Stuff The Internet Says On Scalability For March 11th, 2016


The circle of life. Traffic flow through microservices at Netflix (Rob Young)

 

If you like this sort of Stuff then please consider offering your support on Patreon.
  • 400Gbps: DDoS attack; 50,000: frames per second Mythbusters films in HD; 3,900: pages Paul Klee’s Personal Notebooks; 1 terabit: satellites deliver in-flight Internet access at hundreds of megabits per second; 18%: overall mobile market revenue increase; 21 TB: amount of date the BBC writes daily to S3; $300 million: Snapchat revenue; 

  • Quotable Quotes:
    • Dark Territory:  Yes, he told them, the NORAD computer was supposed to be closed, but some officers wanted to work from home on the weekend, so they’d leave a port open.
    • @davefarley77: If heartbeat was a clock cycle, retrieving data from fastest SSD is equivalent to crossing whole of London on foot  @__Abigor__ #qconlondon
    • @fiddur: "Legacy is everything you wrote before lunch." - @russmiles #qconlondon
    • @BarryNL: Persistent memory could be the biggest change to computer architecture in 50 years. #qconlondon
    • @mpaluchowski: "You can tell which services are too big. That's the ones developers don't want to work with." #qconlondon @SteveGodwin
    • @danielbryantuk: "I'm not going to say how big Continue reading

How to use deep learning AI to detect and prevent malware and APTs in real-time  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  The number of new malware variations that pop up each day runs somewhere between 390,000 (according to AV-TEST Institute) and one million (according to Symantec Corporation). These are new strains of malware that have not been seen in the wild before.Even if we consider just the low end figure, the situation is still dire. Especially when it comes to advanced persistent threats (APTs), which are the most sophisticated mutations of viruses and malware, which are very effective at going completely undetected by many of the cybersecurity technologies in use today. Even security experts tell organizations to be prepared for "when" and not "if" an attack is successful.To read this article in full or to leave a comment, please click here

Facebook’s Open Compute Project helps competitors build hyperscale data centers together

The conversion from free to paid registration and a spike in Open Compute Project Summit keynote attendance signaled that open hardware innovation is trending up. Summit attendees are companies like Facebook that buy land, build big data center buildings and fill them with commodity computing and networking hardware. Their mission is to build hyperscale, hyperefficient infrastructure that is flexible in handling workloads and agile in delivering new services in minutes. Jason Taylor, OCP CEO, introduced Google’s Vice President of Infrastructure Urz Hölz as a surprise last OCP Summit keynote with Apple-like “wait there’s still more” showmanship. Hölz presented his team's open source hardware submissions, a new approach to powering the ocean of servers used in hyperscale web company data centers operated by Facebook and Google at a more power efficient 45V instead of 12V and a new rack design.To read this article in full or to leave a comment, please click here

Two-year-old Java flaw re-emerges due to broken patch

A patch for a critical Java flaw released by Oracle in 2013 is ineffective and can be easily bypassed, security researchers warn. This makes the vulnerability exploitable again, paving the way for attacks against PCs and servers running the latest versions of Java.The flaw, tracked as CVE-2013-5838 in the Common Vulnerabilities and Exposures (CVE) database, was rated by Oracle 9.3 out of 10 using the Common Vulnerability Scoring System (CVSS). It can be exploited remotely, without authentication, to completely compromise a system's confidentiality, integrity and availability.To read this article in full or to leave a comment, please click here

Justice Department slams Apple’s ‘corrosive’ rhetoric in its latest court filing

UPDATE: March 10, 2016, 3:46 p.m. Pacific—In a conference call Thursday afternoon, Apple’s SVP and chief legal counsel Bruce Sewell said, “The tone of the brief reads like an indictment,” and in 30 years he’s never seen a brief trying so hard “to smear” someone. “It should be deeply offensive to everyone who reads it.”“Corrosive rhetoric” could be this week’s “dormant cyber pathogen,” the latest salvo in the government’s attempt to paint Apple as unreasonable for refusing to craft a new version of iOS so law enforcement can brute-force an iPhone 5c used by San Bernardino shooter Syed Rizwan Farook.To read this article in full or to leave a comment, please click here

The top 12 cloud security threats

Enterprises are no longer sitting on their hands, wondering if they should risk migrating applications and data to the cloud. They're doing it -- but security remains a serious concern.The first step in minimizing risk in the cloud is to identify the top security threats.[ Deep Dive: How to rethink security for the new world of IT. | Discover how to secure your systems with InfoWorld's Security newsletter. ] As the RSA Conference last week, the CSA (Cloud Security Alliance) listed the “Treacherous 12,” the top 12 cloud computing threats organizations face in 2016. The CSA released the report to help both cloud customers and providers focus their defensive efforts.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Power stations gone by 2030, report suggests

The writing is on the wall for large-scale, traditional power generation, according to an official energy-industry organization in a major developed nation.Decentralized energy, where power is sourced from rooftop photovoltaic solar panels, battery storage and other technology could supplant classic grid-based power stations in the UK by 2030, according to industry interviews conducted by the trade association Energy UK. Energy UK represents over 80 suppliers there, who serve 26 million customers.British electricity users will increasingly get their energy from small-scale electricity generation and storage, the association thinks.To read this article in full or to leave a comment, please click here

Subscriber management on Juniper MX with FreeRadius

Quite often on my travels I sometimes encounter technologies I worked on a long time ago that I seem to bump into again later in life, in this case it’s terminating broadband subscribers. Many years ago I worked on large-scale Cisco platform terminating DSL business broadband users on Cisco 7200s over ATM, recently I’ve been involved in a couple of jobs where FTTC users are being terminated on Juniper MX480 routers, using double-tagging and PPPoE, this first post looks into how to setup a Juniper MX router from scratch and terminate PPPoE subscribers authenticated by RADIUS (in this case FreeRadius)

The topology:

topology

 

Equipment used for this is as follows:

  • MX-1 is a Juniper MX-5 router, acting as the BRAS or BNG
  • MX-2 is also an MX-5 is a generic PE with simulated external connectivity
  • EX-4500 is self explanatory, and is basically doing QinQ towards the BNG
  • RADIUS is an Ubuntu server running FreeRadius (explained in more detail later)
  • For Broadband subscribers, I’m lucky to have access to an IXIA XG12 tester

Before we get to the BNG side of things, lets take a look at the access network (EX-4500) essentially, this switch is doing several things:

ICANN stewardship transition plan sent to US government

The Internet Corporation for Assigned Names and Numbers has submitted Thursday a plan for ending U.S. oversight of key technical Internet functions in favor of a global multi-stakeholder governance model.The complex new proposals aim to create an oversight body called the "empowered community" for enforcing community powers and include tighter rules for changes to certain bylaws of the organization. The Governmental Advisory Committee, consisting of representatives of governments, will continue to have an advisory role, though it will be better placed if it works in consensus, according to a document circulated by ICANN.To read this article in full or to leave a comment, please click here

CCIE – CCIE SPv4 Review by Nick Russo

My friend Nick Russo just took the SPv4 lab and passed it. This is his story.

On 8 March 2016, I passed Cisco’s CCIE Service Provider version 4 lab exam. It was my second attempt. I realize there is little information on the Internet about this test because it is still rather new. This blog post will detail my personal strategy for passing the CCIE SPv4 lab exam. Most CCIEs and CCDEs agree that a smart strategy is a critical part of passing any Cisco expert-level lab; many folks are technically proficient but need to remain organized to be effective.

Note: the views expressed in this blog post are mine alone and do not necessarily represent the views of Cisco. No correlation between my comments and Cisco’s recommendation study strategies should be made. Also note that no technical exam content is discussed here in accordance with Cisco’s CCIE NDA. Comments fishing for such information will be deleted.

First, the new blueprint has 3 sections: Troubleshooting (TSHOOT), Diagnostic (DIAG), and Configuration (CONFIG). The CCIE SPv4 program explains these topics in detail within the new blueprint so that is not discussed again here. Since each section is slightly different, one should have Continue reading

Can the Apple code be misused?

This post will respond to the tweet by Orin Kerr:

The government is right that the software must be signed by Apple and made to only work on Farook's phone, but the situation is more complicated than that.

The basic flaw in this picture is jailbreaks. This is a process of finding some hack that gets around Apple's "signing" security layer. Jailbreaks are popular in the user community, especially China, when people want to run software not approved by Apple. When the government says "intact security", it means "non-jailbroken".

Each new version of iOS requires the discovery of some new hack to enable jailbreaking. Hacking teams compete to see who can ship a new jailbreak to users, and other companies sell jailbreaks to intelligence agencies. Once jailbroken, the signing is bypassed, as is the second technique of locking the software specifically to Farook's phone.

Details are more complicated than this. Each jailbreak is different, and many won't allow this secret Apple software to be run. Some will. The point Continue reading

Code is expressive. Full Stop. (FBIvApple)

I write code. More than a $billion of products have been sold where my code is the key component. I've written more than a million lines of it. I point this out because I want to address this FBIvApple fight from the perspective of a coder -- from the perspective of somebody who the FBI proposes to conscript into building morally offensive code. Specifically, I want to address the First Amendment issue, whether code is expressive speech.


Consider Chris Valasek (@NudeHabasher), most recently famous for his car-hacking stunt of hacking into a Jeep from the Internet (along with Charlie Miller @CharlieMiller).

As Chris tells the story, he was on an airplane without WiFi writing code for his "CANbus-hack" tool that would hack the car. Without the Internet, he didn't have access to reference information, such as for strtok(). But he did remember from years earlier working on my (closed-source) code, and used the ideas he remembered to solve his immediate problem. No, he didn't remember the specifics of the code itself, and in any case, his CANbus-hack was unrelated to that code. Instead, it was the ideas expressed my code that he remembered.

What he came up with was this:



Continue reading

dt_aclcheck – Find a match in extended access list.

Some ACLs are short, some ACLs are really long!



1 3,021 3,022 3,023 3,024 3,025 3,763