We are living in 1984 (ETERNALBLUE)

In the book 1984, the protagonist questions his sanity, because his memory differs from what appears to be everybody else's memory.

The Party said that Oceania had never been in alliance with Eurasia. He, Winston Smith, knew that Oceania had been in alliance with Eurasia as short a time as four years ago. But where did that knowledge exist? Only in his own consciousness, which in any case must soon be annihilated. And if all others accepted the lie which the Party imposed—if all records told the same tale—then the lie passed into history and became truth. ‘Who controls the past,’ ran the Party slogan, ‘controls the future: who controls the present controls the past.’ And yet the past, though of its nature alterable, never had been altered. Whatever was true now was true from everlasting to everlasting. It was quite simple. All that was needed was an unending series of victories over your own memory. ‘Reality control’, they called it: in Newspeak, ‘doublethink’.

I know that EternalBlue didn't cause the Baltimore ransomware attack. When the attack happened, the entire cybersecurity community agreed that EternalBlue wasn't responsible.

But this New York Times article said otherwise, blaming the Continue reading

Review: Perlroth’s book on the cyberarms market

New York Times reporter Nicole Perlroth has written a book on zero-days and nation-state hacking entitled “This Is How They Tell Me The World Ends”. Here is my review.


I’m not sure what the book intends to be. The blurbs from the publisher implies a work of investigative journalism, in which case it’s full of unforgivable factual errors. However, it reads more like a memoir, in which case errors are to be expected/forgivable, with content often from memory rather than rigorously fact checked notes.


But even with this more lenient interpretation, there are important flaws that should be pointed out. For example, the book claims the Saudi’s hacked Bezos with a zero-day. I claim that’s bunk. The book claims zero-days are “God mode” compared to other hacking techniques, I claim they are no better than the alternatives, usually worse, and rarely used.


But I can’t really list all the things I disagree with. It’s no use. She’s a New York Times reporter, impervious to disagreement.


If this were written by a tech journalist, then criticism would be the expected norm. Tech is full of factual truths, such as whether 2+2=5, where it’s possible for a thing to be Continue reading

Weekend Reads 022621


If you go back and examine all the steps taken to implement the shopping API in this series, you’ll see a purposeful decision to always stick to the simplest possible scenarios. In the process, you end up with the simplest possible solutions.


The Australian Domain Name Administration, AUDA, has recently published its quarterly report for the last quarter of 2020. The report contained the interesting snippet: “The rapid digitisation of our lives and economy – necessitated by COVID-19 – continued to underpin strong growth in .au registrations.”


As a developer, your company hired you to build incredible products that focus on your users’ and customers’ needs. Yet, in the age of microservices, producing the best products relies heavily on efficient cloud service connectivity.


Among the most recent breaches involving Microsoft 365, account takeovers have been the most prevalent attacker technique.


A LexisNexis Risk Solutions study, “Fraud Trends to Watch in 2021,” found the personal information of 45% of Americans was exposed in a data breach in the last five years, MediaPost reports.


“Observability” expands on that monitoring and enables correlation and inspection of the raw data to provide much deeper insights. With the proper instrumentation, observability allows an enterprise, Continue reading

Flow-based monitoring for Magic Transit

Flow-based monitoring for Magic Transit
Flow-based monitoring for Magic Transit

Network-layer DDoS attacks are on the rise, prompting security teams to rethink their L3 DDoS mitigation strategies to prevent business impact. Magic Transit protects customers’ entire networks from DDoS attacks by placing our network in front of theirs, either always on or on demand. Today, we’re announcing new functionality to improve the experience for on-demand Magic Transit customers: flow-based monitoring. Flow-based monitoring allows us to detect threats and notify customers when they’re under attack so they can activate Magic Transit for protection.

Magic Transit is Cloudflare’s solution to secure and accelerate your network at the IP layer. With Magic Transit, you get DDoS protection, traffic acceleration, and other network functions delivered as a service from every Cloudflare data center. With Cloudflare’s global network (59 Tbps capacity across 200+ cities) and <3sec time to mitigate at the edge, you’re covered from even the largest and most sophisticated attacks without compromising performance. Learn more about Magic Transit here.

Using Magic Transit on demand

With Magic Transit, Cloudflare advertises customers’ IP prefixes to the Internet with BGP in order to attract traffic to our network for DDoS protection. Customers can choose to use Magic Transit always on or on demand. With always Continue reading

Taking A Superhybrid Approach To HPC/AI Convergence

AMD has been on such a run with its future server CPUs and server GPUs in the supercomputer market, taking down big deals for big machines coming later this year and out into 2023, that we might forget sometimes that there are many more deals to be done and that neither Intel nor Nvidia are inactive when it comes to trying to get their compute engines into upper echelon machines.

Taking A Superhybrid Approach To HPC/AI Convergence was written by Timothy Prickett Morgan at The Next Platform.

Juniper Rebuilds Its Enterprise SD-WAN Strategy With The Session-Smart Router

Juniper Networks is rebuilding its enterprise SD-WAN strategy around the Session-Smart Router (SSR) from 128 Technology, which Juniper acquired in October 2020. The Session-Smart Router integrates with Juniper's Mist AI platform and will replace Contrail Service Orchestration as its enterprise SD-WAN play.

The post Juniper Rebuilds Its Enterprise SD-WAN Strategy With The Session-Smart Router appeared first on Packet Pushers.

Building Snowflakes On Purpose

We all know that building snowflake networks is bad, right? If it’s not a repeatable process it’s going to end up being a problem down the road. If we can’t refer back to documentation to shows why we did something we’re going to end up causing issues and reducing reliability. But what happens when a snowflake process is required to fix a bigger problem? It’s a fun story that highlights where process can break down sometimes.

Reloaded

I’ve mentioned before that I spent about six months doing telephone tech support for Gateway computers. This was back in 2003 so Windows XP was the hottest operating system out there. The nature of support means that you’re going to be spending more time working on older things. In my case this was Windows 95 and 98. Windows 98 was a pain but it was easy to work on.

One of the most common processes we had for Windows 98 was a system reload. It was the last line of defense to fix massive issues or remove viruses. It was something that was second nature to any of the technicians on the help desk:

  1. Boot from the Gateway tools CD and use GWSCAN Continue reading

Video: High-Level Technology Guidelines

I concluded the Focus on Business Challenges First presentation (part of Business Aspects of Networking Technologies webinar) with a few technology guidelines starting with:

  • Be vendor-agnostic (always look around to see what others are doing);
  • Try to understand how the technology you’re evaluating works (it will help you spot the potential problems before they crash your network);
  • Always select what’s best for your business, not for the sales quota of your friendly $vendor account manager.

For more guidelines, watch the video.

Watch the video

Video: High-Level Technology Guidelines

I concluded the Focus on Business Challenges First presentation (part of Business Aspects of Networking Technologies webinar) with a few technology guidelines starting with:

  • Be vendor-agnostic (always look around to see what others are doing);
  • Try to understand how the technology you’re evaluating really works (it will help you spot the potential problems before they crash your network);
  • Always select what’s best for your business, not for the sales quota of your friendly $vendor account manager.

For more guidelines, watch the video (available with Free ipSpace.net Subscription).

Watch the video

No, 1,000 engineers were not needed for SolarWinds

Microsoft estimates it would take 1,000 to carry out the famous SolarWinds hacker attacks. This means in reality that it was probably fewer than 100 skilled engineers. I base this claim on the following Tweet:


Yes, it would take Microsoft 1,000 engineers to replicate the attacks. But it takes a large company like Microsoft 10-times the effort to replicate anything. This is partly because Microsoft is a big, stodgy corporation. But this is mostly because this is a fundamental property of software engineering, where replicating something takes 10-times the effort of creating the original thing.

It's like painting. The effort to produce a work is often less than the effort to reproduce it. I can throw some random paint strokes on canvas with almost no effort. It would take you an immense amount of work to replicate those same strokes -- even to figure out the exact color of Continue reading

Creating serendipity with Python

Creating serendipity with Python

We've been experimenting with breaking up employees into random groups (of size 4) and setting up video hangouts between them. We're doing this to replace the serendipitous meetings that sometimes occur around coffee machines, in lunch lines or while waiting for the printer. And also, we just want people to get to know each other.

Which lead to me writing some code. The core of which is divide n elements into groups of at least size g minimizing the size of each group. So, suppose an office has 15 employees in it then it would be divided into three groups of sizes 5, 5, 5; if an office had 16 employees it would be 4, 4, 4, 4; if it had 17 employees it would be 4, 4, 4, 5 and so on.

I initially wrote the following code (in Python):

    groups = [g] * (n//g)

    for e in range(0, n % g):
        groups[e % len(groups)] += 1

The first line creates n//g (// is integer division) entries of size g (for example, if g == 4 and n == 17 then groups == [4, 4, 4, 4]). The for loop deals with the 'left over' parts that Continue reading

Changes Go Far Beyond Just AI, Machine Learning

SambaNova Systems is a technology startup founded in 2017 by a group of far-sighted engineers and data scientists who saw that the current approaches to AI and machine learning were beginning to run out of steam, and that an entire new architecture would be necessary in order to make AI accessible for everyone as well as deliver the scale, performance, accuracy and ease of use needed for future applications.

Changes Go Far Beyond Just AI, Machine Learning was written by Daniel Robinson at The Next Platform.

1 726 727 728 729 730 3,784