Worth Reading: The Return of the Single Socket

There are so many ironies in the hardware business that it is amazing that we aren’t covered in rust. One irony is that after decades of socket compression in the datacenter, the time of the single socket server may have returned. —Timothy Prickett Morgan @The Next Platform

Worth Reading: Cloud Wars

The battle for public cloud supremacy is far from over, but it may be taking a new direction. Amazon has announced its Snowball edge appliance, which some characterize as an extension of the early Greengrass technology that let users run AWS elements on premises, meaning at the edge. —Tom Nolle @CIMI

On the ‘net: Simplifying Network Design

For various reasons, humans tend to prefer complex resolutions to simple ones. The combined effect of many humans preferring more complex resolutions over time means large-scale systems tend to accrue complexity, until they fall into a complexity wormhole, becoming wholly incomprehensible. @Search Networking

Worth Reading: Limits in Measuring DNS

In this article I’d like to explore a similar proposition related to the behaviour of the Internet’s Domain Name system. It’s nowhere near as formally stated as Heisenberg’s Uncertainty Principle, and cannot be proved formally, but the assertion is very similar, namely that there is a basic limit to the accuracy of measurements that can be made about the behaviour and properties of the DNS. —Geoff Huston @Potaroo

Worth Reading: Production Networks with White Box

One of the challenges service providers have faced in the last decade is lowering the cost per port or per MB while maintaining the same level of availability and service level. And then add to that the constant pressure from subscribers to increase capacity and meet the rising demand for realtime content. —Kevin Myers @Stubarea51

History of Networking: The RFC Series

On the ‘net: Understanding the Exploit Market

How do attackers find a vulnerability, write a piece of code to take advantage of that vulnerability — i.e., build an exploit — build a software delivery system around the exploit and then deliver the attack itself? The key point to recognize in this process is that no single person undertakes all of this work. @Search Networking

Worth Reading: I can’t stop wasting time

There are so many distractions when you are a freelancer. From kids coming into your home office or time sucks like Facebook, you need to focus and be more efficient. The key is arming yourself with the right tools for the job. —Carrie Cousins @WebDesignerDepot

Worth Reading: Creating a Role for Standards

I think it’s obvious that traditional standards processes are simply not effective in the current age. They take way too long and they end up defining an architecture that has to be ignored if the end product is to be useful. —Tom Nolle @CIMI

Research: Even Password Complexity is a Tradeoff

Stronger passwords are always better—at least this is the working theory of most folks in information technology, security or otherwise. Such blanket rules should raise your suspicions, however; the rule11 maxim if you haven’t found the tradeoff, you haven’t looked hard enough should apply to passwords, too.

Dinei Florêncio, Cormac Herley, and Paul C. Van Oorschot. 2016. Pushing on string: the ‘don’t care’ region of password strength. Commun. ACM 59, 11 (October 2016), 66-74. DOI: https://doi.org/10.1145/2934663

Begin with this simple assertion: complex passwords are primarily a guard against password guessing attacks. Further, while the loss of a single account can be tragic for the individual user (and in some systems, the loss of a single password can have massive consequences!), for the system operator, it is the overall health of the system that matters. There is, in any system, a point at which enough accounts have been compromised that the system itself can no longer secure any information. This not only means the system can no longer hide information, it also means transactions within the system can no longer be trusted.

The number of compromised accounts varies based on the kind of system in view; effectively breaching Continue reading

Worth Reading: Microsoft’s Container Strategy Continues to Evolve

Although Microsoft is still a giant in the enterprise IT space, as almost every company of any size is running Windows servers and its related systems software stack, the company is well aware of which way the wind is blowing: corporate workloads are slowly but surely drifting to the cloud, and Linux is the only growing operating system. —Daniel Robinson @The Next Platform

Weekend Reads: 071918

In this post, we present ARTEMIS (Automatic and Real-Time dEtection and MItigation System), a defence system that can be used by operators to protect their own network from BGP prefix hijacking events. Using real experiments, we’ve shown that ARTEMIS can detect prefix hijacking events within seconds and neutralize them within a minute; orders of magnitude faster than with current practices. —Vasileios Kotronis @APNIC

You could sum up the security advantages of serverless this way: What containers did for ensuring the operating system and hardware layer could be maintained and secured separately, serverless offers the same at the application and web server layer. And yet — serverless is no silver bullet from a security perspective. Serverless environments still need to be designed and managed with security in mind at every moment. —Vince Power @The New Stack

Another lesson is that privacy defenses don’t need to be perfect. Many researchers and engineers think about privacy in all-or-nothing terms: a single mistake can be devastating, and if a defense won’t be perfect, we shouldn’t deploy it at all. That might make sense for some applications such as the Tor browser, but for everyday users of mainstream browsers, the threat model is death by Continue reading

Columns

Worth Reading: Your IoT Security Fears are Stupid

Lots of government people are focused on IoT security, such as this bill or this recent effort. They are usually wrong. It’s a typical cybersecurity policy effort which knows the answer without paying attention to the question. Government efforts focus on vulns and patching, ignoring more important issues. @Errata Security

Site Reliability Engineering at the Network Collective

The Site Reliability Engineer (SRE) role often seems a bit mysterious to folks working at smaller and mid-sized companies, where the team isn’t large enough to separate into SRE, operations, and other teams. What does and SRE do, and how is it different from what the average network engineer does? In this Network Collective Off the Cuff, we sit with Michael Kehoe of LinkedIn to discuss the role of the SRE.

Worth Reading: WPA3

Wi-Fi devices have been using the same security protocol for over a decade. But today, that’ll begin to change: the Wi-Fi Alliance, which oversees adoption of the Wi-Fi standard, is beginning to certify products that support WPA3… —Jacob Kastrenakes @The Verge

Worth Reading: The IPv4 Market

On September 24, 2015, the free supply of IPv4 numbers in North America dwindled to zero. Despite fears to the contrary, IPv4 network operators have been able to support and extend their IP networks by purchasing the IPv4 address space they need from organizations with excess unused supply through the IPv4 market. —Marc Lindsey @CircleID

Complexity Sells

Networks are complex. But why? There are two fundamental reasons. The first is complexity is required to solve hard problems, specifically in the area of resilience. The second is that complexity sells. In this short take, I look at the second reason in a little more depth.

Worth Reading: The End of the API Economy

Companies that rely upon third-party public APIs (for example, those from Facebook, Twitter, and other API providers) to do business have always been at risk. This is nothing new. —Bob Reselman @Programmableweb

Worth Reading: Living in the Moment

We spend most of our lives not truly living at all but shoring up goods for some time in the future when we can enjoy them—which never comes. —Michael De Sapio @Intellectual Takeout