Lessons from a 2020 intern assignment

Lessons from a 2020 intern assignment

This summer, Cloudflare announced that we were doubling the size of our Summer 2020 intern class. Like everyone else at Cloudflare, our interns would be working remotely, and due to COVID-19, many companies had significantly reduced their intern class size, or outright cancelled their programs entirely.

With our announcement came a huge influx of  students interested in coming to Cloudflare. For applicants seeking engineering internships, we opted to create an exercise based on our serverless product Cloudflare Workers. I'm not a huge fan of timed coding exercises, which is a pretty traditional way that companies gauge candidate skill, so when I was asked to help contribute an example project that would be used instead, I was excited to jump on the project. In addition, it was a rare chance to have literally thousands of eager pairs of eyes on Workers, and on our documentation, a project that I've been working on daily since I started at Cloudflare over a year ago.

In this blog post, I will explain the details of the full-stack take home exercise that we sent out to our 2020 internship applicants. We asked participants to spend no more than an afternoon working on it, and Continue reading

Fixes for Some Vagrant Issues on Fedora

Yesterday I needed to perform some testing of an updated version of some software that I use. (I was conducting the testing because this upgrade contained some breaking changes, and needed to understand how to mitigate the breaking changes.) So, I broke out Vagrant (with the Libvirt provider) on my Fedora laptop—and promptly ran into a couple issues. Fortunately, these issues were relatively easy to work around, but since the workarounds were non-intuitive I wanted to share them here for the benefit of others.

If you’re unfamiliar with Vagrant, have a look at my quick introduction to Vagrant. The “TL;DR” is the Vagrant can offer users a consistent workflow to creating and destroying VMs across a fairly wide number of platforms, including both local providers (like VirtualBox or VMware Fusion/VMware Workstation) and cloud provider (such as AWS and Azure). I’ve written a fair amount on Vagrant, so feel free to browse all the “Vagrant”-tagged posts on the site for more information.

Likewise, if you’re unfamiliar with the Libvirt provider, check out this post from 2017 on using Vagrant with Libvirt on Fedora 27.

In my testing yesterday, I ran into two networking-related issues. The first of them was Continue reading

Security Aspects of Using Smart NICs

After I published the blog post describing how infrastructure cloud provides (example: AWS) might use smart Network Interface Cards (NICs) as the sweet spot to implement overlay virtual networking, my friend Christoph Jaggi sent me links to two interesting presentations:

Both presentations describe how you can take over a smart NIC with a properly crafted packet, and even bypass CPU on a firewall using smart NICs.

Read more …

Microsoft is buying CyberX to bolster its Azure IoT security

Microsoft has announced it will purchase the industrially focused network security vendor CyberX for an undisclosed sum in an effort to bolster the security capabilities of its Azure IoT platform.The acquisition strikes at the heart of two key IIoT security pain points. While it’s comparatively easy to build new IoT devices that have all the necessary features for seamless security management, older devices running a wildly diverse range of different protocols, which may lack important features like the ability to be patched remotely, are a bigger challenge.To read this article in full, please click here

Network Break 289: Cisco Live 2020, Palo’s ML, HPE Edge Telco and more

Cisco Live Virtual topics so SecureX, Webex Collaboration and the "Connected Experience" (even if we don't really know what that is). Palo Alto gets machine learning features into the latest PAN-OS release for malware scanning, automated rule creation and more. HPE get Edgey with Telco plus more on Zoom security tradeoffs. 

The post Network Break 289: Cisco Live 2020, Palo’s ML, HPE Edge Telco and more appeared first on Packet Pushers.

Research: Off-Path TCP Attacks

I’s fnny, bt yu cn prbbly rd ths evn thgh evry wrd s mssng t lst ne lttr. This is because every effective language—or rather every communication system—carried enough information to reconstruct the original meaning even when bits are dropped. Over-the-wire protocols, like TCP, are no different—the protocol must carry enough information about the conversation (flow data) and the data being carried (metadata) to understand when something is wrong and error out or ask for a retransmission. These things, however, are a form of data exhaust; much like you can infer the tone, direction, and sometimes even the content of conversation just by watching the expressions, actions, and occasional word spoken by one of the participants, you can sometimes infer a lot about a conversation between two applications by looking at the amount and timing of data crossing the wire.

The paper under review today, Off-Path TCP Exploit, uses cleverly designed streams of packets and observations about the timing of packets in a TCP stream to construct an off-path TCP injection attack on wireless networks. Understanding the attack requires understanding the interaction between the collision avoidance used in wireless systems and TCP’s reaction to packets with a sequence number outside Continue reading

DockerCon 2020: The Microsoft Sessions

This is the second post of our series of blog articles focusing on the key developer content that we are curating from DockerCon LIVE 2020. Increasingly, we are seeing more and more developers targeting Microsoft architectures and Azure for their containerized application deployments. Microsoft has always had a rich set of developer tools including VS Code and GitHub that work with Docker tools. 

One of the biggest developments for developers using Windows 10 is the release of WSL 2 (Windows Subsystem for Linux). Instead of using a translation layer to convert Linux kernel calls into Windows calls, WSL 2 now offers its own isolated Linux kernel running on a thin version of the Hyper-V hypervisor. Check out Simon Ferquel’s session on WSL 2 as well as Paul Yuknewicz’s session on apps running in Azure. Be sure to check out these valuable sessions on using Docker with Microsoft tools and technologies.

Docker Desktop + WSL 2 Integration Deep Dive

Simon Ferquel – Docker

Simon’s session provides a deep dive on how Docker Desktop on Windows works with WSL 2 to provide a better developer experience. This presentation will give you a better understanding of how Docker Desktop and WSL 2 Continue reading

The Week in Internet News: U.S. DOJ Wants to Hold Website Liable for User Comments

Legal landmines: The U.S. Department of Justice has proposed ending a 24-year-old provision that protections websites and social media outlets from lawsuits for comments and other content posted by users, the Washington Post reports. While some Republicans have complained about social media sites allegedly burying conservative voices, the proposal would actually force sites into heavy moderation as a way to avoid lawsuits. The DOJ proposal would also end legal protections for tech companies that fail to allow law enforcement access to encrypted communications.

Taxing the Internet: The European Union is considering a digital goods tax, but it may have to do so without an agreement from the U.S. government, Al Jazeera reports. The U.S. government has announced it is withdrawing from negotiations with European countries over new international tax rules on digital goods. Nearly 140 countries have been involved in the negotiations.

Internet in space: SpaceX is opening up its Starlink low-earth orbit Internet service to beta testers, ZDNet says. SpaceX now has 540 satellites deployed, allowing for “minor” coverage. The company plans to eventually launch as many as 30,000 Starlink satellites.

The café society: Operators of Internet cafés and gaming centers in Thailand are pushing for Continue reading

Measuring Route Origin Validation

How well are we doing with the adoption of Route Origin Validation in the Inter-Domain routing space? How many users can no longer reach a destination if the only available ROAs mark the destination announcement as invalid?

Bayesian Finite Mixture Models

Motivation

I have been lately looking at Bayesian Modelling which allows me to approach modelling problems from another perspective, especially when it comes to building Hierarchical Models. I think it will also be useful to approach a problem both via Frequentist and Bayesian to see how the models perform. Notes are from Bayesian Analysis with Python which I highly recommend as a starting book for learning applied Bayesian.

Mixture Models

In statistics, mixture modelling is a common approach for model building. A Model built by simpler distributions to obtain a more complex model. For instance,

  • Combination of two Gaussian’s to describe a bimodal distribution.
  • Many Guassian’s to describe any arbitrary distributions.

We can use a mixture of models for modelling sub-populations or complicated distributions which can not be modelled with simpler distributions.

Finite Mixture Models

In Finite mixture models, as the name suggests, we mix a known number of models together with some weights associated for each model. Probability density of the observed data is a weighted sum of the probability density for K subgroups of the data where K is the number of models.

\[p(y|\theta) = \sum_{i=1}^{K} w_{i}p_{i}(y_{i}|\theta_{i})\]

Here, \(w_{i}\) is the weight for each group and all the Continue reading

Connect a VXLAN-EVPN DC to the Public Cloud the right way

In my latest blog post i was ranting on how you should not do cloud connectivity, and specifically how you should stay miles away from whoever suggests the use of vxlan to “extend layer 2”.
Today i wanted to show you instead how you could actually extend your network into the cloud to allow workload mobility. It’s assumed that your application is “cloud ready” and won’t require a layer 2 adjacency with other components.

As part of a customer project i was supposed to design a cloud connectivity solution that would allow to extend several VRFs into AWS. The requirements were very clear, so let’s list them:

  1. It is required to extend around 15 VRFs into AWS to allow application migrations into the cloud.
  2. The solution needs to be ready for other clouds like Azure or IBM Cloud
  3. The solution needs to be scalable and be able to ensure support to additional VRFs without network redesign

The high level solution

Simply put, what we did was to extend VXLAN-EVPN Overlay into AWS, specifically by making the CSR 1000v a vtep.
In my specific use case, the customer is running a dual site VXLAN-EVPN DC with EVPN Multi-Site for the DCI Continue reading

DevAsc – Python Palindrome Challenge

Time for another Python challenge. This time it’s the palindrome challenge. What is a palindrome? A palindrome is a word, number, phrase, or other sequence of characters which reads the same backward as forward. Some examples are level, radar, stats.

The goal is to take a string the user inputs, reverse the string and see if it’s identical backward as forward. I will divide my code into two functions:

  • get_string
  • check_palindrome

The first function simply takes the string that is input. The second function checks if it’s a palindrome and prints the result.

As always, let’s first start with a docstring:

"""Program to check if string is a palindrome"""

Then we create a function to get the string from the user. This code should look familiar if you went through the divisors challenge.

def get_string():
    """Get a string from user to be used in function to check for palindrome"""
    # Get string from user with input() and return result 
    user_string = input("Please enter a string to check if it's a palindrome: ")
    return user_string

Now for the more interesting part, to check if a string is a palindrome. To do that, we need to reverse the string. How can we Continue reading

Measuring IPv6

This week I participated in a workshop on measurement of IPv6, organised by the US Naval Postgraduate School's Centre for Measurement and Analysis of Network Data (CMAND) and the folk at UC San Diego's Center for Applied Internet Data Analysis (CAIDA). Here's my notes from that workshop and a few opinions about IPv6 thrown is as well.

Weekend Reads 061920

A few months ago, there was a lot of discussion that despite its claims, Zoom did not actually offer end-to-end encryption. They’re in the process of fixing that, which is good, but that raises a deeper question: why trust their code?—Steve Bellovin

Intel has announced new CPU-level capabilities designed to protect apps against threats that take advantage of buffer overflow and other common vulnerabilities related to memory security. —Jai Vijayan

The Department of Homeland Security and CISA ICS-CERT today issued a critical security advisory warning about over a dozen newly discovered vulnerabilities affecting billions of Internet-connected devices manufactured by many vendors across the globe. —Mohit Kumar

The cyber risks to our H2O infrastructure have yet to enter the public debate in the way that vulnerabilities in the electric grid have, despite proven attacks on this critical infrastructure. —Samantha F. Ravich

Amazon Web Services recently had to defend against a DDoS attack with a peak traffic volume of 2.3 Tbps, the largest ever recorded, ZDNet reports. —Jon Porte

Intel today announced its third-generation Xeon Scalable (meaning Gold and Platinum) processors, along with new generations of its Optane persistent memory (read: extremely low-latency, high-endurance SSD) and Stratix AI FPGA products. Continue reading

Daily Roundup: AT&T Clarifies 5G Timeline

AT&T clarified its nationwide 5G timeline; Microsoft bought ADRM; and Verizon teased of its...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

1 932 933 934 935 936 3,841