0

The Upload: Your tech news briefing for Monday, March 23

EMC pools enterprise smarts to create data lakesEMC is pulling assets from its conglomeration of businesses to help customers build data lakes using EMC storage, VMware virtualization and Pivotal big-data smarts. The Federation Business Data Lake debuting Monday will ingest and analyze data from diverse sources—and may also show how EMC can make the diverse businesses it owns add up to more than the sum of their parts.New US bill aims to limit use of student dataA new bill to be introduced in Congress on Monday aims to place checks on the collection and possible misuse of student data by tech companies that supply services to schools. The Student Digital Privacy and Parental Rights Act prohibits companies such as online homework portals or email services from using or disclosing students’ personal information for advertisement purposes, according to The New York Times.To read this article in full or to leave a comment, please click here

0

Foxconn partners with China’s Tencent on smart electric cars

As rumors swirl that Apple might be developing an electric car one of its major suppliers, Foxconn Technology Group, is moving ahead with its own plans to bring an electric-powered vehicle to China.On Monday, the electronics manufacturer struck a partnership with Chinese Internet giant Tencent and luxury car dealership China Harmony Auto to develop smart electric cars. All three companies are together establishing a special team for the project, Foxconn said.Foxconn, which is based in Taiwan, is perhaps best known for assembling Apple’s iPhone.To read this article in full or to leave a comment, please click here

0

EMC pools enterprise smarts to create data ‘lakes’

EMC is drawing on its “federation” of companies to help customers build data lakes using EMC storage, VMware virtualization and Pivotal big-data smarts.The Federation Business Data Lake will ingest and analyze data from diverse sources to give enterprises new insights that can help them make better decisions, EMC says. It can tie together existing EMC assets with new software to run the data lake, and the whole package can be built and started up in as little as seven days, according to the company.EMC’s aim is to help enterprises of all sizes make better use of information they collect, including both structured and unstructured data. Building the data lakes may also show how EMC can make the diverse businesses it owns add up to more than the sum of their parts.To read this article in full or to leave a comment, please click here

0

New products of the week 03.23.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.CartoDB WordPressKey features: For WordPress users looking to add custom maps to webpages. CartoDB is the easiest tool for adding maps to a WordPress site for users to share maps with their posts. More info.To read this article in full or to leave a comment, please click here

0

New products of the week 03.23.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.CartoDB WordPressKey features: For WordPress users looking to add custom maps to webpages. CartoDB is the easiest tool for adding maps to a WordPress site for users to share maps with their posts. More info.To read this article in full or to leave a comment, please click here

0

Cisco small business phones open to remote eavesdropping, calling

You don’t need to be the NSA to tap calls on Cisco’s SPA 300 and 500 IP phones: An authentication flaw allows potential attackers to do that by default.An unpatched vulnerability in the firmware of the SPA 300 and 500 series IP phones, typically used by small businesses, could allow eavesdropping on calls.“The vulnerability is due to improper authentication settings in the default configuration,” Cisco Systems said in a security advisory.Unauthenticated remote attackers could send crafted XML requests to affected devices in order to exploit the flaw and remotely listen to audio streams or make phone calls through them, the company warned.To read this article in full or to leave a comment, please click here

0

SElinux policy for icmp checks

Many issues reported with scanning subnets and updating host statuses are related to SElinux being enabled. So far the solution was to completely disable SElinux, but this was more workaround than anything else. Robert was kind enough to share SElinux policy that should be used with phpipam if SElinux is enabled on your server.

 

Basically it permits the opening of raw IP sockets for non-root users, that are required for executing ping command.

 

1) Create the file http_ping.tt and add the following to it:

module http_ping 1.0;

require {
type httpd_t;
class capability net_raw;
class rawip_socket { getopt create setopt write read };
}

#============= httpd_t ==============
allow httpd_t self:capability net_raw;
allow httpd_t self:rawip_socket { getopt create setopt write read };

 

2) Run the following commands (as root user):

checkmodule -M -m -o http_ping.mod http_ping.tt
semodule_package -o http_ping.pp -m http_ping.mod
semodule -i http_ping.pp

brm

0

You Must Understand the Fundamentals to Be Successful

I was speaking with a participant of an SDN event in Zurich after the presentations, and he made an interesting comment: whenever he experienced serious troubleshooting problems in his career, it was due to lack of understanding of networking fundamentals.

Let me give you a few examples: Do you know how ARP works? What is proxy ARP? How does TCP offload work and why is it useful? What is an Ethernet collision and when would you see one? Why do we need MLD in IPv6 neighbor discovery?

0

You must understand the fundamentals to be successful

I was speaking with a participant of the recent SDN event in Zurich after the presentations, and he made an interesting comment: whenever he experienced serious troubleshooting problems in his career, it was due to lack of understanding of networking fundamentals.

Read more ...

0

Netvisor Analytics: Secure the Network/Infrastructure

We recently heard President Obama declare cyber security as one of his top priorities and we saw in recent time major corporations suffer tremendously from breaches and attacks. The most notable one is the breach at Anthem. For those who are still unaware, Anthem is the umbrella company that runs Blue Shield and Blue Cross Insurance as well. The attackers had access to people details, social security, home addresses, and email address for a period of month. What was taken and extent of the damage is still guesswork because network is a black hole that needs extensive tools to figure out what is happening or what happened. This also means the my family is impacted and since we use Blue Shield at Pluribus Networks, every employee and their family is also impacted prompting me to write this blog and a open invitation to the Anthem people and the government to pay attention to the new architecture that makes network play a role similar to NSA in helping protect the infrastructure. It all starts with converting the network from a black hole to something we can measure and monitor. To make this meaningful, lets look at state of the art today Continue reading

0

Fake patient data could have been uploaded through SAP medical app

SAP has fixed two flaws in a mobile medical app, one of which could have allowed an attacker to upload fake patient data.The issues were found in SAP’s Electronic Medical Records (EMR) Unwired, which stores clinical data about patients including lab results and images, said Alexander Polyakov, CTO of ERPScan, a company based in Palo Alto, California, that specializes in enterprise application security.Researchers with ERPScan found a local SQL injection flaw that could allow other applications on a mobile device to get access to an EMR Unwired database. That’s not supposed to happen, as mobile applications are usually sandboxed to prevent other applications from accessing their data.To read this article in full or to leave a comment, please click here

0

Lab: iBGP and OSPF Traffic Engineering

Here's the scenario: An enterprise network with an MPLS core and two branch locations connected to their own Provider Edge (PE) router. In addition to the MPLS link, the PEs are also connected via a DMVPN tunnel. The PEs are peering via iBGP (of course) and are also OSPF neighbors on the DMVPN. Both Customer Edge (CE) routers at the branch are OSPF neighbors with their local PE.

Task: Use the high speed MPLS network as the primary path between the CE routers and only use the DMVPN network if the MPLS network becomes unavailable.

Question: Is the solution as simple as adjusting the Admin Distance (AD) so that the iBGP routes are more preferred?

0

SElinux policy for icmp checks

0

VMWare Player and VM Networking

VMWare Player is the Virtualization software/hypervisor provided free of charge by VMWare. Player is for personal use. Paid versions are available as VMWare Player Pro or VMWare Workstation. Following link covers the differences between different editions. I have used Virtualbox for most of my VM needs. There were few recent scenarios where I had to use … Continue reading VMWare Player and VM Networking →

0

DNSSEC – Moving the Needle

The New Zealand ISP market is dominated by Spark, Vodafone & CallPus/Orcon. A side effect of this is that if one player does the Right Thing™, it really moves the needle. Recently, Spark has done the Right Thing with DNSSEC.

DNSSEC takeup has been low with New Zealand ISPs. The APNIC stats indicated that around 5% of users were using DNS resolvers that had DNSSEC validation capabilities. But in December 2014, that number jumped to ~15%:

It turns out this is because Spark has enabled DNSSEC validation on some of their resolvers. NZRS have done some analysis, and found that Spark turned on 4 new resolvers that do DNSSEC validation:

They’re still running their old resolvers, so right now it’s hit & miss for their customers. But it’s a great start, and presumably they’ll upgrade the remaining systems soon.

So Vodafone, CallPlus, Snap, Trustpower…when are you going to take customer security seriously too? And Spark…how long until DNSSEC is enabled for all your resolvers?

And please, no arguments about “we’re not sure if it will work.” Google has been doing it since March 2013…who do you think processes more DNS requests per day? Google, or your ISP?

0

Raytracing Quake demos

I decided to combine these two problems into one solution:

• Modern CPUs are idle way too much of the time. Why have all this computational power if we don’t use it?
• I have these funny old Quake demos that there’s no good way to convert to something playable.

My solution is to convert Quake .dem files to .pov files and render them with POV-Ray.

Update: New better screenshot:

Quake scene rendered in POV-Ray. Two more here and here.

Quake is closing in on 20 years old now, and it’s starting to get annoying to make it even work. Yes, it’s opensource, and there are a couple of forks. But they’ve also always been annoying to get working. Hell, even GLQuake in Steam won’t start for me. (yes, I know this is a bad reason, but I’m doing this for fun)

Many of the tools and resources are hard to find. I couldn’t find ReMaic, and only found lmpc thanks to FreeBSD having made it a package. Converting demos to an ASCII format using lmpc helped in confirming that my file parsing was correct.

The steps needed to render a demo:

1. Extract .mdl files to .pov and .png (skin) files.
2. Extract . Continue reading

0

Raytracing Quake demos

I decided to combine these two problems into one solution:

• Modern CPUs are idle way too much of the time. Why have all this computational power if we don’t use it?
• I have these funny old Quake demos that there’s no good way to convert to something playable.

My solution is to convert Quake .dem files to .pov files and render them with POV-Ray.

Quake scene rendered in POV-Ray. Two more here and here.

Quake is closing in on 20 years old now, and it’s starting to get annoying to make it even work. Yes, it’s opensource, and there are a couple of forks. But they’ve also always been annoying to get working. Hell, even GLQuake in Steam won’t start for me. (yes, I know this is a bad reason, but I’m doing this for fun)

Many of the tools and resources are hard to find. I couldn’t find ReMaic, and only found lmpc thanks to FreeBSD having made it a package. Converting demos to an ASCII format using lmpc helped in confirming that my file parsing was correct.

The steps needed to render a demo:

1. Extract .mdl files to .pov and .png (skin) files.
2. Extract .bsp files to .pov Continue reading

0

A peek into the USM format

A peek into the USM format

A game that I really liked the visuals off, Crysis 3 uses a video file format called USM, This is a rather odd to me, since when I am used to pulling games apart for their assets, I am used to BINK video being used for th

0

OpenNSL – Thoughts

Recently, Broadcom has opensourced API for their network switching asic as part of OpenNSL project. I tried to dig little deep into what it really means and this blog is a result of that. What is really Opensourced? Following picture from Broadcom OpenNSL project clearly illustrates this: Following are some notes: OpenNSL is a layer … Continue reading OpenNSL – Thoughts →

0

Show 229 – Network Break 32 – Juniper Innovation Showcase & More

Over-opinionated analysis on data network and IT Infrastructure. And virtual doughnuts.

Author information

The post Show 229 – Network Break 32 – Juniper Innovation Showcase & More appeared first on Packet Pushers Podcast and was written by Ethan Banks.