Docker at Connect(); // 2015

Connect(); //2015, Microsoft’s virtual event devoted to developers, happened one day after DockerCon EU 2015, and started with an epic demo where Scott Hanselman deployed an ASP.NET 5 app from Visual Studio to a Docker container on Azure on Linux. … Continued

Worth Reading: Omnipath

Omni-Path, known internally by the generic code name “Storm Lake,” is a vital ingredient in Intel’s Scalable Systems Framework, which was announced earlier this year as a collection of hardware and systems software components to build parallel systems for running simulation and modeling workloads and increasingly other kinds of data analytics jobs that benefit from running on clusters with low latency and high bandwidth interconnects. via nextplatform

The post Worth Reading: Omnipath appeared first on 'net work.

New attack campaign against SMBs uses a botnet to deliver PoS malware

A group of sophisticated attackers are repurposing penetration testing tools to break into the networks of small and medium-size businesses worldwide with the goal of infecting point-of-sale systems with malware.The new attack campaign started in September and has been dubbed operation Black Atlas by researchers from antivirus vendor Trend Micro. The attackers use a wide set of tools to scan the Internet and identify potential weak spots in the networks of various organizations, the researchers said.Their toolset includes port scanners, brute-force password guessing tools, SMTP (Simple Mail Transfer Protocol) scanners, remote desktop viewers and other attack applications that are easy to find on the Internet.To read this article in full or to leave a comment, please click here

Enterprises Need to Improve IT Vendor Risk Management

I had the pleasure of attending a presentation given by Dr. Ron Ross, a fellow at the National Institute of Standards and Technology (NIST). Ron’s areas of specialization include information security, risk management, and systems security engineering.In his presentation, Dr. Ross delivered a bit of a counterintuitive message on cybersecurity by stating, "We have to stop obsessing about threats and start focusing on asset protection." To drive home this point, Dr. Ross added, "If 90% of our bridges were failing, we’d mobilize teams of engineers right away. Yet when 90% of our IT systems are insecure, we focus a good part of our attention on external threats."To read this article in full or to leave a comment, please click here

Encryption backdoors will make us all more vulnerable

The author has written 29 technical books and is Managing Partner of Ascent Solutions, which provides marketing services to tech sector companies In the aftermath of the Paris attacks, one of the memes being perpetuated by “security professionals” is that the terrorists used encrypted communications, enabling them to plan and coordinate their activities without raising suspicion among the intelligence community.Now there is a knee-jerk reaction among politicians in Washington to force encryption providers to build “backdoors” into their software that would allow government agencies to easily decode communications in their effort to identify potential terrorists. They say this is essential to keeping us all safe and that we must stop crying about the loss of personal privacy.To read this article in full or to leave a comment, please click here

HTTP/2 is here! Goodbye SPDY? Not quite yet

Why choose, if you can have both? Today CloudFlare is introducing HTTP/2 support for all customers using SSL/TLS connections, while still supporting SPDY. There is no need to make a decision between SPDY or HTTP/2. Both are automatically there for you and your customers.

Enabling HTTP/2

If you are a customer on the Free or Pro plan, there is no need to do anything at all. Both SPDY and HTTP/2 are already enabled for you. With this improvement, your website’s audience will always use the fastest protocol version when accessing your site over TLS/SSL.

Customers on Business and Enterprise plans may enable HTTP/2 within the "Network" application of the CloudFlare Dashboard.

Enabling HTTP/2 in the CloudFlare dashboard

HTTP/2 is here!

In February of 2015, the IETF’s steering group for publication as standards-track RFCs approved the HTTP/2 and associated HPACK specifications.

After more than 15 years, the Hypertext Transfer Protocol (HTTP) received a long-overdue upgrade. HTTP/2 is largely based on Google's experimental SPDY protocol, which was first announced in November 2009 as an internal project to increase the speed of the web.

Benefits of HTTP/2 and SPDY

The main focus of both SPDY and HTTP/2 is on performance, especially latency as perceived by the end-user while using Continue reading

New legislation aims at stalling NSA reform

A new bill introduced in the Senate aims to let the U.S. National Security Agency hold on for five years to phone records collected by the agency, while also making permanent some anti-terrorist provisions that have been criticized by civil rights groups.Senator Tom Cotton, a Republican from Arkansas, said Wednesday he would introduce the "Liberty Through Strength Act II" to require the federal government to hold on to the legacy phone metadata of Americans for five years and authorize its use for queries.INSIDER: Traditional anti-virus is dead: Long live the new and improved AV The Senator introduced last month legislation, also called the Liberty Through Strength Act, that would delay the end of the bulk collection of phone metadata of Americans by the NSA to Jan. 31, 2017, in the wake of security concerns after the terror attacks in Paris. The bill was introduced a little before the Thanksgiving break.To read this article in full or to leave a comment, please click here

DDoS attacks are more than disruptions to service

Distributed denial-of-service attacks have increased in complexity so that they are no longer just an annoyance causing a disruption in service. Criminals are using these attacks as a distraction while targeting sensitive data, leaving enterprises to pay for lost business and breach recovery.Any conversation that involved breaches this year included the statement, “It’s not if but when.” The expectation has become, as IDC’s Christina Richmond, program director, security services, said, “Breach is a foregone conclusion.”For many companies, the attacks are frequent and more advanced. Richmond said, "Distributed-denial-of-service attacks are no longer an isolated event. Sophisticated attacks hit companies of all sizes, in all industries.”To read this article in full or to leave a comment, please click here

Why Electronic Health Records aren’t more usable

Federal government incentives worth about $30 billion have persuaded the majority of physicians and hospitals to adopt electronic health record (EHR) systems over the past few years. However, most physicians do not find EHRs easy to use. Physicians often have difficulty entering structured data in EHRs, especially during patient encounters. The records are hard to read because they're full of irrelevant boilerplates generated by the software and lack individualized information about the patient. Alerts frequently fire for inconsequential reasons, leading to alert fatigue. EHRs from different vendors are not interoperable with each other, making it impossible to exchange information without expensive interfaces or the use of secure messaging systems. To read this article in full or to leave a comment, please click here

Searching for routes with non-IP address next-hops

I am searching in a series of large Redback config files for certain things, and I’m beginning to find Regex and Atom really powerful for this.  The files are sometimes 20,000 lines long, and there are over 100 of them.

Of course I should script this, and someone more script savvy than me would do that in a trice, but I’ve come up with a part manual solution.  Perhaps I will build it into a script later.

What I need to do is search each file for any ‘ip route’ commands that have a named interface as a next-hop rather than an IP address.   So to do this, I am doing inverse-matching on four sets of numbers separated by dots.

I also need to exclude the keyword ‘context’ and the interface ‘null0’. This took me a while to figure out.

Here’s my pattern match:

ip route [0-9]+.[0-9]+.[0-9]+.[0-9]+/[0-9]+ (?![0-9]+.[0-9]+.[0-9]+.[0-9]+|context|null0)

This matches the string:

 ip route 172.21.0.0/16 MADEUPINTERFACE

But not:

 ip route 172.16.4.0/24 10.0.0.1

The expression is not very accurate, since it could match IP addresses like 999.999.999.999, but that does not matter in Continue reading

Hosted bare metal emerges as alternative to IaaS cloud

AppLovin is a 4-year old marketing platform that places advertisements in mobile apps. And it’s a data-intensive business to say the least.When AppLovin learns of an advertising opportunity in an app, the company has 100 milliseconds to decide if it will bid on the spot in a real-time auction. If it wins the bid, it consults a database storing billions of user preferences to serve an ad personalized to that user. AppLovin processes about 30 billion to 50 billion actions per day, all of which need to happen in millisecond timeframes and on a global basis.The company started as a customer of Amazon Web Services' IaaS public cloud. But in the past few years CTO John Krystynak – an early VMware employee - has moved AppLovin’s operations to another platform: Hosted bare metal infrastructure.To read this article in full or to leave a comment, please click here

Sometimes It’s Not the Network

Marek Majkowski published an awesome real-life story on CloudFlare blog: users experienced occasional short-term sluggish performance and while everything pointed to a network problem, it turned out to be a garbage collection problem in Linux kernel.

Takeaway: It might not be the network's fault.

Also: How many people would be able to troubleshoot that problem and fix it? Technology is becoming way too complex, and I don’t think software-defined-whatever is the answer.

US, China take first steps toward cybersecurity cooperation

The U.S. and China have reached an agreement on how to begin cooperating on cybersecurity, an issue that has caused high tension between the two nations over the last few years.The agreement, reached in the first high-level meeting of its kind, calls for guidelines on sharing computer security information, a hotline to discuss issues, a so-called tabletop cybersecurity exercise and further dialog on concerns such as the theft of trade secrets. The U.S. and China have had a combative relationship on cybersecurity, which escalated in 2010 when Google directly accused China-based hackers of stealing its intellectual property.To read this article in full or to leave a comment, please click here

1 3,082 3,083 3,084 3,085 3,086 3,695