0

Open Policy Agent for the Enterprise: Styra’s Declarative Authorization Service

Open Policy Agent (OPA, pronounced “oh-pa”) for cloud native environments was created, and policy enforcement in code became much more practical. Now, its developers, under their company, new three-tier product offering for Styra Declarative Authorization Service (DAS). Before diving into DAS, though, let’s make sure we’re all on the same page with OPA and policies in general. OPA is an open source, general-purpose policy engine that unifies policy enforcement across the stack. You write these policies in its high-level declarative language Datalog query language. With Rego, you can specify policy as code and create simple APIs to offload policy decision-making from your software. You can then use OPA to enforce policies in microservices, Kubernetes, CI/CD pipelines, API gateways, and more. And, what’s a policy engine you ask?

0

IT Employment Trending Up; Data, Cybersecurity Skills in Demand

There's a light at the end of the tunnel for IT pros who have been keeping a close eye on the job market. Plus, here are the skills that employers want in 2021.

0

Contributing to the Internet Society Governance Reform Working Group

[Published on behalf of the Internet Society Board of Trustees]

As we announced some time ago, the Board of Trustees of the Internet Society (ISOC) has established the Governance Reform Working Group in order to host open community discussion on the general topic of potential governance changes at the Internet Society. We would like to welcome all members of any Internet Society Chapter, Organization Member, SIG, as well as individual members and IETF participants to contribute to this effort. Please, find the initial charter for the working group at:
https://www.internetsociety.org/board-of-trustees/governance-reform-working-group-charter/

Olga Cavalli and Mike Godwin will be the chair and vice-chair of the working group, respectively. You can subscribe to the working group’s mailing list in order to contribute to the discussion on the following link (where you can also check the mailing list archives) :
https://elists.isoc.org/mailman/listinfo/governance-reform

The post Contributing to the Internet Society Governance Reform Working Group appeared first on Internet Society.

0

Cumulus Networks and Broadcom Part Ways – Now What?

The open networking market has certainly been an exciting place in 2020. Earlier in the year I wrote a blog...

0

Day Two Cloud 075: Operationalizing Your Hybrid Cloud With VMware vRealize (Sponsored)

Consistency is key for your cloud operations team and your end users (be they employees, customers, or developers). On today's Day Two Cloud episode with sponsor VMware, we discuss how to implement consistent operations for your hybrid cloud. Our guests from VMware are Brandon Gordon, Staff Technical Marketing Architect; and Matt Bradford, Sr. Technical Marketing Manager.

0

Day Two Cloud 075: Operationalizing Your Hybrid Cloud With VMware vRealize (Sponsored)

Consistency is key for your cloud operations team and your end users (be they employees, customers, or developers). On today's Day Two Cloud episode with sponsor VMware, we discuss how to implement consistent operations for your hybrid cloud. Our guests from VMware are Brandon Gordon, Staff Technical Marketing Architect; and Matt Bradford, Sr. Technical Marketing Manager.

The post Day Two Cloud 075: Operationalizing Your Hybrid Cloud With VMware vRealize (Sponsored) appeared first on Packet Pushers.

0

IBM sharpens its hybrid cloud, AI focus with Instana buy

IBM has announced a definitive agreement to acquire Instana, an application performance monitoring firm. Financial details were not disclosed.Once the acquisition closes, Instana's technology will be incorporated into IBM's hybrid cloud and artificial intelligence portfolios – two markets IBM leadership has targeted for high growth in the coming years. To that end, IBM recently said it would spin off the $19 billion Managed Infrastructure Services unit of its Global Technology Services division to help the company focus on hybrid cloud, AI and quantum computing. Read more:To read this article in full, please click here

0

The Only Way To Predict The HPC Future Is To Live It

It is just plain weird to be attending an SC20 supercomputing conference virtually and to not be going to the IDC – now Hyperion Research – morning breakfast speed forecast just a little bit hungover. …

The Only Way To Predict The HPC Future Is To Live It was written by Timothy Prickett Morgan at The Next Platform.

0

Introducing the Ansible Content Collection for Red Hat OpenShift

Increasing business demands are driving the need for automation to support rapid, yet stable and reliable deployments of applications and supporting infrastructure.  Kubernetes and cloud-native tools have quickly emerged as the enabling technologies essential for organizations to build the scalable open hybrid cloud solutions of tomorrow. This is why Red Hat has developed the Red Hat OpenShift Container Platform (OCP) to enable enterprises to meet these emerging business and technical challenges. Red Hat OpenShift brings together Kubernetes and other cloud-native technologies into a single, consistent platform that has been fine-tuned and enhanced for the enterprise. 

There are many similarities to how Red Hat OpenShift and Red Hat Ansible Automation Platform approach their individual problem domains that make a natural fit when we bring the two together to help make hard things easier through automation and orchestration.

We’ve released the Ansible Content Collection for Red Hat OpenShift (redhat.openshift) to enable the automation and management of Red Hat OpenShift clusters. This is the latest edition to the certified content available to subscribers of Red Hat Ansible Automation Platform in the Ansible Automation Hub.

In this blog post, we will go over what you’ll find in redhat.openshift Continue reading

0

Onno Purbo: 2020 Postel Award Winner Uses Human Touch to Bridge the Digital Divide

Onno Purbo is a people person. It’s not typically something you hear about an engineer. But it is through his approach to education in the Internet sphere that Indonesian villages have access at all.

“The other engineers, they are very much engineer,” Purbo said. “A problem is solved by coding, is solved by an antenna, is solved by a product of some kind. My approach is a more human approach. Most engineers introduce their products, I give people the knowledge.”

Purbo, as this year’s Jonathan B. Postel Award winner, uses his experience, knowledge, and expertise not only to build networks and improve access for his fellow Indonesians, but to teach them how to do it themselves. He does this through hours of work on social media channels, speaking one-on-one with hundreds of thousands of followers whenever they have questions or concerns.

“I use social media as a free, huge class[room]. Effective and efficient empowerment processes were not possible with the old mechanism where we would rent rooms or buildings with professional event organizers,” Purbo said. “These days, for example, thousands of viewers may easily view any of my videos on YouTube.”

With nearly 700,000 followers on social Continue reading

0

Network-layer DDoS attack trends for Q3 2020

DDoS attacks are surging — both in frequency and sophistication. After doubling from Q1 to Q2, the total number of network layer attacks observed in Q3 doubled again — resulting in a 4x increase in number compared to the pre-COVID levels in the first quarter. Cloudflare also observed more attack vectors deployed than ever — in fact, while SYN, RST, and UDP floods continue to dominate the landscape, we saw an explosion in protocol specific attacks such as mDNS, Memcached, and Jenkins DoS attacks.

Here are other key network layer DDoS trends we observed in Q3:

• Majority of the attacks are under 500 Mbps and 1 Mpps — both still suffice to cause service disruptions
• We continue to see a majority of attacks be under 1 hr in duration
• Ransom-driven DDoS attacks (RDDoS) are on the rise as groups claiming to be Fancy Bear, Cozy Bear and the Lazarus Group extort organizations around the world. As of this writing, the ransom campaign is still ongoing. See a special note on this below.

Number of attacks

The total number of L3/4 DDoS attacks we observe on our network continues to increase substantially, as indicated in the graph below. All in all, Continue reading

0

Giant space antenna designed to beam 5G to Earth

Cambridge Consultants is working to deliver the largest airborne communications antenna available commercially.The technology consultancy and product development firm, which part of Capgemini, has built a functioning, scaled-down version of a wireless antenna designed to beam connectivity from the sky. The prototype, announced this month, is part of a four-year project with UK-based start-up Stratospheric Platforms Limited (SPL).SPL is developing a High-Altitude Platform (HAP) and communication system that's designed to deliver affordable, fast connectivity. The HAP aircraft system, as envisaged, would beam its Internet from the stratosphere, which is the second major layer of Earth's atmosphere. The aircraft, with a 60-meter wingspan, would be powered by hydrogen and could deliver nine days of flight stamina. Each HAP could supply coverage over an area of up to 140 kilometres in diameter, and around 60 aircraft could blanket a country the size of the U.K., according to Cambridge Consultants.To read this article in full, please click here

0

Why Is OSPF not Using TCP?

A Network Artist sent me a long list of OSPF-related questions after watching the Routing Protocols section of our How Networks Really Work webinar. Starting with an easy one:

From historical perspective, any idea why OSPF guys invented their own transport protocol instead of just relying upon TCP?

I wasn’t there when OSPF was designed, but I have a few possible explanations. Let’s start with the what functionality should the transport protocol provide reasons:

0

Why Is OSPF not Using TCP?

A Network Artist sent me a long list of OSPF-related questions after watching the Routing Protocols section of our How Networks Really Work webinar. Starting with an easy one:

From historical perspective, any idea why OSPF guys invented their own transport protocol instead of just relying upon TCP?

I wasn’t there when OSPF was designed, but I have a few possible explanations. Let’s start with the what functionality should the transport protocol provide reasons:

0

German IoT startup Dryad wants to help prevent forest fires

A German startup wants to use IoT sensors and a wireless-mesh network to detect forest fires within 10 minutes to an hour of when they start as opposed to the hours or even days it can take using current methods based on thermal imaging, satellite surveillance and human smoke spotters.Dryad Networks is developing sensors to detect gases associated with forest fires and engineering how to network them using LoRaWAN and other wireless technologies so the data they gather can be analyzed in the company’s cloud.The sensors are best placed about 10 feet off the ground in trees, secured by screws, making it more difficult for people or wildlife to disturb them and ensuring they won’t be obscured by grass or fallen leaves, according to founder and CEO Carsten Brinkschulte, a veteran of Apple and SAP.To read this article in full, please click here

0

Threat Intelligence Report: Targeted Snake Ransomware

To learn more, read our Targeted Snake Ransomware Report.

The post Threat Intelligence Report: Targeted Snake Ransomware appeared first on Network and Security Virtualization.

0

InfiniBand Is Still Setting The Network Pace For HPC And AI

If this is the middle of November, even during a global pandemic, this must be the SC20 supercomputing conference and there either must be a speed bump that is being previewed for the InfiniBand interconnect commonly used for HPC and AI or it is actually shipping in systems. …

InfiniBand Is Still Setting The Network Pace For HPC And AI was written by Timothy Prickett Morgan at The Next Platform.

0

On the Road to Better Routing Security: What Are MENA’s Next Steps?

In a region with a wealth of resources and network expertise but a higher than average number of global routing incidents, the Mutually Agreed Norms for Routing Security (MANRS) initiative can help networks champion a more secure routing environment.

Networks in the Middle East and North Africa (MENA) region fall between two regional Internet registries: Réseaux IP Européens Network Coordination Centre (RIPE NCC) and African Network Information Centre (AFRINIC). This gives these networks access to many resources and tools that support them to adopt best practices in routing security, including resource public key infrastructure (RPKI). There’s also great technical expertise in the region, with specialists working to keep more than 800 MENA-based networks up and running.

The region is, however, over represented in terms of routing incidents. Despite representing only 1.18% of all the networks visible on the Internet, the region has been responsible for 2.5-3% of global routing incidents so far this year as of October. Last month, the MANRS Observatory recorded 24 routing incidents from 22 networks in the region. The incidents range from Bogon announcements to more serious route leaks and route mis-originations, as detailed in the screen capture from MANRS Observatory above.

MANRS for Continue reading

0

Technologies that Didn’t: Asynchronous Transfer Mode

One of the common myths of the networking world is there were no “real” networks before the early days of packet-based networks. As myths go, this is not even a very good myth; the world had very large-scale voice and data networks long before distributed routing, before packet-based switching, and before any of the packet protocols such as IP. I participated in replacing a large scale voice and data network, including hundreds of inverse multiplexers that tied a personnel system together in the middle of the 1980’s. I also installed hundreds of terminal emulation cards in Zenith Z100 and Z150 systems in the same time frame to allow these computers to connect to mainframes and newer minicomputers on the campus.

All of these systems were run through circuit-switched networks, which simply means the two end points would set up a circuit over which data would travel before the data actually traveled. Packet switched networks were seen as more efficient at the time because the complexity of setting these circuits up, along with the massive waste of bandwidth because the circuits were always over provisioned and underused.

The problem, at that time, with packet-based networks was the sheer overhead of switching Continue reading

0

Rate Limiting by the Numbers

As a critical part of Docker’s transition into sustainability, we’ve been gradually rolling out limits on docker pulls to the heaviest users of Docker Hub. As we near the end of the implementation of the rate limits, we thought we’d share some of the facts and figures behind our effort. Our goal is to ensure that Docker becomes sustainable for the long term, while continuing to offer developers 100% free tools to build, share, and run their applications.

We announced this plan in August with an effective date of November 1. We also shared that “roughly 30% of all downloads on Hub come from only 1% of our anonymous users,” illustrated in this chart:

This shows the dramatic impact that a very small percentage of anonymous, free users have on all of Docker Hub. That excessive usage by just 1%–2% of our users results not only in an unsustainable model for Docker but also slows performance for the other 98%–99% of the 11.3 million developers, CI services, and other platforms using Docker Hub every month. Those developers rely upon us to save and share their own container images, as well as to pull images from Docker Verified Publishers Continue reading