Version 1.1 of YANG language is out

A complete specification of the new 1.1 version of the YANG data modelling language was published as RFC 7950 on the last day of August. After a relatively slow start, in the last two years the use of YANG has been steadily increasing not only in the IETF but also in other standard development organisations such as IEEE or BBF, and also in the industry. Nowadays, YANG is regarded as a fundamental tool for secure remote administration of network devices and services. It becomes clear that standard and machine-readable data models of configuration and state data – that is, definition of their structure, data types and semantic rules – are ultimately more important than the concrete management protocol that is used for transmitting and editing the data. Despite some reluctance on the side of equipment vendors who love their proprietary CLIs, especially operators of large and heterogeneous networks have been pressing hard to make the management data as standard and cross-platform as possible.

Telnet is not dead – at least not on ‘smart’ devices

Depending on your age, you either might or might not have used Telnet to connect to remote computers in the past. But regardless of your age, you would probably not consider Telnet for anything you currently use. SSH has become the de facto standard when it comes to remote shell connection as it offers higher security, data encryption and much more besides.

DNSSEC signing with Knot DNS and YubiKey

Knot DNS 2.1 introduced support for DNSSEC signing using PKCS #11. PKCS #11 (also called Cryptoki) is a standard interface to access various Hardware Security Modules (HSM). Such devices are usually used to improve protection of private key material. The interface is rather flexible and gives the HSM vendors huge amount of freedom, which unfortunately makes its use a bit tricky. There are often surprising differences between individual implementations.

The most significant attacks addressed by security teams in the Danube region

On March 15, 2016, the concluding conference of the project “Cyber ​​security in the Danube region” (CS Danube) took place. The main objective of the project joined by representatives of security teams and organizations from Croatia, Austria, Slovakia, Serbia and Moldova, as well as our team CSIRT.CZ, was to strengthen the capacity of individual teams and cooperation in cyber security.

Turris Omnia and openSUSE

About two weeks ago I was on the annual openSUSE Board face to face meeting. It was great and you can read reports of what was going on in there on openSUSE project mailing list. In this post I would like to focus on my other agenda I had while coming to Nuremberg. Nuremberg is among other things SUSE HQ and therefore there is a high concentration of skilled engineers and I wanted to take an advantage of that…

The hottest gadget on Indiegogo is… a router?

The title, which I took the liberty to borrow from the German site, quite nicely captures the pleasant surprise we experienced during the campaign for Turris Omnia. I admit that the amount of collected money came as a bit of a surprise even to us. Just by the way, in our guessing competition among the team members, the most daring guess was USD 560 thousand, almost USD 300 thousand less than was eventually collected. We perceived this campaign only as a test, whether there is any interest in the market. And now we know there is, especially when we remind ourselves that certainly not everyone would contribute to the crowdfunding. Sending money to some of such campaigns means that the person prefers a pig in a poke to the bird in the hand. It already happened many times that a promising-looking project simply wasn’t finished or that the result didn’t live up to the original promises. Another problem is that businesses do not usually purchase through such campaigns, as it is not simple for them in terms of accounting. This also makes the collected amount a great promise for future.