Hedge 307: bgproutes.io

If you advertise routes into the default free zone (or global Internet), you might struggle with seeing and understanding what they look like “on the other side.” While there are many manual tools to help operators with this process, bgproutes.io gives you visibility in the global routing table through interfaces like BMP. Listen to this episode of the Hedge to learn more.
 
You can find bgprotues.io here.
 

 
download

Worth Reading 052926

The rising power demand of the data center industry almost appears like an industry running within the integrated grid but outside the usual paradigm of the traditional electric utility sector. Indeed, it should be treated as such.

Much has been said about the use of the DNS as a means both of tracking the online behaviour of individual users and as a means of online censorship and control. Almost every online transaction starts with a DNS query, and if one were able to assemble the complete set of DNS queries generated by an individual user it would be possible to assemble a relatively complete profile of their online activity.

Let’s say you wanted to make sure that your AI is secure. Can you just maximize the security and privacy benchmark and call it a day? Nope.

The internet is fragmenting. Not in the future. Now. At three different layers simultaneously.

In June, Microsoft Secure Boot certificates are set to expire for the first time ever.

Hedge 306: RPKI Transport

Synchronizing information across the Internet, at an initial glance, looks like a fairly simple problem to solve. Just copy a file to a host and create a magic protocol, right? Not really. Each kind of data has a fairly unique set of requirements–and RPKI data, used to provide security information for BGP, is no different. Job Snijders joins Tom and Russ to talk about ERIK, a protocol developed to synchronize RPKI records.
 
For more information, check out Job’s web site and the IETF draft.
 

 
download

Worth Reading 052126

The Technocratic State represents a new invisible risk of the 21st century, as it does not present itself as a conventional political authority. It appears as a technical solution that seems inevitable.

Author and journalist Michael Pollan characterizes our era as the “Second Copernican Shock,” a civilizational turning point where the boundary between human empathy and algorithmic calculation is increasingly blurred.

It’s always difficult for ISPs to fully understand how changes in the economy might impact them. Folks in the industry see the usual statistics on unemployment and inflation, but those don’t really tell much about the future as it relates to broadband adoption.

Companies rushing to adopt AI and LLMs without a clear strategy may be creating new risks.

Power failures are to blame for the most impactful data center outages, while network issues are the most frequent culprits for IT service disruptions, according to Uptime Institute’s latest analysis.

Worth Reading 051826

We’ve all been in that meeting where someone pulls up a chart and says, “Our AI product boosted conversion by 15%.” Everyone nods. Nobody dares to ask: “What if conversions had risen anyway?”

The proposed repair is Running-Code Primacy: the number-resource layer should be interpreted only by reference to the minimum technical function running networks require—uniqueness, interoperability, proof of control, routing-adjacent security, and locally verifiable state.

You already know IPv6 is overdue. You’ve known for years. You’ve probably sat in a meeting where you laid out the case — address exhaustion, rising costs, growth constraints — and watched leadership nod politely before approving the budget for another batch of leased IPv4 addresses.

A key question was whether this reflected a breakthrough specific to one model, or part of a broader trend. Results from an early checkpoint of GPT-5.5 suggest the latter: a second model, from a different developer, now reaches a similar level of performance on our cyber evaluations.

The most mature U.S. small modular nuclear reactor vendor — NuScale Power — and a politically connected firm planning to build perhaps the largest reactor project in the U.S. to power an Continue reading

Worth Reading 051526

Given the trend of using generative AI tools like ChatGPT, Gemini, Copilot, and Claude for software development, many companies have decided that developers must use GenAI to succeed. I strongly disagree.

Here, through a series of randomized controlled trials on human-AI interactions (N = 1,222), we provide causal evidence for two key consequences of AI assistance: reduced persistence and impairment of unassisted performance. Across a variety of tasks, including mathematical reasoning and reading comprehension, we find that although AI assistance improves performance in the short-term, people perform significantly worse without AI and are more likely to give up.

Last month, market research company, Gartner, said that AI companies need close to “$2 trillion per year in revenue by 2029”, token consumption of between 50,000 and 100,000 times its current rate by 2030, and “a 10% profit margin per token.” With huge losses and small revenues, it is not likely that AI companies will achieve these goals on time.

He said that about 20% of all network traffic today, about 80 exabytes, comes from machine-to-machine traffic, and that alone is big news. Nokia is betting its future growth will come from meeting this growing demand.

For Continue reading

Hedge 305: From Security to Networking

We don’t often hear the stories of those who move from some other IT career field into network engineering. Ayush Mishra, a student at University of Colorado Boulder, joins Tom and Russ to discuss why he moved from security to network engineering.
 

 
download

Worth Reading 051226

The screenshot feature has cultivated a wide range of impactful academic research across computing and social scientific fields.

When Motorola unveiled its Iridium global satellite-based mobile telephony service in the late 1990’s everything augured well for a revolution in the satellite communications market, only it didn’t happen.

While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk.

The analytic company IDC says the U.S. economy will be generating 394 trillion zettabytes of data annually by 2028 (a zettabyte is a trillion gigabytes).

Enterprise strategists need to worry about securing their environments against AI-powered attacks.

Worth Reading 050926

These milestones highlight the significance RPKI has gained over the past decade. Starting off as an experimental technology, it has become a central component of the Internet, affecting a large percentage of its networks.

More than 9.7 million third-party businesses sell goods on Amazon, and Amazon makes a lot of money charging those third parties to sell on its platform—$117.7 billion in 2022, representing 23% of Amazon’s total revenues.

For much of the history of computing, it was reasonably safe to assume that a machine was doing what you told it to do (and what its creators promised it would do), because its operations were local.

There is always the case that the unexpected happens, and X.509 certificates are no exception. There are circumstances where the certificate should be marked as unusable immediately, which is before the notAfter expiration time.

Our investigation uncovers two sophisticated telecom surveillance campaigns and, for the first time, links real-world attack traffic to mobile operator signalling infrastructure.

Hedge 304: Deep Dive into a Network Master’s Program

If you’ve ever been curious about what an advanced degree in network engineering looks like, you’ll want to join us for this episode of the Hedge. Levi Perigo from the University of Colorado at Boulder joins Tom and Russ to talk through what earning a Master’s in Networking involves and what kinds of things you would learn.
 

 
download

Worth Reading 050626

DDoS mitigation often relies on BGP for “scrubbing”, but how this appears in routing data is not well understood. We analyse five major providers to distinguish between always-on and on-demand protection.

This column argues that without AI, adequate privacy has become simply out of reach. This is not because AI is benign; it most definitely is not. Rather, the modern digital ecosystem has evolved to a point where no human, unaided, can understand, monitor, or manage the complexity of today’s data practices.

Conventional memory schemes follow the Pareto Principle, in which approximately maintaining 20% hot data can meet 80% of requests. L

Google has just forked its Tensor Processing Unit, or TPU, designs for these two workloads, the very first time in more than a decade that TPU systems of the same generation were truly architecturally distinct from each other.

Fake domains are not a new problem. What’s now changing is the scale and how easily attackers can blend into your domain ecosystem with lookalikes, inactive registrations, and domains set up purely for email.

Worth Reading 050426

What can we learn about QUIC deployments just by listening to unsolicited QUIC traffic? This question becomes specifically exciting since QUIC aims for enhanced privacy by obfuscating metadata.

Securing AI means securing all the AI layers and throughout the lifecycle: data, model, and applications, in training and in inference.

According to a Reuters report, Meta is installing tracking software on its employees’ work computers. The tool, called Model Capability Initiative (MCI), will log mouse movements, clicks, and keystrokes. It will also take occasional screenshots of employees’ screens.

Despite its usage, the behaviour of BGP-based scrubbers is not well understood, such as whether scrubbers are always on-path or activated on-demand.

The UK’s National Cyber Security Centre (NCSC) has officially endorsed passkeys as the default authentication standard, marking the first time the agency has told consumers to move away from passwords entirely.

Worth Reading 042926

Many BGP route leaks reported by automated detection systems are actually brief, low-impact artifacts of normal BGP convergence.

Long round‑trip times have serious consequences for protocols like TCP, which rely on a steady stream of acknowledgements (ACKs) to manage sending rates, estimate delay, and trigger retransmissions.

As datacenter networks evolve toward ultra-high-speed links, the energy footprint of host-side packet processing grows increasingly significant.

The old perception of satellite internet as slow, expensive, and marginal is increasingly outdated. Today’s market includes multiple orbital models, each with distinct technical and operational characteristics.

What can we learn about QUIC deployments just by listening to unsolicited QUIC traffic? This question becomes specifically exciting since QUIC aims to enhance privacy by obfuscating metadata.

Hedge 303: Data Centers?

In this roundtable episode of the Hedge, Eyvonne, Tom, and Russ hang out and talk about data centers–why are we building all these things again? Our second topic is the FCC’s ban on non-US made home routers. Was this the right thing to do? Was it the wrong thing to do? Were there any other policy options?
 

 
download

Worth Reading 042226

In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s biggest cloud computing offerings.

This report explores the evolution and current state of neuro- symbolic artificial intelligence, an approach that integrates neural network capabilities with symbolic reasoning.

The Linux 7.0 kernel is now out, and it’s one of the most impactful releases in years for networking professionals.

The human-speed defense of small business is being obliterated by the machine-speed offense of AI-driven cybercrime. Today, what large companies treat as a manageable risk is a terminal expense for small enterprises, with 60% of small enterprises shutting down within six months of a major attack.

The original frustration was familiar. You build on one provider, they change pricing, deprecate an API, or just aren’t the right tool anymore, and migrating is brutal.

Hedge 302: Communications in Biological Systems

What does biology have to do with computer networks? Much more than you might think. Communications systems, after all, need to solve the same problems–and they often use the same kinds of tools. In this episode of the Hedge, Emily Reeves and Joe Deweese join Russ and Tom to talk about a recent paper comparing computer communications to biological communications.
 

 
download

Worth Reading 041326

Tech leaders hoping AI might help save money and improve efficiency in IT infrastructure should know that only 28 percent of use cases fully succeed and offer return on investment (ROI).

The best strategy in the world won’t succeed if a team falters operationally. But what is operational excellence, and what does it take to acquire it

Industry analysts are using the word convergence as shorthand for competition that bundles cell service with broadband. Convergence is the newest strategy that replaces the traditional bundling strategy of selling a package of broadband, cable TV, and voice.

Leaving aside my discovery that YouTube videos on the Naturalistic Fallacy are branded by female cleavage (???), we move on to the two problems embedded in statements I hear by articulation and by implication in the public discourse: “We must cultivate trust in AI,” and “AI acquiescence is inevitable.”

Most engineers don’t think about securing TCP itself. We rely on the applications riding on top of the network. When you run routing protocols or long-lived control sessions across untrusted or shared infrastructure, TCP becomes part of your attack surface whether you planned for it or not.

Best of the Hedge: Episode 30, Network Fundamentals

What are networking fundamentals, and why are they important? Join us for this repost of a classic Hedge discussion with Ethan, Eyvonne, Tom, and Russ.
 

 
download

Worth Reading 040626

Stanford researchers are warning that using AI chatbots for personal advice could backfire. The problem isn’t just accuracy, it’s how these systems respond when you’re dealing with complicated, real-world conflicts.

During the APNIC Routing Security Special Interest Group (SIG) session at APRICOT 2026 / APNIC 61, APNIC and LACNIC presented a case study of a Border Gateway Protocol (BGP) hijack that combined a technical attack with social engineering.

It is widely believed that all BGP routers within an Autonomous System (AS) must be connected in a full iBGP mesh, or, when this becomes impractical, that route reflectors or confederations must be used. However, a full mesh is not always necessary, and in some scenarios it may even be undesirable.

The skies are quickly filling with communications satellites. Following is a short list of the many ventures that have or will soon be launching large numbers of broadband satellites.

In early demos, the system looked impressive. It could summarize logs, explain configuration issues, and suggest possible fixes. Instead of digging through internal docs, the answers were coming back in seconds. For a while, it really felt like this system was going to work as expected.

Worth Reading 040426

What appears as double extraction at the operator level becomes something larger and more serious at the level of the state. It becomes sovereignty inversion.

Major memory makers have already sold all the kit they can make this year, creating shortages and price increases.

It’s fading from our collective memory, but almost thirty years ago the global IT industry was gripped by Y2K fever.

What do you get when you combine Big Tech, a Bill Clinton fixer, Davos, the architect of the Hunter Biden laptop disinfo, and “Artificial Intelligence”? The biggest heist in world history.

Stop blaming the GPUs! Your AI feels slow because data is getting stuck in traffic. Fix the “supply chain” to keep those tokens flowing.