Technology Short Take #58

Welcome to Technology Short Take #58. This will be the last Technology Short Take of 2015, as next week is Christmas and the following week is the New Year’s holiday. Before I present this episode’s collection of links, articles, and thoughts on various data center technologies, allow me to first wish all of my readers a very merry and very festive holiday season. Now, on to the content!

Networking

Gotchas for using a different subnet for a VM than that of the host in Openstack

It is definitely possible to have a completely different subnet for a VM than that of the host machine running libvirt and KVM using linux bridging. This is done by using NAT technique. The reason I decided to put this down in my post is to just have it on record for me to refer in the future. Just keep in mind that I have created the instances through nova & openstack.


As always networking doesn't always work as designed or planned to and there's no fun if you don't see packet drops and unknown network issues breaking communication. After experimenting extensively and carefully jotting down the changes that was needed to be done, here are the list of gotchas' I've come up with:
  • Libvirt or other network filters do not block packets (Skip this step if you aren't using nova networks and Openstack)
You can check to see what the network filter is programmed to do. To do this first find the instance ID for your instance and then find the libvirt-network filter rule for the same. You can edit the rule to set the subnet that you want to allow.
          Find instances Continue reading

Cyberattack prediction: Hackers will target a US election next year

A major cyberattack next year will target a U.S. election, security expert Bruce Schneier predicts.The attack won't hit the voting system and may not involve the presidential election, but the temptation for hackers is too great, even in state and local races, said Schneier, a computer security pioneer and longtime commentator."There are going to be hacks that affect politics in the United States," Schneier said. Attackers may break into candidates' websites, e-mail or social media accounts to uncover material the campaigns don't want public, he said.Schneier gave the prediction Thursday on a webcast from incident response company Resilient Systems, where he is chief technology officer.To read this article in full or to leave a comment, please click here

Court finds for Arista in EOS suit with co-founder

A California court has found in favor of Arista Networks in a software ownership lawsuit filed by its co-founder.In a preliminary ruling, the California Superior Court, Santa Clara County found that OptumSoft, a company started by Arista co-founder David Cheriton, does not own Arista code developed to work with royalty-free licensed software. That software is OptumSoft’s TACC -- Types, Attributes and Constraints Compiler -- a platform for developing modular or distributed applications or systems, a key functionality Arista markets as a differentiator for it EOS operating system software.To read this article in full or to leave a comment, please click here

How network segmentation provides a path to IoT security

Earlier this month I attended Cisco’s Internet of Things World Forum in Dubai (disclosure: Cisco is a client of ZK Research). One of the things I liked about the event is that it showcased a wide variety of uses cases across a number of different vertical industries. Some were in the ideation phase, some were early stage, and some fully deployed. While many of the use cases were quite different, there was one point of commonality, and that’s the need for security.The Internet of things (IoT) poses quite a different challenge for security and IT professionals. Traditional cybersecurity is becoming increasingly difficult even though most IT devices being connected have some basic security capabilities. Now consider the operational technology (OT) being connected to our company networks to enable IoT. These are devices like medical equipment, factory floor machines, drills, shipping containers, and other things that have no inherent security capabilities and the most basic network functions.To read this article in full or to leave a comment, please click here

Not Tor, MIT’s Vuvuzela messaging system uses ‘noise’ to ensure privacy

As privacy of The Onion Router (Tor) network comes into question, MIT researchers say they have devised a secure system called Vuvuzela that makes text messaging sent through it untraceable and that could be more secure than Tor when it comes to hiding who is talking to whom.While it’s not ready for prime time, the messaging system makes it extremely difficult for attackers to find out which connected users are communicating with which others or whether they are sending or receiving messages at all, the researchers say in “Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis”.To read this article in full or to leave a comment, please click here

CCDE – CCDE Qualification Exam Passed

A couple of days ago I passed the Cisco Certified Design Expert (CCDE) Qualification Exam which means that I am now eligible to take the CCDE practical. I’m aiming to give that a try in May. This post will give some insight into what a candidate needs to pass the CCDE Qualification exam and how to study for it.

The CCDE is a very broad exam. The ideal candidate must have a very strong background in Routing & Switching (RS) and Service Provider (SP) technologies. These are the meat of the exam. It is also desirable to have a decent knowledge of Data Center (DC) and security technologies. It’s also desirable to have a basic understanding of wireless and storage technologies.

It’s difficult to study for the CCDE and the CCDE Qualification Exam if you don’t have enough experience in the real world. While a person can study for the CCIE without a lot of experience, doing the same for the CCDE is difficult because design and network architecture requires implementation experience and design experience. The ideal candidate should be CCIE RS and SP certified already or have the equivalent knowledge of someone that is. Does that mean that it’s Continue reading

Containerd: a daemon to control runC

As we build out Docker’s infrastructure plumbing, we are committed to releasing these plumbing components as open source to help the community. Today we’re releasing a new daemon to control runC called: containerd. It’s built for performance and density, and will eventually be … Continued

NASA offers $15k for your wicked cool air traffic technology

The airspace of the future could get messy, what with drones, aircraft and suborbital spacecraft -- and NASA wants the public’s help in developing technology that will help manage that mélange. +More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2015+ The space agency this week announced a $15,000 public contest -- called the “Sky for All challenge” -- to develop technologies that could be part of what it calls “a clean-slate, revolutionary design and concept of operations for the airspace of the future.” The challenge opens Dec. 21, and participants may pre-register now. The deadline for submissions is Feb. 26, 2016 and is being administered by crowdsourcing site HeroX.To read this article in full or to leave a comment, please click here

Vancouver & Montreal, Canada: CloudFlare’s latest data centers

With the holiday season in full swing, it's only fitting that we continue to spread cheer, joy and a faster Internet around the world. To start the season we begin in Canada with NHL rivals Montreal and Vancouver, our 70th and 71st points of presence (PoPs) globally. Montreal and Vancouver, the 2nd and 3rd largest Canadian metropolitan areas, respectively, join our existing PoP in Canada's largest, Toronto.

Together, CloudFlare's network in Canada is now milliseconds away from the country's 31 million Internet users. As of now, the web sites, mobile apps and APIs of all CloudFlare customers are delivered at a cool 6.1 million times the speed of the fastest slapshot (for the curious, the current NHL speed record belongs to Zdeno Chára of the Boston Bruins, whose slapshot clocked 108.8 miles per hour / 175.1 kilometers per hour).

Latency matters

Canada is not just one of the most wired countries in the world, with nearly 87 per cent of Canadian households connected to the Internet, but also one of the largest as measured by e-commerce transaction volume. According to Statistics Canada, Canadian enterprises sold more than US$100 billion in goods and services over the Internet in Continue reading

A Different Kind of POP: The Joomla Unserialize Vulnerability

At CloudFlare, we spend a lot of time talking about the PoPs (Points of Presence) we have around the globe, however, on December 14th, another kind of POP came to the world: a vulnerability being exploited in the wild against Joomla’s Content Management System. This is known as a zero day attack, where it has been zero days since a patch has been released for that bug. A CVE ID has been issued for this particular vulnerability as CVE-2015-8562. Jaime Cochran and I decided to take a closer look.

The Joomla unserialize vulnerability

In this blog post we’ll explain what the vulnerability is, give examples of actual attack payloads we’ve seen, and show how CloudFlare automatically protects Joomla users. If you are using Joomla with CloudFlare today and have our WAF enabled, you are already protected.

The Joomla Web Application Firewall rule set is enabled by default for CloudFlare customers with a Pro or higher plan, which blocks this attack. You can find it in the Joomla section of the CloudFlare Rule Set in the WAF Dashboard.

The WAF rule for protecting against the Joomla Unserialize Vulnerability

What is Joomla?

Joomla is an open source Content Management System which allows you to build web applications and control every aspect of the content of your Continue reading

The weirdest, wackiest and coolest sci/tech stories of 2015

WackyImage by Reuters/ Toby MelvilleIt’s that time of year again when we take a look at some of the most interesting and sometimes silly sci/tech stories of the year. This year we have flame-throwing drones, wicked cool pictures of Pluto and quantum computing advancements to name just a few topics. Take a look.To read this article in full or to leave a comment, please click here

Microsoft extends SmartScreen browsing protection to foil malvertising and exploit kits

Microsoft SmartScreen, the phishing and malware filtering technology built into Internet Explorer, Edge and Windows, has now been updated to block Web-based attacks that silently exploit software vulnerabilities to infect computers.Such attacks are known as drive-by downloads, because they don't require user interaction aside from browsing to a malicious website or a legitimate one that has been compromised.To launch such attacks, hackers use tools known as exploit kits that take advantage of vulnerabilities in the OS, the browser, or popular software like Flash Player, Silverlight and Java.While exploit kits typically target vulnerabilities after they have been patched by software vendors, there have been cases when they've exploited previously unknown flaws that are known in the security industry as zero-days. In addition, the time window between when patches are released and when attackers start targeting the fixed flaws has significantly shrunk in recent years, giving users less time to update.To read this article in full or to leave a comment, please click here

Worth Reading: Troubleshooting video applications

Maybe it’s another sign of experience, aging, cynicism, and/or ego. Lately, I seem to be doing a lot of troubleshooting of application performance problems. “What on earth was the developer thinking?” is becoming a recurrent refrain, at least in my head. This is (I hope) not ego, just a real question about what appears to be a sub-optimal approach. via network computing

The post Worth Reading: Troubleshooting video applications appeared first on 'net work.

1 3,207 3,208 3,209 3,210 3,211 3,839