In a data-centric tech field that is shaped by emerging trends and technologies like artificial intelligence, analytics, greater mobility, and the Internet of Things (IoT), “optimization” has become a marching order for hardware and software makers. …
Bending The Hardware To Fit The Workload was written by Jeffrey Burt at The Next Platform.
East-west security is the new battleground for keeping enterprises safe from malicious actors. As we all know, perimeters will be breached. That’s a given. The massive scale of data center infrastructure makes it too easy for bad actors to find a vulnerable, unpatched server, penetrate it, and hide out — often for months and years — stealing your information, monitoring your communications, and causing disruptions.
According to Ambika Kapur, vice president of product marketing for VMware’s networking and security business unit, it’s imperative that enterprises come to the realization that bad actors will get into the network — and focus more on blocking their lateral movement once they make that initial breach. She spent years in the firewalling space at Cisco and learned how vulnerable perimeter security can be. Now, at VMware, Kapur is helping to lead the effort to make east-west security a viable option through a software-based approach that is scalable and cost-efficient.
Check out Kapur’s VMworld breakout session on operationalizing east-west security at scale to learn exactly how we are able to stop the lateral spread of threats and ultimately harden enterprise security:
Rather than hairpinning traffic to a dedicated physical appliance, VMware breaks up the firewall Continue reading
Bias in word embeddings, Papakyriakopoulos et al., FAT*’20
There are no (stochastic) parrots in this paper, but it does examine bias in word embeddings, and how that bias carries forward into models that are trained using them. There are definitely some dangers to be aware of here, but also some cause for hope as we also see that bias can be detected, measured, and mitigated.
…we want to provide a complete overview of bias in word embeddings: its detection in the embeddings, its diffusion in algorithms using the embeddings, and its mitigation at the embeddings level and at the level of the algorithm that uses them.
It’s been shown before (‘Man is to computer programmer as woman is to homemaker?’) that word embeddings contain bias. The dominant source of that bias is the input dataset itself, i.e. the text corpus that the embeddings are trained on. Bias in, bias out. David Hume put his finger on the fundamental issue at stake here back in 1737 when he wrote about the unjustified shift in stance from describing what is and is not to all of a sudden talking about what ought or ought not to be. Continue reading
Since the 2000 era, the network has changed dramatically, becoming more and more mission-critical. There are so many drivers powering today’s digital network transformation. Think about the Internet of Things or the cloud native applications or OT, operational technology. All of these are connected via cognitive cloud networking with its agile software stack, programmability and a leaf-spine network for all traffic types. This cloud network, pioneered by Arista is hungry for more innovation when it comes to secure visibility. It is a hard problem after all—network data is orders of magnitude more voluminous then typical data sources of ingestion.
Since the 2000 era, the network has changed dramatically, becoming more and more mission-critical. There are so many drivers powering today’s digital network transformation. Think about the Internet of Things or the cloud native applications or OT, operational technology. All of these are connected via cognitive cloud networking with its agile software stack, programmability and a leaf-spine network for all traffic types. This cloud network, pioneered by Arista is hungry for more innovation when it comes to secure visibility. It is a hard problem after all—network data is orders of magnitude more voluminous then typical data sources of ingestion.
Here you will learn about NetBox at a high level, how it works to become a Source of Truth (SoT), and look into the use of the Ansible Content Collection, which is available on Ansible Galaxy. The goal is to show some of the capabilities that make NetBox a terrific tool and why you will want to use NetBox as your network Source of Truth for automation!
Why a Source of Truth? The Source of Truth is where you go to get the intended state of the device. There does not need to be a single Source of Truth, but you should have a single Source of Truth per data domain, often referred to as the System of Record (SoR). For example, if you have a database that maintains your physical sites that is used by teams outside of the IT domain, that should be the Source of Truth on physical sites. You can aggregate the data from the physical site Source of Truth into other data sources for automation. Just be aware that when it comes time to collect data, then it should come from that other tool.
The first step in creating a network automation Continue reading
About a year ago we launched our 2020 Action Plan with great anticipation. We had a nice neat list of the most urgent Internet issues to tackle, and we would work as a whole community, coming together as people from all over to press for our vision: The Internet is for Everyone.
Then 2020 came and we learned how quickly plans can be upended.
Yet it has underscored that the Internet is not only a global technical infrastructure, but also a resource that enriches people’s lives. Our world – our ability to work, keep in touch, and share information – would be radically different without it. This gives our work a renewed sense of urgency.
The Internet needs a voice.
Today, nearly half the people of the world still have no access and far too many people live in places where the Internet is expensive, slow, and congested.
Today, too few Internet policy discussions are based on facts and measurements, while too many start from a mistaken understanding of how the Internet works. Far too many companies and politicians would rather their customers and voters be passive consumers than the active, powerful contributors they can be.
Today, too many governments Continue reading
The post Tier 1 Carriers Performance Report: November, 2020 appeared first on Noction.
Isovalent is essentially a commercially supported flavor of Cilium, although it’s more than that. Isovalent is offering Cilium Enterprise, which adds more capability to the Cilium Community project. Is there enough “more” to make you want to invest in Cilium Enterprise? That will depend on your organizational needs, of course, but the differences are substantial enough to warrant investigation.
The post BiB099: Isovalent Brings You Cilium Enterprise appeared first on Packet Pushers.
Over the last ten years, Cloudflare has become an important part of Internet infrastructure, powering websites, APIs, and web services to help make them more secure and efficient. The Internet is growing in terms of its capacity and the number of people using it and evolving in terms of its design and functionality. As a player in the Internet ecosystem, Cloudflare has a responsibility to help the Internet grow in a way that respects and provides value for its users. Today, we’re making several announcements around improving Internet protocols with respect to something important to our customers and Internet users worldwide: privacy.
These initiatives are:
Each of these projects impacts an aspect of the Internet that influences our online lives and digital footprints. Whether we know it or not, there is a lot of private information about us and our lives floating around online. This is something we can help fix.
For over Continue reading
Most communication on the modern Internet is encrypted to ensure that its content is intelligible only to the endpoints, i.e., client and server. Encryption, however, requires a key and so the endpoints must agree on an encryption key without revealing the key to would-be attackers. The most widely used cryptographic protocol for this task, called key exchange, is the Transport Layer Security (TLS) handshake.
In this post we'll dive into Encrypted Client Hello (ECH), a new extension for TLS that promises to significantly enhance the privacy of this critical Internet protocol. Today, a number of privacy-sensitive parameters of the TLS connection are negotiated in the clear. This leaves a trove of metadata available to network observers, including the endpoints' identities, how they use the connection, and so on.
ECH encrypts the full handshake so that this metadata is kept secret. Crucially, this closes a long-standing privacy leak by protecting the Server Name Indication (SNI) from eavesdroppers on the network. Encrypting the SNI secret is important because it is the clearest signal of which server a given client is communicating with. However, and perhaps more significantly, ECH also lays the groundwork for adding future security features and performance Continue reading
Passwords are a problem. They are a problem for reasons that are familiar to most readers. For us at Cloudflare, the problem lies much deeper and broader. Most readers will immediately acknowledge that passwords are hard to remember and manage, especially as password requirements grow increasingly complex. Luckily there are great software packages and browser add-ons to help manage passwords. Unfortunately, the greater underlying problem is beyond the reaches of software to solve.
The fundamental password problem is simple to explain, but hard to solve: A password that leaves your possession is guaranteed to sacrifice security, no matter its complexity or how hard it may be to guess. Passwords are insecure by their very existence.
You might say, “but passwords are always stored in encrypted format!” That would be great. More accurately, they are likely stored as a salted hash, as explained below. Even worse is that there is no way to verify the way that passwords are stored, and so we can assume that on some servers passwords are stored in cleartext. The truth is that even responsibly stored passwords can be leaked and broken, albeit (and thankfully) with enormous effort. An increasingly pressing problem stems from the Continue reading
Today we are announcing support for a new proposed DNS standard — co-authored by engineers from Cloudflare, Apple, and Fastly — that separates IP addresses from queries, so that no single entity can see both at the same time. Even better, we’ve made source code available, so anyone can try out ODoH, or run their own ODoH service!
But first, a bit of context. The Domain Name System (DNS) is the foundation of a human-usable Internet. It maps usable domain names, such as cloudflare.com, to IP addresses and other information needed to connect to that domain. A quick primer about the importance and issues with DNS can be read in a previous blog post. For this post, it’s enough to know that, in the initial design and still dominant usage of DNS, queries are sent in cleartext. This means anyone on the network path between your device and the DNS resolver can see both the query that contains the hostname (or website) you want, as well as the IP address that identifies your device.
To safeguard DNS from onlookers and third parties, the IETF standardized DNS encryption with DNS over HTTPS (DoH) and DNS over TLS (DoT). Both protocols Continue reading
Some networking engineers renew their ipSpace.net subscription every year, and when they drop off the radar, I try to get in touch with them to understand whether they moved out of networking or whether we did a bad job.
One of them replied that he retired after building a fully automated site deployment solution (first lesson learned: you’re never too old to start automating your network), and graciously shared numerous lessons learned while building that solution.
Some networking engineers renew their ipSpace.net subscription every year, and when they drop off the radar, I try to get in touch with them to understand whether they moved out of networking or whether we did a bad job.
One of them replied that he retired after building a fully automated site deployment solution (first lesson learned: you’re never too old to start automating your network), and graciously shared numerous lessons learned while building that solution.
Bias in word embeddings, Papakyriakopoulos et al., FAT*’20
There are no (stochastic) parrots in this paper, but it does examine bias in word embeddings, and how that bias carries forward into models that are trained using them. There are definitely some dangers to be aware of here, but also some cause for hope as we also see that bias can be detected, measured, and mitigated.
…we want to provide a complete overview of bias in word embeddings: its detection in the embeddings, its diffusion in algorithms using the embeddings, and its mitigation at the embeddings level and at the level of the algorithm that uses them.
It’s been shown before (‘Man is to computer programmer as woman is to homemaker?’) that word embeddings contain bias. The dominant source of that bias is the input dataset itself, i.e. the text corpus that the embeddings are trained on. Bias in, bias out. David Hume put his finger on the fundamental issue at stake here back in 1737 when he wrote about the unjustified shift in stance from describing what is and is not to all of a sudden talking about what ought or ought not to be. Continue reading
https://codingpackets.com/blog/bookmarked-articles