The FBI’s North Korea evidence is nonsense

The FBI has posted a press release describing why they think it's North Korea. While there may be more things we don't know, on its face it's complete nonsense. It sounds like they've decided on a conclusion and are trying to make the evidence fit. They don't use straight forward language, but confusing weasel words, like saying "North Korea actors" instead of simply "North Korea". They don't give details.

The reason it's nonsense is that the hacker underground shares code. They share everything: tools, techniques, exploits, owned-systems, botnets, and infrastructure. Different groups even share members. It is implausible that North Korea would develop it's own malware from scratch.

Here's the thing with computer evidence: you don't need to keep it secret. It wouldn't harm Sony and wouldn't harm the investigation. It would help anti-virus and security vendors develop signatures to stop it. It would crowd source analysis, to see who it really points to. We don't need to take the FBI's word for it, we should be able to see the evidence ourselves. In other words, instead of saying "IP addresses associated with North Korea", then can tell us what those IP addresses are, like "203.131.222.102".

But Continue reading

GigaOm: NASA Uses Ansible to launch web infrastructure into the cloud

GigaOm published a great article on how NASA launches their web infrastructure into the cloud today. The article features our own Jonathan Davila.

To help with the nitty gritty details of transferring those applications to AWS and setting up new servers, NASA used the Ansible configuration-management tool, said Davila. When InfoZen came, the apps were stored in a co-located data center where they weren’t being managed well, he explained, and many server operating systems weren’t being updated, leaving them vulnerable to security threats.

Without the configuration-management tool, Davila said that it would “probably take us a few days to patch every server in the environment” using shell scripts. Now, the team can “can patch all Linux servers in, like, 15 minutes.”

Read the full article on GigaOm.

Read our case study on How NASA Uses Ansible Tower.

 

 

Policy-based Tunnel Selection (PBTS) on Cisco IOS-XR

Recently, I had to look after PBTS on Cisco ASR9K platform and faced some issues, here are some results about my tests. PBTS has the same goal as CBTS on Cisco IOS (Class-Based Tunnel selection) but for Cisco IOS-XR. It provides a tool to direct traffic into specific RSVP-TE tunnels (in the future Segment-Routing tunnels) […]

Author information

Youssef El Fathi

Youssef El Fathi

Youssef is a network engineer working for a french service provider. He is also a dual CCIE (RS, SP). You can find him on Twitter.

The post Policy-based Tunnel Selection (PBTS) on Cisco IOS-XR appeared first on Packet Pushers Podcast and was written by Youssef El Fathi.

PlexxiPulse—Networking For Agile Datacenters, Distributed Cloud Environments and Big Data Applications

This week, we announced new product starter kits that will make it easier for companies to adopt software-defined networking in a way that fits their unique networking environments. The kits are designed for three distinct uses — agile datacenters, distributed cloud environments and Big Data applications — avoiding the “one-size-fits-all” starter kit approach of some other vendors. Visit our product page to learn more. Below are our top picks for networking stories this week.

In this week’s PlexxiTube of the week, Dan Backman discusses the benefits of Plexxi’s Big Data fabric beyond Hadoop applications.

eWEEK: Plexxi Launches SDN Starter Kits for Cloud, Big Data
By Jeff Burt
Plexxi officials want to make it easier for organizations to adopt software-defined networking. Plexxi, a startup in the increasingly crowded software-defined networking (SDN) space, is unveiling three starter kits aimed at agile data centers, cloud environments and big data applications. Company officials said the goal of the starter kits is to give businesses and service providers the tools they need to deploy SDN infrastructures that are tailored to their particular workloads, avoiding what they said is a more one-size-fits-all approach that other vendors are taking.

TechTarget: Networking pros describe their 2015 SDN projects
Continue reading

Juniper OCX – Welcome to the Revolution

Early December 2014, Juniper announced their OCX products that are focused on open, disaggregated networking systems.  As one of the instigators of the revolution, it will be intriguing to see which side Juniper is really on.

While competing with Juniper will be interesting, we’re happy to see them recognize the customer drive towards Open Networking.  Juniper indicates that they are joining the ranks of start-ups like Cumulus Networks and industry leaders such as Dell in this inevitable industry transition… avoiding the “head in the sand” perspective maintained by some other networking vendors.

There were four main sources of information as part of the announcement.

Initial reading shows us a focus very aligned with Open Networking. They say things like…

Juniper announced the OCX1100 that combines … Junos® operating system with Open Compute Project (OCP) enabled hardware

Let me say that again: Customers will have the ability to remove Junos and deploy another vendor’s operating system

To some not familiar with Juniper, news that we are embracing an open hardware design might sound counterintuitive in that anything “open” is not aligned with our strategy. On the contrary, Juniper has always embraced open architectures and open Continue reading

That’s It for 2014

A dozen webinars, tens of public presentations and on-site workshops, numerous highly interesting ExpertExpress sessions, three books and over 250 blog posts. That should be enough for a year; it’s time to go offline.

I hope your company has a New Year freeze (and not let’s upgrade everything over New Year policy), so you’ll be able to do the same and enjoy some time during the rest of the year with your loved ones. See you in 2015!

Blog Migration in the Works

You might have noticed that blog content has been a bit sparse over the last few weeks. The reason I haven’t generated any new content is because all my spare time is taken up with preparing to migrate this site to a new hosting platform.

Sometime over the holiday season, I’ll be migrating this site from a hosted WordPress installation to Jekyll running on GitHub Pages. Given that I have 9 years of content (over 1,600 blog posts), this is a pretty fair amount of work.

Most of the “structural” work on the new site is already complete; you can get a preview of the site by visiting http://lowescott.github.io. There’s no content there yet (other than some boilerplate content), but you’ll be able to get a feel for how the new layout will look and work. As you can see, I’ll be using the Lanyon theme, which provides a nice clean layout and a good mobile as well as desktop experience.

There’s still some additional “structural” work to be done, such as adding support for comments (which will be handled via Disqus), but I hope to have that done in the next few days.

Once the Continue reading

What is a data center operating system (DCOS)?

I’ve become aware of a new industry term called the “Data Center Operating System” (DCOS). The big idea seems to be abstracting away individual elements of the data center, allowing compute nodes to get spun up on top of infrastructure building blocks, whether physical or cloud. In theory, you supply hardware or cloud […]

Improving PicoHTTPParser further with AVX2

Vlad Krasnov recently joined CloudFlare to work on low level optimization of CloudFlare's servers. This is the first of a number of blog posts that will include code he's optimized and open sourced.

In a recent post, Kazuho's Weblog describes an improvement to PicoHTTPParser. This improvement utilizes the SSE4.2 instruction PCMPESTRI in order to find the delimiters in a HTTP request/response and parse them accordingly. This update, compared to the previous version of the code, is impressive.

CC BY-SA 2.0 image by Intel Free Press

PCMPESTRI is a versatile instruction that allows scanning of up to 16 bytes at once for occurrences of up to 16 distinct characters (bytes), or up to 8 ranges of characters (bytes). It can also be used for string and substring comparison. However, there are a few drawbacks: the instruction has a high latency of 11 cycles, and is limited to 16 bytes per instruction. It's also under utilized for range comparison in PicoHTTPParser, because it only tests two or three ranges per invocation (out of eight it is capable of). Furthermore, some simple math (16 bytes / 11 cycles) shows that using this instruction limits the parser to 1.45 bytes/cycle throughput.

Continue reading

Thinkers

Big thinkers think about giving, doing, and ideas. Small thinkers think about getting and having. If you’re comparing to or gossiping about others — you’re not thinking at all.

How to prevent theft, loss and snooping on the road

When you travel, a whole fleet of electronics come with you. Smartphone and laptop are a given, but there’s a good chance you’re also toting a tablet, and maybe a cellular hotspot or dedicated GPS.All of them are juicy targets for bad guys. Here’s how to make sure your devices’ travels are just as safe as your own.Protect yourself on public Wi-Fi Public Wi-Fi hotspots are essential. They’re like an oasis in the disconnected desert when you run into their blessed signal in coffee shops, airports, or even public parks. But wide-open Wi-Fi hotspots can also be dangerous.To read this article in full or to leave a comment, please click here

What’s Next for Cuba?

alba-1
Nearly two years ago, we broke the story about the activation of the first submarine cable connecting Cuba to the global Internet – a cable that, prior to its activation in January 2013, mysteriously lay dormant on the ocean floor for nearly two years. When the Cuban government issued a confirmation in the days following our report, it contained the following statement:
   When the testing process concludes, the submarine cable being put into operation will not mean that possibilities for access will automatically multiply.
alba-1

In other words, Cubans should not expect greater access to the Internet just because the ALBA-1 submarine cable was now in operation. Yesterday’s historic agreement to begin normalizing relations between Cuba and the United States contains a pledge by the Cuban government to “greatly expand its citizens’ access to the Internet.” What exactly this pledge entails will determine how the Internet evolves in Cuba in the near term. Decision makers in Cuba should look at another country that recently opened up its telecom sector and is presently experiencing an explosion in Internet growth: Myanmar.

Cuban Isolation

caribbean_cables

The isolation of Cuba is plainly evident when looking at a map of the submarine cables in the Continue reading

Alcatel-Lucent Virtualized Simulator on GNS3

The Alcatel-Lucent virtualized Simulator (vSim) is a virtualization-ready version of SR OS called SR OS-VM. This new operating system is designed to run in a virtual machine (VM) on a generic Intel x86 server. In control and management plane aspects, the vSim is functionally and operationally equivalent to an Alcatel-Lucent hardware-based SR OS router.The vSim is intended to be used as a laboratory tool to fully simulate the control and management plane of an SR OS node. The vSim is not intended to be used in a production network environment and the forwarding plane is limited to 250 pps per interface. Furthermore, without a license file it will run for 1 hour before reloading.

Host Software and Hardware Requirements

  • Linux x86-64
  • Qemu emulator version 2.1.2 (qemu-system-x86_64 or i386)
  • GNS3 version 1.2 or later
  • RAM - at least 4 GB
  • CPU with hardware virtualization support (VT-x or AMD-V)

Virtual Machines Software and Hardware Requirements

  • TiMOS-B-12.0.R6 ALCATEL SR 7750, TiMOS-SR-12.0.R6-vm.zip
  • RAM 2048 MB, CPU x86-32
  • Qemu additional parameters: -nographic -enable-kvm

1. Installation Steps

Extract image from the zip file.

$ unzip TiMOS-SR-12.0.R6-vm.zip
$ cd vm/7xxx-i386/

Now a virtual disk sros-vm.qcow2 is extracted. To start Qemu virtual Continue reading

HTIRW: Standards Bodies

(yes, I know, it’s been a while… But it’s time to get back to this series) Up to this point in this series, we’ve been discussing the more technical aspects of how the Internet really works. Now I want to shift gears a little, and talk about some of the more political aspects — standards […]

Author information

Russ White

Principal Engineer at Ericsson

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about — or don't really care about. You can find Russ at 'net Work, the Internet Protocol Journal, and his author page on Amazon.
TwitterGoogle+LinkedIn

The post HTIRW: Standards Bodies appeared first on Packet Pushers Podcast and was written by Russ White.

1 3,671 3,672 3,673 3,674 3,675 3,852