D2C225: Security KubeConversations Part 2 – Cloud-Native Security Challenges

This is part two of a special edition of Day Two Cloud with conversations recorded at KubeCon 2023 in Chicago. These conversations cover the state of cloud-native security, getting a holistic view of your cloud-native environment, security challenges for Kubernetes, and the state of the software supply chain.

The post D2C225: Security KubeConversations Part 2 – Cloud-Native Security Challenges appeared first on Packet Pushers.

Conditional Git Configuration

Building on the earlier article on automatically transforming Git URLs, I’m back with another article on a (potentially powerful) feature of Git—the ability to conditionally include Git configuration files. This means you can configure Git to be configured (and behave) differently based on certain conditions, simply by including or not including Git configuration files. Let’s look at a pretty straightforward example taken from my own workflow.

Here’s a configuration stanza from my own system-wide Git configuration:

[includeIf "gitdir:~/Work/Code/Repos/"]
    path = ~/Work/Code/Repos/.gitconfig

The key here is the includeIf keyword. In this case, Git will include the referenced configuration file specified by path, if the location of the Git repository matches the path specification after gitdir. Basically, what this means is that all repositories under ~/Work/Code/Repos will trigger the inclusion of the additional configuration file.

Here’s the additional configuration file:

[user]
    email = name@work-domain.com
    name = Scott Lowe
[commit]
    gpgsign = false

As long as I group all work-relatd repositories in the specified directory path, these values override the system-wide values. This means I can specify my work e-mail address as the e-mail Continue reading

Video: Language Model Basics

After a brief introduction of how the language models fit into the AI/ML landscape, Javier Antich explained the language model basics, including auto-regression, types of language models, the specifics of large language models, and potential use cases,

Watch the video

You need Free ipSpace.net Subscription to access this webinar.

Fortinet Releases Advisor, Its GenAI Assistant Focused on Threat Investigation and Remediation

The Fortinet Advisor benefits from data the company has gathered over the past 23-plus years that can be used for training.

Optimizing NSX Performance Based on Workload and ROI

Optimizing NSX Performance Based on Workload

Overview

Performance tuning, in general, requires a holistic view of the application traffic profiles, features leveraged and the criteria for performance from the application perspective. In this blog, we will take a look at some of the factors to consider when optimizing NSX for performance.

Applications

In a typical data center, applications may have different requirements based on their traffic profile. Some applications such as backup services, log files and certain types of web traffic etc., may be able to leverage all the available bandwidth. These long traffic flows with large packets are called elephant flows. These applications with elephant flows, in general, are not sensitive to latency.

In contrast, in-memory databases, message queuing services such as Kafka, and certain Telco applications may be sensitive to latency. These traffic flows, which are short lived and use smaller packets are generally called mice flows. Applications with mice flows are not generally bandwidth hungry.

While in general, virtual datacenters may be running a mixed set of workloads which should run as is without much tuning, there may be instances where one may have to tune to optimize performance for specific applications. For example, applications Continue reading

KU043: How (& Why) To Contribute To The Kubernetes Release Team

Cloud engineer Leonard Pahlke talks about his experience over six terms on the Kubernetes release team. He discusses his journey from discovering Kubernetes during his bachelor’s program to joining the release team and moving through various roles. He emphasizes the importance of community involvement, the welcoming nature of open source and cloud native fields, and... Read more »

KU043: How (& Why) To Contribute To The Kubernetes Release Team

Cloud engineer Leonard Pahlke talks about his experience over six terms on the Kubernetes release team, from joining to moving through various roles. He emphasizes the importance of community involvement, the welcoming nature of open source and cloud native fields, and the diverse opportunities for contribution.

The post KU043: How (& Why) To Contribute To The Kubernetes Release Team appeared first on Packet Pushers.

IPB141: IPv6 End Of Year Wrap-Up

In this episode Ed, Scott, and Tom talk about 2023 and what stood out to us as important for IPv6. Topics discussed include: Overall levels of IPv6 adoption IPv6 security in 2023 IETF efforts with IPv6 IPv6-only in the enterprise Thanks for listening! Show Links: IPv6 Deployment Status (RFC 9386), April 2023 – RFC Editor Four... Read more »

IPB141: IPv6 End Of Year Wrap-Up

This episode looks at 2023 milestones for IPv6, including overall adoption levels, security advancements, and the state of IPv6-only in the enterprise.

The post IPB141: IPv6 End Of Year Wrap-Up appeared first on Packet Pushers.

Intel “Emerald Rapids” Xeon SPs: A Little More Bang, A Little Less Bucks

With each successive Intel Xeon SP server processor launch, we can’t help but think the same thing: it would have been better for Intel and customers alike if this chip was out the door a year ago, or two years ago, as must have been planned. …

The post Intel “Emerald Rapids” Xeon SPs: A Little More Bang, A Little Less Bucks first appeared on The Next Platform.

Intel “Emerald Rapids” Xeon SPs: A Little More Bang, A Little Less Bucks was written by Timothy Prickett Morgan at The Next Platform.

Using DNS to estimate the worldwide state of IPv6 adoption

In order for one device to talk to other devices on the Internet using the aptly named Internet Protocol (IP), it must first be assigned a unique numerical address. What this address looks like depends on the version of IP being used: IPv4 or IPv6.

IPv4 was first deployed in 1983. It’s the IP version that gave birth to the modern Internet and still remains dominant today. IPv6 can be traced back to as early as 1998, but only in the last decade did it start to gain significant traction — rising from less than 1% to somewhere between 30 and 40%, depending on who’s reporting and what and how they’re measuring.

With the growth in connected devices far exceeding the number of IPv4 addresses available, and its costs rising, the much larger address space provided by IPv6 should have made it the dominant protocol by now. However, as we’ll see, this is not the case.

Cloudflare has been a strong advocate of IPv6 for many years and, through Cloudflare Radar, we’ve been closely following IPv6 adoption across the Internet. At three years old, Radar is still a relatively recent platform. To go further back in time, we Continue reading

netlab: Version-Specific Topology Files

TL&DR: If you’re using netlab to build labs for your personal use, you can skip this one, but if you plan to use it to create training labs (like my BGP labs project), you might want to keep reading.

Like any complex enough tool, netlab eventually had to deal with inconsistent version-specific functionality and configuration syntax (OK, topology attributes). I stumbled upon this challenge when I wanted to make labs that use two types of configurable devices.

Why Secure SD-WAN is a Pillar of Enterprise Cybersecurity

While the networking industry chatter is centered on hot topics like ZTNA and SASE, it's easy to forget to check in on existing solutions like SD-WAN.

Fighting Back Against Fileless Malware

Fileless malware attacks are extremely hard to detect and the time it takes for them to be discovered is growing. The best approach to dealing with it is preventing the malware from infecting a network by adopting a zero-trust approach.

The Vast Potential For Storage In A Compute Crazed AI World

When it comes to funding rounds for high tech companies, the alphabet usually runs out somewhere around Series E. …

The post The Vast Potential For Storage In A Compute Crazed AI World first appeared on The Next Platform.

The Vast Potential For Storage In A Compute Crazed AI World was written by Timothy Prickett Morgan at The Next Platform.

D2C224: Security KubeConversations Part 1 – Protecting Your Kubernetes Infrastructure

Our KubeConversations series continues with a two-part episode on securing Kubernetes and cloud-native infrastructure. I attended KubeCon 2023 in Chicago and had the opportunity to speak with vendors and open-source maintainers about the work they’re doing to help protect your Kubernetes environments. In this episode we’ll talk about a Kubernetes Bill of Materials, protecting K8s... Read more »

D2C224: Security KubeConversations Part 1 – Protecting Your Kubernetes Infrastructure

Our KubeConversations series continues with a two-part episode on securing Kubernetes and cloud-native infrastructure. I attended KubeCon 2023 in Chicago and had the opportunity to speak with vendors and open-source maintainers about the work they're doing to help protect your Kubernetes environments. I talk about a Kubernetes Bill of Materials, protecting K8s from ransomware, protecting APIs and Web front-ends from attacks, and the state of cloud-native security.

The post D2C224: Security KubeConversations Part 1 – Protecting Your Kubernetes Infrastructure appeared first on Packet Pushers.

Mastering AWS with amazon.aws 7.0: A Dive into New Modules for Enhanced Security and Seamless Migrations

As the technology landscape continues to evolve, the latest release of the Red Hat Ansible Certified Content Collection for amazon.aws introduces a suite of powerful modules that redefine the boundaries of automation within Amazon Web Services (AWS) while redefining how organizations approach security deployments and seamless migrations within the AWS ecosystem.

In our previous blog post, "What's New: Cloud Automation with amazon.aws 7.0.0," we presented the latest release, outlining the changes, new features and newly supported modules. In this blog post, we embark on an exploration of two interesting use cases that highlight the capabilities of these new Ansible-supported modules included in the amazon.aws 7.0 release. Let’s dive into it!

Looking to get started with Ansible for Amazon Web Services?

Check out the Amazon Web Services Guide
Try out the hands-on Interactive Labs
Read the e-book: Using automation to get the most from your public cloud

Use Case #1: Implementing Security Best Practices and Access Control for AWS Resources

Security in AWS is more critical than ever before, and the collection for AWS, amazon.aws 7.0, is up to the challenge with a host of new Identity and Access Continue reading

The Dawn of Universal Zero Trust Network Access

Universal ZTNA is a concept that calls for centralizing a user or a device's Zero Trust access policy to enable a single policy definition.

BGP Labs: Use BGP Communities in a Routing Policy

A previous BGP lab focused on the customer side of BGP communities: adding them to BGP updates to influence upstream ISP behavior. Today’s lab focuses on the ISP side of the equation: using BGP communities in a routing policy to implement RFC 1998-style behavior.