Worth Reading: Your QUIC Questions Answered

Watch our second Facebook Live broadcast, where George Michaelson, APNIC’s Senior R&D Scientist, and Byron Ellacott, APNIC’s Senior Software Architect, discussed QUIC – Quick UDP Internet Connection. QUIC is a new protocol that supports a set of multiplexed connections over UDP and was designed to provide security protection equivalent to TLS/SSL, along with reduced connection and transport latency. —APNIC

The post Worth Reading: Your QUIC Questions Answered appeared first on 'net work.

Worth Reading: Hybrid and the last common denominator problem

Hybrid cloud only works when applications are designed to run predictably across all the infrastructure choices in the IT portfolio. Most organizations achieve this through a “least common denominator” approach to design, one in which API abstractions are so thoroughly simplified that only the barest set of cloud services remain. This approach, while functional, strips away nearly all of the useful advanced features that different infrastructures offer. A new Apache open source project, ARIA (Agile Reference Implementation of Automation) wants to solve this compromise. —The New Stack

The post Worth Reading: Hybrid and the last common denominator problem appeared first on 'net work.

Hallway

The post Hallway appeared first on 'net work.

Worth Reading: Cisco, Arista, and shades of grey

Cisco has effectively designated Arista as their number one competitor by way of this lawsuit. Arista represents a larger threat that HPE, Brocade, or Juniper. Yes, I agree that it is easy to argue that the infringement constituted a material problem to their business. But at the same time, Cisco very publicly just said that Arista is causing a problem for Cisco. Enough of a problem that Cisco is going to take them to court. Not make Arista license the patent. That’s telling. —Networking Nerd

The post Worth Reading: Cisco, Arista, and shades of grey appeared first on 'net work.

Worth Reading: Biometrics are less secure than passwords

Many technology pundits talk about biometrics as the ultimate authentication solution — the technology that will make the ‘imperfect’ password obsolete. Despite the hype, most companies are approaching with caution. In fact, CEB found that there are varied degrees of biometrics adoption globally, as around 20 percent of firms have actually deployed the technology. A big reason for low adoption could be that they are less secure. And while many are touting the security of biometrics, there are four issues to consider when evaluating the technology. —betanews

The post Worth Reading: Biometrics are less secure than passwords appeared first on 'net work.

Docker Forks the Open Source Bubble

The magic of open source.

If I’ve heard this once, I’ve heard it a thousand times.

Put the software “out there,” and someone, somewhere, will add features because they need or want them, fix bugs because they’ve run into them, and generally just add value to the software you’ve created for free.

This is why, I’m told, open source is so much better than open standards—isn’t open standards just another name for a bogged down, broken process where vendors try to run in fourteen different directions at once? Where customers really aren’t heard for the din of careers being made, and technical solutions far too often take a back seat to political considerations? Open source is going to ride in and save the day, I’m told, making all complex software free and better.

Unicorns. No, seriously. Or maybe you prefer frogs on stilts. It doesn’t work this way in the real world. If any project, whether it be an open source project or an open standard, gains enough community buy-in, it will succeed. If any project, whether it be an open source project or an open standard, doesn’t gain community buy-in, it is dead—no matter which company supports it, Continue reading

Worth Reading: Legally Defining Metadata

One of the foundational questions in surveillance law is how to distinguish between the contents of communications and non-content metadata. Contents generally receive very high privacy protection, while metadata generally receive very low protection. Identifying the line between the two is critical. Earlier this week, the ODNI declassified an April 2016 FISCR decision on post-cut-through digits that adopts an approach to the distinction in some tension with a recent Third Circuit case. This post will explain the problem and the apparent disagreement. —Lawfare

The post Worth Reading: Legally Defining Metadata appeared first on 'net work.

Worth Reading: Open Flow Controller Performance

OpenFlow’s architecture is inefficient, and caps performance while sucking unnecessary power. That’s the conclusion of a bunch of Comp. Sci boffins from researchers at Australian brain box Data61 and Sydney University, who assessed four major OpenFlow controllers – NOX, Maestro, Floodlight and Beacon. Their paper is at Arxiv. Poor old OpenDaylight was also tested but not reported: “the performance [was] too low to provide any insightful comparison”. To cut to the chase: none of the controllers tested got anywhere close to line speed, whether running on a network processor (based on Tilera chips), or on a Xeon E5-2450-based server (more on the configurations later). —The Register

The post Worth Reading: Open Flow Controller Performance appeared first on 'net work.

An I2RS Overview

What is the Interface to the Routing System (I2RS), and why do we need it? To get a good I2RS overview, consider the following illustration for a moment—

What does the interface between, say, BGP and the routing table (RIB) actually look like? What sort of information is carried over this interface, and why? A short (and probably incomplete) list might be—

• Routes being installed by the routing protocol into the RIB—this is the most obvious bit of information, allowing the device to actually build a forwarding table
• Routes being overwritten—this isn’t as obvious as installed routes, but BGP (for instance), can only advertise what is installed in the local table; hence if a route it has installed is overwritten, the process needs to know to stop advertising the route
• Routes being removed from the routing table—perhaps even less obvious, but some routing protocols (BGP is one) allow for multihop routes; when the next hop is removed, any routes using that next hop need to be removed as well
• Connected interfaces removed—this is often handled as a route removal, but it impacts more than just multihop routes; removing a connected route implies loss of reachability to a specific set of Continue reading

Worth Reading: The Internet of Poorly Working Things

Of course, not all connected devices are so easily mocked; some devices are dead serious: home security, HVAC, almost any kitchen appliance — even our very smart toaster. And it’s not that the IoT doesn’t work. The situation is actually worse than that: The IoT randomly works. Devices stop and restart, they require visit to unsupportive customer support pages and helpless Your Call Is Important To US help lines (and now we have chatbots). If you think I exaggerate, google “Nest trouble” or “smart bulbs trouble”. We don’t have to look around much to find the culprit: with its razor-thin margins, the Consumer Electronics (CE) culture offers a big fat target for our inquisition. —Monday Note

The post Worth Reading: The Internet of Poorly Working Things appeared first on 'net work.

Worth Reading: Disregarding Security Warnings

Software developers listen up: if you want people to pay attention to your security warnings on their computers or mobile devices, you need to make them pop up at better times. A new study from BYU, in collaboration with Google Chrome engineers, finds the status quo of warning messages appearing haphazardly—while people are typing, watching a video, uploading files, etc.—results in up to 90 percent of users disregarding them. Researchers found these times are less effective because of “dual task interference,” a neural limitation where even simple tasks can’t be simultaneously performed without significant performance loss. Or, in human terms, multitasking. —Brigham Young University

The post Worth Reading: Disregarding Security Warnings appeared first on 'net work.

On the ‘net: BGP—the most successful virus

This Weekly Show episode was recorded live at IETF 96 in Berlin in July 2016. Greg Ferro and several guests discuss the state of routing protocols such as BGP, and explore different approaches to routing, like Facebook’s Open/R initiative. They also debate issues around telemetry, network disaggregation, and whether enterprises should participate in the IETF to influence vendor product development.

Listen to the podcast over at Packet Pushers

The post On the ‘net: BGP—the most successful virus appeared first on 'net work.

Worth Reading: Intel’s Snap

Scale is creating the demand for new enterprise tooling to better understand and manage ever disparate workloads across devices, cars, buildings, etc. There were examples of this trend in almost all of the IDF keynotes and sessions we attended as well as additional discussions that focused on how Snap, Grafana, and platforms such as Kubernetes serve as ways to manage workloads and lots of data. —The New Stack

The post Worth Reading: Intel’s Snap appeared first on 'net work.

Worth Reading: Cloud Key and Key Escrow

The problem Apple wanted to solve is this. Suppose that you have some sort of iToy — an iPhone, an iPad, etc. — or Mac. These systems allow you to back up your keychain to Apple’s iCloud service, where they’re protected by your AppleID (an email address) and password. If you buy a new device from Apple, your keychain can be downloaded to it once you log on to iCloud. (Note: uploading keys to iCloud is optional and disabled by default, though you are prompted about enabling it during device setup.) —CircleID

The post Worth Reading: Cloud Key and Key Escrow appeared first on 'net work.

snaproute Go BGP Code Dive (9): Moving to Open

a href=”http://ntwrk.guru/bgp-code-dive-8/”>In the last session of snaproute BGP code dive—number 8, in fact— I started looking at how snaproute’s BGP moves from connect to open. This is the chain of calls from that post—

• st.fsm.StopConnectRetryTimer()
• st.fsm.SetPeerConn(data)
• st.fsm.sendOpenMessage()
• st.fsm.SetHoldTime(st.fsm.neighborConf.RunningConf.HoldTime, st.fsm.neighborConf.RunningConf.KeepaliveTime)
• st.fsm.StartHoldTimer()
• st.BaseState.fsm.ChangeState(NewOpenSentState(st.BaseState.fsm))

The past post covered the first two steps in this process, so this post will begin with the third step, st.fsm.sendOpenMessage(). Note the function call has st.fm... in the front, so this is a call by reference. Each FSM that is spun up (think of them as threads, or even processes, if you must, to get this concept in your head, even though they’re not) can have its own copy of this function, with its own state. When reading the code to sort out how it works, this doesn’t have much practical impact, other than telling us the sendOpenMessage function we’re looking for is going to be in the FSM file. The function is located around line 1233 in fsm.go:

func (fsm *FSM) sendOpenMessage() {
  optParams := packet.ConstructOptParams(uint32(fsm. Continue reading

Worth Reading: Stream Processing’s Hard Problems

Before we dive into why data access is a hard problem in stream processing, here is some background information. At LinkedIn, we develop and use Apache Samza as our stream processing framework, Apache Kafka as our durable pub-sub messaging pipe, and Databus (and its next generation replacement) for capturing change events from our databases. Our streams infrastructure team gets feedback from application developers across the company (and from the open source community) on scalability, reliability, usability, and other problems that they encounter in their production applications. —LinkedIn Engineering Blog

The post Worth Reading: Stream Processing’s Hard Problems appeared first on 'net work.

Worth Reading: Is Openstack becoming Trumpstack?

Tired of hearing about Pets vs. Cattle? Most of us are. The underlying concept is important. While OpenStack, and most private and public cloud platforms, is geared towards workloads that have resiliency build into the application, many of the folks in the industry just aren’t there yet. The question comes to OpenStack advocates now: Should we push away potential adopters of the platform because they may have workloads that aren’t entirely appropriate for a typical “cloud” infrastructure? —DiscoPosse

The post Worth Reading: Is Openstack becoming Trumpstack? appeared first on 'net work.

Agile

The post Agile appeared first on 'net work.

Worth Reading: Go versus Python performance

It may be that I’m doing something in Python that’s an obvious don’t do or that I’m simply using a very computationally expensive way to achieve my goal, and any experienced Python programmer would suggest I did it a different way. However, for something so simple to see an order of magnitude difference between the two languages either makes Python look very slow, or Go look very fast, or maybe a bit of each, at least for this particular calculation. —Moving Packets

The post Worth Reading: Go versus Python performance appeared first on 'net work.

Worth Reading: Remember the lead time

Disaster recovery is one of those important things that seldom seems to get the attention it deserves. My experience is that most large organizations, and some smaller organizations, have disaster recovery plans that at least get partial testing. —Netcraftsmen

The post Worth Reading: Remember the lead time appeared first on 'net work.