RubyGems DNS flaw now patched after second try

A revised patch has been released for a flaw in the distribution platform for Ruby applications, RubyGems, which could be used to deliver malware to someone trying to download a program.RubyGems lets people search for a “gem,” which is a packaging format for Ruby applications and code libraries. Ruby developers publish a gem when an application is ready.Security researchers from Trustwave found a problem with the platform. When people search for a gem, RubyGems uses a DNS (Domain Name System) SRV record request to find a server hosting a particular gem.The request, however, “does not require that DNS replies come from the same security domain as the original gem source,” according to a writeup, which Trustwave plans to release on its blog on Tuesday.To read this article in full or to leave a comment, please click here

Liveblog: Docker Networking

This is a liveblog of the Docker Networking breakout session. This session is led by Madhu Venugopal and Jana Radhakrishnan, both formerly of Socketplane (and now with Docker following the acquisition). They are introduced by John Willis, also formerly of Socketplane and well-known within the DevOps community.

Some display issues plague the session at the beginning, so it appears that Murphy’s Law is back with a vengeance.

Madhu starts out the session with an overview of why networking (in particular Docker networking) is so important. Networking is vast and complex, and networking is an inherent part of distributed applications. Therefore, it’s important to make networking developer-friendly and application-driven. He shares a vision: “We’ll do for networking what Docker did for compute”. So what are the goals from this vision?

  • Make “network” and “service” top-level objects
  • Provide a pluggable networking stack
  • Span networks across multiple hosts
  • Support multiple platforms

Libnetwork is a key part of this effort. It was open-sourced in April, with over 200 pull requests and 200 GitHub stars. Windows and FreeBSD ports are in progress. Libnetwork is part of the Docker 1.7 release with limited functionality, allowing users to test it before it is fully enabled in Continue reading

Liveblog: Secret Session (Docker Plugins)

This is the “Top Secret Docker Session led by Gordon the Turtle,” which is really a session on Docker Plugins. However, since Docker Plugins were only announced this morning during the general session, the title for this session had to be obscured. On stage are ClusterHQ (Luke Marsden), Glider Labs (Jeff Lindsay), and Weaveworks (Alexis Richardson).

Marsden starts the session with a brief history of the Docker Plugins project, and how it grew out of Powerstrip. Marsden reiterates that he said Powerstrip would be successful if they would “throw it away” in 6 months. Four months later, the Docker Plugins project is now officially announced, and Powerstrip is no longer necessary.

Marsden next turns the stage over to Jeff Lindsay. Lindsay talks about why the Docker Plugins project is so important—every customer is unique, and customers want/need the freedom to choose the right solution to use the tools that best solve their particular problem(s).

Jeff Lindsay turns it over to Alexis Richardson, who outlines the core requirements for Docker Plugins. Richardson outlines 3 requirements, but he doesn’t have a slide that lists those requirements, so I couldn’t capture them. Plugins today are limited to storage and networking, but that isn’t Continue reading

Liveblog: Resilient Routing and Discovery

This is a liveblog of the DockerCon 2015 session on resilient routing and discovery, part of the “Advanced Tech” track. Simon Eskilden (@Sirupsen on Twitter) from Shopify is the speaker for this session.

Not surprisingly (you’d understand this if you walked Eskilden’s presentation from DockerCon EU 2015), he starts out with a mention of the walrus (his favorite animal). Eskilden starts with a brief overview of Shopify (his employer) and Shopify’s production deployment of Docker (they’ve had Docker in production for over a year). Eskilden freely acknowledges that moving to a microservices-based architecture increases complexity and is not “free”. In order to help address the complexity brought on by microservices-based architectures, Eskilden wants to talk about resiliency, service discovery, and routing.

Eskilden reinforces that companies shouldn’t be implementing Docker solely for the sake of implementing Docker; it should be for a reason, a purpose (for him, it’s making sure Shopify’s services stay up and available). Resiliency is about building a reliable system from a bunch of unreliable components. Total availability is the availability per service to the power of the number of services. This means that the more services there are, the lower the total availability is. (To help Continue reading

Networking Books Up For Auction – Good Stuff Cheap

I've put several of my networking books up for auction on eBay. Lots of CiscoPress titles, but several others as well. Many design guides. Routing protocol coverage such as OSPF, including an OSPF vs ISIS guide by Jeff Doyle. Some are older, what I consider classics. Some are fairly new. Some are targeted at certification seekers. I need to clear some space here in my home library, and would like to move these titles along. Far too many books in my collection, and I've gotten what I can from these. Good luck!

Worth Reading: Don’t be so Surprised

Whether you are an obvious target or not depends heavily on what kind of information and access to information and systems you have or can provide. Whether you are a prioritized target depends much more on the current strategic, tactical and operational need of your adversary, whoever that might be. This is much more unpredictable.

The post Worth Reading: Don’t be so Surprised appeared first on 'net work.

Here comes bare metal and NFV for the enterprise

Two hardware vendors this week unveiled products to bring commodity switching and network functions virtualization (NFV) to enterprises through service providers.Bare metal switch supplier Pica8 this week rolled out a Power-over-Ethernet switches to be sold into enterprises by service providers as managed service customer premises equipment (CPE). And Ciena announced availability of the 3938vi Service Virtualization Switch, an Ethernet CPE platform with virtualized network function (VNF) integration. Pica8 The offerings address a desire by service providers, like AT&T, to sell bare metal white box switches into the customer premises for cost, flexibility, performance and SDN programmability advantages, and to offer service as VNFs on that hardware. Pica8 says this market – bare metal as CPE – is six months old and that this week’s PoE offerings are merely the latest in an existing CPE portfolio to onboard enterprises to the cloud.To read this article in full or to leave a comment, please click here

IMT-2020 is the future of mobile — but you can keep calling it 5G

There’s finally something real to 5G: a name.The International Telecommunication Union (ITU) has decided to call the next-generation cellular system IMT-2020. That name may have a hard time catching up with “5G,” a tag that’s been applied to just about every future mobile technology in the works: Googling “5G mobile” brings up 12.9 million results. But it’s a clear sign of progress toward the concrete. Where there’s a bureaucratic-sounding numeric acronym, can a formal standard be far behind?The ITU now has an answer to that question, too. It’s set a timeline that calls for the standard to be finished in 2020. Hence the name, which follows in the footsteps of IMT-2000 (3G) and IMT-Advanced (4G).To read this article in full or to leave a comment, please click here

US, UK spies said to attack security software

Spies working for the U.S. National Security Agency and its British counterpart found anti-virus and security software a hindrance to their intelligence gathering processes, and worked to thwart it, according to a report Monday in The Intercept.The efforts, revealed through documents leaked by former NSA contractor Edward Snowden, focused on vendors including Moscow-based security software developer Kaspersky Labs, which claims over 400 million customers worldwide.The NSA and the U.K.-based Government Communications Headquarters monitored web and email traffic between Kasperksy’s software and its servers, the report said, and obtained sensitive customer information in the process.To read this article in full or to leave a comment, please click here

Liveblog: DockerCon 2015 Day 1 General Session

This is a liveblog for the day 1 general session at DockerCon 2015, taking place this week (today and tomorrow, anyway) at the Marriott Marquis in San Francisco, CA. This is my first DockerCon, and I’m looking forward to picking up lots of new knowledge.

The general session starts with a video (cartoon) about something working in development but not in production, and how Solomon Hykes came up with the idea for containers and Docker. It’s a humorous, tongue-in-cheek production. As the video wraps up, Docker CEO Ben Golub takes the stage.

Golub starts with a personal story about the various startups for which he’s worked, and the importance of his “two fold test” (that it has global significance and that it is easy to explain when you go home for Thanksgiving). Maybe the Thanksgiving test didn’t quite make it, but Golub does think (naturally) that Docker has global significance. Golub says that Docker has become a fundamental part of how companies build, ship, and run distributed applications, and that Docker is a key part of how industries and cultures are being transformed. He attributes this success to the Docker community and the Docker ecosystem. Rightfully so, Golub credits the Continue reading

Privacy group complains about Uber data collection

Uber Technologies’ new data collection policy, allowing the ride-hailing company to access a user’s location even when the smartphone app is not actively in use, violates the privacy rights and personal safety of U.S. customers, according to a complaint filed Monday by a privacy group.With upcoming changes to its privacy policy, Uber “will claim the right to collect personal contact information and detailed location data of American consumers, even when they are not using the service,” the Electronic Privacy Information Center wrote in a complaint to the U.S. Federal Trade Commission.EPIC also objected to Uber’s plans to access the information from users’ phones’ address books and send out promotional materials to contacts listed there.To read this article in full or to leave a comment, please click here

Cavium wins ‘SDN Idol’ award at Open Networking Summit 2015

This week the fifth Open Networking Summit was held in Santa Clara, the heart of Silicon Valley. As in years past, the event held an "SDN Idol" competition where several vendors entered an SDN-related product for a set of judges to vote on to create a set of finalists. The four finalists then demonstrated their entries at the event and a final winner was chosen.In addition to myself, the judges included Jim Smith, GM of Mohr Davidow Ventures, Tom Anschutz, Distinguished Member of Technical Staff for AT&T, and Geng Lin, CTO of Corporate Networks for Google. The judging criteria involved understanding the business value, technology value, and differentiation against the competition.To read this article in full or to leave a comment, please click here

Twitter looking for a ‘full-time’ CEO, deflating Dorsey’s candidacy

A week and a half after Dick Costolo announced that he would be stepping down from the CEO role at Twitter, the company’s board of directors has sent a shot across the bow of one of the expected front-runner candidates to take the social network’s top job.The social micro-blogging company’s search committee will only consider CEO candidates “who are in a position to make a full-time commitment to Twitter,” the board said.That would seem to rule out Jack Dorsey, the company’s co-founder who currently works as the CEO of Square and will be filling in as interim CEO of Twitter.To read this article in full or to leave a comment, please click here

Extending Docker with Plugins

This is a guest blog post from Luke Marsden, CTO at ClusterHQ, the creators of Flocker and Alexis Richardson, CEO at Weaveworks, the creators of Weave. Back in December last year, we started getting closely involved in the Docker plugins … Continued
1 3,435 3,436 3,437 3,438 3,439 3,852