The Week in Internet News: Lawmakers Point to ‘Extremist’ Content on YouTube

Extreme video: A group of Democratic lawmakers in the U.S. has demanded that YouTube explain its policies related to dealing with extremist content, Yahoo News reports. “Incendiary content that indoctrinates, radicalizes, and mobilizes extremists continues to flourish” on YouTube, the lawmakers wrote.

Blaming encryption: Meanwhile, a new government report on possible extremist attacks on the U.S. Capitol says information on future plans are becoming harder to find because militia groups have shifted to encryption tools, Axios reports. U.S. law enforcement authorities appear to be trying to resurrect their calls for encryption backdoors even as extremist groups post information on public websites like YouTube.

Blaming the website: The U.S. isn’t the only government looking to hold websites more responsible for user-generated content. India’s information technology ministry has finalized a set of rules intended to make online service providers more accountable for their users’ bad behavior, Brookings.edu notes. The Brookings blog post suggests that this effort, mirrored by a similar debate in the U.S., will be a grave threat to free speech and privacy rights.

Clamping down: Meanwhile basic rights in 10 African countries are threatened by a trend toward digital authoritarianism, according to a Continue reading

The benefits of serving stale DNS entries when using Consul

Introduction

The benefits of serving stale DNS entries when using Consul

We use Consul for service discovery, and we’ve deployed a cluster that spans several of our data centers. This cluster exposes HTTP and DNS interfaces so that clients can query the Consul catalog and search for a particular service and the majority of the clients use DNS. We were aware from the start that the DNS query latencies were not great from certain parts of the world that were furthest away from these data centers. This, together with the fact that we use DNS over TLS, results in some long latencies. The TTL of these names being low makes it even more impractical when resolving these names in the hot path.

The usual way to solve these issues is by caching values so that at least subsequent requests are resolved quickly, and this is exactly what our resolver of choice, Unbound, is configured to do. The problem remains when the cache expires. When it expires, the next client will have to wait while Unbound resolves the name using the network. To have a low recovery time in case some service needs to failover and clients need to use another address we use a small TTL (30 seconds) Continue reading

Happy International Women’s Day!

Happy International Women’s Day!
Happy International Women’s Day!

Here at Cloudflare, we’re thrilled to celebrate International Women’s Day today! We have tons of events planned throughout the month of March, which is our way of honoring Women’s Empowerment Month. We’ll be making sure we acknowledge women’s achievements, raise awareness about women’s equality, and lobby for accelerated gender parity — Cloudflare style.

We take the International Women’s Day initiatives and its calls to action seriously. Then again, how could we not? The latest 2020 Global Gender Gap Report from the World Economic Forum indicates that it’ll take another 257 years to close the gender gap, if we continue at our current pace of progress. It’s going to take all of us to make a positive impact and accelerate the reality of a gender equal world.

Introducing Womenflare

Before we dive further into how we’re planning to celebrate International Women’s Day and Women’s Empowerment Month, we’d like to introduce ourselves. We’re Womenflare — Cloudflare’s Employee Resource Group (ERG) for all who identify as and advocate for women (Talea and Angela are the global Womenflare leads and John is the Womenflare executive advocate). We launched Womenflare on International Women’s Day in 2020, and it was one of the last things we Continue reading

Pure Storage, Equinix team for new bare-metal offerings

Flash-array vendor Pure Storage and data-center provider Equinix have teamed to deliver Pure Storage on Equinix Metal, a joint offering the companies claim can deliver physical infrastructure at software speed.The platform provides enterprises with embedded storage and on-demand availability of network and compute services, typical of the cloud. The solution is designed to support a range of storage use cases and is provided by both vendors under a single contract.To read this article in full, please click here

Pure Storage, Equinix team for new bare-metal offerings

Flash-array vendor Pure Storage and data-center provider Equinix have teamed to deliver Pure Storage on Equinix Metal, a joint offering the companies claim can deliver physical infrastructure at software speed.The platform provides enterprises with embedded storage and on-demand availability of network and compute services, typical of the cloud. The solution is designed to support a range of storage use cases and is provided by both vendors under a single contract.To read this article in full, please click here

WAN challenges steer auto-rental firm to SASE

Latency and reliability concerns set car rental company Sixt on a path to rearchitect its WAN. That led the global company, which has locations in more than 100 countries, to become an early adopter of the network-security architecture dubbed secure access service edge (SASE) by research firm Gartner. Tech Spotlight: Security 4 ways to keep the cybersecurity conversation going after the crisis (CSO) Mitigating the hidden risks of digital transformation (CIO) WFH security lessons from the pandemic (Computerworld) WAN challenges steer Sixt to cloud-native SASE deployment (Network World) 6 security risks in software development — and how to address them (InfoWorld) SASE, pronounced "sassy," blends SD-WAN's network optimization features with security capabilities such as zero-trust authentication, data loss prevention, threat detection, and encryption. Driven by demand for a more efficient, scalable network-security architecture, SASE can enable greater network reliability, more flexible deployment options, and pervasive security. The technology is in its infancy but projected to grow quickly. Gartner estimates at least 40% of enterprises will have explicit strategies to adopt SASE by 2024, up from less than 1% at the end of 2018.To read this article in full, please click here

WAN challenges steer auto-rental firm to SASE

Latency and reliability concerns set car rental company Sixt on a path to rearchitect its WAN. That led the global company, which has locations in more than 100 countries, to become an early adopter of the network-security architecture dubbed secure access service edge (SASE) by research firm Gartner. Tech Spotlight: Security 4 ways to keep the cybersecurity conversation going after the crisis (CSO) Mitigating the hidden risks of digital transformation (CIO) WFH security lessons from the pandemic (Computerworld) WAN challenges steer Sixt to cloud-native SASE deployment (Network World) 6 security risks in software development — and how to address them (InfoWorld) SASE, pronounced "sassy," blends SD-WAN's network optimization features with security capabilities such as zero-trust authentication, data loss prevention, threat detection, and encryption. Driven by demand for a more efficient, scalable network-security architecture, SASE can enable greater network reliability, more flexible deployment options, and pervasive security. The technology is in its infancy but projected to grow quickly. Gartner estimates at least 40% of enterprises will have explicit strategies to adopt SASE by 2024, up from less than 1% at the end of 2018.To read this article in full, please click here

Aruba chief: Enterprises must adjust to new normal of remote working

When HPE bought Aruba in 2015, Aruba’s then-president and CEO Dominic Orr said that his company had effectively acquired HP Networking. Aruba’s performance since then has largely borne out Orr’s bullish prediction, as the company has become the driving force behind HPE’s enterprise networking efforts and dramatically grown its market share, expanding beyond its roots as a primarily mid-sized campus networking provider to become a leading competitor to the market’s 800-pound gorilla, Cisco.With HPE’s most recent earnings reports showing the Aruba division having posted $806 million in revenues for the first fiscal quarter of 2021, up 12% year-over-year, Keerti Melkote, president and founder of Aruba, sat down with Network World to talk about network architecture, competing technologies and more.To read this article in full, please click here

Implementing Layer-2 Networks in a Public Cloud

A few weeks ago I got an excited tweet from someone working at Oracle Cloud Infrastructure: they launched full-blown layer-2 virtual networks in their public cloud to support customers migrating existing enterprise spaghetti mess into the cloud.

Let’s skip the usual does everyone using the applications now have to pay for Oracle licenses and I wonder what the lock in might be when I migrate my workloads into an Oracle cloud jokes and focus on the technical aspects of what they claim they implemented. Here’s my immediate reaction (limited to the usual 280 characters, because that’s the absolute upper limit of consumable content these days):

Read more …

Implementing Layer-2 Networks in a Public Cloud

A few weeks ago I got an excited tweet from someone working at Oracle Cloud Infrastructure: they launched full-blown layer-2 virtual networks in their public cloud to support customers migrating existing enterprise spaghetti mess into the cloud.

Let’s skip the usual does everyone using the applications now have to pay for Oracle licenses and I wonder what the lock in might be when I migrate my workloads into an Oracle cloud jokes and focus on the technical aspects of what they claim they implemented. Here’s my immediate reaction (limited to the usual 280 characters, because that’s the absolute upper limit of consumable content these days):

Read more …

Getting Started with eBPF and Go

eBPF has a thriving ecosystem with a plethora of educational resources both on the subject of eBPF itself and its various application, including XDP. Where it becomes confusing is when it comes to the choice of libraries and tools to interact with and orchestrate eBPF. Here you have to select between a Python-based BCC framework, C-based libbpf and a range of Go-based libraries from Dropbox, Cilium, Aqua and Calico. Another important area that is often overlooked is the “productionisation” of the eBPF code, i.e. going from manually instrumented examples towards production-grade applications like Cilium. In this post, I’ll document some of my findings in this space, specifically in the context of writing a network (XDP) application with a userspace controller written in Go.

Choosing an eBPF library

In most cases, an eBPF library is there to help you achieve two things:

  • Load eBPF programs and maps into the kernel and perform relocations, associating an eBPF program with the correct map via its file descriptor.
  • Interact with eBPF maps, allowing all the standard CRUD operations on the key/value pairs stored in those maps.

Some libraries may also help you attach your eBPF program to a specific Continue reading

Developing NetBox Plugin – Part 5 – Permissions and API

In previous installments of this series we built out a fully functional plugin dedicated to tracking Bgp Peering connections. In this post we'll add final components: object permissions and API views.

Developing NetBox Plugin tutorial series

Contents

Adding permissions

Right now all users can view, edit and delete Bgp Peering objects. In the production system we would like to be able to have more granular control over who can perform a given operation. This is where the permissions system comes in.

In our plugin we will leverage Django authentication system [1] to enable permissions for views we built out.

Adding permissions to views

Below are the changes I made to views.py to Continue reading

MUST READ: Systems Design Explains the World

The one and only Avery Pennarun (of the world in which IPv6 was a good design fame) is back with another absolutely-must-read article explaining how various archetypes apply to real-world challenges, including:

  • Hierarchies and decentralization (and why decentralization is a myth)
  • Chicken-and-egg problem (and why some good things fail)
  • Second-system effect (or why it’s better to refactor than to rewrite)
  • Innovator’s dilemma (or why large corporations become obsolete)

If you think none of these applies to networking, you’re probably wrong… but of course please write a comment if you still feel that way after reading Avery’s article.

MUST READ: Systems Design Explains the World

The one and only Avery Pennarun (of the world in which IPv6 was a good design fame) is back with another absolutely-must-read article explaining how various archetypes apply to real-world challenges, including:

  • Hierarchies and decentralization (and why decentralization is a myth)
  • Chicken-and-egg problem (and why some good things fail)
  • Second-system effect (or why it’s better to refactor than to rewrite)
  • Innovator’s dilemma (or why large corporations become obsolete)

If you think none of these applies to networking, you’re probably wrong… but of course please write a comment if you still feel that way after reading Avery’s article.

Protecting against recently disclosed Microsoft Exchange Server vulnerabilities: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065

Protecting against recently disclosed Microsoft Exchange Server vulnerabilities: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065

Enabling the Cloudflare WAF and Cloudflare Specials ruleset protects against exploitation of unpatched CVEs: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065.

Cloudflare has deployed managed rules protecting customers against a series of remotely exploitable vulnerabilities that were recently found in Microsoft Exchange Server. Web Application Firewall customers with the Cloudflare Specials ruleset enabled are automatically protected against CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065.

If you are running Exchange Server 2013, 2016, or 2019, and do not have the Cloudflare Specials ruleset enabled, we strongly recommend that you do so. You should also follow Microsoft’s urgent recommendation to patch your on-premise systems immediately. These vulnerabilities are actively being exploited in the wild by attackers to exfiltrate email inbox content and move laterally within organizations’ IT systems.

Edge Mitigation

If you are running the Cloudflare WAF and have enabled the Cloudflare Specials ruleset, there is nothing else you need to do. We have taken the unusual step of immediately deploying these rules in “Block” mode given active attempted exploitation.

If you wish to disable the rules for any reason, e.g., you are experiencing a false positive mitigation, you can do so by following these instructions:

  1. Login to the Cloudflare Dashboard Continue reading

Controversial Reads 030621


The worldwide plans for EV domination of the vehicle population are like having the plans to build a large house without sufficient materials being available to ever finish the house.


This is how the squeeze worked: A few large hedge funds had “shorted” GameStop. That means that they had borrowed the stock, with the intention of returning it when the share price moved lower, as they expected it would, leaving them with a profit.


The worldwide plans for EV domination of the vehicle population are like having the plans to build a large house without sufficient materials being available to ever finish the house.


A new canvassing of experts in technology, communications and social change by Pew Research Center and Elon University’s Imagining the Internet Center finds that many expect similar impacts to emerge from the COVID-19 outbreak.


A famed Silicon Valley dictum is to ask for forgiveness, not permission. Breaking the law has had no consequences, and policymakers have not been too exercised to create new laws for Big Tech to follow.


Today, the Supreme Court of the United Kingdom ruled on an important question as to whether certain drivers who work with Uber are entitled to certain protections Continue reading

Worth Reading: Career Advice for Young Engineers

David Bombal invited me for another short chat – this time on what I recommend young networking engineers just starting their career. As I did a bit of a research I stumbled upon some great recommendations on Quora:

I couldn’t save the pages to Internet Archive (looks like it’s not friendly with Quora), so I can only hope they won’t disappear ;)

1 770 771 772 773 774 3,835