Declare Your Application State with Tanzu Service Mesh
YES! You can declare your application resiliency state and keep it like that with a combination of Kubernetes and the new application resiliency capabilities in Tanzu Service Mesh.
First things first: what is Tanzu Service Mesh?
Tanzu Service Mesh allows you to create and isolate a logical structure in a Kubernetes cluster, or across different clusters, to achieve an application layer 7 networking and security fabric that you can add values on top of. Just by connecting the dots, we get service discovery, observability, security, and encrypted connectivity for all objects in that global namespace structure. More about TSM global namespaces in excellent blogs here and here.
In this blog, I focus on a new feature that (in my opinion) is a real game-changer for the way we operate and manage application resiliency. As background, I used to work on the customer side for most of my technical career, in operations and infrastructure roles, and the thing I was mostly concerned with was the application and user experience. We had multiple application monitoring solutions that continuously tested user experience via methods such as synthetic transactions (not real user ones) or tap the transaction to get the live experience. Once we Continue reading
Being Persistent With Persistent Memory
Intel in October clarified its memory plans moving forward when it announced it is selling its NAND memory business to SK Hynix in a two-step acquisition that is worth $9 billion and will take until 2025 to be completed. …
Being Persistent With Persistent Memory was written by Jeffrey Burt at The Next Platform.
Don’t Institutionalize the Internet
This opinion piece was originally published by the International Institute for Sustainable Development.
As the United Nations turned 75, UN Secretary-General Antonio Guterres opened the General Assembly by calling for a New Global Deal to ensure that political and economic systems deliver on critical global public goods. “Today, that is simply not happening,” he said. “We have huge gaps in governance structures and ethical frameworks. To close these gaps, we need to ensure that power, wealth and opportunities are broadly and fairly shared.”
At the Internet Society, we couldn’t agree more. But just what will this ‘New Global Deal’ and its governance structures look like with regards to digital cooperation? Let’s make sure that traditional, top-down governance of the Internet is not the answer.
The COVID-19 pandemic has underscored just how much we depend on the Internet and its distributed governance model. Because the Internet is a network of networks, its resilience is largely due to the planning, swift action, and cooperation of its interconnected participants.
And we are just at the beginning of the journey, with only 51% of the world’s population currently able to access the Internet. To get the remaining, unconnected half online, we need collaborative bottom-up Continue reading
? Docker Hub Experimental CLI tool
We are excited to let you know that we have released a new experimental tool. We would love to get your feedback on it. Today we have released an experimental Docker Hub CLI tool, the hub-tool. The new Hub CLI tool lets you explore, inspect and manage your content on Docker Hub as well as work with your teams and manage your account.
The new tool is available as of today for Docker Desktop for Mac and Windows users and we will be releasing this for Linux in early 2021.
The hub-tool is designed to map as closely to the top level features we know people are using in Docker Hub and provide a new way for people to start interacting with and managing their content. Let’s start by taking a look at the top level options we have.
What you can do
We can see that we have the ability to jump into your account, your content, your orgs and your personal access tokens.
From here I can dive into one of my repos
And from here I can then decide to list the tags in one of those repos. This also now lets me see when Continue reading
Weekend Reads 121820
This is a rather oversized edition of the weekend reads… because I seem to have saved up a lot more links than usual.
The PC revolution started off life 35 years ago this week. Microsoft launched its first version of Windows on November 20th, 1985, to succeed MS-DOS. It was a huge milestone that paved the way for the modern versions of Windows we use today. While Windows 10 doesn’t look anything like Windows 1.0, it still has many of its original fundamentals like scroll bars, drop-down menus, icons, dialog boxes, and apps like Notepad Continue reading
Setting Boundaries Before You’re Swamped
We’re at the tail end of 2020 and things are hopeful for 2021. People are looking at the way IT has pulled together to enable working from anywhere and moving resources to the cloud and enabling users to get their jobs done. It’s a testament to the resilience of a group of sanitation workers behind the scenes whose job it is to clean up after management and sales and do the jobs no one else wants to do.
The cynic in me is worried about what the future is going to hold now that we’ve managed to transform the way we work. I couldn’t quite put my finger on it until I was checking out this Reddit thread from last week. The top rant had an interesting perspective on the way that 2021 is going to go for workers and I couldn’t agree more. My dread has a name, and it’s Overwork.
Harder, Not Smarter
If anything, 2020 proved that we can do amazing things with the right motivation. The superhero mentality of IT paid off handsomely as we stood up remote access servers and found ways to get access to resources for people that couldn’t come into the office Continue reading
How Strong Encryption Can Protect Survivors of Domestic Violence
For many of us in quarantine, our only privacy often comes in the form of digital communications. While we’re cooped up in our homes with other people, the online world can be a place to blow off steam, find distractions, and even seek refuge. This is especially true for survivors of domestic violence, sexual violence, stalking, and trafficking, who have historically relied on encrypted communications to find support and an escape.
This year has been particularly hard for survivors. Factor in spiking COVID-19 cases, the long slog of sheltering in place, economic uncertainty, and, in some regions, colder weather and shorter days – plus December and January holidays, which traditionally see an uptick in domestic violence incidents – and you have a perfect storm. Access to private online communication isn’t just a way to find support and escape, but a means of survival.
With the risk of domestic violence higher now, it is even more essential that we protect survivors’ privacy and safety online. In a pandemic, survivors may only be able to rely on digital communications for help, to limit in-person interactions.
This is why we worked with the National Network to End Domestic Violence to put together a Continue reading
John Capobianco | Automating the Canadian Parliament Network
John Capobianco, Senior IT Planner and Integrator at House of Commons, joins co-hosts Derick and Brandon to dive into his journey to network automation for the Canadian Parliament. If you're curious about network automation or have already begun to implement, this is the episode for you!
Heavy Networking 555: Top Network Design Trends Of 2020
Today's episode is the last Heavy Networking of 2020. In the spirit of an end-of-year reflection, we're going to talk about network design trends from this year, some of which were driven, or at least accelerated, by the pandemic hellscape that was 2020. Our guest is Zig Zsiga, a network designer, architect, CCDE, and instructor.Heavy Networking 555: Top Network Design Trends Of 2020
Today's episode is the last Heavy Networking of 2020. In the spirit of an end-of-year reflection, we're going to talk about network design trends from this year, some of which were driven, or at least accelerated, by the pandemic hellscape that was 2020. Our guest is Zig Zsiga, a network designer, architect, CCDE, and instructor.
The post Heavy Networking 555: Top Network Design Trends Of 2020 appeared first on Packet Pushers.
Computing Euclidean distance on 144 dimensions
Late last year I read a blog post about our CSAM image scanning tool. I remember thinking: this is so cool! Image processing is always hard, and deploying a real image identification system at Cloudflare is no small achievement!
Some time later, I was chatting with Kornel: "We have all the pieces in the image processing pipeline, but we are struggling with the performance of one component." Scaling to Cloudflare needs ain't easy!
The problem was in the speed of the matching algorithm itself. Let me elaborate. As John explained in his blog post, the image matching algorithm creates a fuzzy hash from a processed image. The hash is exactly 144 bytes long. For example, it might look like this:
00e308346a494a188e1043333147267a 653a16b94c33417c12b433095c318012
5612442030d14a4ce82c623f4e224733 1dd84436734e4a5d6e25332e507a8218
6e3b89174e30372d
The hash is designed to be used in a fuzzy matching algorithm that can find "nearby", related images. The specific algorithm is well defined, but making it fast is left to the programmer — and at Cloudflare we need the matching to be done super fast. We want to match thousands of hashes per second, of images passing through our network, against a database of millions of known images. To make this work, Continue reading
Streaming Telemetry with Avi Freedman on Software Gone Wild
Remember my rant how “fail fast, fail often sounds great in a VC pitch deck, and sucks when you have to deal with its results”? Streaming telemetry is no exception to this rule, and Avi Freedman (CEO of Kentik) has been on the receiving end of this gizmo long enough to have to deal with several generations of experiments… and formed a few strong opinions.
Unfortunately Avi is still a bit more diplomatic than Artur Bergman – another CEO I love for his blunt statements – but based on his NFD16 presentation I expected a lively debate, and I was definitely not disappointed.
Streaming Telemetry with Avi Freedman on Software Gone Wild
Remember my rant how “fail fast, fail often sounds great in a VC pitch deck, and sucks when you have to deal with its results”? Streaming telemetry is no exception to this rule, and Avi Freedman (CEO of Kentik) has been on the receiving end of this gizmo long enough to have to deal with several generations of experiments… and formed a few strong opinions.
Unfortunately Avi is still a bit more diplomatic than Artur Bergman – another CEO I love for his blunt statements – but based on his NFD16 presentation I expected a lively debate, and I was definitely not disappointed.
A quirk in the SUNBURST DGA algorithm
On Wednesday, December 16, the RedDrip Team from QiAnXin Technology released their discoveries (tweet, github) regarding the random subdomains associated with the SUNBURST malware which was present in the SolarWinds Orion compromise. In studying queries performed by the malware, Cloudflare has uncovered additional details about how the Domain Generation Algorithm (DGA) encodes data and exfiltrates the compromised hostname to the command and control servers.
Background
The RedDrip team discovered that the DNS queries are created by combining the previously reverse-engineered unique guid (based on hashing of hostname and MAC address) with a payload that is a custom base 32 encoding of the hostname. The article they published includes screenshots of decompiled or reimplemented C# functions that are included in the compromised DLL. This background primer summarizes their work so far (which is published in Chinese).
RedDrip discovered that the DGA subdomain portion of the query is split into three parts:
<encoded_guid> + <byte> + <encoded_hostname>
An example malicious domain is:
7cbtailjomqle1pjvr2d32i2voe60ce2.appsync-api.us-east-1.avsvmcloud.com
Where the domain is split into the three parts as
| Encoded guid Continue reading |
|---|