Ask a nerd

One should probably consult a lawyer on legal questions. Likewise, lawyers should probably consult nerds on technical questions. I point this out because of this crappy Lawfare post. It's on the right side of the debate (FBI's evidence pointing to North Korea is bad), but it's still crap.

For example, it says: "One hears a lot in cybersecurity circles that the government has “solved” the attribution problem". That's not true, you hear the opposite among cybersecurity experts. I suspect he gets this wrong because he's not talking about technical experts, but government circles. What government types in Washington D.C. say about cybersecurity is wholly divorced from reality -- you really ought to consult technical people.

He then says: "it is at least possible that some other nation is spoofing a North Korean attack". This is moronic, accepting most of the FBI's premise that a nation state sponsored the attack, and that we are only looking for which nation state this might be. In reality, the Sony hack is well within the capabilities of teenagers. The evidence is solid that Sony had essentially no internal security -- it required no special sophistication by the hacker. Anybody Continue reading

Facebook’s AIs want you to stop you making a fool of yourself

I’ve always found the tendency of  Facebook users to over-share a little strange. You see people exposing their lives in ways that are occasionally charming, often inexplicable, and frequently downright ridiculous or ill-advised (or often both of the latter at the same time).

drunk kids Gregg O'Connell / Flickr

Probably shouldn't be posted on Facebook.

In the latter category are the posts of people who are obviously in advanced states of inebriation doing things that don’t require a caption to reveal that they are being idiots. These kind of posts are the sort of thing that, once sober, will be regretted and will never, ever disappear becoming fodder for the poster’s mother’s disapproval and unwanted attention from employers both current and future. 

To read this article in full or to leave a comment, please click here

My Podcasts

Since taking a new role at Cisco, my drive time is less consistent. As a result, finding opportunities to listen to podcasts is more of a challenge. Earlier this week, a road trip I took provided some time to start getting caught up on my listening. Using iCatcher allows me to easily tweet what I’m listening too. As a result of sharing what I listened to, I received some requests regarding the podcasts I listen to. I wanted to share this ever changing list with the PacketU community.

Technology Podcasts

  • Cisco Champion Radio
  • Cisco TAC Security Podcast Series
  • No Strings Attached Show
  • Packet Pushers Podcast
  • Risky Business
  • Software Gone Wild by ipSpace.net
  • The Class-C Block
  • The IPv6 Show
  • The Southern Fried Security Podcast
  • VUPaaS – Virtualization as a Service

Business and Leadership

  • Freakonomics Radio
  • Home Work
  • The EntreLeadership Podcast

Also beyond the technology focus of this audience, I often listen to Cold Case Christianity–a Christian Apologetics podcast and Focus on the Family–a faith based podcast focused on strengthening families.

I’m always looking for new sources for good information. If you have podcasts that you enjoy listening to, please share them by sending them to @packetu or commenting below.

Disclaimer: This Continue reading

iPexpert’s Newest “CCIE Wall of Fame” Additions 12/19/2014

Please Join us in congratulating the following iPexpert clients who have passed their CCIE lab!

  • Mark Walbank, CCIE #45915 (Data Center)
  • David Vernum , CCIE #45880 (Data Center)
  • Wilson Huang, CCIE #46040 (Wireless)

We Want to Hear From You!

Have you passed your CCIE lab exam using any iPexpert or Proctor Labs self-study products, or attended our CCIE Bootcamps? If so, we’d like to add you to our CCIE Wall of Fame!

Sony hack was the work of SPECTRE

The problem with hacking is that people try to understand it through analogies with things they understand. They try to fit new information into old stories/tropes they are familiar with. This doesn't work -- hacking needs to be understood in its own terms.

But since you persist in doing it this way, let me use the trope of SPECTRE to explain the Sony hack. This is the evil criminal/terrosist organization in the James Bond films that is independent of all governments. Let's imagine that it's SPECTRE who is responsible for the Sony hack, and how that fits within the available evidence.

This trope adequately explains the FBI "evidence" pointing to North Korea. SPECTRE has done work for North Korea, selling them weapons, laundering their money, and conducting hacking for them. While North Korea is one of their many customers, they aren't controlled by North Korea.

The FBI evidence also points to Iran, with the Sony malware similar to that used in the massive Saudi Aramco hack. That would make sense, since an evil organization like SPECTRE does business with all the evil countries. Conversely, the Iranian connection doesn't make sense if the Sony hack were purely the work of the Continue reading

The FBI’s North Korea evidence is nonsense

The FBI has posted a press release describing why they think it's North Korea. While there may be more things we don't know, on its face it's complete nonsense. It sounds like they've decided on a conclusion and are trying to make the evidence fit. They don't use straight forward language, but confusing weasel words, like saying "North Korea actors" instead of simply "North Korea". They don't give details.

The reason it's nonsense is that the hacker underground shares code. They share everything: tools, techniques, exploits, owned-systems, botnets, and infrastructure. Different groups even share members. It is implausible that North Korea would develop it's own malware from scratch.

Here's the thing with computer evidence: you don't need to keep it secret. It wouldn't harm Sony and wouldn't harm the investigation. It would help anti-virus and security vendors develop signatures to stop it. It would crowd source analysis, to see who it really points to. We don't need to take the FBI's word for it, we should be able to see the evidence ourselves. In other words, instead of saying "IP addresses associated with North Korea", then can tell us what those IP addresses are, like "203.131.222.102".

But Continue reading

GigaOm: NASA Uses Ansible to launch web infrastructure into the cloud

GigaOm published a great article on how NASA launches their web infrastructure into the cloud today. The article features our own Jonathan Davila.

To help with the nitty gritty details of transferring those applications to AWS and setting up new servers, NASA used the Ansible configuration-management tool, said Davila. When InfoZen came, the apps were stored in a co-located data center where they weren’t being managed well, he explained, and many server operating systems weren’t being updated, leaving them vulnerable to security threats.

Without the configuration-management tool, Davila said that it would “probably take us a few days to patch every server in the environment” using shell scripts. Now, the team can “can patch all Linux servers in, like, 15 minutes.”

Read the full article on GigaOm.

Read our case study on How NASA Uses Ansible Tower.

 

 

Policy-based Tunnel Selection (PBTS) on Cisco IOS-XR

Recently, I had to look after PBTS on Cisco ASR9K platform and faced some issues, here are some results about my tests. PBTS has the same goal as CBTS on Cisco IOS (Class-Based Tunnel selection) but for Cisco IOS-XR. It provides a tool to direct traffic into specific RSVP-TE tunnels (in the future Segment-Routing tunnels) […]

Author information

Youssef El Fathi

Youssef El Fathi

Youssef is a network engineer working for a french service provider. He is also a dual CCIE (RS, SP). You can find him on Twitter.

The post Policy-based Tunnel Selection (PBTS) on Cisco IOS-XR appeared first on Packet Pushers Podcast and was written by Youssef El Fathi.

PlexxiPulse—Networking For Agile Datacenters, Distributed Cloud Environments and Big Data Applications

This week, we announced new product starter kits that will make it easier for companies to adopt software-defined networking in a way that fits their unique networking environments. The kits are designed for three distinct uses — agile datacenters, distributed cloud environments and Big Data applications — avoiding the “one-size-fits-all” starter kit approach of some other vendors. Visit our product page to learn more. Below are our top picks for networking stories this week.

In this week’s PlexxiTube of the week, Dan Backman discusses the benefits of Plexxi’s Big Data fabric beyond Hadoop applications.

eWEEK: Plexxi Launches SDN Starter Kits for Cloud, Big Data
By Jeff Burt
Plexxi officials want to make it easier for organizations to adopt software-defined networking. Plexxi, a startup in the increasingly crowded software-defined networking (SDN) space, is unveiling three starter kits aimed at agile data centers, cloud environments and big data applications. Company officials said the goal of the starter kits is to give businesses and service providers the tools they need to deploy SDN infrastructures that are tailored to their particular workloads, avoiding what they said is a more one-size-fits-all approach that other vendors are taking.

TechTarget: Networking pros describe their 2015 SDN projects
Continue reading

Juniper OCX – Welcome to the Revolution

Early December 2014, Juniper announced their OCX products that are focused on open, disaggregated networking systems.  As one of the instigators of the revolution, it will be intriguing to see which side Juniper is really on.

While competing with Juniper will be interesting, we’re happy to see them recognize the customer drive towards Open Networking.  Juniper indicates that they are joining the ranks of start-ups like Cumulus Networks and industry leaders such as Dell in this inevitable industry transition… avoiding the “head in the sand” perspective maintained by some other networking vendors.

There were four main sources of information as part of the announcement.

Initial reading shows us a focus very aligned with Open Networking. They say things like…

Juniper announced the OCX1100 that combines … Junos® operating system with Open Compute Project (OCP) enabled hardware

Let me say that again: Customers will have the ability to remove Junos and deploy another vendor’s operating system

To some not familiar with Juniper, news that we are embracing an open hardware design might sound counterintuitive in that anything “open” is not aligned with our strategy. On the contrary, Juniper has always embraced open architectures and open Continue reading

That’s It for 2014

A dozen webinars, tens of public presentations and on-site workshops, numerous highly interesting ExpertExpress sessions, three books and over 250 blog posts. That should be enough for a year; it’s time to go offline.

I hope your company has a New Year freeze (and not let’s upgrade everything over New Year policy), so you’ll be able to do the same and enjoy some time during the rest of the year with your loved ones. See you in 2015!

Blog Migration in the Works

You might have noticed that blog content has been a bit sparse over the last few weeks. The reason I haven’t generated any new content is because all my spare time is taken up with preparing to migrate this site to a new hosting platform.

Sometime over the holiday season, I’ll be migrating this site from a hosted WordPress installation to Jekyll running on GitHub Pages. Given that I have 9 years of content (over 1,600 blog posts), this is a pretty fair amount of work.

Most of the “structural” work on the new site is already complete; you can get a preview of the site by visiting http://lowescott.github.io. There’s no content there yet (other than some boilerplate content), but you’ll be able to get a feel for how the new layout will look and work. As you can see, I’ll be using the Lanyon theme, which provides a nice clean layout and a good mobile as well as desktop experience.

There’s still some additional “structural” work to be done, such as adding support for comments (which will be handled via Disqus), but I hope to have that done in the next few days.

Once the Continue reading

What is a data center operating system (DCOS)?

I’ve become aware of a new industry term called the “Data Center Operating System” (DCOS). The big idea seems to be abstracting away individual elements of the data center, allowing compute nodes to get spun up on top of infrastructure building blocks, whether physical or cloud. In theory, you supply hardware or cloud […]

Improving PicoHTTPParser further with AVX2

Vlad Krasnov recently joined CloudFlare to work on low level optimization of CloudFlare's servers. This is the first of a number of blog posts that will include code he's optimized and open sourced.

In a recent post, Kazuho's Weblog describes an improvement to PicoHTTPParser. This improvement utilizes the SSE4.2 instruction PCMPESTRI in order to find the delimiters in a HTTP request/response and parse them accordingly. This update, compared to the previous version of the code, is impressive.

CC BY-SA 2.0 image by Intel Free Press

PCMPESTRI is a versatile instruction that allows scanning of up to 16 bytes at once for occurrences of up to 16 distinct characters (bytes), or up to 8 ranges of characters (bytes). It can also be used for string and substring comparison. However, there are a few drawbacks: the instruction has a high latency of 11 cycles, and is limited to 16 bytes per instruction. It's also under utilized for range comparison in PicoHTTPParser, because it only tests two or three ranges per invocation (out of eight it is capable of). Furthermore, some simple math (16 bytes / 11 cycles) shows that using this instruction limits the parser to 1.45 bytes/cycle throughput.

Continue reading

Thinkers

Big thinkers think about giving, doing, and ideas. Small thinkers think about getting and having. If you’re comparing to or gossiping about others — you’re not thinking at all.

How to prevent theft, loss and snooping on the road

When you travel, a whole fleet of electronics come with you. Smartphone and laptop are a given, but there’s a good chance you’re also toting a tablet, and maybe a cellular hotspot or dedicated GPS.All of them are juicy targets for bad guys. Here’s how to make sure your devices’ travels are just as safe as your own.Protect yourself on public Wi-Fi Public Wi-Fi hotspots are essential. They’re like an oasis in the disconnected desert when you run into their blessed signal in coffee shops, airports, or even public parks. But wide-open Wi-Fi hotspots can also be dangerous.To read this article in full or to leave a comment, please click here

What’s Next for Cuba?

alba-1
Nearly two years ago, we broke the story about the activation of the first submarine cable connecting Cuba to the global Internet – a cable that, prior to its activation in January 2013, mysteriously lay dormant on the ocean floor for nearly two years. When the Cuban government issued a confirmation in the days following our report, it contained the following statement:
   When the testing process concludes, the submarine cable being put into operation will not mean that possibilities for access will automatically multiply.
alba-1

In other words, Cubans should not expect greater access to the Internet just because the ALBA-1 submarine cable was now in operation. Yesterday’s historic agreement to begin normalizing relations between Cuba and the United States contains a pledge by the Cuban government to “greatly expand its citizens’ access to the Internet.” What exactly this pledge entails will determine how the Internet evolves in Cuba in the near term. Decision makers in Cuba should look at another country that recently opened up its telecom sector and is presently experiencing an explosion in Internet growth: Myanmar.

Cuban Isolation

caribbean_cables

The isolation of Cuba is plainly evident when looking at a map of the submarine cables in the Continue reading

1 3,658 3,659 3,660 3,661 3,662 3,839