Cryptech Project appeared first on 'net work.

iPexpert’s Newest “CCIE Wall of Fame” Additions 11/13/2015

Please join us in congratulating the following iPexpert students who have passed their CCIE lab!

Container networking: To overlay or not to overlay

One of the key decisions in designing a compute infrastructure is how to handle networking.

For platforms that are designed to deliver applications, it is now common knowledge that application developers need a platform that can execute and manage containers (rather than VMs).

When it comes to networking, however, the choices are less clear. In what scenarios are designs based on single layer preferable vs. overlay networks ?

The answer to this question is not a simplistic one based on “encapsulation overhead”; while there are overlay networking projects that do exhibit poor performance, production ready solutions such as OpenContrail have performance characteristics on both throughput and PPS similar to the Linux kernel bridge implementation. When not using an overlay, it is still necessary to use an internal bridge to demux the container virtual-ethernet interface pairs.

The key aspect to consider is operational complexity!

From a bottoms-up perspective, one can build an argument that a network design with no encapsulation that simply uses an address prefix per host (e.g. a /22) provides the simplest possible solution to operate. And that is indeed the case if one assumes that discovery, failover and authentication can be handled completely at the “session” layer (OSI model).

I’m familiar with a particular compute infrastructure where this is the Continue reading

Test-Driven Network Development with Michael Kashin on Software Gone Wild

Imagine you’d design your network by documenting the desired traffic flow across the network under all failure conditions, and only then do a low-level design, create configurations, and deploy the network… while being able to use the desired traffic flows as a testing tool to verify that the network still behaves as expected, both in a test lab as well as in the live network.

Money Where My Mouth is, Get Coding Giveaway (UPDATE 2.0)

WE HAVE WINNERS!! Big Congratulations to: John Swanson & Dustin Plunkett Hoping to get them both on the blog in the near future. Thanks to everyone who participated. Sign up for ACL, The StaticNAT Newsletter for future offers and to see what we are doing here at StaticNAT! So lately I have been on a …

Ransom attacks likely to fade as small email providers resist

The spate of cyberattacks against email providers is likely to pass with time as they refuse to pay ransoms. But that doesn't mean the attacks haven't cost them. Since early this month, the list of companies that have been attacked has grown longer: first ProtonMail of Switzerland, followed by HushMail, RunBox, VFEmail, Zoho and FastMail of Australia. The companies have typically received extortion requests by email asking for 10 or 20 bitcoins in exchange for not being subjected to distributed denial-of-service (DDoS) attacks. DDoS attacks involve sending a large amount of data traffic to a company's network, causing the service to choke and go offline.To read this article in full or to leave a comment, please click here

Don’t trust that USB drive!

Picture this: You go to a trade show and you collect your allocation of freebies: Teeshirts, hats, USB drives, and so on. You get back to your room or, more likely, you get back to your office and you start sorting out your haul of tschotskes. You plug one of the nerd sticks into your computer and then this happens: Suddenly your day has taken a nosedive. To read this article in full or to leave a comment, please click here

DockerVPC: Using containers as Linux Virtual host instead of VPCS

Introduction I would like to share with you DockerVPC, a bash script that helps running containers for use within GNS3 as rich virtual end-host instead of VPCS. I’am using it to avoid dealing directly with docker commands and container id’s each time I would like to rapidly deploy some disposable end-host containers inside GNS3. For […]

Cybercriminals turn to video ads to plans malware

Cybercriminals have been delivering malware through online display ads for years, but they appear to be making headway with a new distribution method: video advertisements.Both methods of attack, known as malvertising, can have a broad impact and are a major headache for the ad industry. A single malicious advertisement, distributed to several highly trafficked sites, can expose tens of thousands of computers to malware in a short time.Some ad networks and publishers have taken steps to vet their ads more thoroughly, but criminals are constantly on the lookout for weaknesses.An attack detected about two weeks ago shows how cybercriminals are showing more interest in creating malicious video ads.To read this article in full or to leave a comment, please click here

Cybercriminals turn to video ads to plant malware

Cybercriminals have been delivering malware through online display ads for years, but they appear to be making headway with a new distribution method: video advertisements. Both methods of attack, known as malvertising, can have a broad impact and are a major headache for the ad industry. A single malicious advertisement, distributed to several highly trafficked sites, can expose tens of thousands of computers to malware in a short time. Some ad networks and publishers have taken steps to vet their ads more thoroughly, but criminals are constantly on the lookout for weaknesses. An attack detected about two weeks ago shows how cybercriminals are showing more interest in creating malicious video ads.To read this article in full or to leave a comment, please click here

Cisco Shares Slip on Q2 Guidance

Slowdown aside, Cisco CEO Chuck Robbins says he is optimistic for next year.

Announcing Docker Trusted Registry 1.4 – New User Interface, Integrated Content Trust and Support for Docker Engine 1.9

The Docker Trusted Registry is a commercial registry service that you can run on-premise or in your virtual private cloud (VPC) to store and manage your Docker images. Trusted Registry is available in conjunction with a commercially supported Docker Engine … Continued

BusyCal and Textual

I wanted to call out a couple of software packages whose vendors I’ve worked with recently that I felt had really good customer service. The software packages are BusyCal (from BusyCal, LLC) and Textual (from Codeux Software, LLC).

As many of you know, the Mac App Store (MAS) recently suffered an issue due to an expired security certificate, and this caused many MAS apps to have to be re-downloaded or, in limited cases, to stop working (I’m looking at you, Tweetbot 1.6.2). This incident just underscored an uncomfortable feeling I’ve had for a while about using MAS apps (for a variety of reasons that I won’t discuss here because that isn’t the focus of this post). I’d already started focusing on purchasing new software licenses outside of the MAS, but I still had (and have) a number of MAS apps on my Macs.

As a result of this security certificate snafu, I started looking for ways to migrate from MAS apps to non-MAS apps, and BusyCal (a OS X Calendar replacement) and Textual (an IRC client) were two apps that I really wanted to continue to use but were MAS apps. The alternatives were dismal, at best.

It Ain’t Easy Buying EZchip, Mellanox Finds

Raging Capital's raging has partially paid off.

Robot keeps stores stocked with Doritos

An autonomous robot was unveiled this week that can make sure that when you're hankering for Doritos, there's a bag waiting for you at the market.Simbe Robotics, based in San Francisco, announced its first product, a 30-pound robot called Tally that can move up and down a store's aisles checking inventory. The robot determines what products need restocking and send reports to workers who can add more stock. Tally also is set up to work during normal store hours, alongside employees and customers."Tally performs repetitive and laborious tasks of auditing shelves for out-of-stock items, low stock items, misplaced items, and pricing errors," the company said in a release. "Tally has the ability to audit shelves cheaper, more frequently, and significantly faster than existing processes; and with near-perfect accuracy."To read this article in full or to leave a comment, please click here

Lapsed Apple certificate triggers massive Mac app fiasco

A lapsed Apple digital certificate today triggered a massive app fiasco that prevented Mac users from running software they'd purchased from the Mac App Store. "Whenever you download an app from the Mac App Store, the app provides a cryptographically-signed receipt," explained Paul Haddad, a co-founder of Tapbots, the company behind the popular Tweetbot Twitter client, in an email reply to questions today. "These receipts are signed with various certificates with different expiration dates. One of those is the 'Mac App Store Receipt Signing;' that expires every two years. That certificate expired on 'Nov 11 21:58:01 2015 GMT,' which caused most existing App Store receipts to no longer be considered valid."To read this article in full or to leave a comment, please click here

IDG Contributor Network: How vulnerable are the internet’s undersea cables?

With a recent New York Times article expressing concern from military officials that some undersea internet-carrying cables are susceptible to submarine-attack by Russians, a few questions come to mind:Should we be worried? Just how much data do these cables carry? And where are they anyway?Mariners "Not many people realize that undersea cables transport nearly 100% of transoceanic data traffic," writes Nicole Starosielski in The Conversation.To read this article in full or to leave a comment, please click here

Magic or Curse? World TV day 2015

The Big TVImage by REUTERS/Kim Hong-JiThrough the years television has been celebrated and denounced for its influence. In 1996 the United Nations designated November 21 as World Television Day “not so much a celebration of the tool, but rather the philosophy which it represents. Television represents a symbol for communication and globalization in the contemporary world,” the UN stated. While in the US and other countries TV is decidedly high-tech, other places it is not. Reuters took a look at people watching television all over the world to celebrate World Television Day.To read this article in full or to leave a comment, please click here

Magic or Curse? World TV day 2016

« Previous 1 … 3,020 3,021 3,022 3,023 3,024 … 3,612 Next »