It is just plain weird to be attending an SC20 supercomputing conference virtually and to not be going to the IDC – now Hyperion Research – morning breakfast speed forecast just a little bit hungover. …
The Only Way To Predict The HPC Future Is To Live It was written by Timothy Prickett Morgan at The Next Platform.
Increasing business demands are driving the need for automation to support rapid, yet stable and reliable deployments of applications and supporting infrastructure. Kubernetes and cloud-native tools have quickly emerged as the enabling technologies essential for organizations to build the scalable open hybrid cloud solutions of tomorrow. This is why Red Hat has developed the Red Hat OpenShift Container Platform (OCP) to enable enterprises to meet these emerging business and technical challenges. Red Hat OpenShift brings together Kubernetes and other cloud-native technologies into a single, consistent platform that has been fine-tuned and enhanced for the enterprise.
There are many similarities to how Red Hat OpenShift and Red Hat Ansible Automation Platform approach their individual problem domains that make a natural fit when we bring the two together to help make hard things easier through automation and orchestration.
We’ve released the Ansible Content Collection for Red Hat OpenShift (redhat.openshift) to enable the automation and management of Red Hat OpenShift clusters. This is the latest edition to the certified content available to subscribers of Red Hat Ansible Automation Platform in the Ansible Automation Hub.
In this blog post, we will go over what you’ll find in redhat.openshift Continue reading
Onno Purbo is a people person. It’s not typically something you hear about an engineer. But it is through his approach to education in the Internet sphere that Indonesian villages have access at all.
“The other engineers, they are very much engineer,” Purbo said. “A problem is solved by coding, is solved by an antenna, is solved by a product of some kind. My approach is a more human approach. Most engineers introduce their products, I give people the knowledge.”
Purbo, as this year’s Jonathan B. Postel Award winner, uses his experience, knowledge, and expertise not only to build networks and improve access for his fellow Indonesians, but to teach them how to do it themselves. He does this through hours of work on social media channels, speaking one-on-one with hundreds of thousands of followers whenever they have questions or concerns.
“I use social media as a free, huge class[room]. Effective and efficient empowerment processes were not possible with the old mechanism where we would rent rooms or buildings with professional event organizers,” Purbo said. “These days, for example, thousands of viewers may easily view any of my videos on YouTube.”
With nearly 700,000 followers on social Continue reading
DDoS attacks are surging — both in frequency and sophistication. After doubling from Q1 to Q2, the total number of network layer attacks observed in Q3 doubled again — resulting in a 4x increase in number compared to the pre-COVID levels in the first quarter. Cloudflare also observed more attack vectors deployed than ever — in fact, while SYN, RST, and UDP floods continue to dominate the landscape, we saw an explosion in protocol specific attacks such as mDNS, Memcached, and Jenkins DoS attacks.
Here are other key network layer DDoS trends we observed in Q3:
The total number of L3/4 DDoS attacks we observe on our network continues to increase substantially, as indicated in the graph below. All in all, Continue reading
A Network Artist sent me a long list of OSPF-related questions after watching the Routing Protocols section of our How Networks Really Work webinar. Starting with an easy one:
From historical perspective, any idea why OSPF guys invented their own transport protocol instead of just relying upon TCP?
I wasn’t there when OSPF was designed, but I have a few possible explanations. Let’s start with the what functionality should the transport protocol provide reasons:
A Network Artist sent me a long list of OSPF-related questions after watching the Routing Protocols section of our How Networks Really Work webinar. Starting with an easy one:
From historical perspective, any idea why OSPF guys invented their own transport protocol instead of just relying upon TCP?
I wasn’t there when OSPF was designed, but I have a few possible explanations. Let’s start with the what functionality should the transport protocol provide reasons:
In the last few weeks, VMware NSX threat telemetry revealed the submission of a Windows executable Ransomware sample, written in Go, which is related to the Snake Ransomware family.
This ransomware specifically targeted the Honda network, and was found to be quite sophisticated. The ransomware appears primarily to be targeting servers, as it has logic to check for the type of host it is infecting, and it attempts to stop many server-specific services/processes. Hard-coded strings are encrypted, source code is obfuscated, and the ransomware attempts to stop anti-virus, endpoint security, and server log monitoring and correlation components. This ransomware family has ties to Iran and has historically been observed targeting critical infrastructure such as SCADA and ICS systems. More recently, the malware has been observed targeting healthcare organizations. Most interestingly, and unlike other variants, the malware analyzed in this threat report does not drop any ransom note to desktop machines.
To learn more, read our Targeted Snake Ransomware Report.
The post Threat Intelligence Report: Targeted Snake Ransomware appeared first on Network and Security Virtualization.
If this is the middle of November, even during a global pandemic, this must be the SC20 supercomputing conference and there either must be a speed bump that is being previewed for the InfiniBand interconnect commonly used for HPC and AI or it is actually shipping in systems. …
InfiniBand Is Still Setting The Network Pace For HPC And AI was written by Timothy Prickett Morgan at The Next Platform.
In a region with a wealth of resources and network expertise but a higher than average number of global routing incidents, the Mutually Agreed Norms for Routing Security (MANRS) initiative can help networks champion a more secure routing environment.
Networks in the Middle East and North Africa (MENA) region fall between two regional Internet registries: Réseaux IP Européens Network Coordination Centre (RIPE NCC) and African Network Information Centre (AFRINIC). This gives these networks access to many resources and tools that support them to adopt best practices in routing security, including resource public key infrastructure (RPKI). There’s also great technical expertise in the region, with specialists working to keep more than 800 MENA-based networks up and running.
The region is, however, over represented in terms of routing incidents. Despite representing only 1.18% of all the networks visible on the Internet, the region has been responsible for 2.5-3% of global routing incidents so far this year as of October. Last month, the MANRS Observatory recorded 24 routing incidents from 22 networks in the region. The incidents range from Bogon announcements to more serious route leaks and route mis-originations, as detailed in the screen capture from MANRS Observatory above.
MANRS for Continue reading
One of the common myths of the networking world is there were no “real” networks before the early days of packet-based networks. As myths go, this is not even a very good myth; the world had very large-scale voice and data networks long before distributed routing, before packet-based switching, and before any of the packet protocols such as IP. I participated in replacing a large scale voice and data network, including hundreds of inverse multiplexers that tied a personnel system together in the middle of the 1980’s. I also installed hundreds of terminal emulation cards in Zenith Z100 and Z150 systems in the same time frame to allow these computers to connect to mainframes and newer minicomputers on the campus.
All of these systems were run through circuit-switched networks, which simply means the two end points would set up a circuit over which data would travel before the data actually traveled. Packet switched networks were seen as more efficient at the time because the complexity of setting these circuits up, along with the massive waste of bandwidth because the circuits were always over provisioned and underused.
The problem, at that time, with packet-based networks was the sheer overhead of switching Continue reading
As a critical part of Docker’s transition into sustainability, we’ve been gradually rolling out limits on docker pulls to the heaviest users of Docker Hub. As we near the end of the implementation of the rate limits, we thought we’d share some of the facts and figures behind our effort. Our goal is to ensure that Docker becomes sustainable for the long term, while continuing to offer developers 100% free tools to build, share, and run their applications.
We announced this plan in August with an effective date of November 1. We also shared that “roughly 30% of all downloads on Hub come from only 1% of our anonymous users,” illustrated in this chart:
This shows the dramatic impact that a very small percentage of anonymous, free users have on all of Docker Hub. That excessive usage by just 1%–2% of our users results not only in an unsustainable model for Docker but also slows performance for the other 98%–99% of the 11.3 million developers, CI services, and other platforms using Docker Hub every month. Those developers rely upon us to save and share their own container images, as well as to pull images from Docker Verified Publishers Continue reading
The compute engines keep changing as the decades pass, but the same old problems keep cropping up in slightly different form. …
Counting The Cost Of Under-Utilized GPUs – And Doing Something About It was written by Timothy Prickett Morgan at The Next Platform.
For several years, IBM has been eyeing the hybrid cloud, remaking itself into a provider with the platform that can enable enterprises to more easily move their workloads and data between their on-premises datacenters and the public cloud, and the multiple public clouds they are using. …
OpenShift At The Center Of The Hybrid Cloud Storm was written by Jeffrey Burt at The Next Platform.
As a security company, we pride ourselves on finding innovative ways to protect our platform to, in turn, protect the data of our customers. Part of this approach is implementing progressive methods in protecting our hardware at scale. While we have blogged about how we address security threats from application to memory, the attacks on hardware, as well as firmware, have increased substantially. The data cataloged in the National Vulnerability Database (NVD) has shown the frequency of hardware and firmware-level vulnerabilities rising year after year.
Technologies like secure boot, common in desktops and laptops, have been ported over to the server industry as a method to combat firmware-level attacks and protect a device’s boot integrity. These technologies require that you create a trust ‘anchor’, an authoritative entity for which trust is assumed and not derived. A common trust anchor is the system Basic Input/Output System (BIOS) or the Unified Extensible Firmware Interface (UEFI) firmware.
While this ensures that the device boots only signed firmware and operating system bootloaders, does it protect the entire boot process? What protects the BIOS/UEFI firmware from attacks?
Before we discuss how we secure our boot process, we will first Continue reading
In the introductory fast failover blog post I mentioned the challenge of fast link- and node failure detection, and how it makes little sense to waste your efforts on fast failover tricks if the routing protocol convergence time has the same order of magnitude as failure detection time.
Now let’s focus on realistic failure detection mechanisms and detection times. Imagine a system connecting a hardware switching platform (example: data center switch or a high-end router) with a software switching platform (midrange router):