The Internet of Sports
Did you see what the NFL is doing this year with sensors? Earlier this month they announced a partnership with Zebra Technologies, a company that provides RFID chips for applications from 'automotive assembly lines to dairy cows' milk production.' This season there will be sensors in the player's shoulder pads which will track all their on field movements. This includes player acceleration rates, top speed, length of runs, and even the distance between a ball carrier and a defender. Next year they'll add sensors for breathing, temperature and heart rate. More stats than ever and could change the game for-ever. Imagine coaches being able to examine that data and instantly call a play based on it. Play by play. To me it somewhat takes away that 'feel' for the game flow but also having data to confirm or deny that feeling might make for exciting games. Maybe lots of 0-0 overtimes or a 70-0 blowout. Data vs. data. Oh how do I miss my old buzzing electric football game. The yardsticks will have chips along with the refs and all that data is picked up by 20 RFID receivers placed throughout the stadium. Those, in turn, are wired to a hub and server which processes the data. 25 times a second, data will be transmitted to the receivers and the quarter sized sensors use a typical watch battery. The data goes to the NFL 'cloud' and available in seconds. The only thing without a sensor is the ball. But that's probably coming soon since we already have the 94Fifty sensor basketball. And we've had the NASCAR RACEf/x for years and this year they are going to track every turn of the wrench with RFID tracking in the pits and sensors on the crew. Riddell has impact sensors in their helmets to analyze, transmit and alert if an impact exceeds a predetermined threshold. They can measure the force of a NBA dunk; they can recognize the pitcher’s grip and figure out the pitch; then the bat sensor that can measure impact to the ball, the barrel angle of their swings, and how fast their hands are moving; and they are tracking soccer player movement in Germany. Heck, many ordinary people wear sensor infused bracelets to track their activity. We've come a long way since John Madden sketched over a telestrator years ago and with 300 plus lb. players running around with sensors, this is truly Big Data. It also confirms my notion that the IoT should really be the Internet of Nouns - the players, the stadiums and the yardsticks. ps Related: Player-tracking system will let NFL fans go deeper than ever Fantasy footballers and coaches rejoice—NFL players to wear RFID tags More sensors are coming to professional sports, but research outpaces business models Why This Nascar Team Is Putting RFID Sensors On Every Person In The Pit Impact Sensors: Riddell InSite Impact Response System Fastpitch Softball League Adds Swing Sensors to its Gear Technorati Tags: rfid,sensors,IoT,things,nfl,cloud,big data,silva,f5 Connect with Peter: Connect with F5:Blog Roll 2017
It’s that time of year when we gift and re-gift, just like this text from last year. And the perfect opportunity to re-post, re-purpose and re-use all my 2017 entries. If you missed any of the 64 attempts including 16 videos, here they are wrapped in one simple entry. I read somewhere that lists in articles are good. I broke it out by month to see what was happening at the time and let's be honest, pure self-promotion. Check out our Featured Members for the year, dig into June's Cloud Month, catch up on some #Basics or sit back and watch some cool Lightboard videos. I truly appreciate your engagement throughout 2017 and Have a Safe and Happy New Year! January 2017 OK 2017, Now What? Lightboard Lessons: What is MQTT? Deploy BIG-IP VE in AWS What is Load Balancing? What is an Application Delivery Controller - Part I What is an Application Delivery Controller - Part II February Q/A with itacs GmbH's Kai Wilke - DevCentral's Featured Member for February What is DNS? Security Trends in 2016: Securing the Internet of Things Lightboard Lessons: IoT on BIG-IP Shared Authentication Domains on BIG-IP APM What to Expect in 2017: Mobile Device Security March Q/A with Admiral Group's Jinshu Peethambaran - DevCentral's Featured Member for March What is Virtual Desktop Infrastructure (VDI) Social Login to Enterprise Apps using BIG-IP & OAuth 2.0 Lightboard Lessons: What is a Proxy? Protecting API Access with BIG-IP using OAuth What is a Proxy? Lightboard Lessons: Service Consolidation on BIG-IP April Q/A with Betsson's Patrik Jonsson - DevCentral's Featured Member for April Deploy BIG-IP VE in Microsoft Azure Using an ARM Template High Availability Groups on BIG-IP Lightboard Lessons: The BIG-IP Profiles Configure HA Groups on BIG-IP May DevCentral’s Featured Member for May – NTT Security’s Leonardo Souza Deploying F5’s Web Application Firewall in Microsoft Azure Security Center Lightboard Lessons: What is BIG-IP? Updating an Auto-Scaled BIG-IP VE WAF in AWS Device Discovery on BIG-IQ 5.1 June Cloud Month on DevCentral DevCentral Cloud Month - Week Two DevCentral Cloud Month - Week Three DevCentral Cloud Month - Week Four DevCentral Cloud Month - Week Five DevCentral Cloud Month Wrap July DevCentral’s Featured Member for July – Vosko Networking’s Niels van Sluis BIG-IP VE on Google Cloud Platform Is 2017 Half Empty or Half Full? (F5 Newsroom) Lightboard Lessons: Attack Mitigation with F5 Silverline Lightboard Lessons: What is BIG-IP APM? August DevCentral’s Featured Member for August – Piotr Lewandowski Create a BIG-IP HA Pair in Azure I’ve Successfully Failed the F5 Certification 201-TMOS Administration Exam Lightboard Lessons: BIG-IP ASM Layered Policies Deploy an Auto-Scaled BIG-IP VE WAF in AWS Lightboard Lessons: What is BIG-IQ? September DevCentral’s Featured Member for September – Rob Carr Automatically Update your BIG-IP Pool Using the Service Discovery iApp Lightboard Lessons: What is HTTP? October DevCentral’s Featured Member for October – Jad Tabbara Lightboard Lessons: Connecting Cars with BIG-IP Legacy Application SSO with BIG-IP and Okta Selective Compression on BIG-IP Lightboard Lessons: What are Bots? Prevent a Spoof of an X-Forwarded-For Request with BIG-IP November DevCentral’s Featured Member for November – Nathan Britton Lightboard Lessons: What is DDoS? VDI Gateway Federation with BIG-IP Post of the Week: BIG-IP Policy Sync Mitigate L7 DDoS with BIG-IP ASM The OWASP Top 10 - 2017 vs. BIG-IP ASM December DevCentral's Featured Member for December - Kevin Davies F5 Certified Practice Exams The Top 10, Top 10 Predictions for 2018 (F5 Newsroom) Post of the Week: SSL on a Virtual Server ps The History Blog Roll 2016 Blog Roll 2015 Blog Roll 2014 Blog Roll 2013 Blog Roll 2012 Blog Roll 2011F5 + Blue Medora: Gain Control of Your Applications with vRealize
Together with F5 and Blue Medora, extend the view of the VMware vRealize Operations management platform with a BIG-IP Plug-in Management Pack directly available from VMware Solution Exchange. This allows customers to monitor the critical components of application delivery at the virtualization layer to diagnose issues to make adjustments real-time. ps Related: VMworld2015 – The Preview Video VMworld2015 – Find F5 VMworld2015 – Realize the Virtual Possibilities (feat. de la Motte) VMworld2015 – Business Mobility Made Easy with F5 and VMware (feat. Venezia) Software Defined Data Center Made Simple (feat. Pindell) - VMworld2015 That’s a Wrap from VMworld2015 Technorati Tags: F5,blue medora,vmware,cloud,virtualization,vrealize,silva,video,big-ip plugin Connect with Peter: Connect with F5:The Icebox Cometh
Will the Internet of Things turn homes into a House of Cards? Our homes are being invaded...but not with critters that you'd call an exterminator for. Last summer I wrote Hackable Homes about the potential risks of smart homes, smart cars and vulnerabilities of just about any-'thing' connected to the internet. (I know, everyone loves a bragger) Many of the many2014 predictions included the internet of things as a breakthrough technology? (trend?) for the coming year. Just a couple weeks ago, famed security expert Bruce Schneier wrote about how the IoT (yes, it already has it's own 3 letter acronym) is wildly insecure and often unpatchable in this Wired article. And Google just bought Nest Labs, a home automation company that builds sensor-driven, WiFi enabled thermostats and smoke detectors. So when will the first refrigerator botnet launch? It already has. Last week, Internet security firm Proofpoint said the bad guys have already hijacked up to 100,000 devices in the Internet of Things and used them to launch malware attacks. The first cyber attack using the Internet of Things, particularly home appliance botnets. This attack included everything from routers to smart televisions to at least one refrigerator. Yes, The Icebox! As criminals have now uncovered, the IoT might be a whole lot easier to infiltrate than typical PCs, laptops or tablets. During the attack, there were a series of malicious emails sent in 100,000 lots about 3 times a day from December 23 through January 6. they found that over 25% of the volume was sent by things that were not conventional laptops, desktops or mobile devices. Instead, the emails were sent by everyday consumer gadgets such as compromised home-networking routers, connected multi-media centers, televisions and that one refrigerator. These devices were openly available primarily due to the fact that they still had default passwords in place. If people don't update their home router passwords or even update the software, how are they going to do it for the 50+ (give or take) appliances they have in their home? Heck, some people have difficulty setting the auto-brew start time for the coffee pot, can you imagine the conversations in the future? 'What's the toaster's password? I need to change the bagel setting!' Or 'Oh no! Overnight a hacker replaced my fine Kona blend with some decaf tea!' Come on. Play along! I know you got one you just want to blurt out! I understand this is where our society/technology/lives are going and I really like the ability to see home security cameras over the internet but part of me feels, is it really necessary to have my fridge, toaster, blender and toilet connected to the internet? Maybe the fridge alerts you when something buried in back is molding. I partially get the thermostats and smart energy things but I can currently program my thermostat for temperature adjustments without an internet connection. I push a few buttons and done. Plus I don't have to worry about someone firing up my furnace in the middle of July. We have multiple locks on our doors, alarm systems for our dwellings, security cameras for our perimeter, dogs under the roof and weapons ready yet none of that will matter if the digital locks for our 'things' are made of dumpling dough. Speaking of dumplings, the smart-steamer just texted me with a link to see the live feed of the dim sum cooking - from inside the pot! My mind just texted my tummy to get ready. ps Related: Proofpoint Uncovers Internet of Things (IoT) Cyberattack The Internet of Things Is Wildly Insecure — And Often Unpatchable For The First Time, Hackers Have Used A Refrigerator To Attack Businesses The Internet Of Things Has Been Hacked, And It's Turning Nasty Smart refrigerators and TVs hacked to send out spam, according to a new report Here's What It Looks Like When A 'Smart Toilet' Gets Hacked Bricks (Thru the Window) and Mortar (Rounds) Technorati Tags: IoT,internet of things,botnet,malware,household,silva,attacks Connect with Peter: Connect with F5:The Land of the Partially Connected
Greetings from Ottertail County Last week my family visited some relatives in Minnesota. Fergus Falls and Clitherall to be exact. Both are situated in Ottertail County – about half way up the state toward the Fargo, North Dakota side. While Fergus has a population of around 13,000, Clitherall claims 112 people and much of the area is farms, lakes, woods, nature and many of the locals are hunters, ice-fishers, farmers and people who love the great outdoors...even during the long, demanding winters. In the summer it is a quaint little resort town. There is a dirt road to get to my wife’s dad’s house and we even saw a couple eagles engaged in a talon lock while we were there. We always enjoy our stays. A decade ago, cell phone coverage was spotty but it has gotten better, albeit 2/3G in some areas, and most have access to the internet either by cable or satellite. But the internet, for some folks, is not as important or critical like it is for many of us ‘connected’ beings. Poppa Maggie’s house on Mallard Bay can get internet access but he doesn't want it. I’m sure many of you have experienced remote areas of the country where the grid is available but people choose not participate or simply use their mobile device for the few things that they need. At one of the family gatherings - on a farm in a log cabin - our cousins were wide-eyed about all the ‘technology’ stuff we knew. While I asked about the family history and why they originally settled in that location, soon the discussion turned to wearables, data breaches, encryption and even the Fed’s iPhone situation. I remember Cousin Patty saying, ‘I’m just a simple farm girl and really don’t know anything about the internet or technology.’ I was a little jealous. Granted, many of the large farms in America do use technology to track the herd, measure moisture/water schedules, check soil conditions, maneuver tractors, check grain silos and so forth. But these were small family farmers and didn’t have large contracts with nationwide distributors. Often, their crop is to simply feed the family and stock for the year and/or sell at local markets. I told Patty that I was a bit envious of her situation and knowing all the ins and outs of technology can sometimes be stressful, anxiety filled and a burden. Always worried about being a target; insight on how cyber-crime works; knowing that nothing is totally secure until you unplug or disconnect it. I felt safer surrounded by trees, lakes, deer, bear, geese, and ducks…and with no computer connection. Add to that, they got me beat hands down for survival skills. They are craftsman, artists, cooks, hunters, builders, agriculturalists, environmentalists, conservationists and hard working, good people. BREAKING NEWS: It was tranquil and relaxing. Like many of you, technology is part of my life, how I make a living and I’m not looking to hang up my RJ-45s any time soon. I have a great interest in how it is shaping our society and love exploring and explaining how a lot of it works. However, it is also important, to unplug every once in a while and experience some technology-free time. It clears the mind, slows you down and you might get to see the flirtatious free fall (or epic battle) of a truly majestic creature. psTime It Takes the Fingers to Remember a New Password? About 3 days
Recently I changed some of my passwords. Some due to typical rotation time and a couple due to potential breaches and encouragement from the affected site. No, I’m not going to tell you which ones or how I go about it but I noticed that it took about 3 days for my fingers to key the correct combination. This has probably happened to you too, where after changing a password, you inadvertently enter the old password a number of times since that is what the fingers and hands remember. Yes, I’m sure many of you have password keepers (which have also been breached) locked by a master and I use one too, but for many of my highly sensitive passwords, I keep those in my head. As I continued to enter the old password for a couple days only to correct myself, I started thinking about habits and muscle memory. Some adages talk about it taking about 30 days (66 days in this study) to either pick up or drop a habit if done daily. Want to keep an exercise routine? Do it daily for a month and you are more than likely to continue...barring any unforeseen circumstances. And then there’s muscle memory. Things like riding a bike, signing your name, catching a ball or any repetitious, manual activity that you complete often. Your muscles already know how to do it since they’ve been trained over time. You do not need to think about, ‘OK, as it gets closer, bring your hands together to snag it from the air,’ it just happens. This is one of the reasons why people change or update certain exercise or resistance routines – the muscles get used to it and need a different approach to reach the next plateau. I wondered if anyone else had thought of this and a quick search proved that it is a bona fide technique for password memory. Artists like musicians use repetitive practice for scale patterns, chords, and melodic riffs and this trains the muscles in the fingers to 'remember' those patterns. It is the same notion with passwords. Choose a password that alternates between left and right hands that have some rhythm to it. After a bit, the hands remember the cadence on the keyboard and you really do not need to remember the random, committed numbers, letters or Shift keys pounced while typing your secret. This is ideal since only your fingers remember not necessarily your mind. Granted, depending on how your head works this technique might not work for everyone but it is still an interesting way to secure your secrets. And you can brag, 'If you break my fingers, it'll wipe the device.' ps Related: Memorizing Strong Passwords Muscle memory passphrases and passwords Muscle Memory: Scientists May Have Unwittingly Uncovered Its Mystery Muscle Memory SolvedRSA Security Octagon: What's the Best Way to Secure Applications?
We're doing something a little different this year at #RSA with a Security Octagon. Everyone loves a good debate and in the security community discussions pop up constantly around a myriad of topics at any given point - with individuals or groups in the community taking opposing sides in these quarrels. While we’re not looking for a knock-down drag out geek fight, we are looking for a spirited debate in hopes of engaging with security pros to lend their support and opinions to the topic. In the first debate we focus on the topic of application security. Is application security just secure coding or is it more than that? Preston Hogue from F5 and Jeremiah Grossman from WhiteHat Security are our first participants to discuss 'What's the Best Way to Secure Applications?' How can you play along? Visit https://f5.com/securityoctagon to cast your vote and comment on the discussion. 1. Make sure to use the appropriate #hashtag: a. #TeamGrossman b. #TeamHogue 2. Can’t pick a camp to support, promote the program overall: a. #SecOctagon If you're at RSA, visit F5 booth 1515 and say 'Aloha' to DevCentral folks John Wagnon and Jason Rahm and ask how you can Integrate WhiteHat Scans With BIG-IP ASM. And a very special thanks to Jeremiah for participating this year. Always appreciate his security expertise. Enjoy the show! ps Connect with Peter: Connect with F5:OK 2016 Monkey, Whatcha Got?
The Year of the (Fire) Monkey is upon us and the curious, playful, smart, opportunistic and sometimes mischievous character could influence events throughout 2016. Whether you were born under the symbol or not, Monkeys thrive on challenges and 2016 is sure to bring some obstacles during the year. 2015 (Year of the Sheep) brought us a rash of high profile breaches, a bunch of new IoT devices and wearables, continued, bigger clouds and innovative attacks on vulnerable infrastructures along with the continuous deluge of big data. This is sure to continue as our digital, software-defined lives connect and intersect with the things around us. Organizations will need to extend their risk management focus to areas outside their control like the cloud and social channels but also consider the human element in all this. The new threats and heightened risk may put some companies in peril due to the lack of knowledgeable security IT personnel available. Mobility, both the state of being and the devices we use, will continue to grow and be an immense enabler and/or inhibitor for organizations. Mobile is not only the new shiny phone you got over the holidays but also all the IoT gadgets looking for a place in our home, offices and bodies…along with how we interact with them as humans. Cutting the cord will mean more than subscribing to some streaming media service but the way of the wireless life. You are now the device, controller and data generator. With that, security challenges like authentication, privacy, malware/data protection, compliance and the management of those services will be paramount. And as our lives – personal and professional – continue to be chronicled on the internet, thieves, nation states and activists will continue to be one step ahead probing data and looking for that golden slab of info. Making money, causing disruptions or outright take downs through online attacks are big motivations for those seeking notoriety or simply a big score. But it’s not always from the crook or spy half a globe away. Insider threats, malicious or not, have made the traditional perimeter almost useless. So while trends like cloud, mobility, IoT and big data will consume IT departments, securing those trends and how they map to business objectives will be the monkey on organizations back for 2016. Let’s try to be intelligent, dignified, clever, optimistic, confident, agile and curious about our challenges or the arrogant, deceptive, reckless and manipulative bad guys will get the best of us. The 2016 Monkey is here, and we’ll need to handle it with grace. ps Related: Chinese New Year 2016: Facts, Dates, And Ancient Traditions 5 information security trends that will dominate 2016 Defending Data Report 2015 Infographic Cybersecurity Skills Gap Making Companies Vulnerable To Major Attacks Samsung Builds Smart Home Tech into Its 2016 TVs The weird and wacky of 2015: strange security and privacy stories Technorati Tags: 2016,f5,mobility,iot,security,silva,monkey This article originally appeared 1-7-16 on F5.com Connect with Peter: Connect with F5:The New, Old Kid in Town
For nearly 12 years at F5, I've had only two job titles - Security Systems Architect from 2004-06 and Technical Marketing Manager since 2006. Whenever anyone asks what I do at F5, I typically answer, 'Writer, speaker and video producer,' in that order. Above all, I focused on covering emerging trends within our industry and evangelizing the various solutions - including F5's - to solve some of these challenges. I am now embarking on my third adventure at F5 - joining the F5 DevCentral team as a Sr. Solution Developer - concentrating my writing, speaking and videos on our amazing community. DevCentral’s mission is to deliver technical thought leadership to the community through connecting, preparing, and empowering professionals engaged with F5 technologies and I'll be helping develop, test and share technical solutions to some of today's technology challenges. In many ways, my job really doesn't change all that much, except for digging a little deeper into technical solutions and engaging deeper within our community. Now, I'll be the first to admit that my technical chops have slightly eroded since my SSA days installing FirePass (now our BIG-IP APM) and TrafficShield (BIG-IP ASM) but I'm looking forward to returning to my technical roots exploring and explaining how some of this stuff works in the real world. I'll still write lighter stories about IoT, mobile, cloud and the usual (or unusual) things that interest me along with contributing to DevCentral's already awesome LightBoard Lessons video series and reporting from industry events. If you remember the 'In 5 Minutes' video series, I'm also toying with the idea of resuming that - in LightBoard - so if you got any early requests, let me know. I published my first blog post ever on DevCentral in 2007 and with over 1000 entries later, including close to 400 videos, I feel like I'm coming home. ps Technorati Tags: f5,devcentral,big-ip,silva Connect with Peter: Connect with F5:Backseat Drivers, Your Wish Has Come True
Excuse for speeding 10 years from now: ‘Officer, it was the software.’ When I was in college, I would drive the 1040 miles from Marquette Univ. in Milwaukee to my parent’s house in Rhode Island for things like summer vacation and semester break. It seemed to take forever, especially through Pennsylvania where the state speed limit at the time was 55mph. I always tried to complete it straight through yet would inevitably start the head drop and would fall asleep at some rest stop in Connecticut, about 3 hours from my goal. This is back when they still had toll booths on the Connecticut turnpike. As an adult, my family has driven the 2000 miles from California to Minnesota to visit family. In both instances, I wished I could simply doze off, take a little nap, stay on the road and awake a couple hundred miles closer to the destination. Yes, we alternated drivers but that also meant I wasn’t driving. For some reason, I had a much easier time falling asleep while holding the steering wheel than in shotgun position. Soon, you just might be able to notch that seat in recline or even stretch out in the back – do I hear third row - while your car continues on its merry way. Deutsche Telekom and Nokia conducted the first demonstration of car-to-car communication over a high speed cellular connection with close to 5G performance. And they did it on the recently inaugurated Digital A9 Motorway Test bed - Germany’s Autobahn. The cars connected over a regular LTE service optimized for rapidly moving vehicles. They used a cellular network since it is already in place and didn’t need to negotiate a digital handshake to connect. Nokia says that its technology cut the transmission lag time to under 20 milliseconds, versus today’s limit of 100+ milliseconds, give or take. And it is counting the relay time from one car to another, via a central cloud. This was simply a test to see how self-driving cars could communicate while travelling at high speeds. These connected cars will have a lot of data chatter but outside our earshot. There is also growing attention to automobile vulnerabilities as more of these driverless cars start to appear on our roads. Recorded Future has a great graphic showing some of the attacks and exploits against automakers, vehicles and components since 2010. Just like our applications, there is a growing list of the types of connected vehicle focused hackers. From researchers to criminals to insiders to competitors and even nation states are all trying to target these vehicles for their own purposes. And they all have their own motives as you can imagine. TechCrunch has an excellent article Connected Car Security: Separating Fear From Fact which digs into the short history of car vulnerability research along with the various players and what they are digging for. Meanwhile, Ford Motors announced that they will begin testing self-driving cars at a Michigan facility called Mcity. A fake town with stores, crosswalks, street lights and other scale structures to test the software and sensors controlling the car. They’ve also announced that whatever driver data is generated (which can be up to 25GB and hour) is the customer’s data. Ford says they will only share it with the customer’s informed consent and permission. And lastly, a Google self-driving car was lit-up by a CHiP in Mountain View for going too slow – 24mph in a 35 zone. Too bad no one was at the wheel to sign for the ticket. The officer quickly realized that he pulled over an autonomous car and asked the human passenger about the speed settings while reminding him of the CA Vehicle Code. This model tops out at 25mph for safety reasons and no ticket was issued. And in the future, remember this: ‘Officer, it was the software.’ ps Related: Cars Talk To Cars On The Autobahn Connected Car Security: Separating Fear From Fact Cop pulls over Google self-driving car, finds no driver to ticket Ford: Our cars will give you control of your driver data From Car Jacking to Car Hacking IoT: Tabs to be Read Later Technorati Tags: connected cars,iot,sensors,automobile,driverless,f5,silva This article originally appeared 11.19.15 on F5.com Connect with Peter: Connect with F5:
