Russ

Author Archives: Russ

Worth Listening: Heidi Roizen

Project AI+Compassion just interviewed Heidi Roizen about compassion in IT; it’s worth listening to. From the show notes—

Storytelling is a powerful way for humans to connect and for humans to move other humans to action. To understand your story and understand the stories of others, we can develop a lot more compassion for people when we understand that everybody has a story. Everybody story is important. So, don’t dismiss other people’s stories. Take the time to get to know everyone has a story.

Weekend Reads 082721


Since the start of the pandemic, Huang has delivered keynotes from his kitchen. GTC 2021 still featured a kitchen keynote, but a section featured a virtual kitchen made entirely in Omniverse. Even more impressive, the Nvidia team managed to create a CG model of Huang that delivered part of the keynote.


The U.S. is presently combating two pandemics–coronavirus and ransomware attacks. Both have partially shut down parts of the economy. However, in the case of cybersecurity, lax security measures allow hackers to have an easy way to rake in millions.


Microsoft has disclosed details of an evasive year-long social engineering campaign wherein the operators kept changing their obfuscation and encryption mechanisms every 37 days on average, including relying on Morse code, in an attempt to cover their tracks and surreptitiously harvest user credentials.


We at PowerDNS have been getting questions about ‘DNS server cache snooping remote information disclosure’ attacks lately, mostly coming from reports generated by one very popular security scanner:


Researchers have long debated whether it would be worth the effort for scammers to train machine learning algorithms that could then generate compelling phishing messages.


IBM’s Cost of a Data Breach Report 2021 analyzed 537 real breaches and Continue reading

Hedge 97: Low Context DevOps

Language is deeply contextual—one of my favorite sayings from the theological world is if you take the text out of its context, you are just left with the con. What does context have to do with development and operations, though? Can there be low and high context situations in the daily life of building and running systems? Thomas Limoncelli joins Tom Ammon and Russ White to discuss the idea of low context devops, and the larger issue of context in managing projects and teams, on this episode of the Hedge.

download

It always takes longer than you think

Everyone is aware that it always takes longer to find a problem in a network than it should. Moving through the troubleshooting process often feels like swimming in molasses—you’re pulling hard, and progress is being made, but never fast enough or far enough to get the application back up and running before that crucial deadline. The “swimming in molasses effect” doesn’t end when the problem is found out, either—repairing the problem requires juggling a thousand variables, most of which are unknown, combined with the wit and sagacity of a soothsayer to work with vendors, code releases, and unintended consequences.

It’s enough to make a network engineer want to find a mountain top and assume an all-knowing pose—even if they don’t know anything at all.
The problem of taking longer, though, applies in every area of computer networking. It takes too long for the packet to get there, it takes to long for the routing protocol to converge, it takes too long to support a new application or server. It takes so long to create and validate a network design change that the hardware, software and processes created are obsolete before they are used.

Why does it always take too long? Continue reading

Weekend Reads 082021


Cross Site Scripting is the second most prevalent issue in the Open Source Foundation for Application Security (OWASP) top 10 – it’s found in roughly 2/3 of all applications.


Unidentified threat actors are actively exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure.


Big O notation is an important tools for computer scientists to analyze the cost of an algorithm. Most software engineers should have an understanding of it.


Cybersecurity researchers have disclosed a new class of vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to exfiltrate sensitive information from corporate networks.


In his keynote, Tait, former information security specialist for the UK’s GCHQ and more recently a member of Google’s Project Zero team, outlined what he considers the three main factors that drove high-profile cyberattacks on Colonial Pipeline, Kaseya, Exchange Server, SolarWinds, and Codecov, as well as North Korea’s targeting of security researchers and the NSO Pegasus Project iOS hacks.


The two researchers reported the issues to Apple and many of them have been fixed. However, the security weaknesses are not Continue reading

Hedge 96: Mark Nottingham and the Future of Standardization

It often seems like the IETF is losing steam—building standards, particularly as large cloud-scale companies a reducing their participation in standards bodies and deploying whatever works for them. Given these changes, what is the future of standards bodies like the IETF? Mark Nottingham joins Tom Ammon and Russ White in a broad-ranging discussion around this topic.

download

The Centralization of the Internet

My article on Internet centralization just published over at The Public Discourse—

Most of the Internet’s traffic now flows through the networks of a few large companies rather than a multitude of small transit providers, and the Internet’s physical infrastructure is being reshaped to meet this new reality. But relying on a few providers to host all the content on the Internet makes it possible for just a few companies to shut down entire services or control speech.

Controversial Reads 081421


However, in the last 5-10 years it has felt that technology is actually running the other way. We aren’t getting more productive with our technology — we’re getting less productive. Even as technology grows, it is not providing significant gains, and in fact is giving us problems.


Here’s a paper worth revisiting, “On the Dangers of Stochastic Parrots: Can Language Models Be Too Big?” (March 3, 2021), if only for the principal author’s trouble associated with publishing it.


Silicon Valley was created in the Second World War to help the U.S. Army win the war. The government funded companies such as Fairchild Semiconductor.


How many messaging services do you use? Slack, Discord, WhatsApp, Apple iMessage, Signal, Facebook Messenger, Microsoft Teams, Instagram, TikTok, Google Hangouts, Twitter Direct Messages, Skype?


There’s uncertainty among executives and managers who must ensure that individual and team productivity remains high, customer demands are met, and employees are engaged. How can they meet these requirements when their workers aren’t corralled in offices?


Why should you care about data brokers? Reporting this week about a Substack publication outing a priest with location data from Grindr shows once again how easy it is for anyone to take Continue reading

Weekend Reads 081321


The US military’s AI experiments are growing particularly ambitious. The Drive reports that US Northern Command recently completed a string of tests for Global Information Dominance Experiments (GIDE) …


This whitepaper puts particular focus on cloud-native security controls offered by Amazon Web Services (AWS), one of the most common public cloud infrastructure providers used by organizations today. The controls in Network Security and Endpoint as well as Services Security can help security engineers to protect the AWS infrastructure and ensure that they function effectively.


People make up an important part of an organization’s security posture. That’s because some employees have the rights necessary for accessing sensitive data as well as the privileges for viewing and/or editing critical systems.


The more interesting and nerdy news is how Intel is achieving double bandwidth. It’s using Pulse Amplitude Modulation (PAM), which uses a combination of two numbers in the binary to transmit two bits of data in each cycle, unlike traditional transmission methods that only carry a single bit of data.


PolarProxy is a transparent TLS proxy that outputs decrypted TLS traffic as PCAP files. PolarProxy doesn’t interfere with the tunnelled data in any way, it simply takes the incoming TLS stream, decrypts Continue reading

Hedge 95: Mike Bushong and Agile

We’ve all been told agile is better … but as anyone who’s listened here long enough knows, if you haven’t found the tradeoffs, you haven’t looked hard enough. What is agile better for? Are there time when agile is better, and times when more traditional project management processes are better? Mike Bushong joins Tom Ammon, Eyvonne Sharp, and Russ White on this, the 95th episode of the Hedge, to discuss his experience with implementing agile, where it works, and where it doesn’t.

download

The Grass is Always Greener

This last week I was talking to someone at a small startup that intends to eliminate all the complex routing from campus networks. In the past, when reading blog posts about Kubernetes, I’ve read about how it was designed to eliminate routing protocols because “routing protocols are so complex.”

Color me skeptical.

There are two reasons for complexity in a design. The first is you’re solving a hard problem. The second is you’ve made bad design choices in the past, and you’re pasting complexity on top to solve some perceived problem (whether perceived or real).

The problem with all this talk about building something that’s “less complex” is people tend to see complexity of the first kind and think, “we can get rid of that complexity if we start over.” Failing to understand the past before building the future is a recipe for repeated failures of the same kind. Building a network without a distributed routing protocol hasn’t been tried before either, right? Well, yes, it has … We either forget how it turned out, or we say “well, that’s not the same thing I’m talking about here” (just like “real socialism hasn’t ever been tried”).

Even worse, Continue reading

Weekend Reads 080621


M of N is how you carve up ownership of necessary information to use a cryptographic hardware security module (HSM) to ensure a process that is visible to the community.


Last November, the European Council published the resolution “Security through encryption and security despite encryption.” It stated that law enforcement “must be able to access data in a lawful and targeted manner,” and called on stakeholders to find “technical solutions” to provide law enforcement access to end-to-end encrypted communications.


Intel’s Data Center Group has just turned in the third best revenue quarter in its history, just behind the two thirteen-week periods that started off 2020, which was before the coronavirus pandemic had hit and just after it hit and the full effects were not seen as yet.


Logos play a significant role in whether or not we open an email and how we assess the importance of each message.


The unpleasant truth of the matter is that this will certainly not be the last time society is disrupted due to attackers targeting critical industrial control systems (ICS). The impact of such an attack is amplified by the growing reliance on automation and antiquated protocols throughout many OT networks.


Every Continue reading

Hedge 94: Josh Slater and Quantum Networking

If you’re like me, you’ve heard a lot of hype about quantum—but you’ve never really been able to understand what quantum networking might be useful for. On this episode of the Hedge, Josh Slater, who works in the field of quantum networking, Ethan Banks, and Russ White discuss the current state of quantum networking and potential use cases for the technology. Things are farther along than you might think.

download

It Always Takes Too Long

It always takes longer to find a problem than it should. Moving through the troubleshooting process often feels like swimming in molasses—it’s never fast enough or far enough to get the application back up and running before that crucial deadline. The “swimming in molasses effect” doesn’t end when the problem is found out, either—repairing the problem requires juggling a thousand variables, most of which are unknown, combined with the wit and sagacity of a soothsayer to work with vendors, code releases, and unintended consequences.

It’s enough to make a network engineer want to find a mountain top and assume an all-knowing pose—even if they don’t know anything at all.
The problem of taking longer, though, applies in every area of computer networking. It takes too long for the packet to get there, it takes to long for the routing protocol to converge, it takes too long to support a new application or server. It takes so long to create and validate a network design change that the hardware, software and processes created are obsolete before they are used.

Why does it always take too long? A short story often told to me by my Grandfather—a farmer—might help.

One morning a Continue reading

Weekend Reads 073021


One of the hottest areas of scientific research that peripherally will affect every tech industry is battery research. It seems like every year there are big breakthroughs in battery capability. Today I look at four of the recent announcements.


Tech companies have a long history of mishandling contacts, and the industry has been slow to give people more control.


However, ColdQuanta is betting that a modality that its founders and engineers have been working on for 15 years – cold atom – will establish itself as a method that will establish itself as quantum computing moves from a developing technology to an established global market.


Web infrastructure and website security company Cloudflare last month fixed a critical vulnerability in its CDNJS library that’s used by 12.7% of all websites on the internet.


The end-users of these platforms are not in control of their virtual presence; if anything, they are at the mercy of these platforms to a large extent.


Cyber hygiene and patching are key measures towards protecting data and systems. However, it’s not always possible or practical to patch when vulnerabilities and associated patches are announced. This problem gives rise to day one exploits.


Data-localization policies are spreading Continue reading

Hedge 93: Dinesh Dutt and Observability

We talk a lot of about telemetry in the networking world, but generally as a set of disconnected things we measure, rather than as an entire system. We also tend to think about what we can measure, rather than what is useful to measure. Dinesh Dutt argues we should be thinking about observability, and how to see the network as a system. Listen in as Dinesh, Tom, And Russ talk about observability, telemetry, and Dinesh’s open source network observability project.

download

How to Listen to the Hedge

The Hedge is over 90 episodes now … I’m a little biased, but I believe we’re building the best content in network engineering—a good blend of soft skills, Internet policy, research, open source projects, and relevant technical content. You can always follow the Hedge here on Rule 11, of course, but it’s also available on a number of services, including—

I think it’s also available on Amazon Music, but I don’t subscribe to that service so I can’t see it. You can check the Podcast Directory for other services, as well. If you enjoy the Hedge, please post a positive rating so others can find it more easily.

Upcoming Live Webinar: Data Center Fabrics

I’ll be teaching a three-hour live webinar on data center fabrics on the 20th of August—

Data centers are the foundation of the cloud, whether private, public, on the edge, or in the center of the network. This training will focus on topologies and control planes, including scale, performance, and centralization. This training is important for network designers and operators who want to understand the elements of data center design that apply across all hardware and software types.

Register here.

Leveraging Similarities

We tend to think every technology and every product is roughly unique—so we tend to stay up late at night looking at packet captures and learning how to configure each product individually, and chasing new ones as if they are the brightest new idea (or, in marketing terms, the best thing since sliced bread). Reality check: they aren’t. This applies across life, of course, but especially to technology. From a recent article—

Whenever I start learning a new programming language, I focus on defining variables, writing a statement, and evaluating expressions. Once I have a general understanding of those concepts, I can usually figure out the rest on my own. Most programming languages have some similarities, so once you know one programming language, learning the next one is a matter of figuring out the unique details and recognizing the differences.

RFC1925 rule 11 states—

Every old idea will be proposed again with a different name and a different presentation, regardless of whether it works.

Rule 11 isn’t just a funny saying—rule 11 is your friend. If want to learn new things quickly, learn rule 11 first. A basic understanding of the theory of networking will carry across all products, all Continue reading

Juniper Master Class: Disaggregation Pros and Cons

On the 28th—in two days—I’m doing a master class over at Juniper on DC fabric disaggregation. I’ll spend some time defining the concept (there are two different ideas we use the word disaggregation to describe), and then consider some of the positive and negative aspects of disaggregation. This is a one hour session, and it’s free. Register here.

1 21 22 23 24 25 163