Alfred Bratterud is Assistant Professor and PhD scholar at Oslo and Akershus University College of Applied Science where he is currently working full time leading the development of IncludeOS at the NetSys research group.
We’ve finally lifted the lid on IncludeOS, just in time for the IEEE CloudCom paper presentation recently. A preprint of the paper is available from our repo. However, we’ve done quite a lot of work since the paper was written, so here’s an update on what IncludeOS is now, and what you can expect in the near future.
A Java Virtual Machine is a portable language runtime environment. Java is portable across hardware architectures and operating systems because it uses a common instruction set. Once you’ve started a Java program, you can’t log into it (unless your program itself provides the facilities), and you can’t boot up any other programs inside it.
IncludeOS is like a safe language runtime for C++ programs, compiled into the x86 instruction set. This has the obvious advantage of removing one layer of abstraction, compared to Java: with hardware virtualization the code will execute directly on the CPU. Like with Continue reading
The ‘web has been abuzz with security stuff the last couple of weeks; forthwith a small collection for your edification.
The man in the middle attack is about as overused as the trite slippery slope fallacy in logic and modern political “discourse” (loosely termed — political discourse is the latest term to enter the encyclopedia of oxymorons as it’s mostly been reduced to calling people names and cyberbullying, — but of course, putting the social media mob in charge of stopping bullying will fix all of that). But there are, really, such things as man in the middle attacks, and they are used to gather information that would otherwise be unavailable because of normal security provided by on the wire encryption. An example? There is no way to tell if your cell phone is connecting to a real cell phone tower or a man-in-the-middle device that sucks all your information out and ships it to an unintended recipient before forwarding your information along to its correct destination.
The idea for this post came from someone I was working with recently. Thanks Fan (and Carson, and Shree) :-)
In Service Software Upgrade (ISSU) is a method of upgrading software on a switch without interrupting the flow of traffic through the switch. The conditions for successfully completing an ISSU are usually pretty strict and if you don’t comply, the hitless upgrade can all of a sudden become impacting.
The conditions for ISSU on the Nexus 5000 are pretty well documented (cisco.com link) however, there are a couple bits of knowledge that are not. This post is a reminder of the ISSU conditions you need to comply with and a call out to the bits of information that aren’t so well documented.
The two major ISSU conditions on the n5k are:
Designated
state unless the port is an Edge port.The first one is easy: the switch cannot be doing any routing. Even if the switch is Layer 2 only, this condition will still fail if any of the following are true:
It's not just about moving containers into production.
I moved my Mum onto a Mac a few years ago, and the calls for support dropped off dramatically. She’s a very non-technical user, but tries hard to get to grips with the modern technology.
She’s recently decided she’d like to put some photos in a Word document, and write a message underneath – to send round to people at Christmas, you know? How hard can that be?
Over the phone, I told her to go to Photos, select the photo and do Edit | Copy from the menu. Then go to Word and do Edit | Paste to put it in the document.
Nope.
Tried it on my Mac, and sure enough, Word doesn’t know there’s anything in the clipboard to paste! But if you open anything else (e.g. Textedit) it works fine.
Not really sure whose problem this is, since Word is able to paste in an image that is not in Photos (i.e. an image on the hard disk). Instructions for that are here: https://support.office.com/en-in/article/Add-or-replace-a-picture-in-Office-for-Mac-2011-c0a7f0d4-ed59-4183-8fe1-ed615b94cf80?ui=en-US&rs=en-IN&ad=IN
For a novice user like mum, finding that simple things like cutting and pasting are broken is extremely confusing. Of course she thinks it is her Continue reading
Click here to download the full report.
The Black Energy malware family has a long and storied history dating back to 2007. Originally a monolithic DDoS platform, significant advancements were made in 2010 including support for an extensible plugin architecture that allowed Black Energy 2 to more easily expand beyond DDoS into other activities such as info-stealing, web-based banking attacks, spamming, etc.
This report examines, in-depth, a new Black Energy 2 plugin (ntp.dll) that allows “BE2” botnets to launch true distributed NTP reflection/amplification attacks. This is significant for a couple of reasons:
In detailing the relatively impressive technical implementation of this new BE2 DDoS attack plugin, this report provides some excellent general networking insights, an understanding of what it takes to really pull off a reflection/amplification attack on the Windows platform, and a somewhat humorous look at some prior attempts by other malware Continue reading
If you have some leftover training budget for 2015, there’s no better way to spend it than to invest it in a workgroup ipSpace.net subscription ;)
You can choose between two standard packages (6 or 21 users) which include online consulting sessions, or create your own customized package.
Finally, if you plan to buy one of the standard packages, hurry up – the Dec15 promotional code gives you 10% discount till the end of the year.
I’m facing a mini scaling challenge with Cisco SPAN (Switched Port ANalyzer) session and thought it would be good to share it with you fine folk. SPAN Challenge A 3750X switch is currently SPAN-ing a 10Gbps interface to a 1Gbps egress port. A … Continue reading
The post SPAN Scaling Challenge appeared first on The Network Sherpa.