Musings on Datanauts #9

I listened to episode 9 of the excellent Datanauts podcast with Ethan Banks and Chris Wahl recently.

Great job with this one, guys. I can tell how engaged I am in a podcast by how often I want to interrupt you :)

For this episode, that was lots of times!

Since I couldn't engage during the podcast, I'm going to have a one-sided discussion here, about the topics that grabbed my attention.

RARP?
Chris explained that the 'notify switches' feature of an ESXi vSwitch serves to update the L2 filtering table on upstream physical switches. This is necessary any time a VM moves from one physical link (or host) to another.

Updating the tables in all of the physical switches in the broadcast domain can be accomplished with any frame that meets the following criteria:

  • Sourced from the VM's MAC address
  • Destined for an L2 address that will flood throughout the broadcast domain
  • Specifies an Ethertype that the L2 switches are willing to forward
VMware chose to do it with a RARP frame, probably because it's easy to spoof, and shouldn't hurt anything. What's RARP? It's literally Reverse ARP. Instead of a normal ARP query, which asks: "Who has IP Continue reading

IDG Contributor Network: Make passwords easier, spy agency says

Complex passwords don’t “frustrate hackers,” all they do is make life “harder for users,” Claran Martin, the Director General of Cyber Security at the United Kingdom’s spy agency GCHQ says in a new guidance document published online (PDF). The advice contradicts previous GCHQ guidance that says that system owners should “adopt the approach that complex passwords are ‘stronger.’” GCHQ, or he Government Communications Headquarters, is the British equivalent of the National Security Agency (NSA). Amusingly, both agencies have been exposed recently as conducting widespread surveillance on their respective citizens. The more cynical might think there was secondary motive for this advice.To read this article in full or to leave a comment, please click here

QOTW: Knowledge

Knowledge depends on the direction given to our passions and on our moral habits. To calm our passions is to awaken in ourselves the sense of the universal; to correct ourselves is to bring out the sense of the true.
Sertillanges, The Intellectual Life

LinkedInTwitterGoogle+FacebookPinterest

The post QOTW: Knowledge appeared first on 'net work.

Defining SDN Down

If a WAN product that uses software to control the flow of traffic is an SD-WAN, and a data center than uses software to build a virtual topology is an SD-DC, and a storage product that uses software to emulate traditional hardware storage products is SD storage, and a network where the control plane has been pulled into some sort of controller an SDN, aren’t my profile on LinkedIn, and my twitter username @rtggeek software defined people (SDP)? A related question — if there are already IoT vendors, and the IoT already has a market, can we declare the hype cycle dead and move on with our lives? Or is hype too useful to marketing folks to let it go that easily? One thing we do poorly in the networking world is define things. We’re rather sloppy about the language we use — and it shows.

Back on topic, but still to the point — maybe it’s time to rethink the way we use the phrase software defined. Does SD mean one thing emulating another? Does SD mean centralized control? Does SD mean software controlled? Does SD mean separating the control plane from the data plane? Does SD mean OpenFlow?

Continue reading

AMD suffers another loss at the hands of the PC market

Struggling amidst a continued downturn in the PC industry, AMD reported a wider loss than expected, though beating analysts’ revenue expectations.AMD reported a third quarter 2015 loss of $197 million on revenue of $1.06 billion, blaming lower CPU and GPU sales for the red ink. A year ago, AMD reported a profit of $17 million on revenue of $1.43 billion, a drop of 26 percent in revenue. Analysts surveyed by Thomson Reuters expected AMD to report a loss of 12 cents a share and revenue of $995.87 million for the third quarter.To read this article in full or to leave a comment, please click here

Red Hat acquires Ansible, the open source IT automation company.

The title should come as no surprise, as many have predicted such an acquisition in the past. The similar open source ideologies, the technology fit, the executive team's open source background and the rapid adoption of Ansible in the enterprise certainly draw parallels to the world's leader in open source technology. What was once a prediction is now reality, in just a little more than two years since Ansible, Inc., opened its doors, and we are thrilled!

Ansible made its name in IT automation, and our agile, simple and agent­less model allowed us to reach beyond just configuration management and into application deployment and multi­tier orchestration. This helped to establish a strong lead in DevOps with CI/CD, while latching on to fast growing areas such as cloud, network and container management. Our open source project boomed, becoming one of the most successful projects on GitHub (#1 follower presence in IT automation) with more than 1,200 contributors. Ultimately, this success led to the Ansible project being named as one of 2014's top 10 open source projects, and a place in Gartner's ‘Cool DevOps Vendor’ report in 2015.

Our customer adoption has also rapidly grown since inception, with more than Continue reading

US proposal aims to regulate car privacy, make hacks illegal

A subcommittee of the U.S. House of Representatives has proposed requiring vehicle manufacturers to state their privacy policies, besides providing for civil penalties of up to US$100,000 for the hacking of vehicles.The lawmakers have also proposed that the National Highway Traffic Safety Administration set up an Automotive Cybersecurity Advisory Council to develop cybersecurity best-practices for manufacturers of cars sold in the U.S.The move comes in the wake of the increasing automation of cars, which has raised privacy concerns, and the high-profile hack of a Jeep Cherokee.The House Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade has released the staff draft ahead of a hearing next week on “Examining Ways to Improve Vehicle and Roadway Safety."To read this article in full or to leave a comment, please click here

DH-1024 in Bitcoin terms

The recent paper on Diffie-Hellman "precomputation" estimates a cost of 45-million core-years. Of course, the NSA wouldn't buy so many computers to do the work, but would instead build ASICs to do the work. The most natural analogy is how Bitcoin works. Bitcoin hashes were originally computed on CPU cores, then moved to graphics co-processors, then FPGAs, then finally ASICs.

The current hashrate of Bitcoin 460,451,594,000 megahashes/second. An Intel x86 core computes about 3-megahashes/second, or 153,483,864,667 CPU cores. Divided this by 45-million core-years for precomputing 1024bit DH, and you get 3410 DH precomputations per year. Thus, we get the following result:
The ASIC power in the current Bitcoin network could do all the necessary precomputations for a Diffie-Hellman 1024 bit pair with 154 minutes worth of work. Or, the precomputation effort is roughly equal to 15 bitcoin blocks, at the current rate.
(Update: I did some math wrong, it's 154 minutes not 23 minutes)

Another way of comparing is by using the website "keylength.com", which places the equivalent effort of cracking 1024 DH with 72 to 80 bits of symmetric crypto. At the current Bitcoin rate, 72 bits of crypto comes out to 15 bitcoin blocks, Continue reading

Google, Facebook and peers criticize CISA bill ahead of Senate consideration

A trade group representing Facebook, Google, Yahoo and other tech and communications companies has come down heavily against the Cybersecurity Information Sharing Act of 2015, a controversial bill in the U.S. that is intended to encourage businesses to share information about cyberthreats with the government.The Computer & Communications Industry Association claims that the mechanism CISA prescribes for the sharing of cyberthreat information does not adequately protect users’ privacy or put an appropriate limit on the permissible uses of information shared with the government.The bill, in addition, "authorizes entities to employ network defense measures that might cause collateral harm to the systems of innocent third parties," the CCIA said in a blog post Thursday.To read this article in full or to leave a comment, please click here

Would I take Wireshark training?

If the buck stops with you when it comes to troubleshooting strange and bizarre application behavior, you’ll want to be able to use a packet capture tool effectively. Wireshark is ubiquitous; most network engineers use it. Wireshark has an active user and development community. Plus, there is a commercial variant through Riverbed if you care to go that route. Therefore, I view Wireshark as a safe packet analysis tool to spend time learning intimately.

What’s inside your containers? Why visibility and control are critical for container security

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.As organizations turn to containers to improve application delivery and agility, the security ramifications of the containers and their contents are coming under increased scrutiny.Container providers Docker, Red Hat and others are moving aggressively to reassure the marketplace about container security. In August Docker delivered Docker Content Trust as part of the Docker 1.8 release. It uses encryption to secure the code and software versions running in Docker users’ software infrastructures. The idea is to protect Docker users from malicious backdoors included in shared application images and other potential security threats.To read this article in full or to leave a comment, please click here

What’s inside your containers? Why visibility and control are critical for container security

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

As organizations turn to containers to improve application delivery and agility, the security ramifications of the containers and their contents are coming under increased scrutiny.

Container providers Docker, Red Hat and others are moving aggressively to reassure the marketplace about container security. In August Docker delivered Docker Content Trust as part of the Docker 1.8 release. It uses encryption to secure the code and software versions running in Docker users’ software infrastructures. The idea is to protect Docker users from malicious backdoors included in shared application images and other potential security threats.

To read this article in full or to leave a comment, please click here

1 3,290 3,291 3,292 3,293 3,294 3,849