The Internet Society Welcomes the Comoros Chapter

We are excited to announce the new Internet Society Comoros Chapter! ISOC Comoros officially launched in July in front of an in-person and online audience at the Retaj Hotel.

Journalists joined several distinguished guests, including:

  • Dawit Bekele, Internet Society’s Regional Vice-President for Africa
  • Mohamed Said Abdallah Mchangama, President of the Federation of Comorian Consumers (FCC)
  • Amina Abdallah, Coordinator of the World Bank’s Phase 4 of the Regional Communications Infrastructure Program for Africa (RCIP-4)
  • Hamidou Mhoma, President of the Comorian ICT Association
  • Chamsoudine Soudjay, Secretary General of the Comorian ICT Association
  • Amroine Mouzaoui, Executive Secretary of the Comorian Movement for Entrepreneurs
  • Raymane Ali Matoir, Director of Human Resources of Telma Comores
  • Youssouf Abdoulmadjid, Chief Operating Officer of Comor’Lab
  • Moussa Abdallah Moumine, Coordinator of the General Inspectorate of National Education

Since the country’s very first connection to the Internet in July 1998, the Internet industry has continued to evolve, along with telecommunications. The country is beginning to benefit from the rise in competition in the ICT sector, and as such the establishment of ISOC Comoros brings an added dimension to the development, promotion, and use of the Internet for the greater good of the entire country.

The Internet is for everyone and Continue reading

Example: Securing AWS Deployment

Nadeem Lughmani created an excellent solution for the securing your cloud deployment hands-on exercise in our public cloud online course. His Terraform-based solution includes:

  • Security groups to restrict access to web server and SSH bastion host;
  • An IAM policy and associated user that has read-only access to EC2 and VPC resources (used for monitoring)
  • An IAM policy that has full access to as single S3 bucket (used to modify static content hosted on S3)
  • An IAM role for AWS CloudWatch logs
  • Logging SSH events from the SSH bastion host into CloudWatch logs.
Explore the solution

Many ad hoc Wi-Fi networks from the outset of COVID-19 still in use

The onset of the pandemic caught most organizations unware, and IT departments were no exception. They had to address that workers could suddenly no longer safely come into the office, doctors needed to stand up telemedicine services, and professional and amateur sports were just generally scrambling.Groups like the Information Technology Disaster Resource Center have been at the forefront of many such efforts, particularly those being undertaken by municipalities and school districts. The group helps provide technological know-how through volunteer workers, and help keep organizations connected in the wake of disasters.[Get regularly scheduled insights by signing up for Network World newsletters.] After COVID, the group has been a lot more active, according to operations director Joe Hillis.To read this article in full, please click here

Many ad hocWi-Fi networks from the outset of COVID-19 still in use

The onset of the pandemic caught most organizations unware, and IT departments were no exception. They had to address that workers could suddenly no longer safely come into the office, doctors needed to stand up telemedicine services, and professional and amateur sports were just generally scrambling.Groups like the Information Technology Disaster Resource Center have been at the forefront of many such efforts, particularly those being undertaken by municipalities and school districts. The group helps provide technological know-how through volunteer workers, and help keep organizations connected in the wake of disasters.[Get regularly scheduled insights by signing up for Network World newsletters.] After COVID, the group has been a lot more active, according to operations director Joe Hillis.To read this article in full, please click here

Mitigating the Risks of Instance Metadata in AWS EKS

Compromising a pod in a Kubernetes cluster can have disastrous consequences on resources in an AWS Elastic Kubernetes Service (EKS) account if access to the Instance Metadata service is not explicitly blocked. The Instance Metadata service is an AWS API listening on a link-local IP address. Only accessible from EC2 instances, it enables the retrieval of metadata that is used to configure or manage an instance. Although you can only access instance metadata and user data from within the instance itself, the data is not protected by authentication or cryptographic methods.

A recent blog described a scenario where an attacker compromised a pod in an EKS cluster by exploiting a vulnerability in the web application it was running, thus enabling the attacker to enumerate resources in the cluster and in the associated AWS account. This scenario was simulated by running a pod and attaching to a shell inside it.

By querying the Instance Metadata service from the compromised pod, the attacker was able to access the service and retrieve temporary credentials for the identity and access management (IAM) role assigned to the EC2 instances acting as Kubernetes worker nodes. At that point, the attacker was able to pursue multiple exploits, Continue reading

Alleged leaks from AMD indicate big performance gains in upcoming Epyc refresh

A German tech site claims to have internal AMD documents that show the next generation of AMD Epyc server processors will boast a significant performance gain. AMD declined to comment on the veracity of the article.Hardwareluxx posted what it said were details from internal AMD slides revealing the performance potential of AMD's next-gen server processors, codenamed “Milan,” otherwise known as Zen 3, due to ship later this year.According to the slides, Zen 3 is in many ways similar to the Zen 2 generation (aka “Rome”) currently on the market. It will be socket-compatible with the first and second generation of Epycs, so current owners can swap out the older chips for newer. It will have a maximum of 64 cores, which is the same as Rome. It will support DDR4 memory and PCI Express 4.0 interconnects, like Rome. One difference is that instead of two 16MB L3 caches, Milan will have one 32MB L3 cache.To read this article in full, please click here

Alleged leaks from AMD indicate big performance gains in upcoming Epyc refresh

A German tech site claims to have internal AMD documents that show the next generation of AMD Epyc server processors will boast a significant performance gain. AMD declined to comment on the veracity of the article.Hardwareluxx posted what it said were details from internal AMD slides revealing the performance potential of AMD's next-gen server processors, codenamed “Milan,” otherwise known as Zen 3, due to ship later this year.According to the slides, Zen 3 is in many ways similar to the Zen 2 generation (aka “Rome”) currently on the market. It will be socket-compatible with the first and second generation of Epycs, so current owners can swap out the older chips for newer. It will have a maximum of 64 cores, which is the same as Rome. It will support DDR4 memory and PCI Express 4.0 interconnects, like Rome. One difference is that instead of two 16MB L3 caches, Milan will have one 32MB L3 cache.To read this article in full, please click here

Docker Support for the New GitHub Container Registry

Docker and GitHub continue to work together to make life easier for developers. GitHub today announced a new container registry: GitHub Container Registry. GitHub and Docker both occupy essential components in the developer workflow for building and deploying cloud native applications so we thought we would provide some insight into how the new tooling benefits developers. 

Found at ghcr.io, the new GitHub registry adds support for anonymous pulls and decouples git repositories permissions from container registry’s permissions. This allows projects to have private git repositories with a public container registry or vice versa. Other features like OCI compliance, Helm charts, and support for GITHUB_TOKEN are expected later. 

The GitHub Container Registry was built with Docker in mind so your Docker Engines and Docker Desktops will seamlessly work with this new registry.  Let’s take a look at this in action over at our upcoming Docker Login GitHub Action:

name: ci
on:
  push:
    branches: master
jobs:
  login:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Login to GitHub Package Registry
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GHCR_TOKEN }}

That is all you need to do. When Continue reading

History of Networking: Networking at Google with Richard Hay

Google fascinates network engineers because of the sheer scale of their operations, and their obvious influence over the way networks are built and operated. In this episode of the History of Networking, Richard Hay joins Donald Sharp and Russ White to talk about some past designs and stories of failure and success in one of the world’s largest operating networks.

download

MySQL on Azure Performance Benchmark – ScaleGrid vs. Azure Database

Microsoft Azure is one of the most popular cloud providers in the world, and a natural fit for database hosting on applications leveraging Microsoft across their infrastructure. MySQL is the number one open source database that’s commonly hosted through Azure instances. While Microsoft offers their own Azure Database product, there are other alternatives available that may be able to help you improve your MySQL performance. In this blog post, we compare Azure Database for MySQL vs. ScaleGrid MySQL on Azure so you can see which provider offers the best throughput and latency performance. We measure latency in ms 95th percentile latency.

Two clicks to add region-based Zero Trust compliance

Two clicks to add region-based Zero Trust compliance

Your team members are probably not just working from home - they may be working from different regions or countries. The flexibility of remote work gives employees a chance to work from the towns where they grew up or countries they always wanted to visit. However, that distribution also presents compliance challenges.

Depending on your industry, keeping data inside of certain regions can be a compliance or regulatory requirement. You might require employees to connect from certain countries or exclude entire countries altogether from your corporate systems.

When we worked in physical offices, keeping data inside of a country was easy. All of your users connecting to an application from that office were, of course, in that country. Remote work changed that and teams had to scramble to find a way to keep people productive from anywhere, which often led to sacrifices in terms of compliance. Starting today, you can make geography-based compliance easy again in Cloudflare Access with just two clicks.

You can now build rules that require employees to connect from certain countries. You can also add rules that block team members from connecting from other countries. This feature works with any identity provider configured and requires no Continue reading

Docker Services 101

Last week I published an overview of how complex (networking-wise) Docker Swarm services can get. This time let’s focus on something that should have been way simpler: running container-based services on a single Linux host.

In the first part of this article I’m focusing on the basics, including exposed ports, and published ports. The behind-the-scenes details are coming in a week or so; in the meantime you can enjoy (most of them) in the Docker Networking Deep Dive webinar.

Keep reading

Researchers set a new world-record Internet speed

Researchers at University College London claim they’ve obtained a new top internet speed of 178Tbps – a fifth quicker than the prior record and fast enough to download the entire Netflix catalog in under a second, they say.To achieve that, the researchers used different bandwidth ranges than are typically used in commercial optical systems. Traditional fiber infrastructure uses bandwidth of 4.5THz with 9THz becoming more available commercially. In UCL experiments, the scientists used 16.8THz.[Get regularly scheduled insights by signing up for Network World newsletters.] To do this the researchers used a variety of amplifier technologies, customizing which ones they used for each wavelength to optimize its performance as measured by phase, brightness and polarization, according to a press statement put out by UCL. These customization packages are known as geometric signal constellations.To read this article in full, please click here

Researchers set a new world-record Internet speed

Researchers at University College London claim they’ve obtained a new top internet speed of 178Tbps – a fifth quicker than the prior record and fast enough to download the entire Netflix catalog in under a second, they say.To achieve that, the researchers used different bandwidth ranges than are typically used in commercial optical systems. Traditional fiber infrastructure uses bandwidth of 4.5THz with 9THz becoming more available commercially. In UCL experiments, the scientists used 16.8THz.[Get regularly scheduled insights by signing up for Network World newsletters.] To do this the researchers used a variety of amplifier technologies, customizing which ones they used for each wavelength to optimize its performance as measured by phase, brightness and polarization, according to a press statement put out by UCL. These customization packages are known as geometric signal constellations.To read this article in full, please click here

1 891 892 893 894 895 3,834