Russ

Author Archives: Russ

Weekend Reads 081624


Beware of Internet FORCES aiming to change your mind or direct your decisions! That acronym, coined by behavioral scientist Patrick Fagan, helps people know when they’re being “nudged.”


Enter your name into an internet search engine and the first few results will probably include detailed profiles of you compiled by “people-search” websites with names like Intelius, PeopleFinders, and Spokeo.


Following the July 19 outages caused by a bad update, the cybersecurity firm faces shareholder lawsuits and pressure to pay damages for at least one major customer, Delta Airlines. Will software liability follow?


Since 1998 — the last year Congress passed a major law to reform the tech industry and protect children in the virtual space — a lot has changed.


According to a damning report from 404 Media, backed with internal Slack chats, emails, and documents obtained by the outlet, Nvidia helped itself to “a human lifetime visual experience worth of training data per day,” Ming-Yu Liu, vice president of Research at Nvidia and a Cosmos project leader, admitted in a May email.


It has been an enduring fascination to see how we could use packet networking in the context of digital communications in space.


At a recent conference Continue reading

Weekend Reads 081024


Network observability tools provide information on the health and behavior of applications, offer insights into end-user experience, and detect anomalies that are indicative of security incidents.


Maestro is a general-purpose, horizontally scalable workflow orchestrator designed to manage large-scale workflows such as data pipelines and machine learning model training pipelines.


It might be time to get the pens and notebooks back out and shut off the keyboard for a while. Just pretend you’re back in the first grade and don’t have a minicomputer in your back pocket.


Intel has finally provided an update on instability issues on 13th-gen and 14th-gen CPUs. An update posted by Thomas Hannaford, Intel’s communications manager, pins the instability on an error in the microcode that requests incorrect voltage numbers, leading to instability in the processor.


Separation agreements Meta gave to employees during mass 2022 layoffs are illegal, a US judge has decided, and the reasoning could have implications far beyond Zuckercorp.


In 1940, thirteen percent of the U.S. population lived in suburbs. In 2010, it was half. An analysis by demographer Wendell Cox of population trends during the 2010s showed that 92 percent of all growth in major metropolitan areas was in the suburbs and Continue reading

Hedge 238: What Went Wrong? (Crowdstrike)

The massive failure resulting from a failed update to 8.5 million Windows hosts by Crowdstrike will live in Internet history for years to come. The failure will be studied by engineering teams and college classes to understand what went wrong and how we can stop this from happening in the future. Derick Winkworth (@cloudtoad), Eyvonne Sharp, Tom Ammon, and Russ White hang out at the hedge to talk about what happened and lessons learned from a network engineering perspective.
 

 
download
 
Crowdstrike released a detailed description of the problematic update here.

The Hedge 237: What’s Wrong with Vendors?

Looking at changes in the market in the last ten years, it certainly seems like vendors work less toward innovation and more towards locking customers in to revenue streams. Chris Emerick, Dave Taht, and Russ White decided it’s time to talk about. What’s wrong with vendors? And since everything can’t be wrong with vendors, where are they doing the right thing?
 

 
download

Worth Reading 072624


Recent events involving CrowdStrike’s Falcon security software have underscored a critical lesson across the industry: the importance of having a robust, secure release process.


My analysis of the event has a lot of similarities with my reflections on the Optus outage last year, the incident underscores the critical issue of resilience in IT infrastructure, particularly in systems that lack diversity.


But recovery is just the beginning. What’s sure to follow is a barrage of regulatory oversight, hard feelings among the IT community, and a tough reminder that even a small slip-up in a software update can have catastrophic global consequences.


Over the years, there has been a lot of discussion on if VLAN 1 in Cisco switches is special or not. Does it have any characteristics that other VLANs donメt?


Are you considering the switch from network engineer to cloud engineer? This post wo’t teach you everything needed to become a cloud expert, but hopefully, it will create a level of comfort and familiarity such that you can start your journey to the cloud from here.


The creation of voluntary standards is an idea that may seem easier than imposing regulations. But devising voluntary standards presents unique challenges, different from Continue reading

Weekend Reads 071924


On the other hand, these same minimal overheads imply that DNS over UDP cannot perform prompt detection of packet loss and cannot efficiently defend itself against various approaches to tampering with the DNS, such as source address spoofing, payload alteration and third-party packet injection. Perhaps most importantly, the way UDP handles large payloads is a problem.


User interface (UI) design is currently experiencing a transition from traditional graphical user interfaces (GUIs) to systems designed to recognize a personメs gestures and movements.


The U.S. Federal Trade Commission (FTC), along with two other international consumer protection networks, announced on Thursday the results of a study into the use of “dark patterns” — or manipulative design techniques — that can put users’ privacy at risk or push them to buy products or services or take other actions they otherwise wouldn’t have.


One of the most concerning aspects of social media is that much of its influence evades our notice. We don’t realize that we’re being influenced, or shaped to think a certain way, or view the world through a specific lens.


Chinese automobile conglomerate Geely has made significant strides since I last wrote about their Geesat LEO constellation for mobile vehicle connectivity.


Continue reading

The Hedge 235: Copyrights and Centralization

Join us as Tom, Eyvonne, and Russ hang out for another roundtable. We start the show talking about Tom’s plant (is it real or … ??). What does copyright have to do with Internet Service Providers? Should the two topics be related at all? What can the IETF do about Internet centralization?

Thanks for listening—and please reach out if you have a topic you’d like to hear about, or a guest you’d like to hear.

 

 

download

Weekend Reads 071224


The gang’s time from initial access to draining data out of a Veeam server is shockingly fast; after which the attackers went on to deploy actual ransomware in less than a day.


A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users’ inboxes.


The new fireball is the arrival of AI, its widespread acceptance and adoption, and the view that it is now a competitive imperative.


As a follow-up to the post yesterday on native VLANs, there was a question on what would happen to 802.1Q-tagged frames traversing an unmanaged switch.


State-controlled media on Tuesday covered the proceedings of the third China IPv6 Innovation and Development Conference, at which officials revealed that as of May 2024 the Middle Kingdom was home to 794 million users of the protocol, and that 64.56 percent of mobile traffic – plus 21.21 percent of fixed network traffic – is carried on networks that employ it.


In fact, since 2017, Google’s environmental reports show that the company’s electricity use, CO2 emissions, and carbon intensity have soared.


Using DevSecOps helps ensure the right level of security throughout both Continue reading

Weekend Reads 070524


Anybody not involved in the telephone business will probably be surprised to find that the old TDM telephone networks are still very much alive and in place.


Intel has demonstrated an optical chiplet co-packaged with a CPU capable of supporting 4 Tbps data links to feed the increasing datacenter bandwidth requirements of AI and high performance computing (HPC) applications.


My one-liner for The AI Delusion is that the real danger today is not that computers are smarter than us but that we think computers are smarter than us and consequently trust them to make decisions they should not be trusted to make.


If the Senate passes an expansion of the Foreign Intelligence Surveillance Act, any Americanメs international communications could become an open book.


Anybody who builds fiber networks can describe the litany of state and local regulations involved in constructing fiber. Following are the primary kinds of such regulations ヨ and there are others in some places.


OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems.


This only works for so long. Software can keep getting bigger and slower only for as Continue reading

Weekend Reads 062824


Often the scourge of tech execs in the US, Britain’s competition regulator has a new potential target in its sights: HPE’s proposed $14 billion purchase of Juniper Networks.


Normally, with a signature scheme, you have the public key and want to know whether a given signature is valid. But what if we instead have a message and a signature, assume the signature is valid, and want to know which public key signed it?


Comparing social media with tobacco use is bizarre. Smoking cigarettes is a known danger, whereas social media is a generally positive development that has troubling side effects for some young people who spend too much time on the platforms.


The Biden administration today banned the sale of Kaspersky Lab products and services in the United States, declaring the Russian biz a national security risk.


Meta has identified another reason AI might produce rubbish output: Hardware faults that corrupt data.


During the 59th BEREC plenary meeting (6 June 2024), the Board of Regulators approved the Draft BEREC Report on the IP Interconnection Ecosystem (BoR (24) 93) for public consultation.


Is there any company out there who has hurt young people more than Mark Zuckerberg’s gargantuan Meta empire?


At Continue reading

rule 11 reader 2024-06-21 15:19:04


Talking at Bernstein’s 40th Annual Strategic Decision Conference late last week, HP boss Enrique Lores acknowledged the pressures facing the print division, saying the number of printed pages has dropped by a fifth.


The petition makes three general arguments for issuing a pause on net neutrality, the first of which is that the FCC may not have the authority to reinstate net neutrality at all.


Each time someone interacts with a large language model (LLM), there is an energy cost in running the model for inference. In addition, there is an energy cost in the preparation and training of the model before it was brought to production.


On December 14, 2022, the European Parliament adopted the Directive on measures for a high common level of cybersecurity across the Union (Directive (EU) 2022/2555) hereinafter referred to as “NIS2”), which was published in the official journal on December 27, 2022


In my view, Thomas’ approach is inconsistent with the remainder of Article 28 and would not achieve the goals of NIS2 to improve cybersecurity across the EU member states.


This kind of marketing, historically, is quite effective – bigger numbers are easier for us customers to understand. But, as is the case Continue reading

Live Training: Build Your Own Networking Lab

This Friday at 1pm ET, Bruce McDougall and I are teaching a live class on using Containerlab to build and automate network labs. From the course description:

This course will guide learners through the tools and techniques to build virtual labs either locally or on common cloud services, so you can become more proficient at understanding, designing, monitoring, and troubleshooting networks. The course begins with obtaining and starting the basic tools required to build and test network labs using open-source and freely available tools. The instructors will build a variety of network topologies, including data center and campus, to help learners understand how to test in different environments.

Register here.

1 2 3 4 162