Should you buy cyber insurance?  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  Cyber insurance is rapidly becoming an important part of many organizations' risk mitigation strategy. While most businesses have some sort of property or general liability insurance, those policies exclude coverage for cyber liability, so cyber insurance has become its own category, and it's the fastest growing area of insurance for businesses. At least 50 major providers now offer this type of insurance, attracted by the fact that demand for cyber insurance has been rising by double digit percentages for the last few years.To read this article in full or to leave a comment, please click here

Apple CEO defends privacy, encryption amidst terrorist concerns

Apple CEO Tim Cook staunchly defended personal privacy and the use of encryption on iPhones amidst renewed concerns about terrorists hiding covert electronic messages when they plan deadly attacks.In an interview with Charlie Rose on CBS This Morning that aired Friday, Cook said the supposed tradeoff between privacy and security is "only a simplistic view—we can have both."Cook repeated Apple's stance that it complies specifically with court-ordered warrants to produce information as required by law enforcement, but said of encrypted data on iPhones, "We don't have it to give." That's because Apple's iPhones running versions after iOS 4 keep decryption keys on a user's iPhone and not on a server or some other place, as Apple has pointed out many times before.To read this article in full or to leave a comment, please click here

Unser neues 72. Rechenzentrum: Hamburg

Moin Hamburg! Ensconced alongside the Elbe River, Hamburg, a major port city in northern Germany, is the second largest city in the country, and the eight largest in the European Union. Our data center in Hamburg is our 4th in Germany following deployments in Frankfurt, Düsseldorf and Berlin, our 19th in Europe, and 72nd globally. This means not only better performance in Germany, but additional redundancy for our 3 other data centers throughout the country. As of this moment, CloudFlare has a point of presence (PoP) in 8 out of Europe's 10 most populous* cities, and we're headed for a perfect 10-for-10 (look out Budapest...).

For the local audience: Liebe Freunde in Hamburg, Euer Internetanschluss ist schneller geworden und ihr könnt jetzt sicherer surfen. Viel Spaß.

Frohe Festtage!

Be sure to have some Glühwein if you visit the Christkindlmärkte this holiday season

Yesterday we announced new points of presence (PoPs) in Montreal and Vancouver. Today: Hamburg. However, the holidays are hardly over, and we have lots more cheer to spread. We've sent planes sleighs full of servers, switches, routers and PDUs to many corners of the globe. And to cap it off, we'll gift some CloudFlare gear Continue reading

Stuff The Internet Says On Scalability For December 18th, 2015

Hey, it's HighScalability time:


In honor of a certain event what could be better than a double-bladed lightsaber slicing through clouds? (ESA/Hubble & NASA)

 

If you like Stuff The Internet Says On Scalability then please consider supporting me on Patreon.
  • 66,000 yottayears: lifetime of an electron; 3 Gbps: potential throughput for backhaul microwave networks; 1.2 trillion: yearly Google searches; $100 trillion: global investible capital; 2.5cm: range of chip powered by radio waves; 

  • Quotable Quotes:
    • @KarenMN: He's making a database / He's sorting it twice / SELECT * from contacts WHERE behavior = 'nice' / SQL Clause is coming to town
    • abrkn: Every program attempts to expand until it has an app store. Those programs which cannot so expand are replaced by ones which can.
    • Amin Vahdat: Some recent external measurements indicate that our [Google] backbone carries the equivalent of 10 percent of all the traffic on the global Internet. The rate at which that volume is growing is faster than for the Internet as a whole.
    • Prismatic:  we also learned content distribution is a tough business and we’ve failed to grow at a rate that justifies continuing to support our Prismatic News Continue reading

Worth Reading: What we should fear in the world of patents

…only rarely are those accused of some patent violation really a bad actor. Rather, the patent system results in bad actors because the system is confusing with little transparency. When patents are unclear, in other words when the boundaries of a patent are vague, then people cannot adequately check whether their innovations infringe. If they have no reliable means of checking then innovators will find it hard, likely impossible, to design around a patent, or even to seek an appropriate patent license. via heartland

LinkedInTwitterGoogle+FacebookPinterest

The post Worth Reading: What we should fear in the world of patents appeared first on 'net work.

BGP RIB Failure

An infrequent, yet interesting issue that comes up occasionally is when BGP encounters RIB failures. Usually, it takes the form of a prefix which you’d expect a router to learn via eBGP in its RIB being learnt via a routing protocol with a worse administrative distance.

To understand this problem, we first need to realise that “RIB failure” in a “show ip bgp” output implies that a route offered to the RIB by BGP has not been accepted. This is not a cause for concern if you have a static, or connected route to to that network on the router, but if you’re expecting it to be via eBGP then you can infer that something is misconfigured with your routing.

This can also be simplified to “BGP does not care about administrative distance when selecting a path”.

For reference, the path selection algorithm goes:

Network layer reachability information.

Weight (Cisco proprietary). Bigger is better.

Local preference

Locally originated route

AS path length

Origin code. IGP>EGP>Incomplete

Median Exit Discriminator. Lower is better.

Neighbour type. eBGP better than iBGP.

IGP metric to Next Hop. Lowest Router ID wins.


OSFP Forwarding Address Part I: Type 5 LSA Suppression

OSPF (Open Shortest Path First) is mostly seen as a pretty nasty routing protocol, with a load of subtleties and corner cases. I’ve decided to talk about a subject which usually gives a lot of troubles to most network professionals – the Forwarding Address (FA).

So, we’re going to clear things on why does OSPF set or doesn’t set the FA, what is it used for, how is the best path selection is influenced by the setting of the FA and we’ll also see some examples that may throw some light on this subject. But first, let’s clarify what the forward address is. As per the RFC, the forward address is defined as:

Forwarding address
        Data traffic for the advertised destination will be forwarded to
        this address.  If the Forwarding address is set to 0.0.0.0, data
        traffic will be forwarded instead to the LSA's originator (i.e.,
        the responsible AS boundary router).

Probably the most important thing when you start the deep dive into this subject is having the right topology to work with, which allows you to see the less usual cases regarding how redistribution into OSPF works.

Considering the network topology below, I have Continue reading

Juniper firewalls compromised by bad code: What you need to know

Juniper Networks is warning customers to patch their NetScreen enterprise firewalls against bad code that enables attackers to take over the machines and decrypt VPN traffic among corporate sites and with mobile employees.The danger is that attackers could exploit the code “to gain administrative access to NetScreen devices and to decrypt VPN connections,” Juniper says in a security announcement.It would enable smart attackers to exploit the vulnerability and wipe out log files, making compromises untraceable, the company says.To read this article in full or to leave a comment, please click here

To break terrorist encryption, pay off Apple and Google, expert urges

To break encrypted smartphone messages used by terrorists, tech companies such as Apple and Google need to be paid by law enforcement, an expert urged Thursday."If there were a financial incentive for Google and Apple to assist law enforcement, then they would be more willing to change their encryption technology to facilitate law enforcement in possession of a warrant," said Professor Darren Hayes, director of cybersecurity at Pace University, in an interview.Tech companies and wireless carriers currently get reimbursed "quite nicely," he said, for their time and help when faced with a court warrant under the 1994 Communications Assistance for Law Enforcement Act (CALEA), a wiretap law that allows the FBI and others access to some communications, but not encrypted data.To read this article in full or to leave a comment, please click here

Where do bitcoins go when you die? (sci-fi)

A cyberpunk writer asks this, so I thought I'd answer it:




Note that it's asked in a legal framework, about "wills" and "heirs", but law isn't the concern. Instead, the question is:
What happens to the bitcoins if you don't pass on the wallet and password?
Presumably, your heirs will inherit your computer, and if they scan it, they'll find your bitcoin wallet. But the wallet is encrypted, and the password is usually not written down anywhere, but memorized by the owner. Without the password, they can do nothing with the wallet.

Now, they could "crack" the password. Half the population will choose easy-to-remember passwords, which means that anybody can crack them. Many, though, will choose complex passwords that essentially mean nobody can crack them.

As a science-fiction writer, you might make up a new technology for cracking passwords. For example, "quantum computers" are becoming scary real scary fast. But here's the thing: any technology that makes it easy to crack this password also makes it easy to crack all of bitcoin Continue reading

Force Awakens review: adequacity

The film is worth seeing. See it quickly before everyone tells you the spoilers. The two main characters, Rey and Fin, are rather awesome. There was enough cheering in the theater, at the appropriate points, that I think fans and non fans will like it. Director JarJar Abrams did not, as I feared, ruin the franchise (as he did previously with Star Trek).

On the other hand, there's so much to hate. The plot is a rip-off of the original Star Wars movie, so much so that the decision to "go in and blow it up" is a soul-killing perfunctory scene. Rather than being on the edge of your seat, you really just don't care, because you know how that part ends.

While JarJar Abrams thankfully cut down down on the lens flare, there's still to much that ruins every scene he applies it to. Critics keep hammering him on how much this sucks, but JarJar will never give up his favorite movie making technique.

The universe is flat and boring. In the original trilogy, things happen for a purpose. Everything that transpires is according to Palpatine's design. And even while we find his plans confusing, we still get the Continue reading

Juniper warns of spying code in firewalls

Juniper, a major manufacturer of networking equipment, said on Thursday it found spying code planted in certain models of its firewalls, an alarming discovery that echoes of state-sponsored tampering. The affected products are those running ScreenOS, one of Juniper's operating systems that runs on a range of appliances that act as firewalls and enable VPNs. ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are vulnerable, according to an advisory. The unauthorized code was found during a recent internal review, wrote Bob Worrall, Juniper's chief information officer. He did not indicate where Juniper thinks the code originated.To read this article in full or to leave a comment, please click here

Technology Short Take #58

Welcome to Technology Short Take #58. This will be the last Technology Short Take of 2015, as next week is Christmas and the following week is the New Year’s holiday. Before I present this episode’s collection of links, articles, and thoughts on various data center technologies, allow me to first wish all of my readers a very merry and very festive holiday season. Now, on to the content!

Networking

Gotchas for using a different subnet for a VM than that of the host in Openstack

It is definitely possible to have a completely different subnet for a VM than that of the host machine running libvirt and KVM using linux bridging. This is done by using NAT technique. The reason I decided to put this down in my post is to just have it on record for me to refer in the future. Just keep in mind that I have created the instances through nova & openstack.


As always networking doesn't always work as designed or planned to and there's no fun if you don't see packet drops and unknown network issues breaking communication. After experimenting extensively and carefully jotting down the changes that was needed to be done, here are the list of gotchas' I've come up with:
  • Libvirt or other network filters do not block packets (Skip this step if you aren't using nova networks and Openstack)
You can check to see what the network filter is programmed to do. To do this first find the instance ID for your instance and then find the libvirt-network filter rule for the same. You can edit the rule to set the subnet that you want to allow.
          Find instances Continue reading
1 3,204 3,205 3,206 3,207 3,208 3,837