Caddy Et Traefik : Des Concurrents Sérieux À Nginx Et Haproxy ? Mickaël Masquelin | Quelques Mots Sur Le Laboratoire …

Total Page:16

File Type:pdf, Size:1020Kb

Caddy Et Traefik : Des Concurrents Sérieux À Nginx Et Haproxy ? Mickaël Masquelin | Quelques Mots Sur Le Laboratoire … Caddy et Traefik : des concurrents sérieux à nginx et HAProxy ? Mickaël Masquelin | Quelques mots sur le laboratoire … • Unité Mixte de Recherche • 5 tutelles : • Le CNRS • L’Université de Lille • L’Université de Polytechnique HdF • L’Ecole Centrale • Le groupe YNCREA – ISEN • 6 sites géographiquement distants • Environ 500 personnes (chercheurs, ingénieurs, administratifs, étudiants, …) Mickaël Masquelin – IEMN 10/03/2018 2 Journée thématique “Retours d’expériences” Les objectifs Mickaël Masquelin – IEMN 10/03/2018 3 Journée thématique “Retours d’expériences” RETOUR D’EXPERIENCE SUR CES NOUVELLES APPLIS WEB QUI FACILITENT LA VIE L’idée est de faire un retour d’expérience sur ces nouvelles applications web qui pointent le bout de leur nez et qui viennent révolutionner un peu le paysage informatique … Les objectifs Mickaël Masquelin – IEMN 10/03/2018 4 Journée thématique “Retours d’expériences” RETOUR D’EXPERIENCE SUR CES NOUVELLES APPLIS WEB QUI FACILITENT LA VIE L’idée est de faire un retour d’expérience sur ces nouvelles applications web qui pointent le bout de leur nez et qui viennent révolutionner un peu le paysage informatique … ESSAYER DE VOUS DONNER QUELQUES PISTES J’espère que vous repartirez de la journée thématique avec pleins d’idées, des envies de changer la manière dont vous travaillez, dont vous déployez vos applications ou vos Les objectifs services dans vos contextes respectifs … Mickaël Masquelin – IEMN 10/03/2018 5 Journée thématique “Retours d’expériences” RETOUR D’EXPERIENCE SUR CES NOUVELLES APPLIS WEB QUI FACILITENT LA VIE L’idée est de faire un retour d’expérience sur ces nouvelles applications web qui pointent le bout de leur nez et qui viennent révolutionner un peu le paysage informatique … ESSAYER DE VOUS DONNER QUELQUES PISTES J’espère que vous repartirez de la journée thématique avec pleins d’idées, des envies de changer la manière dont vous travaillez, dont vous déployez vos applications ou vos Les objectifs services dans vos contextes respectifs … ESSAYER DE VOUS CONVAINCRE QU’UNE ARCHITECTURE MICROSERVICES, C’EST BIEN J Docker & co, buzzwords ? Je ne pense pas … Mickaël Masquelin – IEMN 10/03/2018 6 Journée thématique “Retours d’expériences” On y va ? Mickaël Masquelin – IEMN 10/03/2018 7 Journée thématique “Retours d’expériences” Go (http://golang.org) Mickaël Masquelin – IEMN 10/03/2018 8 Journée thématique “Retours d’expériences” Avantages du langage Go • Simple à écrire, syntaxe humainement lisible ; • Intègre dans sa conception de base le principe de concurrence et de parallélisme ; • Adapté aux architectures de nouvelles générations (multicoeurs). Mickaël Masquelin – IEMN 10/03/2018 9 Journée thématique “Retours d’expériences” Quelques applications écrites en Go Mickaël Masquelin – IEMN 10/03/2018 10 Journée thématique “Retours d’expériences” Caddy Mickaël Masquelin – IEMN 10/03/2018 11 Journée thématique “Retours d’expériences” Origine de la démarche Approche Approche Monolithique Microservices Mickaël Masquelin – IEMN 10/03/2018 12 Journée thématique “Retours d’expériences” Les architectures microservices • Plusieurs avantages : • Consommation plus efficace des ressources ; • Plus modulaires ; • Mises à jour facilitées. • Composées de plusieurs briques : • Application -> API • Application -> Base de données • Application -> Service partenaire • « Combo » HTTP + API RESTful + JSON (assez souvent) Mickaël Masquelin – IEMN 10/03/2018 13 Journée thématique “Retours d’expériences” Paysage des serveurs web en Mars 2018 Ce qui nous intéresse … Mickaël Masquelin – IEMN 10/03/2018 14 Journée thématique “Retours d’expériences” Caddy : présentation et structure + + ServeHTTP() + http.FileServer() = Mickaël Masquelin – IEMN 10/03/2018 15 Journée thématique “Retours d’expériences” Sous le capot … Exemple d’illustration : logHandler(gzipHandler(fileServer)) Handler HTTP middleware middleware middleware Mickaël Masquelin – IEMN 10/03/2018 16 Journée thématique “Retours d’expériences” Environnements d’exécution Mickaël Masquelin – IEMN 10/03/2018 17 Journée thématique “Retours d’expériences” Pourquoi utiliser Caddy Simplicité Sécurité 4S Stabilité « Scalabilité » Mickaël Masquelin – IEMN 10/03/2018 18 Journée thématique “Retours d’expériences” S comme Simplicité • Installation : [root@home ~]# curl https://getcaddy.com | bash -s personal • Installation « avancée » (avec plugins) [root@home ~]# curl https://getcaddy.com | bash -s personal \ http.cache,http.cors,http.git Mickaël Masquelin – IEMN 10/03/2018 19 Journée thématique “Retours d’expériences” S comme Simplicité nginx.conf Caddyfile Mickaël Masquelin – IEMN 10/03/2018 20 Journée thématique “Retours d’expériences” S comme Simplicité nginx.conf (php-fpm) Caddyfile (php-fpm) ext split index … Mickaël Masquelin – IEMN 10/03/2018 21 Journée thématique “Retours d’expériences” S comme Simplicité nginx.conf (en reverse proxy) Caddyfile (en reverse proxy) … Mickaël Masquelin – IEMN 10/03/2018 22 Journée thématique “Retours d’expériences” S comme Simplicité • Journalisation (ala Apache) : log /var/log/caddy/requests.log [format] { rotate_size 50 # Rotation des journaux qd taille > 10 MB rotate_age 366 # Nombre de jours de conservation des logs rotate_keep 20 # Nombre de fichiers de logs à conserver rotate_compress # Compression gzip des journaux } où [format] = "{>Cf-Connecting-Ip} - [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\"" Mickaël Masquelin – IEMN 10/03/2018 23 Journée thématique “Retours d’expériences” S comme Simplicité • Cache WordPress (plugin WP Super Cache) : rewrite { to /wp-content/cache/supercache/{host}{uri}index-https.html {path} {path}/ /index.php?{query} if {path} not_match ^\/wp-admin to {path} {path}/ /index.php?{query} } Mickaël Masquelin – IEMN 10/03/2018 24 Journée thématique “Retours d’expériences” S comme Simplicité • Restrictions IP(v4) : ipfilter / { rule block ip 192.168.1.0-255 172.16.20.0-10 193.49.50.51 blockpage /var/www/html/403.html } Mickaël Masquelin – IEMN 10/03/2018 25 Journée thématique “Retours d’expériences” S comme Simplicité • Gestion du Cross Origin Ressources Sharing : cors / { origin https://www.monsite.fr origin http://monsite.fr methods POST,PUT allow_credentials false max_age 3600 allowed_headers X-Custom-Header [...] } Mickaël Masquelin – IEMN 10/03/2018 26 Journée thématique “Retours d’expériences” S comme Sécurité Mickaël Masquelin – IEMN 10/03/2018 27 Journée thématique “Retours d’expériences” S comme Sécurité Mickaël Masquelin – IEMN 10/03/2018 28 Journée thématique “Retours d’expériences” S comme Sécurité Mickaël Masquelin – IEMN 10/03/2018 29 Journée thématique “Retours d’expériences” Euhhh … et le support du TLS 1.3 ? Mickaël Masquelin – IEMN 10/03/2018 30 Journée thématique “Retours d’expériences” S comme Sécurité Source : ZDnet Mickaël Masquelin – IEMN 10/03/2018 31 Journée thématique “Retours d’expériences” S comme Sécurité • Ecoute par défaut sur le port tcp/2015 • Supporte la rotation des tickets de sessions • Supporte le SNI Mickaël Masquelin – IEMN 10/03/2018 32 Journée thématique “Retours d’expériences” S comme Scalable • Loadbalancing facile (aléatoire) : proxy / site-nginx1:80 site-nginx2:80 site-nginx3:80 • Loadbalancing avec du round-robin : proxy / site-nginx1:80 site-nginx2:80 site-nginx3:80 { policy round_robin } Mickaël Masquelin – IEMN 10/03/2018 33 Journée thématique “Retours d’expériences” S comme Stable Mickaël Masquelin – IEMN 10/03/2018 34 Journée thématique “Retours d’expériences” Extensible • Beaucoup de « plugins » : • cors • git • hugo • ipfilter • jsonp • search • metrics • … Mickaël Masquelin – IEMN 10/03/2018 35 Journée thématique “Retours d’expériences” Côté performances KS-2E : Intel Atom 2800 (2c/4t) @ 1,86 Ghz OS Version 16.04 LTS 1.10.3-0ubuntu0.16.04.2 0.10.12 (non-commercial use only) 4 Go DDR3 – 100 Mbps • Protocole de test : [masqueli@laptop ~]# echo "Test <webserver>"; sleep 30; for i in {1..7}; do /usr/local/bin/h2load -t2 -c200 -m100 -n10000 -v -H 'Accept-Encoding: gzip' https://www.xxxx-xxx.xxx:443 > h2load.$i.webserver.log; cat h2load.$i.webserver.log | awk '/finished in/ {print $4 " req/s "} /requests: / {print ($8/$2*100)"% completees"}' | tr -d '\n'; echo; sleep 30; done; Mickaël Masquelin – IEMN 10/03/2018 36 Journée thématique “Retours d’expériences” Côté performances Test nginx Test Caddy 215.66 req/s 100% completees 441.29 req/s 100% completees 215.75 req/s 100% completees 992.23 req/s 100% completees 231.11 req/s 100% completees 1010.82 req/s 100% completees 212.68 req/s 100% completees 1021.35 req/s 100% completees 249.37 req/s 99,5% completees 881.57 req/s 100% completees 206.67 req/s 100% completees 938.86 req/s 100% completees 226.23 req/s 100% completees 1048.38 req/s 100% completees Mickaël Masquelin – IEMN 10/03/2018 37 Journée thématique “Retours d’expériences” Côté performances Résultats obtenus avec nginx à nuancer ? Test nginx Test Caddy 215.66 req/s 100% completes 441.29 req/s 100% completes 215.75 req/s 100% completes 992.23 req/s 100% completes 231.11 req/s 100% completes 1010.82 req/s 100% completes 212.68 req/s 100% completes 1021.35 req/s 100% completes 249.37 req/s 99,5% completes 881.57 req/s 100% completes 206.67 req/s 100% completes 938.86 req/s 100% completes 226.23 req/s 100% completes 1048.38 req/s 100% completes Mickaël Masquelin – IEMN 10/03/2018 38 Journée thématique “Retours d’expériences” Traefik Mickaël Masquelin – IEMN 10/03/2018 39 Journée thématique “Retours d’expériences” Problématique Conteneurs Conteneur Mickaël Masquelin – IEMN 10/03/2018 40 Journée thématique “Retours
Recommended publications
  • Let's Encrypt: 30,229 Jan, 2018 | Let's Encrypt: 18,326 Jan, 2016 | Let's Encrypt: 330 Feb, 2017 | Let's Encrypt: 8,199
    Let’s Encrypt: An Automated Certificate Authority to Encrypt the Entire Web Josh Aas∗ Richard Barnes∗ Benton Case Let’s Encrypt Cisco Stanford University Zakir Durumeric Peter Eckersley∗ Alan Flores-López Stanford University Electronic Frontier Foundation Stanford University J. Alex Halderman∗† Jacob Hoffman-Andrews∗ James Kasten∗ University of Michigan Electronic Frontier Foundation University of Michigan Eric Rescorla∗ Seth Schoen∗ Brad Warren∗ Mozilla Electronic Frontier Foundation Electronic Frontier Foundation ABSTRACT 1 INTRODUCTION Let’s Encrypt is a free, open, and automated HTTPS certificate au- HTTPS [78] is the cryptographic foundation of the Web, providing thority (CA) created to advance HTTPS adoption to the entire Web. an encrypted and authenticated form of HTTP over the TLS trans- Since its launch in late 2015, Let’s Encrypt has grown to become the port [79]. When HTTPS was introduced by Netscape twenty-five world’s largest HTTPS CA, accounting for more currently valid cer- years ago [51], the primary use cases were protecting financial tificates than all other browser-trusted CAs combined. By January transactions and login credentials, but users today face a growing 2019, it had issued over 538 million certificates for 223 million do- range of threats from hostile networks—including mass surveil- main names. We describe how we built Let’s Encrypt, including the lance and censorship by governments [99, 106], consumer profiling architecture of the CA software system (Boulder) and the structure and ad injection by ISPs [30, 95], and insertion of malicious code of the organization that operates it (ISRG), and we discuss lessons by network devices [68]—which make HTTPS important for prac- learned from the experience.
    [Show full text]
  • Colorado College Is Hiring!
    Colorado College is hiring! Early Childhood Teacher (multiple positions available) - Children’s Center Under minimal supervision while in the classroom provide nurturing early care and educational experience to benefit the children and families of the CC Community. Design and implement age-appropriate individualized curriculum to foster growth and development socially, emotionally, physically and cognitively for each child. Be flexible, adaptive, reliable, and a confidential resource for families in an assigned classroom (infant, toddler or pre-school). Full position description: https://employment.coloradocollege.edu/postings/4697 OC (on call) Educational Assistant- Children’s Center Hours may vary Monday through Friday between 7:30 and 5:30 up to 1000 hours per fiscal year. Under general supervision, assists with providing on-site early childhood education and supervision for infants, toddlers and preschool children when teachers are sick and/or on vacation, teacher daily breaks, teacher daily planning times, daily kitchen duties, and working in the afterschool care program. Full position description: https://employment.coloradocollege.edu/postings/4607 Counselor (Occasional) Provide professional mental health services to the students of Colorado College. Positions Type: On Call Full position description: https://employment.coloradocollege.edu/postings/4746 Driver/Automotive Technician Performs maintenance and repair of college vehicles and maintenance equipment; drives fleet vehicles, including highway buses. Position Type: Full-time
    [Show full text]
  • Product End User License Agreement
    End User License Agreement If you have another valid, signed agreement with Licensor or a Licensor authorized reseller which applies to the specific products or services you are downloading, accessing, or otherwise receiving, that other agreement controls; otherwise, by using, downloading, installing, copying, or accessing Software, Maintenance, or Consulting Services, or by clicking on "I accept" on or adjacent to the screen where these Master Terms may be displayed, you hereby agree to be bound by and accept these Master Terms. These Master Terms also apply to any Maintenance or Consulting Services you later acquire from Licensor relating to the Software. You may place orders under these Master Terms by submitting separate Order Form(s). Capitalized terms used in the Agreement and not otherwise defined herein are defined at https://terms.tibco.com/posts/845635-definitions. 1. Applicability. These Master Terms represent one component of the Agreement for Licensor's products, services, and partner programs and apply to the commercial arrangements between Licensor and Customer (or Partner) listed below. Additional terms referenced below shall apply. a. Products: i. Subscription, Perpetual, or Term license Software ii. Cloud Service (Subject to the Cloud Service Terms found at https://terms.tibco.com/?types%5B%5D=post&feed=recent#cloud-services) iii. Equipment (Subject to the Equipment Terms found at https://terms.tibco.com/?types%5B%5D=post&feed=recent#equipment-terms) b. Services: i. Maintenance (Subject to the Maintenance terms found at https://terms.tibco.com/?types%5B%5D=post&feed=recent#october-maintenance) ii. Consulting Services (Subject to the Consulting terms found at https://terms.tibco.com/?types%5B%5D=post&feed=recent#supplemental-terms) iii.
    [Show full text]
  • Learning HTTP 2.Pdf
    L e a r n i n g H T T P/2 A PRACTICAL GUIDE FOR BEGINNERS Stephen Ludin & Javier Garza Learning HTTP/2 A Practical Guide for Beginners Stephen Ludin and Javier Garza Beijing Boston Farnham Sebastopol Tokyo Learning HTTP/2 by Stephen Ludin and Javier Garza Copyright © 2017 Stephen Ludin, Javier Garza. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://oreilly.com/safari). For more information, contact our corporate/insti‐ tutional sales department: 800-998-9938 or [email protected]. Acquisitions Editor: Brian Anderson Indexer: Wendy Catalano Editors: Virginia Wilson and Dawn Schanafelt Interior Designer: David Futato Production Editor: Shiny Kalapurakkel Cover Designer: Karen Montgomery Copyeditor: Kim Cofer Illustrator: Rebecca Demarest Proofreader: Sonia Saruba June 2017: First Edition Revision History for the First Edition 2017-05-14: First Release 2017-10-27: Second Release See http://oreilly.com/catalog/errata.csp?isbn=9781491962442 for release details. The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Learning HTTP/2, the cover image, and related trade dress are trademarks of O’Reilly Media, Inc. While the publisher and the authors have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the authors disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work.
    [Show full text]
  • Introduction
    HTTP Request Smuggling in 2020 – New Variants, New Defenses and New Challenges Amit Klein SafeBreach Labs Introduction HTTP Request Smuggling (AKA HTTP Desyncing) is an attack technique that exploits different interpretations of a stream of non-standard HTTP requests among various HTTP devices between the client (attacker) and the server (including the server itself). Specifically, the attacker manipulates the way various HTTP devices split the stream into individual HTTP requests. By doing this, the attacker can “smuggle” a malicious HTTP request through an HTTP device to the server abusing the discrepancy in the interpretation of the stream of requests and desyncing between the server’s view of the HTTP request (and response) stream and the intermediary HTTP device’s view of these streams. In this way, for example, the malicious HTTP request can be "smuggled" as a part of the previous HTTP request. HTTP Request Smuggling was invented in 2005, and recently, additional research cropped up. This research field is still not fully explored, especially when considering open source defense systems such as mod_security’s community rule-set (CRS). These HTTP Request Smuggling defenses are rudimentary and not always effective. My Contribution My contribution is three-fold. I explore new attacks and defense mechanisms, and I provide some “challenges”. 1. New attacks: I provide some new HTTP Request Smuggling variants and show how they work against various proxy-server (or proxy-proxy) combinations. I also found a bypass for mod_security CRS (assuming HTTP Request Smuggling is possible without it). An attack demonstration script implementing my payloads is available in SafeBreach Labs’ GitHub repository (https://github.com/SafeBreach-Labs/HRS).
    [Show full text]
  • The QUIC Transport Protocol:Design and Internet-Scale Deployment
    The QUIC Transport Protocol: Design and Internet-Scale Deployment Adam Langley, Alistair Riddoch, Alyssa Wilk, Antonio Vicente, Charles Krasic, Dan Zhang, Fan Yang, Fedor Kouranov, Ian Swett, Janardhan Iyengar, Jeff Bailey, Jeremy Dorfman, Jim Roskind, Joanna Kulik, Patrik Westin, Raman Tenneti, Robbie Shade, Ryan Hamilton, Victor Vasiliev, Wan-Teh Chang, Zhongyi Shi * Google [email protected] ABSTRACT We present our experience with QUIC, an encrypted, multiplexed, and low-latency transport protocol designed from the ground up to improve transport performance for HTTPS traffic and to enable rapid deployment and continued evolution of transport mechanisms. QUIC has been globally deployed at Google on thousands of servers and is used to serve traffic to a range of clients including a widely-used web browser (Chrome) and a popular mobile video streaming app (YouTube). We estimate that 7% of Internet traffic is now QUIC. We describe our motivations for developing a new transport, the princi- ples that guided our design, the Internet-scale process that we used Figure 1: QUIC in the traditional HTTPS stack. to perform iterative experiments on QUIC, performance improve- ments seen by our various services, and our experience deploying TCP (Figure 1). We developed QUIC as a user-space transport with QUIC globally. We also share lessons about transport design and the UDP as a substrate. Building QUIC in user-space facilitated its Internet ecosystem that we learned from our deployment. deployment as part of various applications and enabled iterative changes to occur at application update timescales. The use of UDP CCS CONCEPTS allows QUIC packets to traverse middleboxes.
    [Show full text]
  • HPE Proliant Microserver Gen10 Plus User Guide
    HPE ProLiant MicroServer Gen10 Plus User Guide Abstract This document is for the person who installs, administers, and troubleshoots servers and storage systems. Hewlett Packard Enterprise assumes you are qualified in the servicing of computer equipment and trained in recognizing hazards in products with hazardous energy levels. Part Number: P19356-001 Published: February 2020 Edition: 1 © Copyright 2020 Hewlett Packard Enterprise Development LP Notices The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise website. Acknowledgments ClearCenter™, ClearOS™, and ClearVM™ are trademarks of ClearCenter Corporation in the United States and/or other countries. Intel®, Pentium® Gold, and Xeon® are trademarks of Intel Corporation in the U.S. and other countries. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries. Microsoft®, Windows®, and Windows Server® are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
    [Show full text]
  • Unable to Obtain Acme Certificate for Domains
    Unable To Obtain Acme Certificate For Domains Is Zacharie lidded or atrophied after short-spoken Regen scream so arbitrarily? Tularemic and riled Say misperceives so monthly that Maury nurls his endemics. Introrse Leighton scandalised her arteries so lengthwise that Durante inculcating very overfar. Configure certificate selection The options are with bit limited in the worldwide release of. To reap a new ACME certificate go wild System Certificates click. I am using https with the ACME certificate package to coax me LetsEncrypt SSL. I have successfully generated my first SSL cert using WP Encrypt. Let's encrypt on 2009 Learn NixOS Discourse. Undefined2017-10-1 063452314ERROR Server clean failed Traceback most. LetsEncrypt Debian Wiki. How many fix Connection refused error on ACME certificate. Cisco Expressway Certificate Creation and Use Deployment. Lets encrypt staging ssl always tie to install Laracasts. I mention't use Port 0 or Port 443 to rapid domain ownership because both Ports. However WP Encrypt will do tell which request failed for domain. LevelerrormsgUnable to obtain ACME certificate for domains. Let's Encrypt and the ACME Automatic Certificate Management. Golang verify certificate Vitalex Health Care. Dockerized Traefik Host Using ACME DNS-01 Challenge. Jws provides the iis is to operate in all acme certificate. How to develop Let's Encrypt Wildcard certificate with acmesh. How to drink Let's Encrypt on Nginx Tutorial UpCloud. MsgUnable to obtain ACME certificate for domains examplecom. Unraid letsencrypt dns validation Jurassic Ninja. Obtain ACME certificate for domains traefik-example-deployment Unable to obtain both the. Provider time2020-07-02T142211Z levelerror msgUnable to obtain ACME certificate for domains uobhuborg unable to generate.
    [Show full text]
  • Secure by Default-The Case Of
    Secure by default – the case of TLS Martin Stanek Department of Computer Science Comenius University [email protected] Abstract Default configuration of various software applications often neglects security objectives. We tested the default configuration of TLS in dozen web and application servers. The results show that “secure by default” principle should be adopted more broadly by developers and package maintain- ers. In addition, system administrators cannot rely blindly on default security options. Keywords: TLS, secure defaults, testing. 1 Introduction Security often depends on prudent configuration of software components used in a deployed system. All necessary security controls and options are there, but one have to turn them on or simply start using them. Unfortunately, the “If it ain’t broke, don’t fix it” philosophy or a lack of expertise wins sometimes. The technology is deployed in a default configuration or configuration that fulfills (mostly functional) requirements with as few changes as possible. Secure by default is a well known security principle, see e.g. [4]: Technology which is Secure by Default has the best security it can without you even knowing it’s there, or having to turn it on. We should aim to provide software packages with safe defaults and turning them to less secure config- uration should require a deliberate effort, see e.g. [5]: There are many ways to deliver an “out of the box” experience for users. However, by default, the experience should be secure, and it should be up to the user to reduce their security – if they are allowed. arXiv:1708.07569v1 [cs.CR] 24 Aug 2017 The Transport Layer Security (TLS) and its predecessor Secure Socket Layer (SSL) are widely used protocols for ensuring confidentiality and integrity of transported data, as well as one or two-sided authentication of communicating parties.
    [Show full text]
  • Building Reproducible Video Streaming Traffic Generators
    Building Reproducible Video Streaming Traffic Generators Calvin Ardi Alefiya Hussain Stephen Schwab USC/ISI USC/ISI USC/ISI Marina del Rey, CA, USA Marina del Rey, CA, USA Marina del Rey, CA, USA [email protected] [email protected] [email protected] ABSTRACT In this paper, we present our preliminary work towards building Video streaming traffic dominates Internet traffic. However, there video streaming traffic generators that are both representative and is a dearth of tools to generate such traffic on emulation-based reproducible. We implement in our generators both the client and testbeds. In this paper we present tools to create representative and server endpoints, and each individual endpoint can be used on reproducible video streaming traffic to evaluate the next generation its own to test additional components within the network. Our of traffic classification, Quality of Service (QoS) algorithms and generators produce representative traffic on-the-wire by using freely traffic engineering systems. We discuss 27 different combinations of available or permissively-licensed videos and streaming them across streaming video traffic types in this preliminary work, and illustrate a variety of transport protocols. We enable reproducible experiments the diversity of network-level dynamics in these protocols. by emulating the process of “watching” videos with a systematic and well-defined methodology. We discuss in § 2 current state-of- ACM Reference Format: art video streaming protocols and how they can be used to recreate Calvin Ardi, Alefiya Hussain, and Stephen Schwab. 2021. Building Repro- representative and reproducible scenarios on an emulation-based ducible Video Streaming Traffic Generators. In Cyber Security Experimenta- tion and Test Workshop (CSET ’21), August 9, 2021, Virtual, CA, USA.
    [Show full text]
  • Pdf/Acyclic.1.Pdf
    tldr pages Simplified and community-driven man pages Generated on Sun Sep 26 15:57:34 2021 Android am Android activity manager. More information: https://developer.android.com/studio/command-line/adb#am. • Start a specific activity: am start -n {{com.android.settings/.Settings}} • Start an activity and pass data to it: am start -a {{android.intent.action.VIEW}} -d {{tel:123}} • Start an activity matching a specific action and category: am start -a {{android.intent.action.MAIN}} -c {{android.intent.category.HOME}} • Convert an intent to a URI: am to-uri -a {{android.intent.action.VIEW}} -d {{tel:123}} bugreport Show an Android bug report. This command can only be used through adb shell. More information: https://android.googlesource.com/platform/frameworks/native/+/ master/cmds/bugreport/. • Show a complete bug report of an Android device: bugreport bugreportz Generate a zipped Android bug report. This command can only be used through adb shell. More information: https://android.googlesource.com/platform/frameworks/native/+/ master/cmds/bugreportz/. • Generate a complete zipped bug report of an Android device: bugreportz • Show the progress of a running bugreportz operation: bugreportz -p • Show the version of bugreportz: bugreportz -v • Display help: bugreportz -h cmd Android service manager. More information: https://cs.android.com/android/platform/superproject/+/ master:frameworks/native/cmds/cmd/. • List every running service: cmd -l • Call a specific service: cmd {{alarm}} • Call a service with arguments: cmd {{vibrator}} {{vibrate 300}} dalvikvm Android Java virtual machine. More information: https://source.android.com/devices/tech/dalvik. • Start a Java program: dalvikvm -classpath {{path/to/file.jar}} {{classname}} dumpsys Provide information about Android system services.
    [Show full text]
  • The Volkswagen Caddy PANEL VAN | | MAXI | KOMBI | LIFE
    The Volkswagen Caddy PANEL VAN | | MAXI | KOMBI | LIFE PRESS INFORMATION JANUARY 2020 1 Contents Contents. Overview 4 Design and practicality 6 Technology on board 12 Engines and transmissions 15 Caddy history 18 Standard equipment 20 Technical specifications 24 Press office contacts 30 2 3 Overview. NEED TO KNOW • Fourth-generation Caddy available in panel van and passenger-carrying forms • Sleek exterior design and feature-packed interior • Euro 6D Temp-compliant diesel and petrol engines are the cleanest and most efficient ever offered • Diesel power outputs range from 102 PS to 150 PS with manual and DSG options • TSI petrol engine option with output of 102 PS • Front Assist and City Emergency Braking fitted as standard • Automatic Post-Collision Braking system fitted as standard across the range • Adaptive Cruise Control, Park Assist and High Beam Assistant offered as options • Standalone Caddy BlueMotion model delivers exceptional economy and efficiency • Advanced touchscreen infotainment systems deliver exceptional connectivity Volkswagen Commercial Vehicles’ compact van, the Caddy, has All Caddy models are equipped with a collection of efficiency consistently defined standards in its sector for nearly four decades. features that includes a start/stop system, regenerative braking The second best-selling model in Volkswagen Commercial Vehicles’ and low rolling resistance tyres. range after the Transporter, the Caddy combines space efficiency with sleek Volkswagen design and affordable running costs. The fourth-generation Caddy also sets a new benchmark in the class for its array of safety and convenience systems. All models The arrival of the fourth-generation model in the UK in September are equipped with an Automatic Post-Collision Braking system that 2015 confirmed Volkswagen’s position at the forefront of the reduces the risk or severity of a secondary collision by controlling sector.
    [Show full text]