The Value of Community

What seems, now, like a few short months ago, I was drawn into a small community known as The Network Collective. This last week, we launched our paid membership service.

The first thing that must come to mind is that there will be training. Of course there will be training. A (minor) theme throughout the community launch among Eyvonne, Jordan, and I, is that the training on tap will be different from anything else out there. We all three have a great deal of respect for the existing training materials, and we all intend to continue to be involved in other training and education efforts. On the other hand, the style, tone, and content will be different at The Network Collective. The first series being launched are math for network engineers, a long conversation on network design, and a long conversation on communication skills. But training is, once again, a minor theme.

The major theme of The Network Collective is community.

Consider the position of the “average” network engineer. You are either the expert, or one of a few experts, on a topic very few people care about in your organization. What you build is largely seen as an opaque Continue reading

Worth Reading: GDPR in plain language

This post is about demystifying the core GDPR terms so everyone can understand this interesting topic. If you are European or have European users, you need to understand GDPR. —Alex Ewerlöf @Free Code Camp

Weekend Reads 060118: GDPR Heavy

“But what’s the harm?” Far too often, this is one of the biggest questions posed in debates about the value of privacy and the costs of violating it in the United States. Just last fall, the Federal Trade Commission conducted a workshop exploring the contours of “informational injury”, in which CDT participated. —Joseph Jerome @CDT

WHOIS is a service that was inherited from the pre-ICANN registries and has never had a formal definition or rationale beyond that’s the way it’s always been. None of the attempts to rationalize WHOIS have gone anywhere, and there was a broad agreement that the processes had been repeatedly derailed by trademark lawyers who want a one-stop source for whom to sue if someone utters their client’s name in vain. —John Levine @CircleID

Email addresses are seemingly simple to eliminate in theory, devilishly difficult in practice, and potentially expensive mistakes under GDPR. Send an unreacted address to the wrong place, and someone in Europe becomes a Euro Millionaire. Whoops. —Neil Schwartzman @CircleID

The General Data Protection Regulation is here, and soon we will see if it ushers in a new era of individual empowerment or raises novel barriers to innovation in technology. Fears of Continue reading

The Ball at Sunset

Worth Reading: The perfect blog post

How long should a blog be? The infinite Internet has done away with strict word counts and in theory, every online article can be as long as the author feels necessary to get their point across. Unfortunately, many bloggers forget the second part of the old joke relating to dresses and speeches: they should also be short enough to be interesting! —Dominic Jeff @Web Designer Depot

Worth Reading: VPNfilter BOTNET

Cisco’s Talos cyber intelligence unit have discovered an advanced piece of IoT botnet malware, dubbed VPNFilter, that has been designed with versatile capabilities to gather intelligence, interfere with internet communications, as well as conduct destructive cyber attack operations. —Swati Khandelwal @The Hacker News

Worth Reading: The limits of HTTPS

HTTPS is a necessary condition for secure browsing, but it is not a sufficient condition. There are limits to the benefits HTTPS provides, even when deployed properly. This post explores those limits. —Eric Lawrence @APNIC

History of Networking: Software Defined Networking with Martin Casado

Worth Reading: A hard rain is going to fall in public cloud

The public cloud, like Internet service and Internet hosting, is a rich person’s game. If you can’t pony up billions of dollars for infrastructure design, manufacturing, and installation each quarter, then you probably are not going to get the kind of low infrastructure costs that AWS, Google, Microsoft, IBM, and Alibaba can, and therefore you are going to be priced out of the infrastructure cloud. —Timothy Prickett Morgan @The Next Platform

Worth Reading: The inevitability of cloud

Public clouds for large data analysis, just like death and taxes, are clearly inevitable because of two things. One simple and now rather worn out cliché. That would be scale and the slightly more subtle data. —James Cuff @The Next Platform

Short Take: Fix the Problem

Worth Reading: Open Optical

Network operators are intrigued by the concept open optical systems, whereby they can assemble an optical network by piecing together parts from various vendors. They are encouraged by concepts like disaggregated transponder boxes for DCI applications, an Open ROADM MSA, and the Telecom Infra Project Voyager white box initiative. While there is undoubtedly increasing interest in the open model, the question is how far can and should this model be pushed. —Jonathan Homa @ECI

Worth Reading: The value of edge computing

IoT and the much anticipated 5G takeover, as well as several other data-related advances, hinge on greater network efficiencies—that is, speed. Real-time processing and streamlined data pathways are vital to seeing these next-generation technologies take hold. —Bob DeSantis @Data Center Journal

Research: BBR Congestion-Based Congestion Control

Congestion control has proven to be one of the hardest problems to solve in packet based networks. The “easy” way to solve this problem is with admission control, but this “easy” solution is actually quit deceptive; creating the algrorithms and centralized control to manage admission control is much more difficult than it seems. This is why many circuit switched networks just use some form of Time Division Multiplexing (TDM), giving each device connected to the network a single “slot,” and filling empty slots with idle frames, ultimately throwing bandwidth away in the name of simpler computation of fairness.

The problem space has, however, attracted a lot of research. In this post, I’ll be looking at one such effort, a research paper published in the October 2016 edition of ACM Queue describing a system called BBR, a congestion-based congestion control system. At the heart of this system is the concept of the bottleneck link, or bottleneck in the path, which is the lowest bandwidth, highest delay, or perhaps the most congested link in the path between two hosts. The authors use the following figure to describe the current operational point of most congestion control systems, and then the optimal point of Continue reading

Worth Reading: What drives IPv6 deployment

It’s been six years since World IPv6 Launch day on the 6th June 2012. In those six years we’ve managed to place ever increasing pressure on the dwindling pools of available IPv4 addresses, but we have still been unable to complete the transition to an all-IPv6 Internet. —Geoff Huston @Potaroo

Weekend Reads 052518

Without adtech, the EU’s GDPR (General Data Protection Regulation) would never have happened. But the GDPR did happen, and as a result websites all over the world are suddenly posting notices about their changed privacy policies, use of cookies, and opt-in choices for “relevant” or “interest-based” (translation: tracking-based) advertising. Email lists are doing the same kinds of things. @Doc Searl’s Weblog

A newly-uncovered form of DDoS attack takes advantage of a well-known, yet still exploitable, security vulnerability in the Universal Plug and Play (UPnP) networking protocol to allow attackers to bypass common methods for detecting their actions. —Danny Palmer @ZDNet

Today, that’s coming in the form of imperceptible musical signals that can be used to take control of smart devices like Amazon’s Alexa or Apple’s Siri to unlock doors, send money, or any of the other things that we give these wicked machines the authority to do. That’s according to a New York Times report, which says researchers in China and the United States have proven that they’re able to “send hidden commands” to smart devices that are “undetectable to the human ear” simply by playing music. —Sam Barsanti @AVI News

In a paper we recently presented at the Passive Continue reading

Waterfall

Worth Reading: Buried vulnerabilities

The problem isn’t just that you’re introducing vulnerabilities, but that once they’re there, they tend to stay there. Not just in code that you need, but, even worse, in code that you don’t need. —Mike Bursell @opensource.com

Worth Reading: How much of the Internet is QUIC?

First, we investigated the QUIC-capable infrastructure in IPv4 on its common UDP port 443, from which we built a ZMap module to rapidly enumerate QUIC hosts. We exercised QUIC’s version negotiation feature within our module, which yields QUIC support as well as the supported QUIC versions. —Jan Rüth @APNIC

Worth Reading: The Critical Web Page Performance Path

First of all, it would be useful to understand the steps the browser is actually going through. It starts with plain HTML, CSS, and JavaScript files goes through rendering and painting a page, and arrives in the end to become what the user sees. —Sibylle Sehl @Free Code Camp