Plus Cloudflare steps up its campaign to secure BGP, and why you might want to trade in cron for systemd timers.

Links:

• AMD Claims World’s Fastest Per-Core Performance with New EPYC Rome 7Fx2 CPUs
• AMD EPYC 7F52 Linux Performance - AMD 7FX2 CPUs Further Increasing The Fight Against Intel Xeon Review
• Understanding RAID: How performance scales from one disk to eight
• New Cloudflare tool can tell you if your ISP has deployed BGP fixes
• Is BGP safe yet?
• RPKI - The required cryptographic upgrade to BGP routing
• Why I Prefer systemd Timers Over Cron – Thomas Stringer
• systemd/Timers - ArchWiki
• systemd.time (Time format docs)
• systemd.timer (Unit docs)

Plus some good news for OpenBGP and the wider internet community, and a handy tool for inspecting docker images.

Links:

• Firecracker – Lightweight Virtualization for Serverless Computing — Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant containers and functions-based services.
• Firecracker — Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant containers and functions-based services.
• Firecracker Design Docs
• Firecracker Roadmap
• QEMU — QEMU is a generic and open source machine emulator and virtualizer.
• Qemu : Security vulnerabilities
• VENOM Vulnerability — VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host.
• s2n — s2n is a C99 implementation of the TLS/SSL protocols that is designed to be simple, small, fast, and with security as a priority.
• OpenBGPD - Adding Diversity to the Route Server Landscape — Thanks to the RIPE NCC Community Project Fund we were able to revive the OpenBGPD daemon and bring more diversity to the Route Server landscape.
• OpenBGPD — OpenBGPD is a FREE implementation of the Border Gateway Protocol, Version 4. It allows ordinary machines to be used as routers exchanging routes with other systems speaking the BGP protocol.
• LSI Questions from Anton
• ServeTheHome
• Sennheiser Headset Software Could Allow Man-in-the-Middle SSL Attacks — When users have been installing Sennheiser's HeadSetup software, little did they know that the software was also installing a root certificate into the Trusted Root CA Certificate store.  To make matters worse, the software was also installing an encrypted version of the certificate's private key that was not as secure as the developers may have thought.
• evilginx2: Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
• dive: A tool for exploring each layer in a docker image

Plus the latest router botnet, why you should never go full UPnP, and the benefits of building your own home router.

Special Guest: Jim Salter.

Links:

• Google goes down after major BGP mishap routes traffic through China — Google lost control of several million of its IP addresses for more than an hour on Monday in an event that intermittently made its search and other services unavailable to many users.
• Internet Vulnerability Takes Down Google
• China has been 'hijacking the vital internet backbone of western countries'
• RPKI - The required cryptographic upgrade to BGP routing
• HTTP/3 — The protocol that's been called HTTP-over-QUIC for quite some time has now changed name and will officially become HTTP/3.
• HTTP/3: Come for the speed, stay for the security
• The Road to QUIC
• Botnet pwns 100,000 routers using ancient security flaw — Researchers have stumbled on another large botnet that’s been quietly hijacking home routers while nobody was paying attention
• BCMPUPnP_Hunter: A 100k Botnet Turns Home Routers to Email Spammers
• From Zero to ZeroDay Journey: Router Hacking
• The Ars guide to building a Linux router from scratch