Stuff The Internet Says On Scalability For December 4th, 2015

Hey, it's HighScalability time:


Change: Elliott $800,000 in 1960, 8K RAM, 2kHz CPU vs Raspberry Pi Zero, $5, 1Ghz, 512MB

 

If you like Stuff The Internet Says On Scalability then please consider supporting me on Patreon.

  • 434,000: square-feet in Facebook's new office;  $62.5 billion: Uber's valuation; 11: DigitalOcean datacenters; $4.45 billion: black Friday online sales; 2MPH: speed news traveled in 1500; 95: percent of world covered by mobile broadband; 86%: items Amazon delivers that weigh less than five pounds.

  • Quotable Quotes:
    • Jeremy Hsu: Is anybody thinking about how we’ll have to code differently to accommodate the jump from a 1-exaflop supercomputer to 10 exaflops? There is not enough attention being paid to this issue.
    • @kml: “Process drives away talent” - @adrianco at #yow15
    • capkutay: Seems like a lot of the momentum behind containers is driven by the Silicon Valley investment community.
    • @taotetek: IoT is turning homes into datacenters with no system administrators and no security team.
    • @asymco: On Thursday and early Friday, mobile traffic accounted for nearly 60% of all online shopping traffic, and 40% of all online sales
    • Mobile App Developers are Suffering: It’s Continue reading

One Million Views

It’s hard to believe that my blog has just surpassed 1000000 views! I started this blog out just on the side to go over things I was learning. I’ve learned a lot in the process, and managed to bag myself two CCIEs, a JNCIE-SP, a job at Google, and the opportunity to write a book … Continue reading One Million Views

Widespread exploit kit, password stealer and ransomware program mixed into dangerous cocktail

An ongoing attack campaign combines a very effective password stealer, the most widespread exploit kit, called Angler, and the latest version of the infamous CryptoWall file-encrypting ransomware program.The attackers first use the Pony computer Trojan to pilfer passwords from compromised computers, including FTP and SSH credentials that webmasters use to administer websites, according to researchers from Heimdal Security.The stolen credentials are then used to inject malicious code into legitimate websites with the goal of redirecting their visitors to an installation of the Angler exploit kit. This is a Web-based attack tool that includes exploits for various vulnerabilities in Windows and browser plug-ins, such as Flash Player and Java.To read this article in full or to leave a comment, please click here

Show 266: Exploring Riverbed SD-WAN And Project Tiger (Sponsored)

Riverbed’s Hansang Bae, Josh Dobies, and Kevin Glavin discuss how an application-centric approach to SD-WAN puts IT at the forefront of business innovation. And get an in-depth preview of Project Tiger, Riverbed’s engineering effort that will dramatically simplify how IT manages hybrid WANs.

The post Show 266: Exploring Riverbed SD-WAN And Project Tiger (Sponsored) appeared first on Packet Pushers.

Show 266: Exploring Riverbed SD-WAN And Project Tiger (Sponsored)

Riverbed’s Hansang Bae, Josh Dobies, and Kevin Glavin discuss how an application-centric approach to SD-WAN puts IT at the forefront of business innovation. And get an in-depth preview of Project Tiger, Riverbed’s engineering effort that will dramatically simplify how IT manages hybrid WANs.

The post Show 266: Exploring Riverbed SD-WAN And Project Tiger (Sponsored) appeared first on Packet Pushers.

Net neutrality could be on the line in Washington court battle

The FCC's net neutrality rules go on trial Friday as oral arguments begin in 10 lawsuits that could dramatically change the way Internet service providers are regulated.In February, the Federal Communications Commission voted to ban service providers from giving some content preferential treatment. It also reclassified broadband as a communications service, similar to old-fashioned telecommunications except with exemptions from pricing and other regulations.The rules went into effect in April but soon faced a barrage of lawsuits by carriers and industry groups that want to see them gutted. The suits were combined into one proceeding in the federal appeals court in Washington, where opening arguments will start Friday.To read this article in full or to leave a comment, please click here

Tools for debugging, testing and using HTTP/2

With CloudFlare's release of HTTP/2 for all our customers the web suddenly has a lot of HTTP/2 connections. To get the most out of HTTP/2 you'll want to be using an up to date web browser (all the major browsers support HTTP/2).

But there are some non-browser tools that come in handy when working with HTTP/2. This blog post starts with a useful browser add-on, and then delves into command-line tools, load testing, conformance verification, development libraries and packet decoding for HTTP/2.

If you know of something that I've missed please write a comment.

Browser Indicators

For Google Chrome there's a handy HTTP/2 and SPDY Indicator extension that adds a colored lightning bolt to the browser bar showing the protocol being used when a web page is viewed.

The blue lightning bolt shown here indicates that the CloudFlare home page was served using HTTP/2:

A green lightning bolt indicates the site was served using SPDY and gives the SPDY version number. In this case SPDY/3.1:

A grey lightning bolt indicates that neither HTTP/2 no SPDY were used. Here the web page was served using HTTP/1.1.

There's a similar extension for Firefox.

Online testing

There's also a handy online Continue reading

Tesla is copying Apple’s business model

One of the interesting things about Tesla is that the company is trying to copy Apple's business model. As a Silicon Valley entrepreneur myself, and an owner of a Tesla car, I thought I'd write up what that means.

There are two basic business models in the world. The first is cheap, low-quality, high-volume products. You don't make much profit per unit, but you sell of a ton of them. The second is expensive, high-quality (luxury), low-volume products. You don't sell many units, but you make a lot of profit per unit.

It's really hard to split the difference, selling high-volume, high-quality products. If you spend 1% more on quality, your customers can't tell the difference (without more research on their part), so you'll lose 10% of your customers who won't accept the higher price. Or, you are selling to the luxury market, lowering price to sell more units means lowering quality standards, destroying your brand.

Rarely, though, companies can split the difference. A prime example is Costco. While the average person who shops at Walmart (low-quality, high-volume store) earns less than $20,000 per year, the average income of a Costco customer is over $90,000 per year. Costco sells high-quality Continue reading

Millions of smart TVs, phones and routers at risk from old vulnerability

A three-year-old vulnerability in a software component used in millions of smart TVs, routers and phones still hasn't been patched by many vendors, thus posing a risk, according to Trend Micro.Although a patch was issued for the component in December 2012, Trend Micro found 547 apps that use an older unpatched version of it, wrote Veo Zhang, a mobile threats analyst."These are very popular apps that put millions of users in danger; aside from mobile devices, routers, and smart TVs are all at risk as well," he wrote.To read this article in full or to leave a comment, please click here

Microsoft, law enforcement disrupt Dorkbot botnet

Microsoft said Thursday it aided law enforcement agencies in several regions to disrupt a four-year-old botnet called Dorkbot, which has infected one million computers worldwide.The Dorkbot malware aims to steal login credentials from services such as Gmail, Facebook, PayPal, Steam, eBay, Twitter and Netflix.It was first spotted around April 2011. Users typically get infected by browsing to websites that automatically exploit vulnerable software using exploit kits and through spam. It also has a worm functionality and can spread itself through through social media and instant messaging programs or removable media drives.Microsoft didn't provide much detail on how Dorkbot's infrastructure was disrupted. The company has undertaken several such actions over the last few years in cooperation with law enforcement.To read this article in full or to leave a comment, please click here

Network Automation with Ansible – Dynamically Configuring Interface Descriptions

It’s been a while since my last post, but let’s hope that changes with the flurry of posts planned for this month. Most of my recent time has been spent traveling and teaching courses that cover how to use Python and Ansible for Network Automation. I’ve written about many of these concepts in the past, but to re-iterate what I’ve been saying, and what I’ve written in the past, it’s crucial to start small when it comes to automation (otherwise it’s easy to feel overwhelmed trying to automate everything and then you never make any real progress). By starting small, you can get a quick win, and can gradually expand from there. In this post, I’m going to review one very small example of how to use Ansible for network automation. We’ll review how to use Ansible to dynamically configure interface descriptions populated with real-time LLDP neighbor information. While this post focuses on Cisco Nexus switches, note that the same approach can be used for any vendor.

The process that we’ll be using to auto-configure the interface descriptions is a three-step process:

1. Discover the device
While we are only using Cisco switches in this example, we still go through Continue reading

A Use Case for an SSH Bastion Host

In this post, I’m going to explore one specific use case for using an SSH bastion host. I described this configuration and how to set it up in a previous post; in this post, though, I’d like to focus on one practical use case.

This use case is actually one I depicted graphically in my earlier post:

SSH bastion host diagram

This diagram could represent a couple different examples. For example, perhaps this is an AWS VPC. Security best practices suggest that you should limit access from the Internet to your instances as much as possible; unless an instance needs to accept traffic from the Internet, don’t assign a public IP address (or an Elastic IP address). However, without a publicly-accessible IP address, how does one connect to and manage the instance? You can’t SSH to it without a publicly-accessible IP address—unless you use an SSH bastion host.

Or perhaps this diagram represents an OpenStack private cloud, where users can deploy instances in a private tenant network. In order for those instances to be accessible externally (where “externally” means external to the OpenStack cloud), the tenant must assign each instance a floating IP address. Security may not be as much of a concern Continue reading

Free digital certificate project opens doors for public beta

Let's Encrypt, the project offering free digital certificates for websites, is now issuing them more broadly with the launch of a public beta on Thursday.The beta label will eventually be dropped as the software they've developed is refined, wrote Josh Aas, executive director of the Internet Security Research Group (ISRG), which runs Let's Encrypt."Automation is a cornerstone of our strategy, and we need to make sure that the client works smoothly and reliably on a wide range of platforms," he wrote.Digital certificates use the SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols to encrypt traffic exchanged between a user and a service, adding a higher level of privacy and security.To read this article in full or to leave a comment, please click here

1 3,226 3,227 3,228 3,229 3,230 3,842