Worth Reading: Odds are in Favor of Quantum Encryption

No kinds of organizations have tighter security than the average casino. After all, the house always wins, and it wants to keep those winnings. A recent Wired article, however, explains how a team of Russian hackers managed to beat a lot of casinos worldwide. They did so by exploiting inherent flaws in the pseudo-random number generators (PRNG) that are integral parts of randomizing every spin of a slot machine. Even if you don’t care about wealthy casino bosses losing money, you still need to be concerned about the drawbacks to using PRNGs because slots aren’t the only things that are vulnerable. Most of the world’s encryption is also based on pseudo-random numbers. —Cloud Security Alliance

The post Worth Reading: Odds are in Favor of Quantum Encryption appeared first on 'net work.

Reaction: The Future is…

This week, I ran across two posts that follow down a path I’ve gone down before—but it is well worth bringing this point up again. Once more into the breach. Tom, over at the Networking Nerd, has this to say on the topic of the future of network engineering—

The syntaxes that power these new APIs aren’t the copyrighted CLIs that networking professionals spend their waking hours memorizing in excruciating detail. JUNOS and Cisco’s “standard” CLI are as much relics of the past as CatOS. At least, that’s the refrain that comes from both sides of the discussion. The traditional networking professionals hold tight to the access methods they have experience with and can tune like a fine instrument. More progressive networkers argue that standardizing around programming languages is the way to go. Why learn a propriety access method when Python can do it for you?

The point Tom makes is this: programming is not the future of network engineering. But, but… there is so much pressure, and so many people saying “if you do not know how to program, you are going to be out of a job in five years.” I think there are negative and positive Continue reading

Worth Reading: Frequently Asked Questions on Undersea Cable

I’ve been involved with TeleGeography’s research on submarine cables since 2000. Over the years I’ve fielded numerous questions about the submarine cable industry from journalists, investors, family and friends. It seems as good a time as any to provide a compilation of answers to some of the most commonly asked questions. —APNIC

The post Worth Reading: Frequently Asked Questions on Undersea Cable appeared first on 'net work.

Worth Reading: The Future of Networking (In One Slide)

The telecoms industry is, I believe, overdue for a ‘lean’ revolution. This will change its working model from ‘purpose-for-fitness’ to ‘fitness-for-purpose’. For networks, that means switching from ‘build then reason about performance’ to ‘reason about performance and then build’. The benefit of this business transformation is a radical lowering cost risk and cost, predictable experiences, and the ability to rapidly adapt to changing patterns of demand. —Circle ID

The post Worth Reading: The Future of Networking (In One Slide) appeared first on 'net work.

Don’t Leave Features Lying Around

Many years ago, when multicast was still a “thing” everyone expected to spread throughout the Internet itself, a lot of work went into specifying not only IP multicast control planes, but also IP multicast control planes for interdomain use (between autonomous systems). BGP was modified to support IP multicast, for instance, in order to connect IP multicast groups from sender to receiver across the entire ‘net. One of these various efforts was a protocol called the Distance Vector Multicast Routing Protocol, or DVMRP. The general idea behind DVMRP was to extend many of the already well-known mechanisms for signaling IP multicast with interdomain counterparts. Specifically, this meant extending IGMP to operate across provider networks, rather than within a single network.

As you can imagine, one problem with any sort of interdomain effort is troubleshooting—how will an operator be able to troubleshoot problems with interdomain IGMP messages sources from outside their network? There is no way to log into another provider’s network (some silliness around competition, I would imagine), so something else was needed. Hence the idea of being able to query a router for information about its connected interfaces, multicast neighbors, and other information, was written up in draft-ietf-idmr-dvmrp-v3-11 (which Continue reading

Worth Reading: Memory and Logic in a Post Moore’s Law World

A key for computing architectures going forward is the development of efficient ways of integrating memory and logic functions in a single device, and much of the focus of research here is in the area of magnetism. Magnetism is at the heart of such storage devices as hard-disk drives and STT-MRAM, and as magnets continue to shrink, they need less power to switch polarization. With the recent development by researchers into new energy-efficient switching mechanisms, scientists are now looking into how the new physics of nanomagnetism can be used in digital device logic. —The Next Platform

The post Worth Reading: Memory and Logic in a Post Moore’s Law World appeared first on 'net work.

Worth Reading: Browser Watch

Welcome to another edition of Browser Watch, the regular feature that runs down the latest news and developments among all the most popular and up-and-coming browsers available. Whether you’re a designer, developer or both, you’ll always be kept up to date on everything that’s going in the browser world. —Web Designer Depot

The post Worth Reading: Browser Watch appeared first on 'net work.

Costa Rican Mountains

The post Costa Rican Mountains appeared first on 'net work.

Worth Reading: IoT Under Siege

Dahua, the world’s second-largest maker of “Internet of Things” devices like security cameras and digital video recorders (DVRs), has shipped a software update that closes a gaping security hole in a broad swath of its products. The vulnerability allows anyone to bypass the login process for these devices and gain remote, direct control over vulnerable systems. Adding urgency to the situation, there is now code available online that allows anyone to exploit this bug and commandeer a large number of IoT devices. —Krebs on Security

The post Worth Reading: IoT Under Siege appeared first on 'net work.

Worth Reading: Rescuing Network Time Protocol

The Network Time Protocol (NTP) is an Internet Engineering Task Force (IETF) protocol. It is responsible for syncing time between servers, using a variety of reference clocks as a guide. To the average user, this function may seem inconsequential, but knowing the time to one-thousandth of a second or less is essential for countless computer functions. Exactly when an electronic stock trade was made, for example, can mean a difference of millions of dollars. Similarly, in the 2003 blackout in the northeastern United States and Canada, in the nine seconds before the blackout, ten thousand events were recorded, but, because they were not accurately time-stamped, it proved impossible to document exactly what happened and learn much from what happened. As the Network Time Foundation site observes, “Knowing the time isn’t important. Until it is.” —The New Stack

The post Worth Reading: Rescuing Network Time Protocol appeared first on 'net work.

Worth Reading: Large scale image processing with KAFKA

The digital world is becoming ever more visual. From webcams and drones to closed-circuit television and high-resolution satellites, the number of images created on a daily basis is increasing and in many cases, these images need to be processed in real- or near-real-time. This is a computationally-demanding task on multiple axes: both computation and memory. … At the Seventh International Conference on Computer Science and Information Technology held in Zurich, Switzerland last month, two researchers from the Department of Electrical Engineering at Korea University presented a paper outlining their software-based approach to solving this problem. —Next Platform

The post Worth Reading: Large scale image processing with KAFKA appeared first on 'net work.

Worth Reading: Just Press Reboot

After you pass security at Schiphol, Amsterdam’s international airport, go past the Christian Dior boutique and leave the Pretentious and Overpriced Mediocre Chocolate Shop (maybe not the exact name) on your left. On the wall you will see a big red button labeled “Reboot Schiphol.” Just press it in case your flight is delayed. Not really, but that is what Reuters seems to believe. —ACM

The post Worth Reading: Just Press Reboot appeared first on 'net work.

Is the cloud the bee’s knees?

The post Is the cloud the bee’s knees? appeared first on 'net work.

Worth Reading: Optical encryption moves to ubiquitous

When initially introduced into the market, optical encryption was a niche application looking for a market. Optical encryption protects primarily against fiber tapping and traffic cloning, which were not viewed as widespread threats a few years ago. Optical encryption has some very definite benefits such as adding no latency and providing no information at all about the underlying services. Optical encryption made some headway with industries that were especially security conscious (financial and government), but not much further. News reports in the last few years of a wide range of cyber-attacks and infrastructure compromises have made every industry more aware of security, and suddenly optical encryption has taken off throughout the telecommunications market. As a result, the price and availability of optical encryption engines have improved dramatically. The solutions are also much more flexible, enabling optical encryption to be added easily to existing networks and all types of services. —ECI

The post Worth Reading: Optical encryption moves to ubiquitous appeared first on 'net work.

Worth Reading: As if random telephone and email spam weren’t enough

Google’s smart home speakers on Thursday played an unprompted promotion for Walt Disney Co.’s new “Beauty and the Beast” movie, the first sign of how the world’s largest advertising company could shoehorn ads into its growing number of voice interactions with users. Users of Google’s voice-controlled speaker, called Google Home, heard a 17-second promotion for the movie, after asking the devices about the their schedule. “By the way, Disney’s live-action Beauty and the Beast opens today,” the device said, according to user videos. —Market Watch

The post Worth Reading: As if random telephone and email spam weren’t enough appeared first on 'net work.

On the ‘net: Nothing to Hide, Everything to Gain

The IETF Journal published an article by Shawn and I last week about open source, open standards, and participation by vendors and providers.

Why should a provider—particularly a content provider—care about the open standards and open source communities? There is certainly a large set of reasons why edge-focused content providers shouldn’t care about the open communities. A common objection to working in the open communities often voiced by providers runs something like this: Isn’t the entire point of building a company around data—which ultimately means around a set of processing capabilities, including the network—to hide your path to success and ultimately to prevent others from treading the same path you’ve tread? Shouldn’t providers defend their intellectual property for all the same reasons as equipment vendors?

The post On the ‘net: Nothing to Hide, Everything to Gain appeared first on 'net work.

Worth Reading: Why there won’t ever be a CCIE SDN

There’s a lot of work that’s been done recently to bring the CCIE up to modern network standards. Yusuf and his team are working hard to incorporate new concepts into the written exam. Candidates are broadening their horizons and picking up new ideas as they learn about industry stalwarts like OSPF and spanning tree. But the biggest challenge out there is incorporating the ideas behind software defined networking (SDN) into the exam. I don’t believe that this will ever happen. Here’s why. —The Networking Nerd

The post Worth Reading: Why there won’t ever be a CCIE SDN appeared first on 'net work.

Worth Reading: My Data, Your Business

In times like these, it’s easy to be paranoid. Almost every day there is a new story about an app, a TV or a child’s toy that is collecting too much data, or a massive data breach, or the latest kind of ransomware doing the rounds of the Internet. We may not know the specifics, but we do know that somewhere out there someone is tracking us online: in fact, most of the data monetization machine is invisible to consumers — the individuals whose data fuels it. —The Internet Society

The post Worth Reading: My Data, Your Business appeared first on 'net work.

Middleboxes and the End-to-End Principle

The IP suite was always loosely grounded in the end-to-end principle, defined here (a version of this paper is also apparently available here), is quoted in RFC2775 as:

The function in question can completely and correctly be implemented only with the knowledge and help of the application standing at the endpoints of the communication system. Therefore, providing that questioned function as a feature of the communication system itself is not possible. … This principle has important consequences if we require applications to survive partial network failures. An end-to-end protocol design should not rely on the maintenance of state (i.e. information about the state of the end-to-end communication) inside the network.

How are the Internet and (by extension) IP networks in general doing in regards to the end-to-end principle? Perhaps the first notice in IETF drafts is RFC2101, which argues the IPv4 address was originally a locater and an identifier, and that the locater usage has become the primary usage. This is much of the argument around LISP and many other areas of work—but I think 2101 mistates the case a bit. That the original point of an IP address is to locate a topological location in the network is Continue reading

Worth Reading: So You Want to get Certified

So you want to get certified. Nearly every technology vendor you can think of offers a certification program. You might have a few different reasons for wanting to get certified, and vendors have just as much incentive to get you certified in implementing and supporting their platforms. —Netcraftsmen

The post Worth Reading: So You Want to get Certified appeared first on 'net work.