Weekend Reads 091120

In our final article on Kubernetes RBAC, we are focusing on RBAC itself. Everything else in the series led towards this key piece. In part one we discussed authentication and authorization on a high level and in part two we focused specifically on authentication. Now let’s dive into authorization.

LitmusChaos is a CNCF sandbox project. Its mission is to help Kubernetes SREs and developers to find weaknesses in Kubernetes platform and applications running on Kubernetes by providing a complete Chaos Engineering framework and associated chaos experiments.

China’s drive for technological dominance has resulted in a long-term, government-driven national strategy. This includes the creation of native technologies which reflect local policies and politics, micromanagement of the internet from the top down, and the use of international standards development organisations (SDOs), such as the UN agency the International Telecommunication Union (ITU), to legitimize and protect these technologies in the global marketplace.

The implementation of prop-132 (AS0 for unallocated and unassigned spaces) is completed, and APNIC is now publishing an AS0 Route Origin Authorization (ROA) covering the undelegated IPv4 and IPv6 ranges under our management.

Privacy has become a business imperative. May 25, 2020, marked the two-year anniversary of General Data Protection Regulation (GDPR) enforcement, which has already wrought dozens of hefty fines, including €50 million for Google and €99 million for Marriott. Although these fines are less severe than the 4% of annual revenue that GDPR could levy, organizations should still be concerned since dozens of lesser-known companies have also been fined hundreds of thousands of dollars each.

Google is proposing a new standard called WebBundles. This standard allows websites to “bundle” resources together, and will make it impossible for browsers to reason about sub-resources by URL. This threatens to change the Web from a hyperlinked collection of resources (that can be audited, selectively fetched, or even replaced), to opaque all-or-nothing “blobs” (like PDFs or SWFs). Organizations, users, researchers and regulators who believe in an open, user-serving, transparent Web should oppose this standard.

SONiC has come a long way in just a few short years, but we aim to take it even further—beyond fixed system IP fabric deployments. Our goal is to make SONiC ubiquitous throughout the data center, WAN core and edge. Now, we’ve taken major steps in doing it by implementing multiple packet forwarding engines (PFEs) in SONiC platforms. By bringing SONiC to multi-PFE chassis, we can provide a simpler, better-performing network solution for the most demanding cloud and service provider environments—without sacrificing the flexibility of an open, disaggregated NOS.

Cisco has warned of an active zero-day vulnerability in its router software that’s being exploited in the wild and could allow a remote, authenticated attacker to carry out memory exhaustion attacks on an affected device.

Give your DNS Statistics Collector (DSC) a facelift with a new Grafana dashboard, featuring a host of applications and metrics that will provide server administrators far richer commentary on the health of their DNS.

In recent years, the ubiquitous nature of Internet-of-Things (IoT) applications as well as the pervasive character of next-generation communication protocols, such as the 5G technology, have become widely evident. In this work, we identify the need for low-cost security in current and next-generation IoT networks and address this demand through the implementation, testing, and validation of an intrinsic low-cost and low-overhead hardware-based security primitive within an inherent network component.