Russ

Author Archives: Russ

Weekend Reads 051322


Cloudflare, a company that specializes in web security and distributed denial of service (DDoS) attack mitigation, just reported that it managed to stop an attack of an unprecedented scale.


Cloud operators provide price incentives so that users gravitate towards newer generations (and between server architectures). Figure 1 shows lines of best fit for the average cost per virtual central processing unit (vCPU, essentially a physical processor thread as most processor cores run two threads simultaneously) of a range of AWS virtual instances over time.


Passwordless sign-ins are already a practical reality, but they’re sometimes clunky — and three of the biggest tech companies believe they can reduce the friction.


Within a decade, the growth of powerful quantum computers will lead to a new era in security, in which once-impenetrable public-key techniques like RSA and ECC will fall to higher levels of brute force.


Cisco Systems on Wednesday shipped security patches to contain three flaws impacting its Enterprise NFV Infrastructure Software (NFVIS) that could permit an attacker to fully compromise and take control over the hosts.


Developers understand the importance of security, and overwhelmingly want to deploy secure and quality code, but software vulnerabilities continue to be exploited.


The National Institute Continue reading

Hedge 129: Open Source Mentoring

Mentoring is a topic we return to time and again—because it’s one of the most important things we can talk about in terms of building your people skills, your knowledge, and your career. On this episode of the Hedge, Guedis Cardenas joins Tom Ammon and Russ White to talk about open source mentoring. We discuss how this is different than “regular” mentoring, and how it’s the same. Join us as we talk about one of the most important career and personal growth things you can do.

download

BGP Policy (Part 7)

At the most basic level, there are only three BGP policies: pushing traffic through a specific exit point; pulling traffic through a specific entry point; preventing a remote AS (more than one AS hop away) from transiting your AS to reach a specific destination. In this series I’m going to discuss different reasons for these kinds of policies, and different ways to implement them in interdomain BGP.

In this post—the last post in this series—I’m going to cover do not transit options from the perspective of AS65001 in the following network—

There are cases where an operator does not traffic to be forwarded to them through some specific AS, whether directly connected or multiple hops away. For instance, AS65001 and AS65005 might be operated by companies in politically unfriendly nations. In this case, AS65001 may be legally required to reject traffic that has passed through the nation in which AS65005 is located. There are at least three mechanisms in BGP that are used, in different situations, to enforce this kind of policy.

Do Not Advertise Communities (Provider Specific)

Many providers supply communities a customer can use to block the advertisement of their routes to a particular AS. For instance, if Continue reading

Controversial Reads 050722


In January a federal judge denied Facebook’s motion to dismiss the Federal Trade Commission’s amended complaint seeking to force the company to sell off Instagram and WhatsApp.


Tech companies earn staggering profits by targeting ads to us based on our online behavior. This incentivizes all online actors to collect as much of our behavioral information as possible, and then sell it to ad tech companies and the data brokers that service them.


And often, when doing business in these countries, company’s interests in revenue and profits conflict with America’s national security interests, a conflict that profit always seems to win.


European Union lawmakers voted today in favor of controversial measures to outlaw anonymous crypto transactions, a move the industry said would stifle innovation and invade privacy.


His story is sobering: “The pressure comes from both above and below. You’ve got the United States Senate basically saying: ‘Nice little social network you got there. Real shame for anything to happen to it.’… From below, you’ve got the employees and the tweet mobs and basically forming these boycotts and subjecting the management of the company to pressure.


Twitter founder Jack Dorsey would like you to know he too misses the early Continue reading

Weekend Reads 050622


Video meetings dampen brainstorming because we are so hyper-focused on the face in that box that we don’t let our eyes and minds wander as much, a new study found.


Have you recently been on a video confefence call, hit the “mute” button and then offered up some nasty comments about a client or a colleague — or even the boss?


Comcast and other broadband providers are utilizing 10G technology in their quest to deliver “multigigabit symmetrical speeds” to the consumer market.


Yet, simultaneously, AI has been touted as both a panacea to virtually any problem in any field, as well as the source of humankind’s demise. “AI will push us to boundless innovation,” “AI will go rogue,” – across the industry, there remains a mix of skepticism and fear on how AI will specifically impact us as individuals.


It’s not often we can say this, but 2022 is shaping up to be an exciting time in information governance, especially for those interested in compliance and compliance frameworks.


Janczewski thought again of the investigative method that had brought them there like a digital divining rod, revealing a hidden layer of illicit connections underlying the visible world. He hoped, not for Continue reading

Live Training: How Routers Really Work

On the 27th of May, I’ll be teaching a three-hour course called How Routers Really Work? From the course description:

This training will peer into the internal components of a router, starting with an explanation of how a router switches packets. This walk through of a switching path, in turn, will be used as a foundation for explaining the components of a router, including the various tables used to build forwarding tables and the software components used to build these tables.

Sign up here.

Hedge 128: Network Engineering at College

Have you ever thought about getting a college degree in computer networking? What are the tradeoffs between this and getting a certification? What is the state of network engineering at colleges—what do current students in network engineering programs think about their programs, and what they wish was there that isn’t? Rick Graziani joins Tom Ammon and Russ White in a broad ranging discussion on network engineering and college. Rick teaches network engineering full time in the Valley.

download

BGP Policy (Part 6)

At the most basic level, there are only three BGP policies: pushing traffic through a specific exit point; pulling traffic through a specific entry point; preventing a remote AS (more than one AS hop away) from transiting your AS to reach a specific destination. In this series I’m going to discuss different reasons for these kinds of policies, and different ways to implement them in interdomain BGP.

In this post I’m going to cover local preference via communities, longer prefix match, and conditional advertisement from the perspective of AS65001 in the following network—

Communities an Local Preference
As noted above, MED is the tool “designed into” BGP for selecting an entrance point into the local AS for specific reachable destinations. MED is not very effective, however, because a route’s preference will always win over MED, and because it is not carried between autonomous systems.
Some operators provide an alternate for MED in the form of communities that set a route’s preference within the AS. For instance, assume 100::/64 is geographically closer to the [65001,65003] link than either of the [65001,65002] links, so AS65001 would prefer traffic destined to 100::/64 enter through AS65003.
In this case, AS65001 can advertise 100::/64 with Continue reading

Weekend Reads 042922


Our current encryption standards protect our bank accounts, financial markets, and most of our infrastructure, not to mention the logistics/supply-chain management system in the US Defense Department. But what happens when quantum computers can decipher the current asymmetric encryption that protects our vital systems?


Local governments all over the country are choosing ISP partners and making grants from ARPA funds to help bring better broadband. Today’s blog is a warning to handle the awards of such monies in a way as to be safe from challenges from ISPs you don’t choose to fund.


In a resounding victory for companies whose business model depends on web scraping, the U.S. Ninth Circuit Court of Appeals held this week that such activity does not violate the U.S. Computer Fraud and Abuse Act.


OpenTelemetry is considered by many the future of instrumentation, and it’s not hard to understand why. In a world where successful companies are software companies, the need to collect observations from running code is almost universal. Through metrics, logs, and traces, observability data gives us the information we need to inspect how our applications run—and thanks to projects like OpenTelemetry, observability is becoming accessible to everyone.


Organizations using newer Continue reading

BGP Policies (Part 5)

At the most basic level, there are only three BGP policies: pushing traffic through a specific exit point; pulling traffic through a specific entry point; preventing a remote AS (more than one AS hop away) from transiting your AS to reach a specific destination. In this series I’m going to discuss different reasons for these kinds of policies, and different ways to implement them in interdomain BGP.

In this post I’m going to cover AS Path Prepending from the perspective of AS65001 in the following network—

Since the length of the AS Path plays a role in choosing which path to use when forwarding traffic towards a given reachable destination, many (if not most) operators prepend the AS Path when advertising routes to a peer. Thus an AS Path of [65001], when advertised towards AS65003, can become [65001,65001] by adding one prepend, [65001,65001,65001] by adding two prepends, etc. Most BGP implementations allow an operator to prepend as many times as they would like, so it is possible to see twenty, thirty, or even higher numbers of prepends.
Note: The usefulness of prepending is generally restricted to around two or three, as the average length of an AS Path in the Continue reading

Weekend Reads 042222


Agencies of the US Government have issued a joint warning that hackers have revealed their capability to gain full system access to industrial control systems that might help enemy states sabotage critical infrastructure.


Whether you consider them black swan cyber events or not, the SolarWinds attack and the Log4Shell exploit stressed some of the key ways in which organizations can prepare themselves and prevent crises.


The serious lesson from that is to acknowledge but forgive errors. “He’s said, many times, that he knew at that moment it was going to be OK,” Ellis says. “Creating a safe culture requires a lot of practices, and one of them is closure. Humor is a great way to provide closure because you rarely laugh about something that is still creating tension.”


To say that data governance and data compliance are rapidly becoming areas of immense strategic importance for businesses would be an understatement. Governments worldwide already have data protection laws in place or are busy drafting these laws.


On Sunday, an attacker managed to drain around $182 million of cryptocurrency from Beanstalk Farms, a decentralized finance (DeFi) project aimed at balancing the supply and demand of different cryptocurrency assets. Notably, the attack Continue reading

On Securing BGP

The US Federal Communications Commission recently asked for comments on securing Internet routing. While I worked on the responses offered by various organizations, I also put in my own response as an individual, which I’ve included below.

I am not providing this answer as a representative of any organization, but rather as an individual with long experience in the global standards and operations communities surrounding the Internet, and with long experience in routing and routing security.

I completely agree with the Notice of Inquiry that “networks are essential to the daily functioning of critical infrastructure [yet they] can be vulnerable to attack” due to insecurities in the BGP protocol. While proposed solutions exist that would increase the security of the BGP routing system, only some of these mechanisms are being widely deployed. This response will consider some of the reasons existing proposals are not deployed and suggest some avenues the Commission might explore to aid the community in developing and deploying solutions.

9: Measuring BGP Security.
At this point, I only know of the systems mentioned in the query for measuring BGP routing security incidents. There have been attempts to build other systems, but none of these systems have been Continue reading

Hedge 127: FR Routing Update

The FR Routing project is a fully featured open-source routing stack, including BGP, OSPF, and IS-Is (among others), supported by a community including NVDIA, Orange, VMWare, and many others. On today’s episode of the Hedge, Tom Ammon and Russ White are joined by Donald Sharp, Alistair Woodman, and Quentin Young to update listeners on projects completed and underway in FR Routing.

download

Weekend Reads 041522


Quantum computing startups are all the rage, but it’s unclear if they’ll be able to produce anything of use in the near future.


A few years ago, Ken Crum started getting uncomfortable with how much of his life seemed to be online. The long-time computer programmer was particularly concerned by what companies appeared to know about him.


In a future release of Windows 11, you’re going to see significant security updates that add even more protection from the chip to the cloud by combining modern hardware and software.


The classic line “I have a bad feeling about this” is repeated in every Star Wars movie. It’s become a meme for that uneasy feeling that as bad as things are now, they are about to get much worse. That’s an accurate portrayal of how many of us feel about cybersecurity.


Wouldn’t it be funny if Google ends up being the stalwart supporter of the X86 architecture among the hyperscalers and cloud builders?


In 2019, the US Government Accountability Office (GAO) released a report highlighting the ten most critical legacy systems that needed modernisation.


The gold standard for retailers and financial organizations when it comes to protecting sensitive cardholder data, PCI DSS Continue reading

Hedge 126: George Michaelson on ISDN

ISDN, while an old technology, is still around in many parts of the world. When will it go away? George Michaelson joins Tom Ammon and Russ White to discuss the end of ISDN. The conversation then veers into old networking technologies, and the importance of ISDN in setting the terms and ideas we use today—ISDN is one of the key technologies around which network engineers built their mental maps of how to build and maintain networks.

download

1 15 16 17 18 19 162