eBPF is a technology that you’re going to be hearing more and more about. It powers low-overhead custom analysis tools, handles network security in a containerized world, and powers tools you use every day.

Links:

• Chris Goes to MeetBSD
• ​Linus Torvalds talks about coming back to work on Linux | ZDNet — BPF has actually been really useful, and the real power of it is how it allows people to do specialized code that isn't enabled until asked for.
• The Kernel Report - Jonathan Corbet
• BPF - the forgotten bytecode — All this changed in 1993 when Steven McCanne and Van Jacobson published the paper introducing a better way of filtering packets in the kernel, they called it "The BSD Packet Filter" (BPF)
• The BSD Packet Filter
• eBPF: Past, Present, and Future — The Extended Berkeley Packet Filter, or eBPF, has rapidly been adopted into a number of Linux kernel systems since its introduction into the Linux kernel in late 2014. Understanding eBPF, however, can be difficult as many try to explain it via a use of eBPF as opposed to its design. Indeed eBPF's name indicates that it is for packet filtering even though it now has uses which have nothing to do with networking.
• Using eBPF in Kubernetes — Cilium is a networking project that makes heavy use of eBPF superpowers to route and filter network traffic for container-based systems. By using eBPF, Cilium can dynamically generate and apply rules—even at the device level with XDP—without making changes to the Linux kernel itself
• Why is the kernel community replacing iptables with BPF? — The Linux kernel community recently announced bpfilter, which will replace the long-standing in-kernel implementation of iptables with high-performance network filtering powered by Linux BPF, all while guaranteeing a non-disruptive transition for Linux users.
• bpftrace (DTrace 2.0) for Linux 2018 — Created by Alastair Robertson, bpftrace is an open source high-level tracing front-end that lets you analyze systems in custom ways. It's shaping up to be a DTrace version 2.0: more capable, and built from the ground up for the modern era of the eBPF virtual machine.
• The bpftrace One-Liner Tutorial
• BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more — BCC is a toolkit for creating efficient kernel tracing and manipulation programs, and includes several useful tools and examples.
• Linux eBPF Tracing Tools — This page shows examples of performance analysis tools using enhancements to BPF (Berkeley Packet Filter) which were added to the Linux 4.x series kernels, allowing BPF to do much more than just filtering packets. These enhancements allow custom analysis programs to be executed on Linux dynamic tracing, static tracing, and profiling events.
• eBPF Vulnerability (CVE-2017-16995): When the Doorman Becomes the Backdoor
• Ultimate Plumber — Ultimate Plumber is a tool for writing Linux pipes with instant live preview
• BSD Now 073: Pipe Dreams — Interview w/ David Maxwell about Pipecut, text processing, and commandline wizardry.

Plus how you can store files in others DNS resolver cache, Project Zero finds a new BitTorrent client flaw, and more.

Sponsored By:

• Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com
• iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you!
• Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean

Links:

• DNSFS. Store your files in others DNS resolver caches — The DNSFS code is a relatively simple system, every file uploaded is split into 180 byte chunks, and those chunks are “set” inside caches by querying the DNSFS node via the public resolver for a TXT record. After a few seconds the data is removed from DNSFS memory and the data is no longer on the client computer.
• BPF - the forgotten bytecode — BPF is an absolutely marvelous and flexible way of filtering packets.
• dnsfs: Store your data in others DNS revolvers cache — Store your data in others DNS revolvers cache
• Unauthenticated LAN remote code execution in AsusWRT — However due to a number of coding errors, it is possible for an unauthenticated attacker in the LAN to achieve remote code execution in the router as the root user.
• AI is moving towards acceptance in cyber security, says Check Point — Artificial intelligence is well on its way to being a useful tool in the cyber security professional’s kit, but according to Check Point, there are still big challenges to overcome.
• Alphabet is launching a new CyberSecurity unit. — Alphabet, the parent company of Google, announced today that they will be launching Chronicle, a new business unit that will focus on Cyber Security, using their servers and infrastructure. The new organization hopes to focus on machine learning and artificial intelligence to assist in the fight against cybercrime moving forward.
• Google Project Zero claims new BitTorrent flaw could enable cyber crooks get into users' PCs — According to Project Zero, the client is vulnerable to a DNS re-binding attack that effectively tricks the PC into accepting requests via port 9091 from malicious websites that it would (and should) ordinarly ignore. 
• CVE-2018-5702: Mitigate dns rebinding attacks against daemon by taviso · Pull Request #468
• Blizzard Fixes DNS Rebinding Flaw that Put All the Company's Users at Risk
• What is DNS rebinding, in layman's terms?
• An Introduction to Kubernetes — Kubernetes, at its basic level, is a system for managing containerized applications across a cluster of nodes. In many ways, Kubernetes was designed to address the disconnect between the way that modern, clustered infrastructure is designed, and some of the assumptions that most applications and services have about their environments.
• What is Kubernetes? — Kubernetes was originally developed and designed by engineers at Google. Google was one of the early contributors to Linux container technology and has talked publicly about how everything at Google runs in containers. (This is the technology behind Google’s cloud services.) Google generates more than 2 billion container deployments a week—all powered by an internal platform: Borg. Borg was the predecessor to Kubernetes and the lessons learned from developing Borg over the years became the primary influence behind much of the Kubernetes technology.
• Scaling Kubernetes to 2,500 Nodes — We’ve been running Kubernetes for deep learning research for over two years. While our largest-scale workloads manage bare cloud VMs directly, Kubernetes provides a fast iteration cycle, reasonable scalability, and a lack of boilerplate which makes it ideal for most of our experiments.
• Feedback: Talk more about Windows — I listened to your intro to change management and it seemed like it will be very Linux centric ("everything is she"). I'm future segments, please try to include windows desktop and server OS as well.
• Question: Starting with Ansible Quick — Are there any way to get started other than writing a playbook and trying it out with trial and error?
• Ansible Best Practises: A project structure that outlines some best practises of how to use ansible — A project structure that outlines some best practises of how to use ansible
• ansible-console: An Interactive REPL for Ansible — omething found out recently is that Ansible has an interactive REPL of sorts in ansible-console for doing some adhoc things on a collection of hosts.
• Introduction To Ad-Hoc Commands — Ansible Documentation — An ad-hoc command is something that you might type in to do something really quick, but don’t want to save for later.
• About the security content of macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan - Apple Support — This document describes the security content of macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan.