Weekend reads 031618: Notes on memcache, GDPR and whois, and the end of Symantec certificates

ICANN has consistently said its intention in complying with the European Union’s General Data Protection Regulation (GDPR) is to comply while at the same time maintaining access to the WHOIS domain name registration database “to greatest extent possible.” On February 28, ICANN published its proposed model. —Brian Winterfeldt @CircleID

We previously announced plans to deprecate Chrome’s trust in the Symantec certificate authority (including Symantec-owned brands like Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL). This post outlines how site operators can determine if they’re affected by this deprecation, and if so, what needs to be done and by when. Failure to replace these certificates will result in site breakage in upcoming versions of major browsers, including Chrome. @Google

I’ve been prompted to write this brief opinion piece in response to a recent article posted on CircleID by Tony Rutkowski, where he characterises the IETF as a collection of “crypto zealots”. He offers the view that the IETF is behaving irresponsibly in attempting to place as much of the Internet’s protocols behind session level encryption as it possibly can. He argues that ETSI’s work on middlebox security protocols is a more responsible approach, and the enthusiastic application of TLS in IETF protocol Continue reading

Worth Reading: The dark side of Internet scale shopping

But if this aspect was already known and widely expected for years, another that we often underestimate is that related to our privacy. Amazon, Ebay, but also Google, Facebook and others, base their business on our personal data. —Fabiana Aloisi @Connecting

History of Hardware Switching

On this episode of the history of networking, we talk to Tony Li about the origin and history of the Cisco Silicon Switching Engine.

Worth Reading: Do IP transfers impact network operations?

Last year, a record number of IPv4 addresses were transferred into the APNIC region — over 10.6 million — thanks to the reciprocal inter-RIR transfer policies between APNIC, ARIN and RIPE NCC. —Sanjaya @APNIC

Worth Reading: Changes to the DNS marketplace

The new gTLD program and the introduction of 1200+ new domain name registries has significantly altered the marketplace dynamics. New domain name registries must navigate an environment that is, to an extent, stacked against them. —Kurt Pritz @CircleID

On the ‘net: Thinking about APIs

Network disaggregation is a lot of work for engineers, and it’s fraught with potential hurdles posed by sourcing hardware, a control plane, network operating system and how you manage necessary APIs. @Search Networking

Worth Reading: Intel fights for its life

The Smartphone 2.0 era has destroyed many companies: Nokia, Blackberry, Palm… Will Intel be another victim, either as a result of the proposed Broadcom-Qualcomm combination, or as a consequence of a suicidal defensive move? —Jean-Louis Gassée @ Monday Note

Worth Reading: The IPv4 market

The IPv4 market has grown significantly in the last four years. It finished particularly strong in 2017, both in terms of the total volume of addresses traded and overall number of intra- and inter-RIR transactions in the ARIN region. —Janine Goodman @CircleID

Short Take: Side Channel Attacks

In this short take, recently posted over at the Network Collective, I discuss what a side channel attack is, and why they are important.

Worth Reading: Top 4 problems with “doing DevOps”

“Doing DevOps” sounds so easy. You’ve read the books. You’ve gone to the conferences. You follow the right people on Twitter. But it’s taking so long. What’s going on? —Magnus Hedemark @Opensource.com

Worth Reading: Drilling down into the Ethernet switching market

Cisco has always bragged that it doesn’t play in markets where it doesn’t command a 65 percent market share and a 65 percent operating margin, but you won’t hear the new top brass at Cisco saying that. The reason is simple: That ain’t ever gonna happen again. —Timothy Prickett Morgan @The Next Platform

Low Latency Networking

Low latency is coming to a network near you. In fact, it’s probably coming to your network, whether or not you realize it.

While bandwidth has always been the primary measure of a network, and cross sectional or non-contending bandwidth for data center fabrics, further research and reflection has taught large scale network operators that latency is actually much more of a killer for application performance than lack of bandwidth—and not only latency, but its close cousin, jitter. Why is this?

To understand, it is useful to return to an example given by Tanenbaum in his book Computer Networks. He includes a humorous example of calculating the bandwidth of a station wagon full of VHS tapes, with each tape containing the maximum amount of data possible. For those young folks out there who didn’t understand a single word in that last sentence, think of an overnight delivery box from your favorite shipping service. Now stuff the box full of high density solid state storage of some kind, and ship it. You can calculate the bandwidth of the box by multiplying the number of devices you can stuff in there by the capacity of each device, and then dividing by roughly Continue reading

Worth Reading: Why decentralization matters

The internet is the ultimate software-based network, consisting of a relatively simple core layer connecting billions of fully programmable computers at the edge. Software is simply the encoding of human thought, and as such has an almost unbounded design space. —Chris Dixon @Medium

Lamp and Gateway

Weekend Reads 030918: Botnet Avalanche, DNS Security, and IoT Privacy

It’s been a busy few weeks in cybercrime news, justifying updates to a couple of cases we’ve been following closely at KrebsOnSecurity. In Ukraine, the alleged ringleader of the Avalanche malware spam botnet was arrested after eluding authorities in the wake of a global cybercrime crackdown there in 2016. @Krebs on Security

Reflection amplification is a technique that allows cyber attackers to both magnify the amount of malicious traffic they can generate, and obfuscate the sources of that attack traffic. For the past five years, this combination has been irresistible to attackers, and for good reason. —Carlos Morales @Arbor

For years, we’ve been pioneering the use of DNS to enforce security. We recognized that DNS was often a blind spot for organizations and that using DNS to enforce security was both practical and effective. Why? Because DNS isn’t optional. It’s foundational to how the internet works and and is used by every single device that connects to the network. If you’re considering using DNS for security, it’s important to understand the facts so you can combat the fiction. —Kevin Rollinson @Cisco

Attackers have seized on a relatively new method for executing distributed denial-of-service (DDoS) attacks of unprecedented disruptive power, using Continue reading

Worth Reading: Meeting blur

Problem is, I’ve had this conversation five times today, and suddenly I can not remember what was said by whom, when, and where. Welcome to Meeting Blur. @randinrepose

Administravia 030818: Added Navigation

I was asked by a reader to add categories and links for videos; I actually added three new categories, one for short videos, another for long videos, and a third for written posts. You can find these under the bottom menu item on the left. I am having a problem with the menu not showing up correctly, so I move the resources under the third menu item, as well.

Finally, I added a new archive page, which shows you all the posts in the “left” category across the three years this blog has been “in production.” I couldn’t figure out how to narrow things down so pictures and other stuff are not included, so there is more on the page than needed right now, but it’s a start.

Cloud Connectivity on the Network Collective

On this episode of the Network Collective, we’re chatting with Miguel Villareal and Scott Wheeler about cloud connectivity.

Worth Reading: Airline web sites and privacy

I asked my wife if it is alright if her Date of Birth is known to a stranger. Only if they send me a birthday gift, she joked. What about your passport number? She lowered the book she was reading. I now had her attention. —Konark Modi @FreeCodeCamp

Worth Reading: Finding shared IP address

…we developed a project to identify IPv4 addresses shared simultaneously by many users — we call such addresses ‘gateway’ addresses— and understand the nature of the shared address, that is if they are being used as a company/campus proxy, a CGN, or public hotspot. —Ramakrishna Padmanabhan @APNIC