Stuff The Internet Says On Scalability For November 27th, 2015

Hey, it's HighScalability time:


The most detailed picture of the Internet ever as compiled by an illegal 420,000-node botnet.
  • $40 billion: P2P lending in China; 20%: amount of all US margin expansion accounted for by Apple since 2010; 11: years of Saturn photos; 117: number of different steering wheels offered for a VW Golf; 1Gbps: speed of a network using a lightbulb.

  • Quotable Quotes:
    • @jaksprats: If we could compile a subset of JavaScript to Lua, JS could run on Server(Node,js), Browser, Desktop, iOS, & Android.JS could run EVERYWHERE
    • @wilkieii: Tech: "Don't roll your own crypto if you aren't an expert" *replaces nutrition with Soylent, currency with bitcoin* *puts wifi in lightbulb*
    • @brianpeddle: The architecture of one human brain would require a zettabyte of capacity. Full simulation of a human brain by 2023.
    • MarshalBanana: That can still easily be the right choice. Complex algorithms trade asymptotic performance for setup cost and maintenance cost. Sometimes the tradeoff isn't worth it.
    • kevindeasi: There are so many things to know nowadays. Backend: Sql, NoSql, NewSql, etc. Middlware: Django, NodeJs, Spring, Groovy, RoR, Symfony, etc. Client: Angular, Ember, React, Jquery, etc. I haven't even mentioned hardware, security, Continue reading

Microsoft enables potential unwanted software detection for enterprise customers

It’s time to throw adware, browser hijackers and other potentially unwanted applications (PUAs) off corporate networks, Microsoft has decided. The company has started offering PUA protection in its anti-malware products for enterprise customers.The new feature is available in Microsoft's System Center Endpoint Protection (SCEP) and Forefront Endpoint Protection (FEP) as an option that can be turned on by system administrators.PUA signatures are included in the anti-malware definition updates and cloud protection, so no additional configuration is needed.Potentially unwanted applications are those programs that, once installed, also deploy other programs without users' knowledge, inject advertisements into Web traffic locally, hijack browser search settings, or solicit payment for various services based on false claims.To read this article in full or to leave a comment, please click here

Kalinin nuclear power plant’s new neighbor will be a data center

Kalinin nuclear power plant's new neighbor will be a data center.The plant, near the city of Tver, is close to fiber-optic lines between Moscow and St Petersburg, providing the future data center with the double advantage of reliable power and fast communications links.When completed, the data center will be the largest in Russia, with a capacity of up to 10,000 racks, the company claims.Construction work will begin shortly, plant director Mikhail Kanyshev said Monday. The first phase is due to enter service in March 2017, and the second a year later, he said.Nuclear reactors need to run continuously, and so are a good match for loads that, like many data centers, run 24 hours a day. RosEnergoAtom expects the Kalinin data center to consume about 80 megawatts. That's just 2 percent of the neighboring power plant's generating capacity: Its four reactors are rated at 1 gigawatt each.To read this article in full or to leave a comment, please click here

Fibbing: OSPF-Based Traffic Engineering with Laurent Vanbever

You might be familiar with the idea of using BGP as an SDN tool that pushes forwarding entries into routing and forwarding tables of individual devices, allowing you to build hop-by-hop path across the network (more details in Packet Pushers podcast with Petr Lapukhov).

Researchers from University of Louvain, ETH Zürich and Princeton figured out how to use OSPF to get the same job done and called their approach Fibbing. For more details, listen to Episode 45 of Software Gone Wild podcast with Laurent Vanbever (one of the authors), visit the project web site, or download the source code.

Listen to the podcast

Network Simulation – Cisco Releases VIRL 1.0

Just in time for thanksgiving, Cisco has released version 1.0 of the popular network simulation tool VIRL. This is a major new release moving from Openstack Icehouse to Openstack Kilo. This means that your previous release of VIRL will NOT be upgradeable, only a fresh install is available. Cisco has started mailing out a link to the new release and I received my download link yesterday. It is also possible to download the image from the Salt server to the VM itself and then SCP it out from the VM, this is described in the release notes here.

The following platform reference VMs are included in this release:

  • IOSv – 15.5(3)M image
  • IOSvL2 – 15.2.4055 DSGS image
  • IOSXRv – 5.3.2 image
  • CSR1000v – 3.16 XE-based image
  • NX-OSv 7.2.0.D1.1(121)
  • ASAv 9.5.1
  • Ubuntu 14.4.2 Cloud-init

There are also Linux container images included. These are the following:

  • Ubuntu 14.4.2 LXC
  • iPerf LXC
  • Routem LXC
  • Ostinato LXC

This means that it will be a lot easier to do traffic generation, bandwidth testing and simulating a WAN by inserting delay, packet loss and jitter. It’s great to see Continue reading

Microsoft zaps dodgy Dell digital certificates

Microsoft has updated several of its security tools to remove two digital certificates installed on some Dell computers that could compromise data. The updates apply to Windows Defender for Windows 10 and 8.1; Microsoft Security Essentials for Windows 7 and Vista; and its Safety Scanner and Malicious Software Removal tool, according to postings here and here.To read this article in full or to leave a comment, please click here

VPN bug poses privacy threat to BitTorrent downloaders

A bug affecting some VPN services can be used to figure out a computer's real IP addresses, including those of BitTorrent users, which could pose a huge privacy and possibly a legal risk.The vulnerability affects those services that allow port forwarding, according to VPN provider Perfect Privacy, which wrote about the issue on Thursday.A successful attack requires a couple of conditions to be met: the attacker must be on the same VPN network as the victim, who also has to be lured into connecting to a resource controlled by the attacker.To read this article in full or to leave a comment, please click here

Contain Your Unikernels!

screenshot

After DockerCon EU in Barcelona several people asked me: “Is this for real?”. Yes it is, and today we are releasing the code for the entire “Unikernels, meet Docker!” demo on GitHub.

To get started, clone the DockerConEU2015-demo repository and follow the instructions in README.md. You will need a Linux host with Docker and KVM installed.

Apart from the MySQL, Nginx and PHP with Nibbleblog unikernels shown in the demo, the repository also contains some simpler examples to get you started that we did not have time to show live in the short time-slot. There’s also an in-progress MirageOS/KVM port, so stay tuned for a future post on that.

Presented as a ‘cool hack’ in the closing session of the conference, this demo is just a taste of what is possible. Next, I’m going to work with the wider unikernel and Docker developer community on a production quality version of this demo. The goal is to make unikernel technology easily accessible to as many developers as possible!

Personally, I would like to thank Amir Chaudhry, Justin Cormack, Anil Madhavapeddy, Richard Mortier, Mindy Preston and Jeremy Yallop for helping me put the demo Continue reading

Older Dell devices also affected by dangerous eDellRoot certificate

Users of Dell Windows-based laptops, desktops, tablets and other devices that were bought before August should check if their systems have the self-signed eDellRoot certificate that can compromise their private communications.The certificate was installed by Dell Foundation Services (DFS), an application that Dell preloads on many of its devices in order to ease customer service and technical support functions.After the certificate's existence came to light earlier this week, Dell said that it started deploying the certificate through a Dell Foundation Services version released in August. This led many people to believe that only Dell devices bought since August were affected.To read this article in full or to leave a comment, please click here

Millions of embedded devices use the same hard-coded SSH and TLS private keys

Thousands of routers, modems, IP cameras, VoIP phones and other embedded devices share the same hard-coded SSH (Secure Shell) host keys or HTTPS (HTTP Secure) server certificates, a study found.By extracting those keys, hackers can potentially launch man-in-the-middle attacks to intercept and decrypt traffic between users and millions of devices.Researchers from security firm SEC Consult analyzed firmware images for over 4,000 models of embedded devices from more than 70 manufacturers. In them they found over 580 unique private keys for SSH and HTTPS, many of them shared between multiple devices from the same vendor or even from different ones.To read this article in full or to leave a comment, please click here

Millions of embedded devices use the same hard-coded SSH and TLS private keys

Thousands of routers, modems, IP cameras, VoIP phones and other embedded devices share the same hard-coded SSH (Secure Shell) host keys or HTTPS (HTTP Secure) server certificates, a study found.By extracting those keys, hackers can potentially launch man-in-the-middle attacks to intercept and decrypt traffic between users and millions of devices.Researchers from security firm SEC Consult analyzed firmware images for over 4,000 models of embedded devices from more than 70 manufacturers. In them they found over 580 unique private keys for SSH and HTTPS, many of them shared between multiple devices from the same vendor or even from different ones.To read this article in full or to leave a comment, please click here

Another Year of Thankfulness

By the time you read this, I’ll be down at Oak Island on the North Carolina Coast, where my wife will be getting the turkey ready, and making a white chocolate cheesecake. No, I won’t tell you the address, but I will tell you this.

I’m thankful for this year.

I’m thankful for my family. For my wife and kids who put up with me and my insane schedule.

I’m thankful for my friends (I would list them all, but I’d probably forget someone, which would hurt feelings; it just doesn’t seem right to hurt anyone’s feelings today). Across the years, I’ve been taught so much about networking and engineering in the last 20+ years, from working on RADAR systems to large scale data centers. I’ve been given so many opportunities to write and speak, and been shown how to be just a better person.

I’m thankful that God has opened a door into a top notch PhD program, the support structure every PhD student needs to succeed, and two great mentors (more than anyone could ask for).

I know it’s not Thanksgiving in every country in the world. But there’s never a bad day to give thanks for what Continue reading

1 3,185 3,186 3,187 3,188 3,189 3,793