Privacy needs to be built into the Internet

Privacy needs to be built into the Internet
Privacy needs to be built into the Internet

The first phase of the Internet lasted until the early 1990s. During that time it was created and debugged, and grew globally. Its growth was not hampered by concerns about data security or privacy. Until the 1990s the race was for connectivity.

Connectivity meant that people could get online and use the Internet wherever they were. Because the “inter” in Internet implied interoperability the network was able to grow rapidly using a variety of technologies. Think dialup modems using ordinary phones lines, cable modems sending the Internet over coax originally designed for television, Ethernet, and, later, fibre optic connections and WiFi.

By the 1990s, the Internet was being used widely and for uses far beyond its academic origins. Early web pioneers, like Netscape, realized that the potential for e-commerce was gigantic but would be held back if people couldn’t have confidence in the security of online transactions.

Thus, with the introduction of SSL in 1994, the Internet moved to a second phase where security became paramount. Securing the web, and the Internet more generally, helped create the dotcom rush and the secure, online world we live in today. But this security was misunderstood by some as providing guarantees about privacy Continue reading

Introducing the Cloudflare Data Localization Suite

Introducing the Cloudflare Data Localization Suite
Introducing the Cloudflare Data Localization Suite

Today we’re excited to announce the Cloudflare Data Localization Suite, which helps businesses get the performance and security benefits of Cloudflare’s global network, while making it easy to set rules and controls at the edge about where their data is stored and protected.

The Data Localization Suite is available now as an add-on for Enterprise customers.

Cloudflare’s network is private and compliant by design. Preserving end-user privacy is core to our mission of helping to build a better Internet; we’ve never sold personal data about customers or end users of our network. We comply with laws like GDPR and maintain certifications such as ISO-27001.

Today, we're announcing tools that make it simple for our customers to build the same rigor into their own applications. In this post, I'll explain the different types of data that we process and how the Data Localization Suite keeps this data local.

We’ll also talk about how Cloudflare makes it possible to build applications that comply with data locality laws, while remaining fast, secure and scalable.

Why keep data local?

Cloudflare's customers have increasing desire or face legal requirements for data locality: they want to control the geographic location where their data is handled. Continue reading

Updated: Getting Network Device Operational Data with Ansible

Recording the same content for the third time because software developers decided to write code before figuring out what needs to be done is disgusting… so it took me a long long while before I collected enough willpower to rewrite and retest all the examples and re-record the Getting Operational Data section of Ansible for Networking Engineers webinar.

The new videos explain how to consume data generated by show commands in JSON or XML format, and how to parse the traditional text-based show printouts. I dropped mentions of (semi)failed experiments like Ansible parse_cli and focused on things that work well: TextFSM, in particular with ntc-templates library, pyATS/Genie, and TTP. On the positive side, I liked the slick new cli_parse module… let’s hope it will stay that way for at least a few years.

On a totally unrelated topic, I realized (again) that fail fast, fail often sounds great in a VC pitch deck, and sucks when you have to deal with its results.

Updated: Getting Network Device Operational Data with Ansible

Recording the same content for the third time because software developers decided to write code before figuring out what needs to be done is disgusting… so it took me a long long while before I collected enough willpower to rewrite and retest all the examples and re-record the Getting Operational Data section of Ansible for Networking Engineers webinar.

The new videos explain how to consume data generated by show commands in JSON or XML format, and how to parse the traditional text-based show printouts. I dropped mentions of (semi)failed experiments like Ansible parse_cli and focused on things that work well: TextFSM, in particular with ntc-templates library, pyATS/Genie, and TTP. On the positive side, I liked the slick new cli_parse module… let’s hope it will stay that way for at least a few years.

On a totally unrelated topic, I realized (again) that fail fast, fail often sounds great in a VC pitch deck, and sucks when you have to deal with its results.

Welcome to Privacy & Compliance Week: Reflecting Values at Cloudflare’s Core

Welcome to Privacy & Compliance Week: Reflecting Values at Cloudflare’s Core
Welcome to Privacy & Compliance Week: Reflecting Values at Cloudflare’s Core

Tomorrow kicks off Cloudflare's Privacy & Compliance Week. Over the course of the week, we'll be announcing ways that our customers can use our service to ensure they are in compliance with an increasingly complicated set of rules and laws around the world.

Early in Cloudflare's history, when Michelle, Lee, and I were talking about the business we wanted to build, we kept coming back to the word trust. We realized early on that if we were not trustworthy then no one would ever choose to route their Internet traffic through us. Above all else, we are in the trust business.

Every employee at Cloudflare goes through orientation. I teach one of the sessions titled "What Is Cloudflare?" I fill several white boards with notes and diagrams talking about where we fit in to the market. But I leave one for the end so I can write the word TRUST, in capital letters, and underline it three times. Trust is the foundation of our business.

Standing Up For Our Customers from Our Early Days

That's why we've made decisions that other companies may not have. In January 2013 the FBI showed up at our door with a National Security Continue reading

Getting DevNet Associate (200-901) Certified

Earlier this week I got DevNet Associate certified, using the online testing offering. The TL DR of this post is going to be this:

I have no affiliation with Pluralsight or anyone else, by the way. It’s just that it happens that Nick’s content is there. This may sound like a very simple plan but it has worked for me and many before me. If you follow his plan, you will be prepared to take the test and have an excellent chance of passing.

Now, for the longer version of this post. As with any certification, you need to check the blueprint and assess your current skill level pertaining to those topics. The DevNet Associate has these major areas of topics:

  • Software development and design (15%)
  • Understanding and using APIs (20%)
  • Cisco platforms and development (15%)
  • Application deployment and security (15%)
  • Infrastructure and automation (20%)
  • Network fundamentals (15%)

With my background as a networking expert, this means that I don’t need to spend much time on network fundamentals. For the rest of the blueprint, Continue reading

Coping With The Learning Treadmill

Networking can feel like it’s a never ending game of catch up when it comes to learning. During our live stream with Tim McConnaughy we chat about this learning treadmill and how to navigate the never ending need to learn in this industry.

https://carpe-dmvpn.com/ (Tim’s Site)

See more content like this on our Youtube channel.

The post Coping With The Learning Treadmill appeared first on Network Collective.

Interesting: Differential Availability

Someone pointed me to a high-level overview of Google’s Spanner database which included this gem:

A second refinement is that there are many other sources of outages, some of which take out the users in addition to Spanner (“fate sharing”). We actually care about the differential availability, in which the user is up (and making a request) to notice that Spanner is down. This number is strictly higher (more available) than Spanner’s actual availability — that is, you have to hear the tree fall to count it as a problem.

In other words, it doesn’t matter if your distributed database fails if its user are also gone. Keep this concept in mind every time you’re designing a high availability solution – some corner cases are simply not worth solving.

Interesting: Differential Availability

Someone pointed me to a high-level overview of Google’s Spanner database which included this gem:

A second refinement is that there are many other sources of outages, some of which take out the users in addition to Spanner (“fate sharing”). We actually care about the differential availability, in which the user is up (and making a request) to notice that Spanner is down. This number is strictly higher (more available) than Spanner’s actual availability — that is, you have to hear the tree fall to count it as a problem.

In other words, it doesn’t matter if your distributed database fails if its user are also gone. Keep this concept in mind every time you’re designing a high availability solution – some corner cases are simply not worth solving.

Seeking Knowledge and Willful Ignorance

I had a great time recording a fun episode of Seeking Truth in Networking, an awesome podcast with my friends Derick Winkworth and Brandon Heller. We talked a lot about a variety of different topics, but the one I want to spend a few more minutes on here came in the first five minutes. Brandon asked me what question I liked to be asked and I mentioned that love to be asked about learning. My explanation included the following line:

I feel like the gap between people that don’t understand something and the willfully ignorant is that ability to take a step out and say “I don’t know the answer to this but I’m going to find out.”

I’ve always said that true learners are the ones that don’t accept the unknown. They want to find the answer. They want to be able to understand something as completely as they can. Those that I consider to be willfully ignorant choose not to do that.

Note that there is a difference between incidentally ignorant and willfully ignorant. People who are incidentally ignorant are unaware they don’t know something. They haven’t had the opportunity to learn or change their thought Continue reading

Explore VMware’s Virtual Cloud Network Vision with Tom Gillis

The past year has been filled with challenges. It’s been difficult to adapt to the new realities of how we work, how users access applications, and how we build out and scale our network infrastructures. But challenges lead to opportunities. In his Virtual Cloud Network keynote at VMworld 2020, Tom Gillis, general manager of the networking and security business unit at VMware, urged participants to rethink how they operate and then come up with new processes and approaches that will help them move faster into the future.

In his presentation, Gillis describes how forward-thinking companies are able to:

  1. Take the corporate network and stretch it into remote users’ living rooms,
  2. Deliver public cloud experiences to on-premises data centers, and
  3. Bridge the virtual and physical worlds in a true hybrid cloud environment with consistent policy and management enforcement.

With these capabilities (and there are VMware customers doing this today!), organizations can deploy a completed workload to any user across any infrastructure, including all the necessary networking and security bells and whistles, with a single click.

VMware enables this new approach via its Virtual Cloud Networking (VCN) portfolio. Whether through our SD-WAN technology delivering a LAN-like experience to distributed users, or Continue reading

Weekend Reads 120420

CrowdSec is an open source security engine that analyzes visitor behavior and provides an adapted response to all kinds of attacks. It parses logs from any source and applies heuristic scenarios to identify aggressive behavior and protect against most attack classes.

The “network perimeter” is an increasingly meaningless term; the perimeter is everywhere and the network is constantly interacting with employees, workloads and even the networks of both suppliers and customers. Integration enables success, but it also means that prevention of information security compromise events.

As cryptographic analysis and related technologies advance, the signing algorithms at the heart of DNSSEC have to keep up. Moritz Müller and colleagues take a look at barriers on the road to more secure algorithms and discuss ways to make the journey faster.

When a website you visit asks permission to send notifications and you approve the request, the resulting messages that pop up appear outside of the browser. For example, on Microsoft Windows systems they typically show up in the bottom right corner of the screen — just above the system clock. These so-called “push notifications” rely on an Internet standard designed to work similarly across different operating systems and web browsers.

Open source Continue reading

1 779 780 781 782 783 3,784