Plus Cloudflare steps up its campaign to secure BGP, and why you might want to trade in cron for systemd timers.

Links:

• AMD Claims World’s Fastest Per-Core Performance with New EPYC Rome 7Fx2 CPUs
• AMD EPYC 7F52 Linux Performance - AMD 7FX2 CPUs Further Increasing The Fight Against Intel Xeon Review
• Understanding RAID: How performance scales from one disk to eight
• New Cloudflare tool can tell you if your ISP has deployed BGP fixes
• Is BGP safe yet?
• RPKI - The required cryptographic upgrade to BGP routing
• Why I Prefer systemd Timers Over Cron – Thomas Stringer
• systemd/Timers - ArchWiki
• systemd.time (Time format docs)
• systemd.timer (Unit docs)

Plus Mozilla's rollout of DNS over HTTPS has begun, a big milestone for Let's Encrypt, and more.

Links:

• Firefox continues push to bring DNS over HTTPS by default for US users - The Mozilla Blog
• The Facts: Mozilla’s DNS over HTTPs (DoH)
• Security/DOH-resolver-policy - MozillaWiki
• HTTPS for all: Let’s Encrypt reaches one billion certificates issued | Ars Technica
• Let’s Encrypt Has Issued a Billion Certificates - Let’s Encrypt - Free SSL/TLS Certificates
• Let’s Encrypt: A History - The Morning Paper
• Apple drops a bomb on long-life HTTPS certificates: Safari to snub new security certs valid for more than 13 months • The Register
• Ballot SC22: Reduce Certificate Lifetimes
• Google Chrome’s fear of Microsoft Edge is revealing its bad side
• Microsoft shares a roadmap for the new Microsoft Edge
• Microsoft Edge: Top Feedback Summary for March 4
• Download Microsoft Edge Insider Channels
• Flaw in billions of Wi-Fi devices left communications open to eavesdropping | Ars Technica
• kr00k: A serious vulnerability deep inside Wi-Fi encryption
• Kr00k Paper
• Technical Details of Why Cloudflare Chose AMD EPYC for Gen X Servers
• An EPYC trip to Rome: AMD is Cloudflare’s 10th-generation Edge server CPU
• Cloudflare’s Gen X: Servers for an Accelerated Future
• Impact of Cache Locality
• Gen X Performance Tuning
• Securing Memory at EPYC Scale
• Intel promises Full Memory Encryption in upcoming CPUs | Ars Technica

Plus when to use WARP, the secrets of Startpage, and the latest Ryzen release.

Links:

• Why big ISPs aren’t happy about Google’s plans for encrypted DNS
• Chromium Blog: Experimenting with same-provider DNS-over-HTTPS upgrade
• How to enable DNS-over-HTTPS (DoH) in Google Chrome
• What’s next in making Encrypted DNS-over-HTTPS the Default - Future Releases
• WARP is here
• The Technical Challenges of Building Cloudflare WARP
• mmproxy - Creative Linux routing to preserve client IP addresses in L7 proxies
• HTTP/3: the past, the present, and the future
• Cloudflare, Google Chrome, and Firefox add HTTP/3 support | ZDNet
• QUIC Implementations
• Startpage.com - The world's most private search engine
• Google extends support lifespan for seven Lenovo Chromebooks to 2025
• Google’s Quantum Supremacy Announcement Shouldn't Be a Surprise
• Scott’s Supreme Quantum Supremacy FAQ
• AMD Ryzen Pro 3000 series desktop CPUs will offer full RAM encryption | Ars Technica

Plus we turn our eye to hardware and get excited about the latest Ryzen line from AMD.

Links:

• Third parties confirm AMD’s outstanding Ryzen 3000 numbers | Ars Technica — AMD debuted its new Ryzen 3000 desktop CPU line a few weeks ago at E3, and it looked fantastic. For the first time in 20 years, it looked like AMD could go head to head with Intel's desktop CPU line-up across the board. The question: would independent, third-party testing back up AMD's assertions?
• The Internet broke today: Facebook, Verizon, and more see major outages | Ars Technica — Last week, Verizon caused a major BGP misroute that took large chunks of the Internet, including CDN company Cloudflare, partially down for a day. This week, the rest of the Internet has apparently asked Verizon to hold its beer.
• It was a really bad month for the internet | TechCrunch — In the past month there were several major internet outages affecting millions of users across the world. Sites buckled, services broke, images wouldn’t load, direct messages ground to a halt and calendars and email were unavailable for hours at a time.
• Cloudflare outage caused by bad software deploy (updated) — For about 30 minutes today, visitors to Cloudflare sites received 502 errors caused by a massive spike in CPU utilization on our network. This CPU spike was caused by a bad software deploy that was rolled back.
• How Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Today — Today at 10:30UTC, the Internet had a small heart attack. A small company in Northern Pennsylvania became a preferred path of many Internet routes through Verizon (AS701), a major Internet transit provider.
• Getting started | Prometheus — This guide is a "Hello World"-style tutorial which shows how to install, configure, and use Prometheus in a simple example setup.
• prometheus/node_exporter — Prometheus exporter for hardware and OS metrics exposed by *NIX kernels, written in Go with pluggable metric collectors.
• Using netdata with Prometheus — Prometheus is a distributed monitoring system which offers a very simple setup along with a robust data model. Recently netdata added support for Prometheus.
• prometheus/nagios_plugins — Nagios plugin for alerting on prometheus query results.
• RobustPerception/nrpe_exporter — The NRPE exporter exposes metrics on commands sent to a running NRPE daemon.
• m-lab/prometheus-nagios-exporter — The Prometheus Nagios exporter reads status and performance data from nagios plugins via the MK Livestatus Nagios plugin and publishes this in a form that can be scrapped by Prometheus.
• Comparison to alternatives | Prometheus — Prometheus is a full monitoring and trending system that includes built-in and active scraping, storing, querying, graphing, and alerting based on time series data.
• Quality server monitoring solution using NetData/Prometheus/Grafana — I’m going to quickly show you how to install both netdata and Prometheus on the client and server. We can then use grafana pointed at Prometheus to obtain long-term metrics netdata offers.
• Monitoring stack by using Grafana + Prometheus + Netdata — This monitoring stack you can monitoring in real-time by Netdata and see the history by using Grafana.
• Monitoring Agent · NCPA — New to NCPA? See some of the awesome features present in the Web GUI and API, available on any operating system.
• Nagios 101: Understanding the Fundamentals - Nagios
• Nagios Documentation

Plus the privacy improvements that could be coming to HTTPS, and a new SSH auditing tool hits the open source scene.

Special Guest: Will Boyd.

Links:

• Open Sourcing HASSH — HASSH is a network fingerprinting standard invented within the Detection Cloud team at Salesforce.
• ESNI: A Privacy-Protecting Upgrade to HTTPS — Today, Cloudflare is announcing a major step toward closing this privacy hole and enhancing the privacy protections that HTTPS offers. Cloudflare has proposed a technical standard for encrypted SNI, or “ESNI,” which can hide the identities of the sites you visit—particularly when a large number of sites are hosted on a single set of IP addresses
• What's new in Kubernetes 1.12?
• Kubernetes the Hard Way — Kubernetes The Hard Way guides you through bootstrapping a highly available Kubernetes cluster with end-to-end encryption between components and RBAC authentication.
• Install Minikube
• Creating a single master cluster with kubeadm
• 10 open-source Kubernetes tools for highly effective SRE and Ops Teams
• Clonezilla — Clonezilla is a partition and disk imaging/cloning program similar to True Image or Norton Ghost.

Plus, Magecart strikes again, Alpine has package problems, and why you shouldn't trust Western Digital's MyCloud.

Special Guest: Jon Spriggs.

Links:

• GovPayNow.com Leaks 14M+ Records — Government Payment Service Inc. has leaked more than 14 million customer records dating back at least six years, including names, addresses, phone numbers and the last four digits of the payer’s credit card.
• Magecart claims another victim in Newegg merchant data theft — Researchers from RiskIQ, together with Volexity, revealed that California-based retailer Newegg is the latest well-known merchant to succumb to the threat actors.
• RiskIQ: Another Victim of the Magecart Assault Emerges
• Password bypass flaw in Western Digital My Cloud drives puts data at risk — A security researcher has published details of a vulnerability in Western Digital’s My Cloud devices, which could allow an attacker to bypass the admin password on the drive, gaining complete control over the user’s data.
• WD MyCloud Metasploit Example
• Cloudflare goes InterPlanetary — Today we’re excited to introduce Cloudflare’s IPFS Gateway, an easy way to access content from the InterPlanetary File System (IPFS) that doesn’t require installing and running any special software on your computer.
• End-to-End Integrity with IPFS — This post describes how to use Cloudflare's IPFS gateway to set up a website which is end-to-end secure, while maintaining the performance and reliability benefits of being served from Cloudflare’s edge network.
• How permanent is data stored on IPFS?
• Lesson: Add Content to IPFS and Retrieve It · Decentralized Web Primer
• Leo Tindall: Putting This Blog on IPFS
• A Beginner’s Guide to IPFS — IPFS consists of several innovations in communication protocols and distributed systems that have been combined to produce a file system like no other.
• Useful resources for using IPFS and building things on top of it
• OrbitDB: Peer-to-Peer Databases for the Decentralized Web
• Rebuild Alpine Linux Docker Containers After Package Manager Patch — An attacker could intercept a package request as a Alpine Linux Docker image is being built and add malicious code that target machines would then unpack and run within the Docker container

Plus new active attacks against Apache Struts, and a Windows 10 zero-day exposed on Twitter.

Sponsored By:

• Digital Ocean: Apply our promo snapocean after you create your account, and get a $10 credit. Promo Code: snapocean
• Ting: Save $25 off a device, or get $25 in service credits! Promo Code: Visit techsnap.ting.com
• iXSystems: Get a system purpose built for you. Promo Code: Tell them we sent you!

Links:

• Firefox Nightly Secure DNS Experimental Results
• DNS-over-HTTPS
• DNS over HTTPS
• A cartoon intro to DNS over HTTPS
• Discussion of draft-ietf-doh-dns-over-https in the IETF's DOH Working Group
• High performance DNS over HTTPS client & server
• Cloudflare Resolver for Firefox
• Active Attacks Detected Using Apache Struts Vulnerability CVE-2018-11776
• Windows 10 Zero-Day Vulnerability Exposed On Twitter
• Netdata: Get control of your servers. — netdata is a system for distributed real-time performance and health monitoring. It provides unparalleled insights, in real-time, of everything happening on the system it runs (including applications such as web and database servers), using modern interactive web dashboards.
• State of Software Distribution - 2018 — Few enterprises possess the ability to deploy the latest software and security patches at scale, putting their cybersecurity and business performance at risk. In the 2018 State of Software Distribution Report, we explore why IT decision makers say they struggle to keep up with the software distribution needs of the modern enterprise.