Worth Reading: Practice Hours

Often times musicians have “sacred” practice hours. They don’t do it for an artist, band, or for anyone other than themselves. It’s their time to sit down and focus on a technique, song that they want to learn, or whatever their heart desires. —Stephanie Winn Provence @Free Code Camp

History of Networking: Ross Callon on MPLS

Worth Reading: Active-Active Data Centers

Any enterprise running a high-availability application must answer the following fundamental question: How do we create a resilient application architecture when the underlying communications infrastructure may be unreliable? —Terry Slattery @Netcraftsmen

Worth Reading: Modern Babel in Network Coding

Automation is great. I happen to love coding and have been working with various API’s, getting some small but real problems solved. One of the factors I’m acutely aware of is right-sizing what I tackle. —Pete Welcher @Netcraftsmen

Reaction: Nerd Knobs and Open Source in Network Software

This is an interesting take on where we are in the data networking world—

Tech is commoditizing, meaning that vendors in the space are losing feature differentiation. That happens for a number of reasons, the most obvious of which is that you run out of useful features. Other reasons include the difficulty in making less-obvious features matter to buyers, lack of insight by vendors into what’s useful to start off with, and difficulty in getting media access for any story that’s not a promise of total revolution. Whatever the reason, or combination of reasons, it’s getting harder for network vendors to promote features they offer as the reasons to buy their stuff. What’s left, obviously, is price. —Tom Nolle @CIMI

There are things here I agree with, and things I don’t agree with.

Tech is commoditizing. I’ve talked about this before; I think networking is commoditizing at the device level, and the days of appliance based networking are behind us. But are networks themselves a commodity? Not any more than any other system.

We are running out of useful features, so vendors are losing feature differentiation. This one is going to take a little longer… When I first started in Continue reading

Worth Reading: GitOps

You’ve written a new web application and would like it to be added to your organization’s web load balancer. The load balancer is complex; its configuration is maintained by highly trained experts on the network operations team. You file a ticket with the team, wait, wait, wait, have a discussion with the experts, wait, wait, wait, and finally your request is completed. Your application is now available, assuming they got it right on the first try. —Thomas A. Limoncelli @ACM

Weekend Reads 081618: New Vulnerabilities

Spectre and Meltdown are more than a new class of security holes. They’re deeply embedded in the fundamental design of recent generations of CPUs. So it shouldn’t come as any surprise that yet another major Intel chip security problem has been discovered: Foreshadow. —Steven J. Vaughan-Nichols @ZDNet

Foreshadow Attacks – Security researchers disclosed the details of three new speculative execution side-channel attacks that affect Intel processors. The new flaws, dubbed Foreshadow and L1 Terminal Fault (L1TF), were discovered by two independent research teams. —Pierluigi Paganini @Security Affairs

Security researchers at Check Point Software Technologies have discovered a new attack vector against the Android operating system that could potentially allow attackers to silently infect your smartphones with malicious apps or launch denial of service attacks. —Swati Khandelwal @The Hacker News

When a room filled with hundreds of security professionals erupts into applause, it’s notable. When that happens less than five minutes into a presentation, it’s remarkable. But that’s what transpired when security researcher Christopher Domas last week showed a room at Black Hat USA how to break the so-called ring-privilege model of modern CPU security. —Curtis Franklin Jr. @Dark Reading

Bought a new Android phone? What if I say your brand Continue reading

Cathedral Ceiling

Worth Reading: The Australian encryption debate is close to home

Last week, a global alliance of 76 organizations, companies, and individuals urged Australian officials to refrain from requiring technology companies to weaken the security of their products and services by building in backdoors to facilitate law enforcement access. —Michael Jardine @CDT

Reaction: Network software quality

Over at IT ProPortal, Dr Greg Law has an article up chiding the networking world for the poor software quality. To wit—

When networking companies ship equipment out containing critical bugs, providing remediation in response to their discovery can be almost impossible. Their engineers back at base often lack the data they need to reproduce the issue as it’s usually kept by clients on premise. An inability to cure a product defect could result in the failure of a product line, temporary or permanent withdrawal of a product, lost customers, reputational damage, and product reengineering expenses, any of which could have a material impact on revenue, margins, and net income.

Let me begin here: Dr. Law, you are correct—we have a problem with software quality. I think the problem is a bit larger than just the networking world—for instance, my family just purchased two new vehicles, a Volvo and a Fiat. Both have Android systems in the center screen. And neither will connect correctly with our Android based phones. It probably isn’t mission critical, like it could be for a network, but it is annoying.

But even given software quality is a widespread issue in our world, it is still Continue reading

Worth Reading: Identity is the new perimeter

Whereas businesses used to be able to build their own data centers to protect their information and applications, and put up firewalls for security, the cloud is forcing them to change their approach, he says. Combined with the fact that most people are going mobile, it’s time for defenses to evolve. —Kelly Sheridan @Dark Reading

Worth Reading: The state of the IPv4 market

The number of IPv4 transactions and volume of IP addresses flowing to and from organizations in the ARIN region in the last 6 months put 2018 on track to be the most active year in the history of the IPv4 market. —Janine Goodman @CircleID

Give the Monkey a Smaller Club

Worth Reading: Open source networking skills

While the national unemployment rate stands at 4.1%, the overall unemployment rate for tech professionals hit 1.9% in April and the future for open source jobs looks particularly bright. —Brandon Wick @Linux.com

Worth Reading: Custom AI chips are the new normal

Cloud giants Amazon, Alibaba, Baidu, Facebook, Google, and Microsoft are now designing their own AI accelerator chips. Is this a fad or a short-term phase the cloud industry is going through? —Paul Teich @The Next Platform

The Network Collective: Networking in Harsh Environments

Worth Reading: Five myths of Silicon Valley

Very little has changed over the past decade, with the Valley still mired in myth and stale stereotype. Ask any older entrepreneurs or women who have tried to get financing; they will tell you of the walls they keep hitting. Speak to venture capitalists (VCs), and you will realize they still consider themselves kings and kingmakers. —Vivek Wadhwa @Market Watch

Worth Reading: A new way to attack WPA2 weakenesses

On August 4, 2018, Jens “Atom” Steube, the lead developer of Hashcat, released a forum post disclosing a new technique that attempts to obtain and crack Wi-Fi Protected Access 2 (WPA2) passwords. —Ryan Morrow @Cisco

Research: Are We There Yet? RPKI Deployment Considered

The Resource Public Key Infrastructure (RPKI) system is designed to prevent hijacking of routes at their origin AS. If you don’t know how this system works (and it is likely you don’t, because there are only a few deployments in the world), you can review the way the system works by reading through this post here on rule11.tech.

Gilad, Yossi & Cohen, Avichai & Herzberg, Amir & Schapira, Michael & Shulman, Haya. (2017). Are We There Yet? On RPKI’s Deployment and Security. 10.14722/ndss.2017.23123.

The paper under review today examines how widely Route Origin Validation (ROV) based on the RPKI system has been deployed. The authors began by determining which Autonomous Systems (AS’) are definitely not deploying route origin validation. They did this by comparing the routes in the global RPKI database, which is synchronized among all the AS’ deploying the RPKI, to the routes in the global Default Free Zone (DFZ), as seen from 44 different route servers located throughout the world. In comparing these two, they found a set of routes which the RPKI system indicated should be originated from one AS, but were actually being originated from another AS in the default free zone.

Continue reading

Worth Reading: AI for security is a dangerous gamble

Machine learning and artificial intelligence can help guard against cyberattacks, but hackers can foil security algorithms by targeting the data they train on and the warning flags they look for. —Martin Giles @Technology Review