Superfish injects ads in one in 25 Google page views

Over five percent of browser visits to Google owned websites, including Google Search, are altered by computer programs that inject ads into pages. One called Superfish is responsible for a majority of those ad injections.The findings are the result of a study by Google and researchers from the University of California at Berkeley and Santa Barbara, who analyzed over 102 million page views to Google sites between June and September last year.Google added code to its websites that detected and reported back when ads were injected into pages by programs or browser extensions. This revealed that locally installed ad injectors interfered with 5,339,913 page views (5.2 percent of the total), impacting tens of millions of users around the world—or 5.5 percent of unique daily Internet Protocol addresses that accessed Google’s sites.To read this article in full or to leave a comment, please click here

Battle over app analytics accelerates with Apple’s entry

With Apple offering its own tool for developers to see how their apps are selling, pressure is on specialist vendors to improve their offerings. On Wednesday, App Annie announced it had acquired mobile measurement company Mobidia to do just that.Last week Apple started sending out invites to test a beta version of its App Analytics tool.Even if Apple isn’t competing directly with paid services and tools from the likes of App Annie, Appsee and Yahoo-owned Flurry, the company’s entry will have an effect on the market.The features Apple offers are pretty basic, covering app installs, retention and in-app revenue, and are only compatible with iOS.However, Apple’s entry shows how the app analytics market is maturing and becoming a more integrated part of smartphone OS developer portals. As products from Apple and Google improve, stand-alone tools have to become increasingly advanced to remain relevant.To read this article in full or to leave a comment, please click here

The Upload: Your tech news briefing for Thursday, May 7

AMD is Zen about Intel’s SkylakeAMD’s recent chips haven’t rocked Intel’s PC market dominance, but new chips based on the company’s Zen architecture aim to change that next year. On Wednesday it shared initial details about the new FX and seventh-generation A-series chips, which are the brainchild of Jim Keller, a leading mobile chip designer at Apple until AMD hired him in 2012. The new AMD chips will battle Intel’s highly anticipated Skylake line, which is designed to bring new wireless charging and data transfer features to laptops.To read this article in full or to leave a comment, please click here

Go crypto: bridging the performance gap

It is no secret that we at CloudFlare love Go. We use it, and we use it a LOT. There are many things to love about Go, but what I personally find appealing is the ability to write assembly code!

CC BY 2.0 image by Jon Curnow

That is probably not the first thing that pops to your mind when you think of Go, but yes, it does allow you to write code "close to the metal" if you need the performance!

Another thing we do a lot in CloudFlare is... cryptography. To keep your data safe we encrypt everything. And everything in CloudFlare is a LOT.

Unfortunately the built-in cryptography libraries in Go do not perform nearly as well as state-of-the-art implementations such as OpenSSL. That is not acceptable at CloudFlare's scale, therefore we created assembly implementations of Elliptic Curves and AES-GCM for Go on the amd64 architecture, supporting the AES and CLMUL NI to bring performance up to par with the OpenSSL implementation we use for Universal SSL.

We have been using those improved implementations for a while, and attempting to make them part of the official Go build for the good of the community. For now Continue reading

ARP Processing in Layer-3-Only Networks

John Jackson wrote an interesting comment on my Rearchitecting L3-Only Networks blog post:

What the host has configured for its default gateway doesn't really matter, correct? Because the default gateway in traditional L2 access networks really isn't about the gateway's IP address, but the gateway's MAC address. The destination IP address in the packet header is always the end destination IP address, never the default gateway.

He totally got the idea, however there are a few minor details to consider.

Read more ...

Another Uber office in China faces government scrutiny

Chinese authorities visited an Uber office in the country on Wednesday, just a week after another company office faced a local police raid over its ride-hailing service.Local authorities came to Uber’s office in the Chinese city of Chengdu, Uber confirmed in en email. But the visit was “routine,” it added.“There are no disruptions to the Uber platform, and it’s business as usual,” the company said.Chengdu authorities have opened an investigation against Uber, but its office has not been closed, according to local media. Uber did not elaborate, and Chengdu’s Transportation Committee could not be immediately reached for comment.The visit follows a police raid of an Uber office in the Chinese city of Guangzhou, reportedly for letting private drivers use the ride-hailing service without proper qualifications.To read this article in full or to leave a comment, please click here

Another Uber office in China faces government scrutiny

Chinese authorities visited an Uber office in the country on Wednesday, just a week after another company office faced a local police raid over its ride-hailing service.Local authorities came to Uber’s office in the Chinese city of Chengdu, Uber confirmed in en email. But the visit was “routine,” it added.“There are no disruptions to the Uber platform, and it’s business as usual,” the company said.Chengdu authorities have opened an investigation against Uber, but its office has not been closed, according to local media. Uber did not elaborate, and Chengdu’s Transportation Committee could not be immediately reached for comment.The visit follows a police raid of an Uber office in the Chinese city of Guangzhou, reportedly for letting private drivers use the ride-hailing service without proper qualifications.To read this article in full or to leave a comment, please click here

Companies are falling behind on securing their SAP environments

More than 95 percent of SAP systems deployed in enterprises are exposed to vulnerabilities that could lead to a full compromise of business data, a security firm claims.Onapsis, a Boston-based company that specializes in SAP security audits, also found that the average time-to-patch for SAP vulnerabilities is more than 18 months—12 months for SAP to issue fixes and 6 months for companies to deploy them.This suggests that many companies are falling behind on SAP security, even though these systems hold some of their most critical and confidential information.To read this article in full or to leave a comment, please click here

Attackers exploit vulnerabilities in two WordPress plugins

A vulnerability within two widely used WordPress plugins is already being exploited by hackers, putting millions of WordPress sites at risk, according to a computer security firm.The plugins are JetPack, a customization and performance tool, and Twenty Fifteen, used for infinite scrolling, wrote David Dede, a malware researcher with Sucuri. WordPress installs Twenty Fifteen by default, which increases the number of vulnerable sites.Both plugins use a package called genericons, which contains vector icons embedded in a font. In the package, there is an insecure file called “example.html” which makes the package vulnerable, Dede wrote.To read this article in full or to leave a comment, please click here

NETCONF and the ncclient

NETCONF is an industry standard (IETF) network management protocol. It’s actually been around for quite awhile and supported by numerous vendors. While NETCONF is not always compatible across network switch platforms, it’s the closest thing I can see that could be a unified multi-vendor API. Of course, there are also vendor extensions for those device-specific features too.

I’m not going to get too much into what NETCONF is because Matt Oswalt has already done that. Check out his post if you haven’t already done so. There are also plenty of other good resources on NETCONF out there.

What I am going to focus on in this post is using Python to interact with NETCONF-enabled network switches.

Let’s get to it.

First, you’ll want to install the ncclient. It is pretty much the de facto Python library to use when you need a NETCONF client to communicate with a NETCONF server, i.e. a network device.

sudo pip install ncclient

This will also install a few other required dependencies such as paramiko and lxml along with the client itself.

The next thing you are going to need is at least one switch (or device) that supports NETCONF. In this post, I’m Continue reading

Intel increases its hiring among women, minorities

Intel is becoming a little more diverse, just several months after announcing an ambitious plan to add more women and minority workers to its ranks.Since January, roughly 17 percent of Intel’s senior hires were historically under-represented minorities—about double the rate last year. Intel also doubled its senior hiring among women to 33 percent, CEO Brian Krzanich said on Wednesday.More broadly, roughly 41 percent of Intel’s hires for the year so far have been “diverse,” he said, without specifying further. That’s up from about 30 percent a year ago, Krzanich said. He gave the figures during a talk at the Push Tech 2020 Summit in San Francisco, an event focused on diversity issues in the technology industry.To read this article in full or to leave a comment, please click here

A Quick Introduction to LXD

With the recent release of Ubuntu 15.04, aka “Vivid Vervet”, the Ubuntu community has also unveiled an early release of LXD (pronounced “lex-dee”), a new project aimed at revitalizing the use of LXC and LXC-based containers in the face of application container efforts such as Docker and rkt. In this post, I’ll provide a quick introduction to LXD.

To make it easier to follow along with some of the examples of using LXD, I’ve created an lxd directory in my GitHub “learning-tools” repository. In that directory, you’ll find a Vagrantfile that will allow you to quickly and easily spin up one or more VMs with LXD.

Relationship between LXD and LXC

LXD works in conjunction with LXC and is not designed to replace or supplant LXC. Instead, it’s intended to make LXC-based containers easier to use through the addition of a back-end daemon supporting a REST API and a straightforward CLI client that works with both the local daemon and remote daemons via the REST API. You can get more information about LXD via the LXD web site. Also, if you’re unfamiliar with LXC, check out this brief introduction to LXC. Once you’ve read that, you can browse some Continue reading

Interpreting and Graphing Aruba ARM Counters

Guest post by Mike Albano

The topic of "do you trust RRM" is often discussed. The most typical answer is: "Yes, if I understand it." I know I've personally spent numerous hours blaming RRM for a questionable Dynamic Channel Assignment (DCA), and I'm usually wrong.

For the purpose of this post, RRM = Radio Resource Management; be it ARM (Aruba), RRM (Cisco), ACSP (Aerohive), SmartRF (Extreme) etc. etc.

This post isn't about the topic of "trust", or if to use RRM. Here's a good post by @wirednot on that topic. (Read the comments!)

This is more about:

  • Finding a way to interpret and use the data available to identify if/when an AP will change channels (DCA).
  • Analyzing the state of the channel, from the AP's perspective, before & after a channel change.
  • Showing an example of tools I use regularly in troubleshooting (Python and AirRecorder).

The system in question is an Aruba Instant AP (Instant OS version 6.3.1.8-4.0.0.9).

Data Gathering

Typically, I use Pexpect for screen-scraping CLI output but Aruba has written a handy utility to do this for you. It's called Air Recorder, and is multi-platform (Java.) Will run on Continue reading

AMD’s Zen chips to square off against Intel’s Skylake next year

AMD’s recent chips haven’t rocked Intel’s PC market dominance, but new chips based on the company’s Zen architecture could change the narrative next year.The company on Wednesday shared initial details about the new FX and seventh-generation A-series chips, which will be in desktops and laptops next year. The chips are based on Zen, the brainchild of Jim Keller, a leading iPad and iPhone chip designer at Apple until AMD hired him on 2012.The new AMD chips will battle Intel’s highly anticipated chips code-named Skylake, which will start appearing in tablets, laptops and desktops starting later this year. Intel has called Skylake its most significant chip family of last decade, designed to bring many wireless charging and data transfer features to laptops.To read this article in full or to leave a comment, please click here

How workflow capabilities benefit continuous delivery environments

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Wikipedia defines workflow as “an orchestrated and repeatable pattern of business activity enabled by the systematic organization of resources into processes” - processesthat make things or just generally get work done. Manufacturers can thank workflows for revolutionizing the production of everything from cars to chocolate bars. Management wonks have built careers on applying workflow theories like Lean and TQM to their business processes.

To read this article in full or to leave a comment, please click here

With IoT projects come financial benefits, but also security risks

Internet of Things projects can yield data and insights that help companies operate more efficiently and improve products, but also give hackers additional targets to attack.Expect more malware like Stuxnet, a worm that went after Siemens industrial control systems and mostly infected computers in Iran, said Alan Tait, CTO of Stream Technologies, a London company with technology that enables machine-to-machine communication.“As we connect more things to any form of the Internet, even if there’s security, people will still go after them,” he said.Tait, along with other speakers on different panels, appeared at the LiveWorx conference in Boston on Wednesday to discuss how companies are handling IoT security issues and finding value in linking devices to the Internet.To read this article in full or to leave a comment, please click here