Do the ChaCha: better mobile performance with cryptography

_{CC BY-ND 2.0 image image by Clinton Steeds}

CloudFlare is always trying to improve customer experience by adopting the latest and best web technologies so that our customers (and their visitors) have a fast and a secure web browsing experience.

More and more web sites are now using HTTPS by default. This sea change has been spearheaded by many groups including CloudFlare enabling free SSL for millions of sites with Universal SSL, Google moving towards marking plain HTTP as insecure in Chrome, and the Let’s Encrypt project’s plans to make certificates free in 2015.

Not only is the encrypted web more secure, it can also be faster than the unencrypted web if the latest HTTPS features are implemented. HTTPS sites are blazing fast on CloudFlare because we keep up with the latest performance-enhancing features:

• SPDY 3.1 is on by default for all customers. SPDY enables faster-than-HTTP download speeds by enabling multiplexing
• OCSP stapling: faster revocation checking.
• Optimized certificate bundles using CFSSL, our open source SSL bundler: an optimized certificate chain provides faster validation of certificates in the browser
• ECDSA certificates for all free customers with Universal SSL: smaller certificates with smaller keys result in faster Continue reading

AnsibleFest NYC 2015

We are in the planning stages of our next stop in the AnsibleFest 2015 tour. We had a our biggest turnout ever at AnsibleFest London and know that our New York event will be even bigger and better!

AnsibleFest NYC is currently scheduled for late May/early June in NYC.

Details are being finalized now and tickets will go on sale soon.

If you are interested in speaking please email [email protected]

If you are interested in sponsoring please email [email protected] 

Republican FCCers call for delay in net neutrality vote

The U.S. Federal Communications Commission should delay its vote on net neutrality rules for at least a month after releasing Chairman Tom Wheeler’s proposal for public comment, the commission’s two Republican members said Monday.Instead of voting on Wheeler’s net neutrality proposal on Thursday, as scheduled, the FCC should open his 332-page proposal to the public “and allow the American people a reasonable period of not less than 30 days to carefully study it,” Commissioners Ajit Pai and Mike O’Rielly wrote in a joint statement.Wheeler, part of the three-Democrat majority on the commission, immediately rejected the request, however. The FCC received more than 4 million public comments on net neutrality during the past year, and they “helped shape” his proposal,” he wrote on Twitter. “It’s time to act.”To read this article in full or to leave a comment, please click here

Network Automation with Cisco Nexus Switches & Ansible

Google will acquire mobile wallet technology from Softcard

The tap-and-pay mobile payments market in the U.S. is getting a little less confusing.On Monday, Google said it had reached a deal with three of the country’s major cellular carriers to acquire “technology and capabilities” from Softcard, a competing mobile wallet app developed jointly by the carriers. But the deal appears to be less about technology and more about branding.The biggest immediate change is that Verizon, AT&T and T-Mobile will begin preinstalling Google Wallet on new Android smartphones later this year—something that had been blocked before in preference for the Softcard app.At their heart, both apps are based on the same contactless payment technology as Apple Pay and a new generation of payment cards from banks and credit unions. They use NFC (near-field communication) to complete a transaction once a payment card or phone is brought within a few centimeters of a terminal.To read this article in full or to leave a comment, please click here

End of the road for RC4

Today, we completely disabled the RC4 encryption algorithm for all SSL/TLS connections to CloudFlare sites. It's no longer possible to connect to any site that uses CloudFlare using RC4.

Over a year ago, we disabled RC4 for connections for TLS 1.1 and above because there were more secure algorithms available. In May 2014, we deprecated RC4 by moving it to the lowest priority in our list of cipher suites. That forced any browser that had a good alternative to RC4 to use it. Those two changes meant that almost everyone who was using RC4 to connect to CloudFlare sites switched to a more secure protocol.

Back in May, we noted that some people still needed RC4, particularly people using old mobile phones and some Windows XP users. At the time, 4% of requests using RC4 came from a single phone type: the Nokia 6120.

At the time, we noted that roughly 0.000002% of requests to CloudFlare were using the RC4 protocol. In the last 9 months, that number is halved and so, although some people are still using RC4, we have decided to turn off the protocol. It's simply no longer secure.

The remaining users are almost Continue reading

Twitter speaks up for FCC net neutrality plan

With the Federal Communications Commission set to vote in three days on reclassifying broadband as public regulated utility, Twitter made its support for stronger net-neutrality rules official Monday.In a blog post laying out its case, Twitter struck the theme of free speech, but also said that an Internet that supports Web businesses without barriers imposed by ISPs is critical for the economic competitiveness of the U.S.“We need clear, enforceable, legally sustainable rules to ensure that the Internet remains open and continues to give everyone the power to create and share ideas and information instantly, without barriers. This is the heart of Twitter,” the post said. Net neutrality rules would prevent ISP from determining what content, services and applications get used and shared on the Web, it said.To read this article in full or to leave a comment, please click here

Twitter speaks up for FCC net neutrality plan

With the Federal Communications Commission set to vote in three days on reclassifying broadband as public regulated utility, Twitter made its support for stronger net-neutrality rules official Monday.In a blog post laying out its case, Twitter struck the theme of free speech, but also said that an Internet that supports Web businesses without barriers imposed by ISPs is critical for the economic competitiveness of the U.S.“We need clear, enforceable, legally sustainable rules to ensure that the Internet remains open and continues to give everyone the power to create and share ideas and information instantly, without barriers. This is the heart of Twitter,” the post said. Net neutrality rules would prevent ISP from determining what content, services and applications get used and shared on the Web, it said.To read this article in full or to leave a comment, please click here

‘Secure’ advertising tool PrivDog compromises HTTPS security

New cases of insecure HTTPS traffic interception are coming to light as researchers probe software programs for implementations that could enable malicious attacks. The latest software to open a man-in-the-middle hole on users’ PCs is a new version of PrivDog, an advertising product with ties to security vendor Comodo.Over the weekend, a user reported on Hacker News that his system failed an online test designed to detect a man-in-the-middle vulnerability introduced by Superfish, a program preloaded on some Lenovo consumer laptops.To read this article in full or to leave a comment, please click here

How Target can beat Amazon’s free shipping

Some headlines practically require a click, such as this one from Mashable: “Target undercuts Amazon on free shipping.” How do you undercut free? Is Target going to pay me for the privilege of shipping a package to my house? No, silly, you do it like this: The retail chain announced Monday that customers can qualify for free shipping on all orders of $25 or more placed through Target's website "with virtually no exclusions," down from a $50 minimum previously.To read this article in full or to leave a comment, please click here

HP deal marks milestone for open source networking hardware

If you still harbored any doubts that the web is now driving the future of IT, last week's announcement that HP will offer disaggregated products for web-scale data centers via deals with Cumulus and Accton should be enough to convince you.See also: HP latest to unbundle switch hardware, software The deal itself is hardly monumental. HP inked a pair of "partnerships that will produce a branded white box switch capable of running multiple network operating systems." And it comes on the heels of HP's deal with Foxconn last year to build inexpensive cloud computing servers.To read this article in full or to leave a comment, please click here

IDG Contributor Network: What Wi-Fi looks like

Hackaday member CNLohr has created some stunning images of a Wi-Fi network using a remarkably simple technique. He documented his experiments on his Hackaday project page.He achieved the results by capturing wireless signal strength using a Wi-Fi chipset hooked up to a single multi-color LED. The LED rapidly changes color depending on signal strength. He then captures long-exposure photographs of the LED, as his buddy, holding the piece of kit, moves around a space. The result is a multi-colored graphic with variations representing signal strength.Pinging the chipsetTo read this article in full or to leave a comment, please click here

Apple plans two European data centers running on renewable energy

Apple plans to open two European data centers running on renewable energy in 2017, following similar moves by Google and Facebook in the region.The new data centers will host a number of Apple services for European customers, including the iTunes Store, App Store, iMessage text messaging service, Apple Maps and Siri, its voice-controlled personal assistant. By hosting the data within the European Union, Apple could avoid the need to export EU users’ data to the U.S. or other data protection regimes, a sensitive issue as EU legislators discuss renewing the bloc’s data protection regime.Apple plans to spend a total of €1.7 billion (US$1.9 billion) on the two data centers, which will each cover around 166,000 square meters.To read this article in full or to leave a comment, please click here

This man pressed Print. What happened next left me speechless.

Although I attended HP Discover in Barcelona as a guest of the folks at HP Networking (via their Independent Bloggers program), I didn’t restrict myself to looking at etherstuff; HP makes way too broad a portfolio of products to get away with that. I ended up looking at printers, and I found something that pretty much blew me away.

Before I forget, please accept my apologies for the clickbait headline. I’ve always wanted to do one of those; but unlike so many others I’ve seen, I hope that this article won’t disappoint. You’ll see “the man” in the headline in a video later.

A Sign of the Times

It was hard to miss at HP Discover that HP believes in eating their own dog food. The signage at the event – many large, inspiring, multicultural images reminding us that HP’s mission is to provide “solutions for the New Style of IT” – was all printed on HP printers. The signs looked pretty amazing, I have to say:

Not only were they printed using HP products, but the poster tells you which printer was used, you know, in case you wanted to buy one for your spare bedroom or something:

Given the price Continue reading

New teaser images and video help confirm details of Samsung’s Galaxy S6

With less than a week left until the event at which Samsung Electronics is expected to launch the Galaxy S6, two new images and a video of the company’s next high-end smartphone seem to confirm its name and the presence of a curved screen.The images, posted by Samsung and network operator T-Mobile U.S., show the smartphone from the side. The T-Mobile image has the tagline “six appeal” and shows the side of the device lit up, all but confirming the name and the expected launch of a device with a curved screen that wraps around one or both edges. Samsung first used such a curved screen on the Galaxy Note Edge, which it announced last year.The T-Mobile image along with another image Samsung has posted on Twitter also tease an improved design, which the Galaxy S6 needs if Samsung wants the smartphone to be a bigger hit its predecessor.To read this article in full or to leave a comment, please click here

Startup Flex Logix aims to score big in a niche chip market

In Silicon Valley, where software startups are the rage, it’s unusual to see a new hardware company set up shop. But venture capital-backed chip design company Flex Logix has some big ideas about how to speed up a whole range of software applications and hardware.Flex Logix is establishing a business around FPGAs (field-programmable gate arrays), which are reconfigurable chips that can help hardware run specific applications faster. A notable FPGA user is Microsoft, which has implemented the chips in data centers to quickly deliver more relevant Bing search results.PCs and servers today run on general-purpose processors like CPUs, but FPGAs are different, with functionality defined mainly through software on the chip. Flex Logix claims it has designed a new type of FPGA, which it hopes will be used in networking, telecommunications, servers, military equipment and other hardware.To read this article in full or to leave a comment, please click here

LG takes aim at Motorola’s Moto G with new Magna smartphone

LG Electronics has announced four new smartphones, including the Magna. The device has a spec that gives Motorola Mobility’s Moto G a run for its money, assuming LG doesn’t screw up the pricing too much.Motorola has had the market for unlocked smartphones costing US$200 or less largely to itself in the U.S. and Europe, helping it regain its footing with the Moto G and the Moto E. But it seems the now Lenovo-owned company will face some tougher competition this year from products like the LG Magna.The Lollipop-based smartphone has a 5-inch, 720 x 1280-pixel screen and an unspecified 1.2GHz or 1.3GHz quad-core processor. The Magna also has an 8-megapixel front camera and a 5-megapixel camera on the back. There’s 1GB of RAM and 8GB of integrated storage backed up by a microSD card slot.To read this article in full or to leave a comment, please click here

Networking Field Day – Afterwards – Cisco ACI

Carrier Supporting Carrier – CSC

CSC Carrier Supporting Carrier is a hierarchical MPLS VPN architecture between the Service Providers. Service is an MPLS VPN service mostly but doesn’t have to be as you will see throughout the post. Customer carrier ( Provider ) receives an MPLS VPN service from the Core/Backbone carrier. Although CSC architecture is not common in real… Read More »

The post Carrier Supporting Carrier – CSC appeared first on Network Design and Architecture.

When backup Is a disaster

Shortly after Branndon Kelley joined American Municipal Power (AMP) as CIO, the company's financial system went down.It took four days to restore the system and Kelley, who had previously consulted with state governments on business continuity issues, immediately started exploring AMP's backup and recovery strategy.He quickly discovered that there was none. No coherent plan. "We had a whole bag of tricks," Kelley says, including more than 10 different backup systems and processes. There were outdated off-the-shelf packages and hand-coded scripts--none of them documented or interconnected. There were backups of backups, and fewer than half of the backups succeeded on the first try.To read this article in full or to leave a comment, please click here