Author Archives: Greg Ferro
Author Archives: Greg Ferro
Its become clear that the only way to improve security of certificate authorities is to follow through on threats. Symantec has been delinquent since 2012 in securing their processes and software. We have seen multiple instances of certificate falsely issued to domains (including Google’s domain). As the owner of Chrome browser, it has decided that Symantec is no longer fit to be considered a root authority for TLS (SSL) certificate.
Effective immediately, Chrome plans to stop recognizing the extended validation status of all certificates issued by Symantec-owned certificate authorities, Ryan Sleevi, a software engineer on the Google Chrome team, said Thursday in an online forum. Extended validation certificates are supposed to provide enhanced assurances of a site’s authenticity by showing the name of the validated domain name holder in the address bar. Under the move announced by Sleevi, Chrome will immediately stop displaying that information for a period of at least a year. In effect, the certificates will be downgraded to less-secure domain-validated certificates.
This is necessary. Politically this is a sound move. Taking down a major company that is US-based following removed of Chinese and Eastern European CA root certificates sends a message of fairness and balance. The repeat Continue reading
Martin Casado doesn’t have a proper job since he left VMware. This gives him times to think deeply about the future of IT security as part of his role of wasting investors money at A16Z and considering where the next advances or futures will be. This video makes a lot of sense to me.
Once upon a time, we thought of security measures as being built like a wall around a medieval city. Then, as threats grew in complexity, we began to think of it more like securing a city or nation-state. Finally, security grew alike to aerial warfare — mobile, quick, wide-ranging. Each of these new modes for thinking about security represented a major misalignment between the security threats that had evolved and our strategies/tactics for dealing with them.
Now we are once again at another such major misalignment — thanks largely to the cloud and new complexity — requiring both a shift in how we think about and respond to threats. But we also have security “overload” given the vast size of our systems and scale of notifications.
How do security threats develop? How should CEOs and CSOs think of planning for them? What role will AI and Continue reading
I did a video for “Speak With A Geek” where I sat down with David Sparks where I talk about approaching your career in a similar fashion to approaching your technology. Your value to the business is determined by how good you are as a piece of human infrastructure.
When you show you can do it for yourself, the people in charge will see that and want to invest in you to bump you up to the next level of productivity. Human infrastructure is no different than physical technical infrastructure, argued Ferro. You purchase a small infrastructure and then you scale it up, spending more money on it, make it bigger, more valuable, and able to do more. That’s no different in how you invest in yourself.
No matter how good your situation is, Ferro advised to “always have one eye on the door.” There is always a better opportunity even when you think yours is the best. For that reason, keep your skills and resume polished at all times and be available for what’s next.
The post Human Infrastructure And Always Planning to Quit and Move On appeared first on EtherealMind.
Funny and insightful. Maybe.
Jake Davis, former Anonymous and LulzSec hacker, shares his hacker journey while exploring just what makes hackers tick…
“…You can either be a farmer, or join a politically motivated global hacking collective” – YouTube : https://www.youtube.com/watch?v=E0h_pNv1a98&app=desktop
The post Video: “…You can either be a farmer, or join a politically motivated global hacking collective” – YouTube appeared first on EtherealMind.
Tough day for Cisco. A large number of Cisco software releases and devices were comprehensively pwned by US Gov spy agencies. This isn’t surprising, thats what they are supposed to do but now the details have been published on WikiLeaks.
This LinkedIn blog post outlines some of what has been found.
When I took a quick look at Wikileaks data, the range of possibilities is substantial but require access to the device itself. The Cisco post has details on the range of exploits in their response published today: http://blogs.cisco.com/security/the-wikileaks-vault-7-leak-what-we-know-so-far which says its too early to frame a response. I agree.
Some thoughts:
I do sometimes miss the old days of having a ‘private office’ (aka computer room) to play with stuff.
Link: Disk Drop – YouTube –
The post Video: Disk Drop appeared first on EtherealMind.
Some time back, someone challenged me to explain how ITIL impacted my workflow.
The diagram is largely inspired by my time working for a Top 5 IT Consultancy which was utterly convinced that more managers and project managers would improve the efficiency of the work performed because we could improve the process. In the end there were twelve project managers plus three manager-managers to schedule the work for just three engineers.
I pointed out that hiring another another engineer would improve work output by 33% but none of the ITIL project managers could understand this. It wasn’t about productivity, the customer, or address the need, the only focus was about hitting the deadlines, planned work hours and budgets.
ITIL is a disease. Kill it with fire.
The post My ITIL Experience In An Org Chart appeared first on EtherealMind.
An excellent post from Eyvonne Sharp highlights one of Cisco’s weakest areas, its enduring passion for too many products, too many options, too much complexity:
With that in mind consider Cisco, a company in love with complexity. They’ve built their business making complex systems. Their culture breeds nerd knobs. They’ve built certification tracks — through which many network engineers have built their careers — to develop expert level understanding of their products.
At the same time, engineers operate in a culture were we believe configuration and operational complexity have inherent value. We unconsciously embrace the following logic: Networks are complex. One must be smart to understand networks. I understand networks. Therefore, I’m smart.
We extrapolate this logic and believe that complexity, for complexity’s sake, makes us superior. In truth, our pride has tied gordian knot with complexity and we don’t know how to unravel it.
Using SD-WAN as a use case to highlight Cisco’s love of its own complex technology instead of radically redefining itself. Cisco has limited traction in SD-WAN space because its current technology is hard to design, harder to operate and lacks features. While the business units are doing their best to make it simple, building on Continue reading
Proportional Integral Controller Enhanced (PIE) is another active queue management algorithm for dropping packets.
Similar to RED, PIE randomly drops an
incoming packet at the onset of congestion. Congestion detection,
however, is based on the queuing latency instead of the queue length
(as with RED). Furthermore, PIE also uses the derivative (rate of
change) of the queuing latency to help determine congestion levels
and an appropriate response. The design parameters of PIE are chosen
via control theory stability analysis. While these parameters can be
fixed to work in various traffic conditions, they could be made
self-tuning to optimize system performance.
We know that Bufferbloat is problem, and there are many algorithms proposed. PIE might be suitable for existing network hardware since its approximates Random Early Discard. BBR Congestion Control has been suggested and implemented by Google (related to QUIC/HTTP2) and possibly has the momentum, so I’m not sure if PIE
Link:https://www.rfc-editor.org/rfc/rfc8033.txt
Link: BBR: Congestion-Based Congestion Control – ACM Queue – http://queue.acm.org/detail.cfm?id=3022184
The post Response: IETF RFC 8033 Proportional Integral Controller Enhanced (PIE) appeared first on EtherealMind.
Whitepaper from Cisco SPBU that nicely sums the advantages of orchestration and automation. Although its focussed on the service provider market, you could easily use this for an Enterprise proposal and make the case.
The overall savings in time and motions ranged from 60 to 70 percent, with the related OpEx avoidance from 50 to 70 percent. Over five years, that translated to an ROI of 383 percent and savings of $3 to $16.7 million for Tier 3 to 5 providers. The data for Tier 1 and 2 operators shows an estimated savings over five years that exceed $70 million.
Link: The Business Bene ts of Automation and Orchestration – http://www.cisco.com/c/dam/en/us/products/collateral/cloud-systems-management/network-services-orchestrator/white-paper-c11-738289.pdf
The post Research: The Business Bene ts of Automation and Orchestration – Cisco appeared first on EtherealMind.
Useful background information on oceanic cabling from Telegeogrphy.
I’ve been involved with TeleGeography’s research on submarine cables since 2000. Over the years I’ve fielded numermous questions about the submarine cable industry from journalists, investors, family, and friends.
It seems as good a time as any to provide a compilation of answers to some of the most commonly asked questions.
Worth a read.
Frequently Asked Questions: Submarine Cables 101
The post Frequently Asked Questions: Submarine Cables 101 appeared first on EtherealMind.
Cisco shrinking overall ~2% per quarter (fifth straight down quarter). 10% down in routing, 5% down in switching, 4% down in DC. Increases dividend, investors happy.
Cisco reported $11.6 billion in revenue for Q2 2017 on February 15, 2017, a 2% YoY decrease, but in line with guidance of a 2-4% YoY decline.
Revenue breakout:
Product, $8.49B (down 5.5%); Service, $3.09B (up 4.9%).
By segment:
Switching, $3.31B (down 5%); NGN Routing, $1.82B (down 10%); Collaboration, $1.06B (up 4%); Data Center, $790M (down 4%); Wireless, $632M (up 3%); Security, $528M (up 14%); Service provider video, $241M (down 41%); other, $116M (up 53%
“Cash” of $71.8 billion at the end of Q2 2017, with only $9.6 billion in the US. The introduction of a Corporate Tax Holiday could have huge positive ramifications for Cisco.
The Q3 2017 outlook calls for revenue to decline by 2% or to remain flat YoY.
Data Center
Total product revenue was down 4% and let me walk through each of the product areas. Switching declined 5%, driven by weakness in Campus partially offset by strength in the ACI portfolio, which was up 28%
Cisco ACI is holding Continue reading
A couple of months Packet Pushers hosted an open format, non-boring, live discussion about the reality of operating a SD-WAN with people who have lived through it. This was part of the Future WAN Virtual Summit series from Viptela which are now available online.
The session format was live questions & answers from the audience (via chat window) we answered them live, on air.
Packet Pushers Open Mic Live: Real SD-WAN Challenges Live Q&A
Ethan Banks & Greg Ferro, Analysts, Packet Pushers Date: Jan 17 2017, 0900PST Duration: 45 mins
On a separate note, I would welcome any feedback about the “Virtual Summit” idea. The sessions were recorded and now available for anyone to watch.
Which has me thinking about the potential of running a “virtual conference”.
Could that work ? Drop a note in the comments or email me I would love to hear what you think.
The post Sponsor: FutureWAN – a virtual conference on SD-WAN appeared first on EtherealMind.
These are great icons for network diagrams from Russ White. Much more useful for all diagrams purposes than most other icons.
I’ve developed this set of vendor neutral network icons for drawing diagrams in presentations, books, and the like. I’m placing them here in the public domain in four different formats
Network Icons – ‘net work : http://rule11.us/net-icons/
Personally, I use simple shapes and colours for my diagrams for simplicity but I suspect these will appeal to people who are Visio-centric in their workflow.
The post Response: Network Icons – ‘net work appeared first on EtherealMind.
“His” refers to Jason Forrester, formerly global data center network manager at Apple and now the founder and chief executive of SnapRoute. The startup now has roughly 32 employees, Forrester told VentureBeat in an interview. Forrester figures that the startup has around 35-50 customers, and its software is being used on 12,000-13,000 switches. He declined to name any of SnapRoute’s customers, but Facebook employees have repeatedly mentioned the company’s software by name in recent months.
AT&T, Microsoft Ventures back networking startup SnapRoute in $25 million round | VentureBeat | Entrepreneur | by Jordan Novet : http://venturebeat. Continue reading
Timely information on the future of optics and SFP modules. The current situation of price overloading by vendors is seriously grim (markups of 1000% are common) and this could help to increase your knowledge in the area.
NB: From a NANOG meeting but haven’t been able to track down the exact link.
The post Research: Router Optics Evolution and Market Trends appeared first on EtherealMind.
The BBR algorithm appears to be building critical mass of support in the Internet community which makes reading this research paper even more worthwhile.
When bottleneck buffers are small, loss- based congestion control misinterprets loss as a signal
of congestion, leading to low throughput. Fixing these problems requires an alternative to loss-based congestion control. Finding this alternative requires an understanding of where and how network congestion originates.
BBR: Congestion-Based Congestion Control – ACM Queue : http://queue.acm.org/detail.cfm?id=3022184
The post Research: BBR: Congestion-Based Congestion Control – ACM Queue appeared first on EtherealMind.
There is more genuine innovation and change coming from Facebook than any networking vendor. Whether its hardware designs, firmware (BMC , FBOSS applications and new protocols. I’m remain confident that the future isn’t being made by billion dollar companies with 65% gross margins.
If you are involved in network strategy then these videos will get you thinking in new ways.
The growing ecosystem around open networking hardware | Engineering Blog | Facebook Code | Facebook : https://code.facebook.com/posts/1241394199239439/the-growing-ecosystem-around-open-networking-hardware/
The post Response: Facebook – The growing ecosystem around open networking hardware appeared first on EtherealMind.
A balanced discussion on the merits of the US H1B visa program. These programs exist in most developed nations, and the same issues apply.
As you would expect, the program is used to benefit some companies and abused by others:
Giants like Amazon, Apple, Google, Intel, and Microsoft were all among the top 20 H-1B employers in 2014, according to Ron Hira, professor of political science at Howard University who has testified before Congress on high-skill immigration. The other fifteen—which include IBM but also consulting firms such as Tata Consultancy, Wipro, and Infosys—used the visa program mainly for outsourcing jobs.
On the whole, modern IT is changing much faster and automation is replacing most of the tasks the outsourcing does today. The era of oursourcing ended about 3 years ago, it will take several years for the market at large to catch up to this fact though.
Four Ways to Tackle H-1B Visa Reform – IEEE Spectrum : http://spectrum.ieee.org/tech-talk/at-work/tech-careers/four-ways-to-tackle-h1b-visa-reform
The post Response: Four Ways to Tackle H-1B Visa Reform – IEEE Spectrum appeared first on EtherealMind.
Added to my to-do list to watch and re-watch this about every 6 months.
Topics include:
Tutorial: Tutorial Everything You Always Wanted to Know About Optical Networking – YouTube : https://www.youtube.com/watch?v=_KFpXuHqHQg
The post Tutorial: Everything You Always Wanted to Know About Optical Networking – YouTube appeared first on EtherealMind.