Polls

Is there an unsecured wireless network near you?
 
HPE's Aruba adopts DPUs, but in a switch, not a server
Wednesday, 20 October 2021 02:01

HTTP/2 200 date: Wed, 20 Oct 2021 13:03:03 GMT content-type: text/html; charset=UTF-8 link: ; rel=preload; as=script;,/bea9b94002d2e721422add584a7f2257d5de42ae/javascript/_.js>; rel=preload; as=script;,/default/71fc4d06d407018d265f5c297dc02a9d116a937c/scaffolding.css>; rel=preload; as=style;,/default/71fc4d06d407018d265f5c297dc02a9d116a937c/design.css>; rel=preload; as=style;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-700.latin.woff2>; rel=preload; as=font; crossorigin;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-400.latin.woff2>; rel=preload; as=font; crossorigin; cache-control: max-age=0 expires: Wed, 20 Oct 2021 13:03:03 GMT vary: Accept-Encoding x-reg-bofh: pfy02us x-clacks-overhead: GNU Terry Pratchett, Lester Haines x-content-type-options: nosniff cf-cache-status: DYNAMIC expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server: cloudflare cf-ray: 6a1271acdbd9fea5-MEL alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Aruba debuts switch with integrated SmartNIC • The Register

Decides switches need help performing network functions, just like servers need their CPUs free for core workloads


HPE's networking subsidiary Aruba has added data processing units to a switch.

Data processing units (DPUs) – aka SmartNICs or "infrastructure processing units" (IPUs) – are small computers integrated into a network adapter. Hyperscale operators adopted the devices to relieve servers of chores ranging from handling I/O to external storage or running network services under software-defined networks. DPUs/IPUs/SmartNICs are also valued for adding isolation to components in a data centre, which helps for security purposes.

VMware, Nvidia, and Intel have backed the devices as a new and vital tier of enterprise data centres, and are endeavouring to make them work in mainstream servers any month now with the suggestion that they are a splendid place to spin up network-centric workloads as needed.

A common scenario for the devices imagines a server spawning a container that's part of a microservice, at which point a firewall and load balancer run on the DPU to secure the resulting traffic alongside the NIC's other packet-schlepping tasks. The server just runs the container and – because it's not also firewalling or load-balancing – has expensive Intel Xeon or AMD EPYC cores available for more important work.

Aruba likes that idea so much it has added DPUs from Pensando – to a switch.

As explained to The Register by Aruba veep William Choe, the company feels that switches can use a hand from a DPU both because East-West traffic in the data centre is growing (thanks to microservices and microsegmentation) and because switches are an ideal place to inspect traffic before it reaches other, more sensitive parts of a network.

The company's new offering therefore allows the creation and application of port-level security policies that are tuned to the needs of each application, or even each microsegment. Those policies run inline on the DPU.

Aruba already sells a firewall and load balancer as part of its edge services offering. That software now runs on the DPU. Choe suggested encryption as another service to run on a DPU.

The Register asked Choe why Aruba chose to use DPUs instead of baking this functionality into ASICs that are a core part of the switch – a long-standing practice among makers of networking appliances. He responded that DPUs offer a cheaper and faster route to the desired outcome.

"A switch historically moves packets and that is a static function," Choe said. By putting extra functionality in a switch – but on a DPU – Aruba thinks it has found a happy medium.

Aruba's DPUs come from a company called Pensando that, not coincidentally, has attracted investment from Aruba.

The machine hosting the DPUs is called the CX 10000, and Aruba is billing it as a "Distributed Services Switch" – and an evolution from switching fabrics.

Choe opined that the device will appeal to the DPU-curious because it lets them adopt the devices without having to upgrade or acquire new servers. Switch buyers, he added, are more likely to upgrade as traffic increases place networks under pressure.

The CX 10000 is currently being beta tested by select customers, but is scheduled to go on sale in early 2022. At this stage that looks to be in advance of the timeframe for Intel, VMware, or Nvidia to formally offer a DPU/IPU/SmartNIC product. The tech may therefore first debut in switches, despite over a year of noise about its importance to servers. ®


Other stories you might like

The Brave browser will now default to the company's own search engine, claimed to preserve privacy, while a new Web Discovery Project aims to collect search data again with privacy protection.

The Brave web browser is based on the Google-sponsored Chromium engine but with features designed to prevent tracking, as well as an unusual reward system using its own cryptocurrency, the Basic Attention Token (BAT). Brave search will now be the default on new installs for desktop, Android, and iOS. Existing Brave users will keep their current default unless they choose to change it.

Brave Search was released in beta in June and uses technology called Tailcat, acquired from the failed German Cliqz project, which also sought to provide a Google-free index.

Continue readingNHS Digital exposes hundreds of email addresses after BCC blunder copies in entire invite list to 'Let's talk cyber' event It's like rai-iiiiiin on your wedding day

NHS Digital has scored a classic Mail All own-goal by dispatching not one, not two, not three, but four emails concerning an infosec breakfast briefing, each time copying the entirety of the invite list in on the messages.

The first email sent yesterday morning thanked participants for "registering for NHS Digital's Full Digital Breakfast: Let's talk cyber, scheduled for Thursday 21 October 2021, 8:00-9:00am."

Apparently Neil Bennett, CISO at NHS Digital, and Phil Huggins, National CISO at NHS X, "along with guest speakers, will have a conversation about the ongoing protection and how an increasingly digitised world means we must be super vigilant and cyber secure, where cyber hygiene is essential in protecting patients."

Continue readingHitting underground pipes and cables costs the UK £2.4bn a year. We need a data platform for that, says government Atkins wins £23m deal to build National Underground Asset Register

The UK government has awarded management consultancy Atkins a £23m contract to help it get to grips with accidental damage to underground pipes and cables, which is costing £2.4bn a year.

The Geospatial Commission, an independent expert committee within the Cabinet Office, has awarded the work to help it build "a secure data exchange platform providing a comprehensive, trusted and secure digital map of where buried assets are located."

Documents attached to a competitive tender notice point out that when digging up roads or attempting any other subterranean engineering, workers suffer the considerable difficulty of finding out what other human-made structures might be down there.

Continue reading

The Moon remained volcanically active much later than previously thought, judging from fragments of rocks dating back two billion years that were collected by China's Chang’e 5 spacecraft.

The Middle Kingdom's space agency obtained about 1.72 kilograms (3.8 pounds) of lunar material from its probe that returned to Earth from the Moon in December. These samples gave scientists their first chance to get their hands on fresh Moon material in the 40 years since the Soviet Union's Luna 24 mission brought 170 grams (six ounces) of regolith to our home world in 1976.

The 47 shards of basalt rocks retrieved by Chang'e 5 were estimated to be around two billion years old using radiometric dating techniques. The relatively young age means that the Moon was still volcanically active up to 900 million years later than previous estimates, according to a team of researchers led by the Chinese Academy of Sciences (CAS).

Continue readingCentre for Computing History apologises to customers for 'embarrassing' breach Website patched following phishing scam, no financial data exposed

Updated The Centre for Computing History (CCH) in Cambridge, England, has apologised for an "embarrassing" breach in its online customer datafile, though thankfully no payment card information was exposed.

The museum for computers and video games said it was notified that a unique email address used to book tickets via its website "has subsequently received a phishing email that looked like it came from HSBC."

"Our investigation has revealed that our online customer datafile has been compromised and the email addresses contained within are now in the hands of spammers," says the letter to visitors from Jason Fitzpatrick, CEO and trustee at CCH dated 19 October.

Continue readingAncient with a dash of modern: We joined the Royal Navy to find there's little new in naval navigation Following the Fleet Navigating Officers' course

Boatnotes II The art of not driving your warship into the coast or the seabed is a curious blend of the ancient and the very modern, as The Reg discovered while observing the Royal Navy's Fleet Navigating Officers' (FNO) course.

Held aboard HMS Severn, "sea week" of the FNO course involves taking students fresh from classroom training and putting them on the bridge of a real live ship – and then watching them navigate through progressively harder real-life challenges.

"It's about finding where the students' capacity limit is," FNO instructor Lieutenant Commander Mark Raeburn told The Register. Safety comes first: the Navy isn't interested in having navigators who can't keep up with the pressures and volume of information during pilotage close to shore – or near enemy minefields.

Continue readingDarmstadt, we have a problem – ESA reveals its INTEGRAL space telescope was three hours from likely death Gamma ray-spotting 'scope was spinning uncontrollably and unable to make 'leccy until dramatic rescue

The European Space Agency (ESA) revealed on Monday that its 19-year-old International Gamma-Ray Astrophysics Laboratory (INTEGRAL) had a near-death experience last month when failure of a small yet significant part caused it to spin uncontrollably and prevented its solar panels from generating power.

According to ESA's blog, one of the scope's three active 'reaction wheels' – flywheels that help to stabilise attitude – turned off without warning. Absent the reaction wheel's energy, INTEGRAL rotated dangerously.

The ESA activated Emergency Safe Attitude Mode, but that was ineffective because a July 2020 failure had left the geriatric satellite's thrusters inoperable.

Continue readingWhen it comes to ransomware, every second hurts Fortinet seeks to make EDR easy for non-specialists

Sponsored For the longest time it seemed that modern endpoint detection and response (EDR) was getting on top of the worst malware, only for that certainty to evaporate in a single day in June 2017 thanks to a strange malware event remembered as the NotPetya attack.

A lot of virtual ink has flowed on the origins of NotPetya but the most important aspect of its behaviour for anyone involved in endpoint defence EDR was the stunning speed with which it turned entire networks of computers into boxes uselessly pushing warm air. The word ‘fast’ gets bandied around a lot in malware incidents but for once this was no hyperbole, reportedly downing an entire Ukrainian bank in 45 seconds and a network running part of the country’s transit system in a third of that time.

That means the infection unfolded in roughly 15 seconds to less than a minute. As with the equally swift WannaCry infection which had encrypted at least 200,000 computers in 150 countries only weeks earlier, this was far faster than EDR systems of the time - and the teams fielding the alerts generated by them - could possibly react. Security Operations Centre (SoC) teams couldn’t even ask employees to turn their computers off.

Continue readingFacebook may soon reveal new name – we're sure Reg readers will be more creative than Zuck's marketroids We've kicked things off with the most splendidly evil fictional corporations, feel free to share your ideas

POLL Consumer tech outlet The Verge today reports that Facebook may soon reveal a new name.

Apparently Zuck wants to create an umbrella brand – a bit like Google did when it created Alphabet as its parent company. The Social Network™ is also keen to reflect its shift to "the metaverse", as signalled by its plan to hire 10,000 new workers to build some version of shared virtual reality.

Facebook has clammed up about its plans.

Continue readingSir Clive Sinclair inspired me and 'whole load of others' at Arm, says CEO Simon Segars But of course chief exec's first computer was an Acorn

Like so many of us in tech, Arm CEO Simon Segars has his own computing origins story, which he shared during a speech on Tuesday at the Arm DevSummit developer conference.

British-born Segars' interest in computing started at age 14, when he'd go to a shop that had a Sinclair ZX81 computer on display, on which he wrote simple programs, learning about concepts like variables and loops.

"It was expensive at £70, we weren't about to buy one … and [it was] primitive by today's standards. It had a 3Mhz, 8-bit microprocessor and a whole 1KB of memory," Segars said.

Continue readingCrims target telcos' Linux and Solaris boxes, which don't get enough infosec love CrowdStrike says 'LightBasin' gang avoids Windows, and knows that telco networks run on badly-secured *nix

A mysterious criminal gang is targeting telcos' Linux and Solaris boxes, because it perceives they aren't being watched by infosec teams that have focussed their efforts on securing Windows.

Security vendor CrowdStrike claims it's spotted the group and that it "has been consistently targeting the telecommunications sector at a global scale since at least 2016 … to retrieve highly specific information from mobile communication infrastructure, such as subscriber information and call metadata." The gang appears to understand telco operations well enough to surf the carrier-to-carrier links that enable mobile roaming, across borders and between carriers, to spread its payloads.

CrowdStrike principal consultant Jamie Harries and senior security researcher Dan Mayer named the group "LightBasin", but it also goes by the handle "UNC1945".

Continue reading

HTTP/2 200 date: Wed, 20 Oct 2021 13:03:03 GMT content-type: text/html; charset=UTF-8 link: ; rel=preload; as=script;,/bea9b94002d2e721422add584a7f2257d5de42ae/javascript/_.js>; rel=preload; as=script;,/default/71fc4d06d407018d265f5c297dc02a9d116a937c/scaffolding.css>; rel=preload; as=style;,/default/71fc4d06d407018d265f5c297dc02a9d116a937c/design.css>; rel=preload; as=style;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-700.latin.woff2>; rel=preload; as=font; crossorigin;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-400.latin.woff2>; rel=preload; as=font; crossorigin; cache-control: max-age=0 expires: Wed, 20 Oct 2021 13:03:03 GMT vary: Accept-Encoding x-reg-bofh: pfy02us x-clacks-overhead: GNU Terry Pratchett, Lester Haines x-content-type-options: nosniff cf-cache-status: DYNAMIC expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server: cloudflare cf-ray: 6a1271acdbd9fea5-MEL alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Aruba debuts switch with integrated SmartNIC • The Register

Decides switches need help performing network functions, just like servers need their CPUs free for core workloads


HPE's networking subsidiary Aruba has added data processing units to a switch.

Data processing units (DPUs) – aka SmartNICs or "infrastructure processing units" (IPUs) – are small computers integrated into a network adapter. Hyperscale operators adopted the devices to relieve servers of chores ranging from handling I/O to external storage or running network services under software-defined networks. DPUs/IPUs/SmartNICs are also valued for adding isolation to components in a data centre, which helps for security purposes.

VMware, Nvidia, and Intel have backed the devices as a new and vital tier of enterprise data centres, and are endeavouring to make them work in mainstream servers any month now with the suggestion that they are a splendid place to spin up network-centric workloads as needed.

A common scenario for the devices imagines a server spawning a container that's part of a microservice, at which point a firewall and load balancer run on the DPU to secure the resulting traffic alongside the NIC's other packet-schlepping tasks. The server just runs the container and – because it's not also firewalling or load-balancing – has expensive Intel Xeon or AMD EPYC cores available for more important work.

Aruba likes that idea so much it has added DPUs from Pensando – to a switch.

As explained to The Register by Aruba veep William Choe, the company feels that switches can use a hand from a DPU both because East-West traffic in the data centre is growing (thanks to microservices and microsegmentation) and because switches are an ideal place to inspect traffic before it reaches other, more sensitive parts of a network.

The company's new offering therefore allows the creation and application of port-level security policies that are tuned to the needs of each application, or even each microsegment. Those policies run inline on the DPU.

Aruba already sells a firewall and load balancer as part of its edge services offering. That software now runs on the DPU. Choe suggested encryption as another service to run on a DPU.

The Register asked Choe why Aruba chose to use DPUs instead of baking this functionality into ASICs that are a core part of the switch – a long-standing practice among makers of networking appliances. He responded that DPUs offer a cheaper and faster route to the desired outcome.

"A switch historically moves packets and that is a static function," Choe said. By putting extra functionality in a switch – but on a DPU – Aruba thinks it has found a happy medium.

Aruba's DPUs come from a company called Pensando that, not coincidentally, has attracted investment from Aruba.

The machine hosting the DPUs is called the CX 10000, and Aruba is billing it as a "Distributed Services Switch" – and an evolution from switching fabrics.

Choe opined that the device will appeal to the DPU-curious because it lets them adopt the devices without having to upgrade or acquire new servers. Switch buyers, he added, are more likely to upgrade as traffic increases place networks under pressure.

The CX 10000 is currently being beta tested by select customers, but is scheduled to go on sale in early 2022. At this stage that looks to be in advance of the timeframe for Intel, VMware, or Nvidia to formally offer a DPU/IPU/SmartNIC product. The tech may therefore first debut in switches, despite over a year of noise about its importance to servers. ®


Other stories you might like

The Brave browser will now default to the company's own search engine, claimed to preserve privacy, while a new Web Discovery Project aims to collect search data again with privacy protection.

The Brave web browser is based on the Google-sponsored Chromium engine but with features designed to prevent tracking, as well as an unusual reward system using its own cryptocurrency, the Basic Attention Token (BAT). Brave search will now be the default on new installs for desktop, Android, and iOS. Existing Brave users will keep their current default unless they choose to change it.

Brave Search was released in beta in June and uses technology called Tailcat, acquired from the failed German Cliqz project, which also sought to provide a Google-free index.

Continue readingNHS Digital exposes hundreds of email addresses after BCC blunder copies in entire invite list to 'Let's talk cyber' event It's like rai-iiiiiin on your wedding day

NHS Digital has scored a classic Mail All own-goal by dispatching not one, not two, not three, but four emails concerning an infosec breakfast briefing, each time copying the entirety of the invite list in on the messages.

The first email sent yesterday morning thanked participants for "registering for NHS Digital's Full Digital Breakfast: Let's talk cyber, scheduled for Thursday 21 October 2021, 8:00-9:00am."

Apparently Neil Bennett, CISO at NHS Digital, and Phil Huggins, National CISO at NHS X, "along with guest speakers, will have a conversation about the ongoing protection and how an increasingly digitised world means we must be super vigilant and cyber secure, where cyber hygiene is essential in protecting patients."

Continue readingHitting underground pipes and cables costs the UK £2.4bn a year. We need a data platform for that, says government Atkins wins £23m deal to build National Underground Asset Register

The UK government has awarded management consultancy Atkins a £23m contract to help it get to grips with accidental damage to underground pipes and cables, which is costing £2.4bn a year.

The Geospatial Commission, an independent expert committee within the Cabinet Office, has awarded the work to help it build "a secure data exchange platform providing a comprehensive, trusted and secure digital map of where buried assets are located."

Documents attached to a competitive tender notice point out that when digging up roads or attempting any other subterranean engineering, workers suffer the considerable difficulty of finding out what other human-made structures might be down there.

Continue reading

The Moon remained volcanically active much later than previously thought, judging from fragments of rocks dating back two billion years that were collected by China's Chang’e 5 spacecraft.

The Middle Kingdom's space agency obtained about 1.72 kilograms (3.8 pounds) of lunar material from its probe that returned to Earth from the Moon in December. These samples gave scientists their first chance to get their hands on fresh Moon material in the 40 years since the Soviet Union's Luna 24 mission brought 170 grams (six ounces) of regolith to our home world in 1976.

The 47 shards of basalt rocks retrieved by Chang'e 5 were estimated to be around two billion years old using radiometric dating techniques. The relatively young age means that the Moon was still volcanically active up to 900 million years later than previous estimates, according to a team of researchers led by the Chinese Academy of Sciences (CAS).

Continue readingCentre for Computing History apologises to customers for 'embarrassing' breach Website patched following phishing scam, no financial data exposed

Updated The Centre for Computing History (CCH) in Cambridge, England, has apologised for an "embarrassing" breach in its online customer datafile, though thankfully no payment card information was exposed.

The museum for computers and video games said it was notified that a unique email address used to book tickets via its website "has subsequently received a phishing email that looked like it came from HSBC."

"Our investigation has revealed that our online customer datafile has been compromised and the email addresses contained within are now in the hands of spammers," says the letter to visitors from Jason Fitzpatrick, CEO and trustee at CCH dated 19 October.

Continue readingAncient with a dash of modern: We joined the Royal Navy to find there's little new in naval navigation Following the Fleet Navigating Officers' course

Boatnotes II The art of not driving your warship into the coast or the seabed is a curious blend of the ancient and the very modern, as The Reg discovered while observing the Royal Navy's Fleet Navigating Officers' (FNO) course.

Held aboard HMS Severn, "sea week" of the FNO course involves taking students fresh from classroom training and putting them on the bridge of a real live ship – and then watching them navigate through progressively harder real-life challenges.

"It's about finding where the students' capacity limit is," FNO instructor Lieutenant Commander Mark Raeburn told The Register. Safety comes first: the Navy isn't interested in having navigators who can't keep up with the pressures and volume of information during pilotage close to shore – or near enemy minefields.

Continue readingDarmstadt, we have a problem – ESA reveals its INTEGRAL space telescope was three hours from likely death Gamma ray-spotting 'scope was spinning uncontrollably and unable to make 'leccy until dramatic rescue

The European Space Agency (ESA) revealed on Monday that its 19-year-old International Gamma-Ray Astrophysics Laboratory (INTEGRAL) had a near-death experience last month when failure of a small yet significant part caused it to spin uncontrollably and prevented its solar panels from generating power.

According to ESA's blog, one of the scope's three active 'reaction wheels' – flywheels that help to stabilise attitude – turned off without warning. Absent the reaction wheel's energy, INTEGRAL rotated dangerously.

The ESA activated Emergency Safe Attitude Mode, but that was ineffective because a July 2020 failure had left the geriatric satellite's thrusters inoperable.

Continue readingWhen it comes to ransomware, every second hurts Fortinet seeks to make EDR easy for non-specialists

Sponsored For the longest time it seemed that modern endpoint detection and response (EDR) was getting on top of the worst malware, only for that certainty to evaporate in a single day in June 2017 thanks to a strange malware event remembered as the NotPetya attack.

A lot of virtual ink has flowed on the origins of NotPetya but the most important aspect of its behaviour for anyone involved in endpoint defence EDR was the stunning speed with which it turned entire networks of computers into boxes uselessly pushing warm air. The word ‘fast’ gets bandied around a lot in malware incidents but for once this was no hyperbole, reportedly downing an entire Ukrainian bank in 45 seconds and a network running part of the country’s transit system in a third of that time.

That means the infection unfolded in roughly 15 seconds to less than a minute. As with the equally swift WannaCry infection which had encrypted at least 200,000 computers in 150 countries only weeks earlier, this was far faster than EDR systems of the time - and the teams fielding the alerts generated by them - could possibly react. Security Operations Centre (SoC) teams couldn’t even ask employees to turn their computers off.

Continue readingFacebook may soon reveal new name – we're sure Reg readers will be more creative than Zuck's marketroids We've kicked things off with the most splendidly evil fictional corporations, feel free to share your ideas

POLL Consumer tech outlet The Verge today reports that Facebook may soon reveal a new name.

Apparently Zuck wants to create an umbrella brand – a bit like Google did when it created Alphabet as its parent company. The Social Network™ is also keen to reflect its shift to "the metaverse", as signalled by its plan to hire 10,000 new workers to build some version of shared virtual reality.

Facebook has clammed up about its plans.

Continue readingSir Clive Sinclair inspired me and 'whole load of others' at Arm, says CEO Simon Segars But of course chief exec's first computer was an Acorn

Like so many of us in tech, Arm CEO Simon Segars has his own computing origins story, which he shared during a speech on Tuesday at the Arm DevSummit developer conference.

British-born Segars' interest in computing started at age 14, when he'd go to a shop that had a Sinclair ZX81 computer on display, on which he wrote simple programs, learning about concepts like variables and loops.

"It was expensive at £70, we weren't about to buy one … and [it was] primitive by today's standards. It had a 3Mhz, 8-bit microprocessor and a whole 1KB of memory," Segars said.

Continue readingCrims target telcos' Linux and Solaris boxes, which don't get enough infosec love CrowdStrike says 'LightBasin' gang avoids Windows, and knows that telco networks run on badly-secured *nix

A mysterious criminal gang is targeting telcos' Linux and Solaris boxes, because it perceives they aren't being watched by infosec teams that have focussed their efforts on securing Windows.

Security vendor CrowdStrike claims it's spotted the group and that it "has been consistently targeting the telecommunications sector at a global scale since at least 2016 … to retrieve highly specific information from mobile communication infrastructure, such as subscriber information and call metadata." The gang appears to understand telco operations well enough to surf the carrier-to-carrier links that enable mobile roaming, across borders and between carriers, to spread its payloads.

CrowdStrike principal consultant Jamie Harries and senior security researcher Dan Mayer named the group "LightBasin", but it also goes by the handle "UNC1945".

Continue reading

Source: https://bit.ly/3lWvjgk