Worth Reading: The Great Firewall of China gets stronger

The Chinese government is tightening its control over free speech in China. Once sheepish in the face of censorship accusations, China is now touting its “internet sovereignty” as something to be admired and adopted. -The Stream

The post Worth Reading: The Great Firewall of China gets stronger appeared first on 'net work.

On differential privacy

Over the past several weeks, there’s been a lot of talk about something called “differential privacy.” What does this mean, how does it work, and… Is it really going to be effective? The basic concept is this: the reason people can identify you, personally, from data collected off your phone, searches, web browser configuration, computer configuration, etc., is you do things just different enough from other people to create a pattern through cyber space (or rather data exhaust). Someone looking hard enough can figure out who “you” are by figuring out patterns you don’t even think about—you always install the same sorts of software/plugins, you always take the same path to work, you always make the same typing mistake, etc.

The idea behind differential security, considered here by Bruce Schneier, here, and here, is that you can inject noise into the data collection process that doesn’t impact the quality of the data for the intended use, while it does prevent any particular individual from being identified. If this nut can be cracked, it would be a major boon for online privacy—and this is a nut that deserves some serious cracking.

But I doubt it can actually be cracked Continue reading

Worth Reading: Three reasons to put down your cell phone

The cell phone. We’ve gotten to a point where we can’t do anything without them, and to a point where they distract us from everything. Massive amounts of research has been, and is being, done about the impact this has on our minds and our relationships. But let me mention just a few quick reasons we should put our cell phones down as it relates to our kids. -Jamie Dew

The post Worth Reading: Three reasons to put down your cell phone appeared first on 'net work.

Worth Reading: 60 Limit and the CCDE

So how hard can it be to earn a CCDE? It’s just a rubber stamp to show that you have been working in design for a number of years, isn’t it? Well not quite. You have to really prove your experience and knowledge in a number of fields, encompassing a variety of roles that not every candidate would have been fortunate enough to have undertaken prior to gaining that prestigious CCDE number. -Cisco Learning

The post Worth Reading: 60 Limit and the CCDE appeared first on 'net work.

Reaction: Complexity Sells

Over at IPSpace this last week, Ivan pointed to a paper by Dijkstra (and if you don’t know who that is, you need to learn a thing or two about the history of routing protocols—because history makes culture, and culture matters—or, as the tagline on this blog says, culture eats technology for breakfast). In this paper, Dijkstra points out some rather important things about computer science and programming that can be directly applied to the network engineering world. For instance, Ivan says—

People tend to forget that “doing away with the programmer” was COBOL’s major original objective. —Replace “programmer” with “networking engineer” and COBOL with SDN

I was fascinated with Ivan’s take on this paper—particularly in that complexity is an area I find interesting and very useful in my everyday life as a designer—that I went and read the original article. You should, too.

I think Ivan’s observations are spot on, but I think it’s worthwhile to actually broaden them. From where I sit, after 25 years building and breaking networks, I agree that complexity sells—but it sells for two particular reasons. The reason, as Dijkstra said all those years ago (in computer terms), is this:

Since the Continue reading

Worth Reading: One-fourth of malware comes from sharing

This report took up where we last off last quarter on our cloud malware research, in which we found that 4.1 percent of enterprises had at least one sanctioned cloud app laced with malware. This quarter that number has risen to 11.0 percent, or nearly triple since last quarter. This is before counting unsanctioned apps, which we are researching and will incorporate into future reports. -Cloud Security Alliance

The post Worth Reading: One-fourth of malware comes from sharing appeared first on 'net work.

Worth Reading: Software defined—you keep using those words…

Software Defined Networks (SDNs), are everywhere, and everyone is either building one, selling one, or using one. Everyone, that is, except—probably—you. Don’t feel too bad if you’re feeling left out, because it’s hard to know, precisely, what you’re actually being left out of. After all, can you actually define what an SDN is? -ECI

The post Worth Reading: Software defined—you keep using those words… appeared first on 'net work.

Getting to the point of dual homing

I wonder how many times I’ve seen this sort of diagram across the many years I’ve been doing network design?

It’s usually held up as an example of how clever the engineer running the network is about resilience. “You see,” the diagram asserts, “I’m smart enough to purchase connectivity from two providers, rather than one.”

Can I point something out? Admittedly it might not be all that obvious from the diagram, but… Reality is just about as likely to squish your network connectivity like a bug no a windshield as it is any other network. Particularly if both of these connections are in the same regional area. The tricky part is knowing, of course, what a “regional area” might happen to mean for any particular provider.

The problem with this design is very basic, and tied to the concept of shared link risk groups. But let me start someplace a little simpler than that—with the basic, and important, point that putting fiber in the ground, and maintaining fiber that’s in the ground, is expensive. Unless you live in Greenland, fiber can be physically buried pretty easily (fiber in Greenland is generally buried with dynamite by a blasting crew, or Continue reading

Worth Reading: Who is responsible for your application security?

The dividing line between developers and IT operations used to be distinct. Developers were responsible for adding new features securely, but it was IT operations who had responsibility for infrastructure and network security. For the most part, developers didn’t have to think too much about the wider security context. With the advent of the cloud, and of devops, things changed radically. Now developers are quite capable of deploying cloud infrastructure at will, and the tools exist to make infrastructure deployment programmatic. These changes mean that developers do have to think about security, both within the scope of the code they are responsible for and within the wider organizational scope. – CircleID

The post Worth Reading: Who is responsible for your application security? appeared first on 'net work.

Worth Reading: Docker meets zombies

Last week a Dutch site reliability engineer at Wehkamp Labs shared a way to combine Docker container management with the video game Half-Life 2. The labs created an exotic hybrid where applications are represented in the game-world as virtual people who all need defending from an attack of zombies. -The New Stack

The post Worth Reading: Docker meets zombies appeared first on 'net work.

Bird in flight

The post Bird in flight appeared first on 'net work.

Worth Reading: The history of the Intel CPU

The first microprocessor sold by Intel was the four-bit 4004 in 1971. It was designed to work in conjunction with three other microchips, the 4001 ROM, 4002 RAM and the 4003 Shift Register. Whereas the 4004 itself performed calculations, those other components were critical to making the processor function. -Tom’s Hardware
(Note: this is a slide show, rather than an article)

The post Worth Reading: The history of the Intel CPU appeared first on 'net work.

Worth Reading: Public cloud versus private data center

Few companies can afford to spend $20 billion a year on global data centers, have the cachet to employ some of the best and brightest engineers and thought leaders of the computing world, the ability to build and deploy their own custom microchips, access to training datasets comprising the web itself or the hardware and personnel capacity to iterate their infrastructure in realtime. Whether you’re talking about Google, Amazon, Microsoft or any of the other cloud vendors, this is the power of the commercial cloud today – trading hardware management for solving problems in realtime at nearly limitless scale. -Forbes

The post Worth Reading: Public cloud versus private data center appeared first on 'net work.

DNS Cookies and DDoS Attacks

DDoS attacks, particularly for ransom—essentially, “give me some bitcoin, or we’ll attack your server(s) and bring you down,” seem to be on the rise. While ransom attacks rarely actually materialize, the threat of DDoS overall is very large, and very large scale. Financial institutions, content providers, and others regularly consume tens of gigabits of attack traffic in the normal course of operation. What can be done about stopping, or at least slowing down, these attacks?

To answer, this question, we need to start with some better idea of some of the common mechanisms used to build a DDoS attack. It’s often not effective to simply take over a bunch of computers and send traffic from them at full speed; the users, and the user’s providers, will often notice machine sending large amounts of traffic in this way. Instead, what the attacker needs is some sort of public server that can (and will) act as an amplifier. Sending this intermediate server should cause the server to send an order of a magnitude more traffic towards the attack target. Ideally, the server, or set of servers, will have almost unlimited bandwidth, and bandwidth utilization characteristics that will make the attack appear Continue reading

Worth Reading: The danger of macros

Back in 2012, faced with the need to write the identical thing—language regarding FISA minimization procedures—many, many times, NSA tried to develop some efficiency by automating a portion of their Word templates. This worked fine, until for whatever reason, NSA Hawaii redesigned its network to block external access from other parts of the NSA. -Lawfare

The post Worth Reading: The danger of macros appeared first on 'net work.

Worth Reading: Leaky end users

Insider threat once again tops the list of enterprise cyber security threats in the 2016 Verizon Data Breach Investigations Report (DBIR). For the second straight year, Verizon research showed that the average enterprise is less likely to have its data stolen than to have an end user give away sensitive credentials and data—whether unintentionally or maliciously. -Cloud Security Alliance

The post Worth Reading: Leaky end users appeared first on 'net work.

People Skills

The post People Skills appeared first on 'net work.

Worth Reading: Leaving fixed function switches behind

There are two competing trends in platform designs that architects always have to contend with. They can build a platform that performs a specific function and does it well, or create a more generic platform that sacrifices some efficiency but does a lot of jobs well. Sometimes you try to shoot the gap between these two poles. -The Next Platform

The post Worth Reading: Leaving fixed function switches behind appeared first on 'net work.

Worth Reading: The end of the hypervisor

The death knell of the hypervisor was sounded when Intel provided much of the unique capabilities of the hypervisor directly in the chip via the Intel-VTx instruction set. Prior to this, VMware and Xen had two unique approaches to providing hypervisor capabilities: binary translation and paravirtualization respectively. Arguments raged about which was faster, but once Intel-VTx came along, by virtue of being on the chip die, it was the de facto speed winner. -Cloud Scaling

The post Worth Reading: The end of the hypervisor appeared first on 'net work.

No Capes, No Wands

As a keen observer of the network engineering world for the last twenty… okay, maybe longer, but I don’t want to sound like an old man telling stories quite yet… years, there’s one thing I’ve always found kind-of strange. We have a strong tendency towards hero worship.

I don’t really know why this might be, but I’ve seen it in Cisco TAC—the almost hushed tones around a senior engineer who “is brilliant.” I’ve seen it while sitting in a meeting in the middle of an argument over some technical point in a particular RFC. Someone says, “we should just ask the author…” Which is almost always followed by something like: “Really? You know them?”

To some degree, this is understandable—network engineering is difficult, and we should truly honor those in our world who have made a huge impact. In many other ways, it’s unhelpful, and even unhealthy. Why?

First, it tends to create an “us versus them,” atmosphere in our world. There are engineers who work on “normal” networks, and then there are those who work on, well, you know, special ones. Not everyone needs those “special skills,” so we end up creating a vast pool of people Continue reading