Weekend Reads 121820

This is a rather oversized edition of the weekend reads… because I seem to have saved up a lot more links than usual.

There comes a time in every developer’s life (or daily routine, we’re not here to judge) where they have to go and fix a bug. Back in the days when I used to be a developer, I distinctly remember how each time I would go face to face with a bug, my favorite method to fix it was to add log lines. I mean, why not, right?

Cybersecurity researchers on Thursday disclosed details of a previously undiscovered in-memory Windows backdoor developed by a hacker-for-hire operation that can execute remotely malicious code and steal sensitive information from its targets in Asia, Europe, and the US.

The PC revolution started off life 35 years ago this week. Microsoft launched its first version of Windows on November 20th, 1985, to succeed MS-DOS. It was a huge milestone that paved the way for the modern versions of Windows we use today. While Windows 10 doesn’t look anything like Windows 1.0, it still has many of its original fundamentals like scroll bars, drop-down menus, icons, dialog boxes, and apps like Notepad Continue reading

Setting Boundaries Before You’re Swamped

We’re at the tail end of 2020 and things are hopeful for 2021. People are looking at the way IT has pulled together to enable working from anywhere and moving resources to the cloud and enabling users to get their jobs done. It’s a testament to the resilience of a group of sanitation workers behind the scenes whose job it is to clean up after management and sales and do the jobs no one else wants to do.

The cynic in me is worried about what the future is going to hold now that we’ve managed to transform the way we work. I couldn’t quite put my finger on it until I was checking out this Reddit thread from last week. The top rant had an interesting perspective on the way that 2021 is going to go for workers and I couldn’t agree more. My dread has a name, and it’s Overwork.

Harder, Not Smarter

If anything, 2020 proved that we can do amazing things with the right motivation. The superhero mentality of IT paid off handsomely as we stood up remote access servers and found ways to get access to resources for people that couldn’t come into the office Continue reading

How Strong Encryption Can Protect Survivors of Domestic Violence

For many of us in quarantine, our only privacy often comes in the form of digital communications. While we’re cooped up in our homes with other people, the online world can be a place to blow off steam, find distractions, and even seek refuge. This is especially true for survivors of domestic violence, sexual violence, stalking, and trafficking, who have historically relied on encrypted communications to find support and an escape.

This year has been particularly hard for survivors. Factor in spiking COVID-19 cases, the long slog of sheltering in place, economic uncertainty, and, in some regions, colder weather and shorter days – plus December and January holidays, which traditionally see an uptick in  domestic violence incidents – and you have a perfect storm. Access to private online communication isn’t just a way to find support and escape, but a means of survival.

With the risk of domestic violence higher now, it is even more essential that we protect survivors’ privacy and safety online. In a pandemic, survivors may only be able to rely on digital communications for help, to limit in-person interactions.

This is why we worked with the National Network to End Domestic Violence to put together a Continue reading

Heavy Networking 555: Top Network Design Trends Of 2020

Today's episode is the last Heavy Networking of 2020. In the spirit of an end-of-year reflection, we're going to talk about network design trends from this year, some of which were driven, or at least accelerated, by the pandemic hellscape that was 2020. Our guest is Zig Zsiga, a network designer, architect, CCDE, and instructor.

The post Heavy Networking 555: Top Network Design Trends Of 2020 appeared first on Packet Pushers.

Computing Euclidean distance on 144 dimensions

Computing Euclidean distance on 144 dimensions
Computing Euclidean distance on 144 dimensions

Late last year I read a blog post about our CSAM image scanning tool. I remember thinking: this is so cool! Image processing is always hard, and deploying a real image identification system at Cloudflare is no small achievement!

Some time later, I was chatting with Kornel: "We have all the pieces in the image processing pipeline, but we are struggling with the performance of one component." Scaling to Cloudflare needs ain't easy!

The problem was in the speed of the matching algorithm itself. Let me elaborate. As John explained in his blog post, the image matching algorithm creates a fuzzy hash from a processed image. The hash is exactly 144 bytes long. For example, it might look like this:

00e308346a494a188e1043333147267a 653a16b94c33417c12b433095c318012
5612442030d14a4ce82c623f4e224733 1dd84436734e4a5d6e25332e507a8218
6e3b89174e30372d

The hash is designed to be used in a fuzzy matching algorithm that can find "nearby", related images. The specific algorithm is well defined, but making it fast is left to the programmer — and at Cloudflare we need the matching to be done super fast. We want to match thousands of hashes per second, of images passing through our network, against a database of millions of known images. To make this work, Continue reading

Streaming Telemetry with Avi Freedman on Software Gone Wild

Remember my rant how “fail fast, fail often sounds great in a VC pitch deck, and sucks when you have to deal with its results”? Streaming telemetry is no exception to this rule, and Avi Freedman (CEO of Kentik) has been on the receiving end of this gizmo long enough to have to deal with several generations of experiments… and formed a few strong opinions.

Unfortunately Avi is still a bit more diplomatic than Artur Bergman – another CEO I love for his blunt statements – but based on his NFD16 presentation I expected a lively debate, and I was definitely not disappointed.

Enjoy the podcast

Streaming Telemetry with Avi Freedman on Software Gone Wild

Remember my rant how “fail fast, fail often sounds great in a VC pitch deck, and sucks when you have to deal with its results”? Streaming telemetry is no exception to this rule, and Avi Freedman (CEO of Kentik) has been on the receiving end of this gizmo long enough to have to deal with several generations of experiments… and formed a few strong opinions.

Unfortunately Avi is still a bit more diplomatic than Artur Bergman – another CEO I love for his blunt statements – but based on his NFD16 presentation I expected a lively debate, and I was definitely not disappointed.

Enjoy the podcast

A quirk in the SUNBURST DGA algorithm

A quirk in the SUNBURST DGA algorithm
A quirk in the SUNBURST DGA algorithm

On Wednesday, December 16, the RedDrip Team from QiAnXin Technology released their discoveries (tweet, github) regarding the random subdomains associated with the SUNBURST malware which was present in the SolarWinds Orion compromise. In studying queries performed by the malware, Cloudflare has uncovered additional details about how the Domain Generation Algorithm (DGA) encodes data and exfiltrates the compromised hostname to the command and control servers.

Background

The RedDrip team discovered that the DNS queries are created by combining the previously reverse-engineered unique guid (based on hashing of hostname and MAC address) with a payload that is a custom base 32 encoding of the hostname. The article they published includes screenshots of decompiled or reimplemented C# functions that are included in the compromised DLL. This background primer summarizes their work so far (which is published in Chinese).

RedDrip discovered that the DGA subdomain portion of the query is split into three parts:

<encoded_guid> + <byte> + <encoded_hostname>

An example malicious domain is:

7cbtailjomqle1pjvr2d32i2voe60ce2.appsync-api.us-east-1.avsvmcloud.com

Where the domain is split into the three parts as

Encoded guid Continue reading

Using the Linux arping command to ping local systems

The arping command is one of the lesser known commands that works much like the ping command.The name stands for “arp ping” and it’s a tool that allows you to perform limited ping requests in that it collects information on local systems only. The reason for this is that it uses a Layer 2 network protocol and is, therefore, non-routable. The arping command is used for discovering and probing hosts on your local network.[Get regularly scheduled insights by signing up for Network World newsletters.] If arping isn’t installed on your system, you should be able take care of that with one of these commands:To read this article in full, please click here

Developing Enterprise Software with Scalability Top of Mind

Yasser Ganjisaffar Yasser Ganjisaffar is the VP of Engineering at Forward Networks, overseeing all the company’s engineering efforts. He joined Forward Networks in 2014 as an early employee and led the team that scaled the computation core of Forward Enterprise product by 1000x in five years. Prior to that, he built large-scale search infrastructures in Facebook and Microsoft. He holds a Computer Science Ph.D. in the information retrieval domain. Developing enterprise software is far from simple. Designing a platform to serve hundreds of thousands of users, devices, or data streams (sometimes all at once) is a Herculean task. But that doesn’t mean that it’s impossible to approach the design methodology in a way that encourages scalability in the future. Scalability is one of the most important considerations in making a new software solution. Without it, the software cannot support user growth without crippling the user experience, and similarly inhibiting sales. Making a scalable software platform is challenging simply because it’s near impossible to know what factors, options and problems the vendor needs to take into consideration beforehand, requiring companies to instead iterate along the way. That was the issue

Mizar: Scalable Multitenant Networking with XDP on Kubernetes

Mizar is an open source project providing cloud networking to run virtual machines, containers, and other compute workloads. We built Mizar from the ground up with large scale and high performance in mind. Built in the same way as distributed systems in the cloud, Mizar utilizes XDP (eXpress Data Path) and Kubernetes to allow for the efficient creation of multitenant overlay networks with massive amounts of endpoints. Each of these technologies brings valuable perks that enable Mizar to achieve its goals. With XDP, Mizar is able to: Skip unnecessary stages of the network stack whenever possible and transit packet processing to smart NICs. Efficiently use kernel packet processing constructs without being locked into a specific processor architecture. Produce very small packet processing programs (<4KB). With Kubernetes, Mizar is able to: Efficiently program the underlying core XDP programs. Manage the lifecycle of its abstractions via CRDs. Have a scalable and distributed management plane. Deploy its core components and modules across all specified hosts. Mizar’s Goals and Continue reading

Upcoming Webinar: How Routers Really Work

Just a gentle reminder that on Monday (just a few days from now) I’m teaching a three hour webinar over at Safari Books on How Routers Really Work. From the course description—

This training will peer into the internal components of a router, starting with an explanation of how a router switches packets. This walk through of a switching path, in turn, will be used as a foundation for explaining the components of a router, including the various tables used to build forwarding tables and the software components used to build these tables.

Register here if you’re interested.

TTL255 finalist of Cisco 2020 IT Blog Awards

I'm excited to announce that TTL255.com is one of the finalists in the Most Educational category of the 2020 IT Blog Awards, hosted by Cisco.

Over the years I learned great deal from blogs and videos created by community members. At one point I realized that I also might have something to offer and started this blog to give back to community hoping to teach and inspire others.

Creating valuable technical content takes a lot of work and time commitment. After years of posting here I appreciate even more all content makers out there that often don't ask for anything in return.

This year I decided to submit TTL255.com to 2020 IT Blog Awards hoping to reach more people and see where that takes me.

If you find my content valuable and worth your time, please consider voting for TTL255.com by following the below link:

https://www.ciscofeedback.vovici.com/se/705E3ECD2A8D7180

ITBlogAwards_2020_Badge-Finalist-MostEducational

You can find me in the Most Educational category:

blog-awards-entry

While you there have a look at other amazing blog posts. Some of them might inspire you, some will teach you something new. All come from members of community that put themselves out there to share their knowledge with Continue reading

Connecting with the Docker Community– Recap of Our First Community All Hands

Last week, we held our first Community All Hands and the response was phenomenal. A huge thank you to all 1,100+ people who joined. If you missed it, you can watch the recording here. You can also find answers to those questions that came in towards the end that we didn’t have time to answer here.

This all-hands was an effort to further deepen our engagement with the community and bring users, contributors and staff together on a quarterly basis to share updates on what we’re working on and what our priorities are for 2021 and beyond. The event was also an opportunity to give the community direct access to Docker’s leadership and provide a platform to submit questions and upvote those that are most relevant and important to people. 

The overwhelming piece of feedback we got from attendees was that the event was too short and people would have loved to see more demos. We certainly had a packed agenda and we did our best to squeeze in as much into an hour. For our next one (in February 2021!), we’ll aim to extend the event by 30 minutes and include more live demos. We’ll also try Continue reading

2020 IT Blog Awards finalist!

2020 IT Blog Awards finalist

I have the honor of having my blog selected as a finalist in the Most Educational category of the 2020 IT Blog Awards, hosted by Cisco. It is an honor and a great joy for me to be selected, for the third consecutive year, alongside other high-level bloggers who all have very deep technical knowledge! I hope you enjoy my articles as much as I enjoy writing and sharing them. I know I could write more, but I try to put quality ahead of quantity.   Please click here to vote…

The post 2020 IT Blog Awards finalist! appeared first on AboutNetworks.net.

International Community Joins Indian Policy and Cybersecurity Experts in Warning about the Dangers of Traceability

A growing group of international and local cybersecurity and policy experts are weighing in on proposed changes to Indian regulations that could jeopardize the safety of billions worldwide. By seeking to restrict WhatsApp and other popular messaging apps’ use of end-to-end encryption, the proposed policies pose a major threat to cybersecurity in India.

In Traceability and Cybersecurity, over 50 cybersecurity experts in Europe, North and Latin America, Africa, and the Asia-Pacific region agreed that amendments to the Information Technology (Intermediaries Guidelines) Rules under the Indian Information Technology Act proposed by the Indian Ministry of Electronics and Information Technology (MeiTY) will create many more problems than it seeks to solve.

Produced as a result of a global technical experts meeting series organized by the Internet Society in partnership with Medianama, the report notes that MeiTY’s proposal ignores sound advice: requiring intermediaries such as WhatsApp to enable the traceability of the content and data they handle is a major threat not only to the safety of users, but to India’s national security.

The report stresses that traceability would mean enabling third-party access to private communications, a move that undermines the end-to-end encryption that users everywhere, including government entities, rely on to Continue reading

1 780 781 782 783 784 3,795