facebook_pixel

Facebook is once again putting the $41 billion computer network industry to shame

Facebook has produced yet another computer network innovation that will once again floor the $41 billion network techindustry.

And Facebook will again share it with the world for free, putting commercial network tech vendors on notice. (We’re looking at you, Cisco).

The new innovation, revealed on Tuesday, is something called Backpack and it’s a second-generation computer switch, the successor to the one it released last year called the 6-Pack that directly challenged tech made by market leader Cisco (and others, like Juniper).

The difference is, the Backpack is way, way faster.

The 6-Pack was a 40G switch, which means it could stream 40G worth a data around a data center network. The Backpack is an 100G optical switch, which means it’s 2.5 times faster, and using fiber optics (aka light) to move data around instead of the traditional and more limited copper wires.

The Backpack is also a companion to the new switch Facebook announced last spring, called Wedge 100. The Wedge 100 is what’s known as a “top of rack” switch, that connects a computer rack of servers to the network. The Backpack then connects all the Wedge 100 switches together. In network jargon this is known as a “network fabric.”

Facebook is attempting to build itself a fully 100G data center and these two pieces get it much of the way there, along with the network equipment it announced last week that put the telecom equipment industry on notice.

Read the Full Story at Businessinsider.com 

HTTP/2 Has Been Approved!

When the last version of the Hypertext Transfer Protocol 1.1 (HTTP/1.1) was approved in 1999, fast computers were running 500MHz Pentium III chips, Bill Clinton was president of the United States, and software engineers were working hard at fixing the Y2K bug. As for the internet, the US Federal Communications Commission defined broadband as 200 kilobits per second (Kbps), and most users connected to it with 56Kbps modems. Things have changed, and HTTP, the web’s fundamental protocol, is finally changing with the times, too.
http2
Read full article here: http://www.zdnet.com/article/how-http2-will-speed-up-your-web-browsing/

How To Protect Your Server From The GHOST Vulnerability

ghost-vulnerability-1
Want to know more about GHOST Vulnerability? It is listed as a Critical issue and is officially known as CVE-2015-0235. It is a vulnerability located in the glibc library of most Linux systems and takes advantage of a condition called a “buffer overflow” and can allow a remote attacker to gain complete control of a system. Any system running a version of glibc older than 2.18 is likely to be susceptible to an attack in this manner.

How to Check Your Server

Red Hat Enterprise Linux & CentOS
You can use rpm (the Red Hat Package Manager) to check the glibc version:
[root@box ~]# rpm -q glibc
The command will give an output similar to this:
glibc-2.5-123.el5_11.1
Note the version information, highlighted in red in the above example. If this version matches, or is more recent than the versions listed below, you are safe from the GHOST vulnerability:
- CentOS 6: glibc-2.12-1.149.el6_6.5
- CentOS 7: glibc-2.17-55.el7_0.5
- RHEL 5: glibc-2.5-123.el5_11.1
- RHEL 6: glibc-2.12-1.149.el6_6.5
- RHEL 7: glibc-2.17-55.el7_0.5

Any version older than these is vulnerable to GHOST and should be patched as soon as possible.

Debian & Ubuntu

The ldd command, used to check for dynamic dependencies, can be used to see the version of glibc on Debian-based systems, including Ubuntu:
debianbox:~# ldd -version
The output will look similar to this:
ldd (Debian EGLIBC 2.11.3-4) 2.11.3
Copyright (C) 2009 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.

Note the version information, highlighted in red in the example. If this version matches, or is more recent than the versions listed below, the system is not vulnerable to GHOST:

– Ubuntu 12.04 LTS: 2.15-0ubuntu10.10
– Ubuntu 10.04 LTS: 2.11.1-0ubuntu7.20
– Debian 7 LTS: 2.13-38+deb7u7

Any versions older than these are vulnerable and should be patched as soon as possible.

How to Fix the Vulnerability

The simple way to fix the GHOST vulnerability, is to use the default package manager for your distribution to update the glibc version. Below, we will offer sample processes for a Red Hat/CentOS based environment, and for a Debian/Ubuntu based environment.

RHEL & CentOS
The default package manager for Red Hat Enterprise Linux, CentOS, and related distributions is yum:
[root@box ~]# sudo yum update glibc
When the system prompts you for confirmation, respond with ‘y’.

Once the system is done updating, you will need to reboot it. This is necessary because glibc is used by many applications, and those applications must be restarted to use the new library version. Theoretically, you could manually restart each application, but if you miss one, you will leave your system vulnerable to attack. You can reboot your system with either of the following commands:
[root@box ~]#sudo reboot
or
[root@box ~]#sudo shutdown -r now
Once your system has restarted, make sure the vulnerability has been patched by using the instructions from the earlier section.

Debian & Ubuntu

The default package manager for Debian, Ubuntu, and related distributions is apt. For currently supported versions of Debian and Ubuntu, update all of your packages to the latest version available. In most situations, we recommend doing a ‘dist-upgrade’, however, in some cases this may cause issues with certain packages, as the dist-upgrade command can add and remove packages in addition to upgrading them. If you are concerned that this is the case on your system, you can use ‘upgrade’ as an alternative, though make extra sure to check your system for the vulnerability afterwards if you do this.
debianbox:~# sudo apt-get update && sudo apt-get dist-upgrade
or
debianbox:~# sudo apt-get update && sudo apt-get upgrade
In either case, then respond to the confirmation prompt with ‘y’.

Once the system is done updating, you will need to reboot it. This is necessary because glibc is used by many applications, and those applications must be restarted to use the new library version. Theoretically, you could manually restart each application, but if you miss one, you will leave your system vulnerable to attack. You can reboot your system with either of the following commands:
debianbox:~# sudo reboot
or
debianbox:~# sudo shutdown -r now
Once your system has restarted, make sure the vulnerability has been patched by using the instructions from the earlier section.

For more information about the GHOST vulnerability, please see this link from the United States Computer Emergency Readiness Team (US-CERT):
https://www.us-cert.gov/ncas/current-activity/2015/01/27/Linux-Ghost-Remote-Code-Execution-Vulnerability

Twitter Boostrap 3.3.2 Has Been Released

For those of you currently using Twitter Boostrap in your website, Bootstrap announced version 3.3.2 yesterday! The release is focused on bug fixes, accessibility improvements, and documentation updates. It includes over 300 commits from 19 contributors.

Full details of the 3.3.2 release can be found on their blog post.

Twitter Bootstrap is an HTML, CSS, and JS framework that assists in developing responsive websites. They have lots of examples and great documentation to get you started.

BuiltWithBootstrap.com is a good resource to learn more and stay current on Boostrap. They have website examples and also provide Bootstrap news and tips.