How Autodesk Implemented Scalable Eventing over Mesos

This is a guest post by Olivier Paugam, SW Architect for the Autodesk Cloud. I really like this post because it shows how bits of infrastructure--Mesos, Kafka, RabbitMQ, Akka, Splunk, Librato, EC2--can be combined together to solve real problems. It's truly amazing how much can get done these days by a small team.

I was tasked a few months ago to come up with a central eventing system, something that would allow our various backends to communicate with each other. We are talking about activity streaming backends, rendering, data translation, BIM, identity, log reporting, analytics, etc.  So something really generic with varying load, usage patterns and scaling profile.  And oh, also something that our engineering teams could interface with easily.  Of course every piece of the system should be able to scale on its own.

I obviously didn't have time to write too much code and picked up Kafka as our storage core as it's stable, widely used and works okay (please note I'm not bound to using it and could switch over to something else).  Now I of course could not expose it directly and had to front-end it with some API. Without thinking much I also Continue reading

BitTorrent programs can be abused to amplify distributed denial-of-service attacks

BitTorrent applications used by hundreds of millions of users around the world could be tricked into participating in distributed denial-of-service (DDoS) attacks, amplifying the malicious traffic generated by attackers by up to 50 times.DDoS reflection is a technique that uses IP (Internet Protocol) address spoofing to trick a service to send responses to a third-party computer instead of the original sender. It can be used to hide the source of malicious traffic.The technique can typically be used against services that communicate over the User Datagram Protocol (UDP), because unlike the Transmission Control Protocol (TCP), UDP does not perform handshakes and therefore source IP address validation. This means an attacker can send a UDP packet with a forged header that specifies someone else’s IP address as the source, causing the service to send the response to that address.To read this article in full or to leave a comment, please click here

Liskov Substitution and Modularity in Network Design

Furthering the thoughts I’ve put into the forthcoming book on network complexity…

One of the hardest things for designers to wrap their heads around is the concept of unintended consequences. One of the definitional points of complexity in any design is the problem of “push button on right side, weird thing happens over on the left side, and there’s no apparent connection between the two.” This is often just a result of the complexity problem in its base form — the unsolvable triangle (fast/cheap/quality — choose two). The problem is that we often don’t see the third leg of the triangle.

The Liskov substitution principle is one of the mechanisms coders use to manage complexity in object oriented design. The general idea is this: suppose I build an object that describes rectangles. This object can hold the width and the height of the rectangle, and it can return the area of the rectangle. Now, assume I build another object called “square” that overloads the rectangle object, but it forces the width and height to be the same (a square is type of rectangle that has all equal sides, after all). This all seems perfectly normal, right?

Now let’s say Continue reading

10 security technologies destined for the dustbin

Perhaps nothing, not even the weather, changes as fast as computer technology. With that brisk pace of progress comes a grave responsibility: securing it.Every wave of new tech, no matter how small or esoteric, brings with it new threats. The security community slaves to keep up and, all things considered, does a pretty good job against hackers, who shift technologies and methodologies rapidly, leaving last year’s well-recognized attacks to the dustbin.[ Deep Dive: How to rethink security for the new world of IT. | Discover how to secure your systems with InfoWorld's Security newsletter. ] Have you had to enable the write-protect notch on your floppy disk lately to prevent boot viruses or malicious overwriting? Have you had to turn off your modem to prevent hackers from dialing it at night? Have you had to unload your ansi.sys driver to prevent malicious text files from remapping your keyboard to make your next keystroke reformat your hard drive? Did you review your autoexec.bat and config.sys files to make sure no malicious entries were inserted to autostart malware?To read this article in full or to leave a comment, please click here

iPexpert’s Newest “CCIE Wall of Fame” Additions 8/17/2015

Please join us in congratulating the following iPexpert students who have passed their CCIE lab!

This Week’s CCIE Success Stories

  • Alemneh Nigussi, CCIE #28272 (Data Center)
    (He’s a 3x CCIE! He also has Voice and Routing/Switching.)
  • K.G. Pramod, CCIE #49662 (Data Center)
  • Mohamed Ahmed Ali, CCIE #34760 (Security)
  • Muhammad Adil, CCIE #49605 (Data Center)

We Want to Hear From You!

Have you passed your CCIE lab exam and used any of iPexpert’s self-study products, or attended a CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!

New products of the week 08.17.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Absolute Data and Device Security adds Microsoft SCCM and SIEM integrationKey features: Absolute has introduced new security functionality that extends IT oversight to include Microsoft SCCM and SIEM integration. More info.To read this article in full or to leave a comment, please click here

New products of the week 08.17.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.Absolute Data and Device Security adds Microsoft SCCM and SIEM integrationKey features: Absolute has introduced new security functionality that extends IT oversight to include Microsoft SCCM and SIEM integration. More info.To read this article in full or to leave a comment, please click here

War Stories: ITIL Process vs Practice

Our irregular War Stories returns, with a story about a network I worked on with strict change control, but high technical debt. What should have been a simple fix became far more pain than it should have been. Lesson learned: next time just leave things alone. I’m sure the ITIL true believers loved their process, but did they realise it stopped people fixing problems?

A classic problem: Duplex mismatch

I spotted a duplex mismatch with one of the services I was responsible for. Throughput was low, and the NIC was showing late collisions. Classic mismatch. Should be an easy enough fix, right? Whoa there son. This is an ITIL shop. No changes without an approved change request!

Logging Changes: An Exercise in Frustration

Change policy at this company was for a lead time for one week for most systems, or two weeks for some ‘important’ systems. Changes had to be submitted and approved before the deadline. There was no reason for the delay. Nothing happened during those two weeks, there was no extra review, you just had to wait, because that was the process.

This company had a Change Management system built on top of a main-frame application. Seriously? Yes, seriously. But it was Continue reading

Italian teen finds two zero-day vulnerabilities in OS X

An Italian teenager has found two zero-day vulnerabilities in Apple’s OS X operating system that could be used to gain remote access to a computer.The finding comes after Apple patched last week a local privilege escalation vulnerability that was used by some miscreants to load questionable programs onto computers.Luca Todesco, 18, posted details of the exploit he developed on GitHub. The exploit uses two bugs to cause a memory corruption in OS X’s kernel, he wrote via email.To read this article in full or to leave a comment, please click here

Software upgrade could be cause of US airline disruption

A computer glitch that disrupted airline traffic in some parts of the U.S. over the weekend was possibly the result of a software upgrade, the Federal Aviation Administration said Sunday.The agency, which had earlier described a problem in its “automation system” as the cause of the disruption, said the problem could be possibly traced to a recent software upgrade at a high-altitude radar facility in Leesburg, Virginia.The upgrade was designed to provide additional tools for controllers, the agency said. While the FAA and its system contractor complete their assessment, the new features have been disabled.The agency said that there was no indication that the disruption was related to any inherent problems with the En Route Automation Modernization system, which it claims has had a greater than 99.99 availability rate since it was completed nationwide earlier this year. ERAM replaced the 40-year-old En Route Host computer and backup system used at 20 FAA Air Route Traffic Control Centers nationwide.To read this article in full or to leave a comment, please click here

1 3,127 3,128 3,129 3,130 3,131 3,613