Docker networking 101 – User defined networks

image In this post, I’d like to cover some of the new Docker network features.  Docker 1.9 saw the release of user defined networks and the most recent version 1.10 added some additional features.  In this post, we’ll cover the basics of the new network model as well as show some examples of what these new features provide.

So what’s new?  Well – lots.  To start with, let’s take a look at a Docker host running the newest version of Docker (1.10). 

Note: I’m running this demo on CentOS 7 boxes.  The default repository had version 1.8 so I had to update to the latest by using the update method shown in a previous post here.  Before you continue, verify that ‘docker version’ shows you on the correct release.

You’ll notice that the Docker CLI now provide a new option to interact with the network through the ‘docker network’ command…

image 
Alright – so let’s start with the basics and see what’s already defined…

image

By default a base Docker installation has these three networks defined.  The networks are permanent and can not be modified.  Taking a closer look, Continue reading

Arizona county attorney to ditch iPhones over Apple dispute with FBI

Apple’s refusal to help the FBI unlock an iPhone 5c used by one of the terrorists in the San Bernardino, California attack on Dec. 2 has prompted the Maricopa County attorney’s office in Arizona to ban providing new iPhones to its staff.“Apple’s refusal to cooperate with a legitimate law enforcement investigation to unlock a phone used by terrorists puts Apple on the side of terrorists instead of on the side of public safety,” Maricopa County Attorney Bill Montgomery said in a statement on Wednesday.MORE: iPhone7 Rumor RollupTo read this article in full or to leave a comment, please click here

Arizona county attorney to ditch iPhones over Apple dispute with FBI

Apple’s refusal to help the FBI unlock an iPhone 5c used by one of the terrorists in the San Bernardino, California attack on Dec. 2 has prompted the Maricopa County attorney’s office in Arizona to ban providing new iPhones to its staff. “Apple’s refusal to cooperate with a legitimate law enforcement investigation to unlock a phone used by terrorists puts Apple on the side of terrorists instead of on the side of public safety,” Maricopa County Attorney Bill Montgomery said in a statement on Wednesday. Montgomery described as a corporate public relations stunt Apple’s positioning of its refusal to cooperate on privacy grounds. The evidence obtained through searches using warrants to unlock encrypted smartphones, including iPhones, have proven critical to the investigation and prosecution of defendants charged with drug trafficking, sexual exploitation, murder and other serious offenses, he added.To read this article in full or to leave a comment, please click here

Tim Cook: The FBI is asking us to write the software equivalent of cancer

Tim Cook has said the U.S. government is requiring Apple to write "the software equivalent of cancer" by demanding that it help unlock an iPhone used by one of the San Bernardino terrorists.“What’s at stake here is, can the government compel Apple to write software that we believe would make hundreds of millions of customers vulnerable around the world -- including the U.S. -- and also trample civil liberties,” Cook said.+ ALSO Apple v. FBI – Who’s for, against opening up the terrorist’s iPhone +To read this article in full or to leave a comment, please click here

Tim Cook: The FBI is asking us to write the software equivalent of cancer

Tim Cook has said the U.S. government is requiring Apple to write "the software equivalent of cancer" by demanding that it help unlock an iPhone used by one of the San Bernardino terrorists. “What’s at stake here is, can the government compel Apple to write software that we believe would make hundreds of millions of customers vulnerable around the world -- including the U.S. -- and also trample civil liberties,” Cook said. He made his remarks in a 30-minute interview that aired on ABC News Wednesday evening. The CEO was pressed repeatedly on why Apple shouldn't make an exception for a single iPhone that was used by a terrorist.To read this article in full or to leave a comment, please click here

Truly Understanding Microsoft’s Azure Stack

This past month, Microsoft released a public preview of Azure Stack, which I downloaded, fiddled with, and put together this blog post to share what this thing is all about. As with all my blog posts, this is not merely a regurgitation of Microsoft’s announcement or a simple opinion of what I conceptually “think” about the thing, but this is an actual commentary after a few weeks of hardcore fiddling with Azure Stack to truly understand the power and capability of the solution.What is Azure Stack?To start with, “what is Azure Stack?” Azure Stack is effectively Microsoft’s Azure cloud brought into an organization’s own datacenter. True, under the hood Azure Stack is running Microsoft’s Hyper-V and Windows, as well as Linux and Microsoft networking and storage, but when you stop and think about it, you are “running Microsoft’s Azure in your datacenter!”To read this article in full or to leave a comment, please click here

And So…

I’d like to share some personal news with you, industry watchers and fans of VMware’s network virtualization offering.

As network virtualization starts to mature, and it has, I have thought hard about how best to participate in the broader movement of infrastructure to software and services that I believe so strongly in. Having spent the last decade in a deep, but narrow operating roll, I have decided that going forward I would like to engage much more broadly.

Recently, Andreessen Horowitz VC reached out about a GP position in the enterprise space.  Given my familiarity and history with the firm, and how rare these opportunities are, I knew this was my chance. So I accepted. Continue reading

SDN Pioneer Casado Leaving VMware

SDN pioneer Martin Casado is leaving VMware for the venture capital pastures of Andreessen Horowitz.Casado, executive vice president and general manager of VMware’s Networking and Security Business, will be replaced by former Broadcom and Cisco executive Rajiv Ramaswami. The transition takes effect April 1.Casado created OpenFlow, an early catalyst of the software-defined networking movement and a popular initial southbound interface between SDN controllers and switches. He joined VMware when the server virtualization company acquired the SDN start-up he co-founded, Nicira, in 2012.To read this article in full or to leave a comment, please click here

Becoming The IT Leader Of The Future

Dan Roberts, leader of Interop's IT Leadership Summit and CEO and President of Ouellette & Associates Consulting, discusses how to be successful in a world of increased complexity, rising expectations, and accelerating change. Find out how and why you can move away from the tired idea of "aligning business with IT" toward a place where IT is integral to your business and driving new initiatives forward.

Learn more about the IT Leadership Summit and the IT Leadership Track. Register now for Interop, May 2-6 in Las Vegas.

IDG Contributor Network: Two-factor authentication not secure, say researchers

Social engineering can be easily used to trick users into confirming authentication codes, says a computer science professor at NYU.Generally thought to be secure, the process whereby a verification code, usually delivered by e-mail or text, is sent to a user who’s lost their password, can in fact be hacked.And the way it’s done? Just ask the user for the officially-sent verification code, says Nasir Memon, professor of Computer Science and Engineering at the New York University Tandon School of Engineering.A second, bogus text or e-mail simply asks the user to forward the original, legitimate verification text. And people do it, no questions asked, Memon reckons.To read this article in full or to leave a comment, please click here

Lawmakers push for encryption commission to find compromise

The U.S. Congress should allow an expert commission to recommend ways to resolve the contentious debate over police access to encrypted communications before passing "knee-jerk" legislation, one lawmaker said.Even as Apple and the FBI fight in court over access to a terrorist suspect's iPhone, a 9/11 Commission-style digital security panel should try to find a compromise between smartphone users' privacy and law enforcement access to encrypted devices, Representative Michael McCaul, a Texas Republican, said Wednesday.To read this article in full or to leave a comment, please click here

Nissan Leaf owners: Prepare to be pranked by hackers thanks to insecure API

Another day, another flaw revealed in the Internet of insecure things. If you have a Nissan Leaf, then prepare yourself to potentially be pranked by friends, frenemies – even complete strangers on the other side of the world. All a person needs is your Vehicle Identification Number (VIN) – which happens to be visible on your Leaf for anyone who wants to see it – and for you to use the Nissan Leaf remote management app. Security pro Troy Hunt revealed that pranksters can switch on and off your heat or AC while your car is parked as well as exploit other options available to Nissan Leaf electric car owners via the companion NissanConnect EV app. The vulnerabilities are in the mobile management APIs which allow car owners to “check the state of battery charge, start charging, check when battery charge will complete, see estimated driving range, and turn on or off climate control system.” If anyone has your VIN, and you use the app, then they too can control those options via a web browser.To read this article in full or to leave a comment, please click here

TrustPipe fine tunes its security software to target enterprise

TrustPipe, a startup that made bold claims last year about stopping 100% of network-borne attacks on endpoints, has retooled its software and distribution system in order to better fit into enterprise security schemes. Ridgely Evers The changes it plotted out last fall were so extensive that the company held off delivering its platform to customers, says co-founder and CEO Ridgely Evers. The revised version is available now.To read this article in full or to leave a comment, please click here

Early Internet services considered harmful

This journalist, while writing a story on the #FBIvApple debate, got his email account hacked while on the airplane. Of course he did. His email account is with Earthlink, an early Internet services provider from the 1990s. Such early providers (AOL, Network Solutions, etc.) haven't kept up with the times. If that's still your email, there's pretty much no way to secure it.

Early Internet stuff wasn't encrypted, because encryption was hard, and it was hard for bad guys to tap into wires to eavesdrop. Now, with open WiFi hotspots at Starbucks or on the airplane, it's easy for hackers to eavesdrop on your network traffic. Simultaneously, encryption has become a lot easier. All new companies, those still fighting to acquire new customers, have thus upgraded their infrastructure to support encryption. Stagnant old companies, who are just milking their customers for profits, haven't upgraded their infrastructure.

You see this in the picture below. Earthlink supports older un-encrypted "POP3" (for fetching email from the server), but not the new encrypted POP3 over SSL. Conversely, GMail doesn't support the older un-encrypted stuff (even if you wanted it to), but only the newer encrypted version.


Thus, if you are a reporter using Continue reading
1 3,135 3,136 3,137 3,138 3,139 3,853