All posts by Eliezer Croitoru

DellWorld’15: What is a Firewall Sandwich (FWS)?

PPTX: 120 G+ DPI and beyond Aravind Thangavelu Executive Director, Software Engineering

What is a Firewall Sandwich (FWS)?


“A scale-out, highly resilient Layer 2 and 3 architecture providing transparent  and or NATed/Routed security services to enhance existing security solutions”

  • DOES:
  • Can replace traditional HA firewall architectures
  • Work with Dell Networking S4810, S5000, S6000 and Dell Network Security SuperMassive 9×00 and 10XXX series products
  • Can Provide Layer 3 services at the firewall
  • Scale to 320 Gbps of DPI (IPS+ App Intelligence) , 2.56 Million SSL-DPI sessions and 40m TCP connections
  • Provide N+1 redundancy (vs. 1+1) without reliance on complex HA or clustering protocols
  • Support 1, 10 or 40GE ingress/egress connections (today) and performance

The code itself speaks

The code itself speaks

The digits 0 and 1 down below are finding their way to the earth.

There is an old “argument” on how teaching should be done. Some believes  that there is a specific order to things when teaching and learning. The biggest example I remember was Python is prettier then other languages, some named it as the “sexy” Programming Language. And indeed there are things that can be seen and can be read between the lines of code.

There is a fingerprint in the code!

But fingerprints and patterns or checksum algorithms are doomed to loos their place when the CS world due to a single reason:
Humans can create more then any and all of the computers on the planet together.

But still like any text there is wisdom in most of the pieces of code I had the pleasure to review or write. We as coders try to write in a functional or object oriented style while we are missing specific things from the picture.

We all do not know entirely what the “wisdom of the code” truly means. After years of IT support I can clearly say that there something like 4 types of code reviewers:

  • The Code is what it is and since it is the code then either the coder should be ashamed of it.
  • The Code is there to contain more then just the code itself, it has another upper level or metadata which not all may see.
  • The Code is what it is and the coder should be proud of it’s work.
  • The code is code and have lots of layers from the 0 and 1 layer lower and above and it contains some of the coder special spice.

I believe that the above 4 are only one way to look at this picture but I want to take into another direction.

I have experience with open source(GPL\BSD\Others) for at-least 10 years and I have seen pieces of code that hunted me for weeks.
I mean: seriously, why the code is not doing what it suppose to do?
Why when read the code it makes sense but eventually at run-time to does something unexpected. 20 Developers and a 5 QA testers are not enough?

So in the bottom line I believe that if the code was written based on a desired functionality or divided into objectives or it’s not “sexy” it is still a good way to tell a story,

Many of us are blessed with the words “genius” or “techie” or any other canonical name for our art and profession.

The bottom line

I believe that the sexiness of the code is not what’s attractive in it.
However I do believe that some “prettificiation” can help others to understand by themselves many things about the code itself and also about the author.

Squid-Cache and ME

I have published Squid-Cache RPM packages in the last couple years but now I’m starting to do things in slow speed and low gear.

The reason for that is that there are couple very nice alternatives out there which I used and found that are more suitable for the year 2018. If I can run a proxy that does the same thing but can utilize all of the cpu cores and in a balanced way I would make the effort to migrate from code that is based on 1985 style to one that is more advanced and also more reliable.

If you have found  Squid-Cache as your choice for the task and it works for you then great but… I found that it might work for specific clients but not in a network that has couple smart phones or tables in it.

Squid Version 4 on_unsupported feature brings something new to Squid-Cache and I believe that it might help to many like SKYPE to some how use Squid-Cache  without suffering too much.

I am waiting for Squid 4 stable release for quite some time with hope that we will have a new era. The issue is that even with my basic testing I am pretty sure that there is some memory overhead somewhere and this is one of the last pieces before the next step.

All The Bests,
Eliezer

Windows 10 Default Group Policy Restore

Based on the article at the bottom I am adding to my Journal a nice way to restore Windows 10 Pro to My Default Group Policy rules.

Recipe:

  • Download the GroupPolicy.7z  file
  • Backup your current system group policy folder:
    %systemroot%\System32\GroupPolicy
    Into a zip\tar\7z\other.
  • Delete all files in your destination system Group Policy folder:
    %systemroot%\System32\GroupPolicy\
  • Then extract the GroupPolicy.7z file content into the Group Policy folder:
    %systemroot%\System32\GroupPolicy
  • Start a command line(cmd) in administrative mode and run the command:
    gpupdate /force
    or restart/rebot your PC.

This helps to resolve some issues related to latest Microsoft Windows 10 Updates release.

Squid-Cache 4.0.22 RPM’s Released, SpeedTest service for free.

SpeedTest Everyone,
SpeedTest for Free!!

I have been dealing with claims like “SpeedTest result is 1.5 Mbps while I pay for 20 Mbps. I am leaving you service and switching to XYZ!”. One day the first thing my boss told me was “just call him and talk to him to see what’s the issue”.
I have been doing it for a period of time in the past 10 years and in parallel I was testing, supporting and packaging Squid-Cache.
While finding solutions for caching issues I noticed settings like:

Which I have seen on 2012 at :
https://aacable.wordpress.com/tag/squid-cache-youtube/

And just to make it clear, in the the above link I found one of the most sane articles and squid.conf I have seen in the last decade!!
It’s still based on the concept of “static” files or links and with the addition of a simple bearer token. However in the last couple years I had the time to sit and learn cryptography and in parallel I wrote a research as a proof of concept and the next articles are written based on it:

Each and every one of these article is a milestone in my understanding of many subjects which I didn’t had the option to learn in another place then the Squid-Cache project.

Packaging

I was inspired by the talk:

Slamming Your Head Into Keyboard HOWTO:
Packaging Applications – Jared Morrow
Can be watched at: YouTube, Vimeo

And also from my Grand Mother Rest In Peace. She and my Grand Father motto is that working “heals”. My Grand Mother used to work in a very simple job and was suffering in her last days but she worked as much as she could.
Long ago I had an accident that changed my life and as I was interviewed by a rehabilitation consultant, he asked me the next question: Would you be willing to work in a store organizing shelf’s ?
IE organizing bottles and other products in a store?
Without hesitating I answered him:
I am working as a PC technician since the age of 13, It’s not for me!

Since then I had time to work in couple jobs and one of them was to re-organize a whole warehouse IT infrastructure including preparing it for a re-location\migration. At the time I have seen how much there is in packaging that we cannot even imagine. Every product there was designed to be a shelf product and it fascinates me until today.

Packaging By Myself

I never imagined that packaging  is an art but Jared Morrow convinced me to give it a try.

At the time I was thinking to myself:
If someone would have offered me to work as a regular store organizer I would refuse but then I encountered Squid-Cache Store. It gave me another angle on things. I’m not the brightest developer but for some reason I am getting phone calls and emails again every couple days to find a solution for a PC or a Server issue so I started wondering: Why? Why couldn’t they figure out such a simple thing? The button is there and there is a text describing what are the options?

The answer was: The “Wizard” was written for the fearless!
So what is missing? And I found myself reading a book about RPM and DEB packaging. The first pass resulted in a second and couple other times reading these Introduction documentations. Only then I started with packaging Squid-Cache for CentOS 6 aiming for that it would be easier for me to deploy QA and TESTING Virtual Machines. Only later I have built a full blown fleet of build nodes that allows me to release Squid-Cache almost every month in the last three plus years .

And back to Jared Morrow, he ignited the fire inside me to work on things I have never imagined I could have.

With time I have encountered many ISP’s System and Network Administrators that tried to hide from their clients that they don’t really have a tiny peering channel to the external WAN\Internet using caching. The most fashioned examples are YouTube Videos and also SpeedTest http objects caching.
The idea is: “If YouTube or SpeedTest works fine then I have done my part as an ISP”.

But then ookla started shaking the SpeedTest world with a service that replaced the old mechanism of static objects download’s to test the maximum bandwidth. They wrote a very nice tool which showed how really slow the Internet is.

Free SpeedTest service release

I have just packaged a SpeedTest service for CentOS 7(x86_64) that can be deployed using couple simple commands: