Russ

Author Archives: Russ

Hedge 152: Joel King on the network and DevOps

DevOps, SecDevOps, GitDevOps—stick DevOps on the end of anything, and it will sound cool, generation FOMO in thousands (maybe millions). What does DevOps really mean to network engineers, though? In this episode of The Hedge, we discuss examples of how the Three Ways, (described in Part One of The DevOps Handbook) of Flow, Feedback, and Continual Learning with Joel King, a leading light in this field.

download

On the ‘net: Privacy and Networking

The final three posts in my series on privacy for infrastructure engineers is up over at Packet Pushers. While privacy might not seem like a big deal to infrastructure folks, it really is an issue we should all be considering and addressing—if for no other reason than privacy and security are closely related topics. The primary “thing” you’re trying to secure when you think about networking is data—or rather, various forms of privacy.

Focusing on legal defensibility is the wrong way to look at privacy, or rather the wrong end of the stick.

What are some best practices network operators can follow to reduce their risk? The simplest way to think about best practices is to think about user rights and risks at each stage of the data lifecycle.

For the final post in this series, I’ll address two topics: the privacy implications of Domain Name System (DNS) queries, and the absolute necessity of having a plan for how to respond to a breach. Let’s start with DNS.

Controversial Reads 102222


A Chinese law that went into effect six months ago required online service providers to file details of the algorithms they use with China’s centralized regulator, the Cyberspace Administration of China (CAC).


How is deep learning going to assist rather than replace the average creative worker? If replacement is the goal — valid, by the way, if a net positive for humanity — are we paying the people responsible for work the models have been trained on?


Since the WSJ and a viral TikTok video made quiet quitting a cultural phenomenon, it seems as though every news outlet, Fortune 500 CEO, lifestyle coach, or entry-level employee has something to say about quiet quitting.


After looking into the matter, I’m less confused but more distressed: Smart heating and cooling is even more knotted up than I thought. Ultimately, your smart thermostat isn’t made to help you. It’s there to help others—for reasons that might or might not benefit you directly, or ever.


This month, LinkedIn researchers revealed in Science that the company spent five years quietly researching more than 20 million users. By tweaking the professional networking platform’s algorithm, researchers were trying to determine through A/B testing whether users end up Continue reading

Weekend Reads 102122


New research has disclosed what’s being called a security vulnerability in Microsoft 365 that could be exploited to infer message contents due to the use of a broken cryptographic algorithm.


Telcos deal with a considerable amount of multivendor devices. Although many hope/expect that these are equipped with state-of-the-art telemetry technologies, most of the time they’re not


Concerns over a critical authentication bypass vulnerability in certain Fortinet appliances heightened this week with the release of proof-of-concept (PoC) exploit code and a big uptick in vulnerability scans for the flaw.


Cracks and keygens have long been a problem for software vendors in that they allow users to install their products without needing to pay for a legitimate license. As the Internet and website development advanced and became more accessible, the number of sites offering software cracking tools grew.


The result is ChilliRack, a cooling system that Klein believes can address key challenges in the cost of cooling and the low utilization seen in many data centers.


With DevSecOps coming a long way as a discipline, there are now great frameworks and best practices for applying security gates in your CI, and later CD.


LitmusChaos is a dynamic open source chaos engineering platform Continue reading

Hedge 151: Cecilia Testart and the Value of the RPKI

If you advertise routes through a provider to the global Internet, you might be wondering if you should go through the trouble of registering in the RPKI and advertising ROAs. What is the tradeoff for the work involved in what seems like a complex process? Cecelia Testart joins Jeremy White and Russ White to discuss recent work in measuring the value of the RPKI.

download

It’s also worth reading Cecelia’s article on this topic.

Weekend Reads 101422

Pinpointing Urban Broadband Gaps


The City of Chicago asked some researchers at the University of Chicago for help to identify the neighborhoods and the number of households that are not connected to broadband.

https://circleid.com/posts/20221006-solving-the-.us-registrant-data-directory-services-rdds-conundrum
Recently ten Democratic Members of Congress wrote a letter to Alan Davidson, head of the NTIA, requesting that the “NTIA immediately cease the public disclosure of personal information about users of .US” country code top-level domain (ccTLD).

https://circleid.com/posts/20221005-four-steps-to-an-effective-brand-protection-program
This makes a comprehensive, holistic brand protection program crucial for any brand owner, including monitoring to identify potentially damaging third-party content, and using enforcement strategies to take down infringing material

A fundamental mechanism that secures the internet has been broken


National research center for Cybersecurity ATHENE says it has found a way to easily bypass this security mechanism, and in a way that means affected network operators are unable to notice.

https://www.darkreading.com/edge-articles/the-insecurities-of-cybersecurity-success
While he uses content creation as a lens for talking about mental health and the pressures he faces, he also draws parallels between making videos for the community and making tools for the community

https://circleid.com/posts/20221004-developing-models-for-the-prediction-of-domain-name-renewal-rates
One of the key issues for the Domain industry is how to accurately predict year-on-year Continue reading

Hedge 150: Micah Beck and Universal Broadband

What would the Internet look like—or what kinds of services would need to be developed and deployed—to make boradband class service available to every user? What could this kind of development do to drive entire societies forward? Micah Beck, from the University of Tennessee, joins Tom Ammon and Russ White to discuss universal broadband on this episode of the Hedge.

download

Weekend Reads 100722


Meta Platforms Inc. Chief Executive Officer Mark Zuckerberg outlined sweeping plans to reorganize teams and reduce headcount for the first time ever, calling an end to an era of rapid growth at the social media giant.


A food delivery drone operated by Alphabet subsidiary Wing landed on overhead power lines in Brisbane, Australia, and caught fire. As a result, the network was shut down by energy firm Energex to respond to the incident, leaving thousands without power.


If you know about DNS, you’ve probably heard of the Time-to-Live (TTL) field. But mistakes with TTL are more common than you might think. Here we look at the quirks of DNS record sets, parent/child domains and how to avoid TTL problems.


While some have given up on Moore’s Law, Intel CEO Pat Gelsinger clearly hasn’t. “For decades now, I’ve been in the debate: is Moore’s Law dead? And the answer is no,” he said, during his keynote at the Intel Innovation event this week.


In this post, we will demonstrate how malicious actors can force UDP DNS answers to fragment so they can inject forged DNS data into DNS resolver caches and highlight what percentage of servers are at risk.


We identify Continue reading

Weekend Reads 093022


Indeed, Juniper Research predicts that operator 5G FWA revenue will reach $24 billion worldwide by 2027, driven essentially by the use of the technology as a fibre replacement for consumer services.


Floppy disks may have gone the way of the dodo and joined other extinct media such as punched cards and paper tape, but some people are apparently still using them, and one company even continues to sell them.


Many companies also have changed how they operate, from having to deal with a more remote hybrid workforce to adapting to supply chains that have yet to completely rebound from the battering they took during the pandemic.


It’s going to be really interesting to see if Comcast, Charter, and the other big cable companies raise prices later this year. The industry has changed, and it doesn’t seem as obvious as in the past that cable companies can raise rates and that customers will just begrudgingly go along with it.


Extended spellcheck features in Google Chrome and Microsoft Edge web browsers transmit form data, including personally identifiable information (PII) and in some cases, passwords, to Google and Microsoft respectively.


Operator Telefónica and chip firm Qualcomm are putting their heads together Continue reading

Weekend Reads 092322


Arm says Nvidia’s Grace processor will be among the first chips to use its upcoming Neoverse V2 CPU cores.


The early deceased Heinz Rutishauser (1918–1970) of ETH Zurich is considered the most important Swiss pioneer from the early era of computer science.


According to Dell’Oro, datacenter switching set a new record for revenues for any second quarter in history and also for any first six months of any year since it has been keeping records.


A key requirement for a bad actor wanting to launch a brand attack is the registration of a carefully chosen domain name.


Here, we introduce the concept of the data bill of materials or personal data bill of materials, a comprehensive inventory of personal data used in software systems.


VirusTotal recently identified 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp as the most-mimicked software brands in malware attacks.


No business can own the generic word for the product it sells. We would find it preposterous if a single airline claimed exclusive use of the word “air,” or a broadband service tried to stop its rivals from using the word “broadband.”


Cisco has revealed new hardware it is willing to sell to Continue reading

Hedge 148: The SRE with Niall Murphy (part 2)

It seems like only yesterday we started talking about the Site Reliability Engineer, and their place in the IT ecosystem. Over the last several years, the role of the SRE has changed—and it’s bound to continue changing. On this episode of the Hedge, Niall Murphy joins Tom Ammon and Russ White to discuss the changing role of the SRE, and what the SRE could be.

download

If you want to read more on this topic, check out Niall’s article over a USENIX.

Weekend Reads 091622

Running a little late this week …


Smartphone shipments are forecast to shrink globally by 6.5 percent this year as many households feeling the pinch of inflation decide to prioritize paying for food, energy and other essentials over refreshing handsets.


SmartNICs have long been the domain of hyperscale and cloud datacenters, but they remain relatively uncommon in enterprise environments due in large part to the lack of software compatibility.


The last few years have demonstrated that breaches occur, no matter how much security organizations put in place.


Finally, one of the big challenges with subsea cabling has been power, and in particular how to provide power mid-cable for repeater equipment.


French cloud provider OVHcloud has opened up a Bring Your Own IP service, which it said allows customers to reuse existing public IPv4 blocks as failover addresses in the event of an outage.


Microsoft moves ahead with a plan to sunset basic authentication, and other providers are moving — or have moved — to requiring more secure authentication as well. Is your company ready?


You only have to follow cryptocurrency news casually to be struck by the size and frequency of cryptocurrency security failures.


Earlier this year, Motherboard reported Continue reading

Hedge 147: The SRE with Niall Murphy (part 1)

It seems like only yesterday we started talking about the Site Reliability Engineer, and their place in the IT ecosystem. Over the last several years, the role of the SRE has changed—and it’s bound to continue changing. On this episode of the Hedge, Niall Murphy joins Tom Ammon and Russ White to discuss the changing role of the SRE, and what the SRE could be.

download

If you want to read more on this topic, check out Niall’s article over a USENIX.

Controversial Reads 091022

https://www.theregister.com/2022/08/01/column_7nm_chips_china/
After decades trailing the rest of the world in leading-edge chip making, Chinese sand stamper Semiconductor Manufacturing International Corporation (SMIC) has quietly got into the 7nm business. That’s a huge and unexpected leap. Has the West’s embargo of the latest fab furniture failed?

https://www.theepochtimes.com/semiconductors-emerge-as-battleground-in-us-china-race-to-make-global-tech-norms-in-their-image_4648523.html
Although the United States and China are not engaged in traditional warfare, they are engaged in a war of ideas, trade, and technology, especially in semiconductor hegemony, where both sides are battling for supply and advancement.

https://www.piratewires.com/p/american-hustle-microchip-edition
Trade was global, the world was inextricably connected, and your job’s in China now but you should thank us, actually, because everything is cheap and fast and out-of-work factory workers can simply learn to code.

https://www.lawfareblog.com/defending-open-internet-confronting-reality-fragmented-cyberspace-reflecting-upon-two-cfr-reports-us
Last month, CFR issued the report of a new task force, “Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet.” (I was project director for both reports.)

https://www.lawfareblog.com/should-uncle-sam-worry-about-foreign-open-source-software-geographic-known-unknowns-and-open-source
Nationalism has come to software. While downloading TikTok or WeChat onto your cell phone isn’t quite tantamount to installing Huawei equipment in your local cell tower, all indications suggest that a software geopolitical divide has arrived and won’t be going Continue reading

Weekend Reads 090922


CXL is supported by pretty much every hardware vendor and built on top of PCI Express for coherent memory access between a CPU and a device, such as a hardware accelerator, or a CPU and memory.


Challenges pertaining to outdated infrastructure could easily be compounded by the fact that many IT and security teams don’t seem to have a plan in place to mobilize if and when a cyberattack occurs.


Chinese military researchers are threatening that Musk’s Starlink satellites must be destroyed.


Early versions of QUIC had FEC, but for all resources. The redundancy overheads for all data were considered too high, and the feature was dropped.


Aside from counterfeiting, cybersquatting domains can also serve as vehicles for other types of cybercrime, such as spear phishing, scams, and spamming.


In 2020, the ICANN Generic Name Supporting Organization (GNSO) Council approved a plan to revamp the WHOIS system as per the recommendations given by the ICANN Expedited Policy Development Process (EPDP). This plan directed ICANN to develop a centralized System for Standardized Access/Disclosure (SSAD) for WHOIS records.


A couple of months ago, in July 2022, I wrote about our work in measuring the level of use of QUIC in the Continue reading

Upcoming Live Training: Data Center Fabrics

I’ve rebuilt my data center fabrics live training class, adding a lot of new material across the board, and adding a few new topics. To cover all this new material, the class has been expanded from three to six hours. I’m teaching it for the first time on the 29th and 30th of this month.

Register here.

From the Safari Books description—

Data centers are the foundation of the cloud, whether private, public, on the edge, or in the center of the network. This training will focus on topologies and control planes, including scale, performance, and centralization. This training is important for network designers and operators who want to understand the elements of data center design that apply across all hardware and software types.

This class consists of two three-hour sessions. The first session will focus on the physical topology, including a short history of spine-and-leaf fabrics, the characteristics of fabrics (versus the broader characteristics of a network), and laying out a spine-and-leaf network to support fabric lifecycle and scaling the network out. The first session will also consider the positive and negative aspects of using single- and multi-forwarding engine (FE) devices to build a fabric, and various aspects of Continue reading

1 11 12 13 14 15 162