Controversial Reads 101423

Imagine a future in which AIs automatically interpret—and enforce—laws.

Using the proposed “Web Environment Integrity” means websites can select on which devices (browsers) they wish to be displayed, and can refuse service to other devices. It binds client side software to a website, creating a silo’d app.

When Alexa wouldn’t respond to his commands, he called the Amazon help desk to see what the issue was. Evidently, the company locked him out because of his apparent racism: “I was told that the driver who had delivered my package reported receiving racist remarks from my ‘Ring doorbell’ (it’s actually a Eufy, but I’ll let it slide).” Later, without any explanation or apology, Amazon allowed Jackson access again.

According to Harari, “AI has all it needs in order to cocoon us in a Matrix-like world of illusions,” and, even more chillingly, “you don’t really need to implant chips in people’s brains in order to control them or to manipulate them.”

Yet given how most of the internet is currently structured, our online expression largely depends on a set of private companies ranging from our direct Internet service providers and platforms, to upstream ISPs (sometimes called Tier 2 and 3), all Continue reading

Weekend Reads 101323

Dereferencing null pointers is one of the most common software errors. It is so infamous that Tony Hoare called the invention of null pointers his billion-dollar mistake.

To detect DDoS attacks in a telecommunications network we need to see the traffic that traverses the network, and we have multiple protocols for that purpose.

A recent trend in cloud-native development is the use of multi-architecture infrastructures, which can run workloads on either x86 or Arm architectures.

On 28 Aug., the California Privacy Protection Agency released its initial draft regulations for cybersecurity audits and risk assessments.

The Sun is about to turn upside down – magnetically speaking, of course.

Telecoms giant Vodafone is backing more than one horse in the OpenRAN arena, confirming a collaboration with Arm on energy efficient silicon for 5G base stations and continuing to work with Intel on OpenRAN silicon.

However, DNSSEC can cause problems when combined with a widely used method for synchronising secondary DNS servers with their primaries, Incremental Zone Transfer (IXFR).

Antitrust cases like the FTC’s hinge on “threshold” issues, fundamental elements that must be proven for a case to proceed. Here, those issues are threefold: market definition, documentary evidence, and the validity of Continue reading

Hedge 198: Nephio with Wim Henderickx

Automation is a bit of theme recently on the Hedge. In this episode we’re joined by Wim Henderickx to talk about the Linux Foundation Nephio project, which adapts Kubernetes management into a cloud native network management platform. This new take on managing networks is definitely discovering.

download

On the ‘net: Building Consensus in the IETF

You cannot simply post a draft to the IETF repository and expect “someone, somewhere,” to take action. No one is going to read your draft. No one is going to send you comments. No one is going to call for your document to progress forward through the process.

On the ‘net: Mediocrates and LLMs

Might I suggest a name for anyone building yet another Large Language Model (LLM)? Mediocrates would be a far more honest name than the ones big tech companies choose.

Weekend Reads 100323

Google has rolled out “Privacy Sandbox,” a Chrome feature first announced back in 2019 that, among other things, exchanges third-party cookies—the most common form of tracking technology—for what the company is now calling “Topics.”

By virtue of engineering pushing the acceptable boundaries of a system, failures occur. This is inevitable, and that’s also the joy and perils of engineering — discovering the acceptable limits of system resilience.

The resource-intensive inefficiencies inherent to telecom ordering, billing, and service level agreement (SLA) enforcement between carriers is an industry-wide problem that MEF and its member organizations have been working to solve for years.

Cybersecurity agencies from Japan and the U.S. have warned of attacks mounted by a state-backed hacking group from China to stealthily tamper with branch routers and use them as jumping-off points to access the networks of various companies in the two countries.

To help solve this problem, QUIC no longer relies (purely) on IP addresses to define connections. Instead, it assigns a number to each connection (a so-called Connection ID or CID).

You are a distributor that sells your supplier’s brands, so aside from worrying about your own company’s domains, you’ve got nothing else to worry about, right?

Continue reading

Hedge 197: Old Engineering Books (1)

It’s time for the October Roundtable! This month Eyvonne, Tom, and Russ are reading quotes from an engineering book published in 1911 and reacting to them. How much has engineering changed? How much has engineering stayed the same? How well can advice from a hundred years ago apply to modern engineering problems and life? It turns out that, in spite of their faults, there is a lot of great wisdom in these old books.

download

Weekend Reads 092923

Since its discovery in 2019, cyber espionage group RedHotel has successfully stolen secret information from at least 17 target nations worldwide.

The vast majority of Internet users won’t notice any difference, but the update will support enhanced security for several Verisign-operated TLDs and pave the way for broader adoption and the next era of Domain Name System (DNS) security measures.

New research has found that close to 12,000 internet-exposed Juniper firewall devices are vulnerable to a recently disclosed remote code execution flaw.

At the birth of the registry model, Internet engineers could already foresee that the supply of IPv4 addresses would not sustain the predicted rate of consumption.

Attacks related to Domain Name System infrastructure – such as DNS hijacking, DNS tunneling and DNS amplification attacks – are on the rise, and many IT organizations are questioning the security of their DNS infrastructure.

An old Chinese state-linked threat actor has been quietly manipulating Cisco routers to breach multinational organizations in the US and Japan.

Can open source software be regulated? Should it be regulated? And if so, will it lead to enhanced security?

There are currently no restrictions on .AI registrations and it doesn’t help that the domain market is Continue reading

Hedge 196: What’s up with Ethernet? (with Peter Jones)

Ethernet is the technology used to move most of the world’s data at the physical layer. What has been going on for the last few years in Ethernet, and what is coming? Peter Jones joins Tom Ammon and Russ White to talk about current and future work in Ethernet, AI, and other odds and ends.

download

transcript

Hedge 195: DDoS Inflection with Barry Greene

DDoS attacks still play a major role in the global Internet, costing organizations tens (or hundreds) or millions of dollars each year. What are the current and future trends in DDoS attacks? Barry Greene, a global expert in DDoS mitigation, joins Russ White and Tom Ammon to discuss the future of DDoS.

download

Simple or Complex?

A few weeks ago, Daniel posted a piece about using different underlay and overlay protocols in a data center fabric. He says:

There is nothing wrong with running BGP in the overlay but I oppose to the argument of it being simpler.

One of the major problems we often face in network engineering—and engineering more broadly—is confusing that which is simple with that which has lower complexity. Simpler things are not always less complex. Let me give you a few examples, all of which are going to be controversial.

When OSPF was first created, it was designed to be a simpler and more efficient form of IS-IS. Instead of using TLVs to encode data, OSPF used fixed-length fields. To process the contents of a TLV, you need to build a case/switch construction where each possible type a separate bit of code. You must count off the correct length for the type of data, or (worse) read a length field and count out where you are in the stream.

Fixed-length fields are just much easier to process. You build a structure matching the layout of the fixed-length fields in memory, then point this structure at the packet contents in-memory. From there, Continue reading

On the ‘net: Network Models at Packet Pushers

I’ve just started a new series on network models over at Packet Pushers. The first two installments are here:

I learned the Open Systems Interconnect (OSI) model way back in the mid-1980s, as a part of my basic networking education. Ever since then, I’ve used the OSI model in my day-to-day work as a network engineer.

First, models are not sacrosanct. A model is just a tool. If the model you are using is not working for you, feel free to modify it.

On the ‘Net: The IETF at Packet Pushers

I’ve been writing a series about working within the IETF to publish a new standard over at Packet Pushers. The most recent installments are:

There are other seemingly mystical concepts in the IETF process as well—for instance, what is a “document stream,” and what is a document’s “status?”

You’re almost ready to submit a shiny new document to the IETF for consideration, right? Not quite yet—we still need to deal with mandatory sections and language.

Schedule 0923

Here’s a preview of what I’m working on for those who are interested:

• September 2023: (this Friday) How Routers Really Work, a three-hour live webinar at Safari Books Online through Pearson
• October 2023:
  • How the Internet Really Works a four-hour live webinar at Safari Books Online through Pearson; this is newly formatted and reorganized version of the two sessions I used to do
  • I’m speaking at a small theological conference on AI and ethics in Cary, NC
• November 2023:
  • The new CCST book should be released
  • I have recorded a network basics video series that should be released in late 2023 or early 2024
• January 2024:
  • What Coders Need to Know about Networks, a new course, co-authored with an engineer from Akamai; a three-hour live webinar at Safari Books Online through Pearson
  • I’ll be teaching a course in network engineering at the University of Colorado for the spring semester
• February 2024: A new three-hour live webinar on infrastructure interviewing skills at Safari Books Online through Pearson
• March 2024: BGP Policy, a three-hour live webinar on Safari Books Online through Pearson
• April 2024: Troubleshooting, a reformatted and rebuilt three-hour live webinar at Safari Books Online through Pearson

There will probably Continue reading

Weekend Reads 091523

The average total cost of a data breach has reached an all-time high in 2023 of $4.45 million. This is an increase of 2.3% from last year’s $4.35 million.

Originally created as a secure sandbox to run compiled C/C++ code in web browsers, WebAssembly (Wasm) has been gaining traction and momentum on the server-side.

Specifically, the web giant’s Privacy Sandbox APIs, a set of ad delivery and analysis technologies, now function in the latest version of the Chrome browser. Website developers can thus write code that calls those APIs to deliver and measure ads to visitors with compatible browsers.

The German digital association, Bitkom, recently announced that the cost of IT equipment theft, data breaches, digital and industrial espionage, and sabotage is expected to reach a staggering 206 billion euros ($224 billion) in 2023.

The alarming rise of phishing attacks has been underscored by a recent study “Phishing Landscape 2023: An Annual Study of the Scope and Distribution of Phishing conducted” by the Interisle Consulting Group, revealing a tripling of such attacks since May 2020.

Japan is widely regarded as one of the most advanced economies for Internet penetration. Japan’s Internet usage rate (individuals) is 82.9% Continue reading

Upcoming Training: How Routers Really Work

Have you ever wondered exactly how a router moves a packet from input to output interface? Or what the difference between is between a router’s and host’s operating system? Or why forwarding engines are built in classes, and one forwarding engine cannot “do it all?” Join me on the 22nd at 1pm ET for How Routers Really Work, a three-hour tour through router guts. I’ve replaced about 10% of the slides since the last time I taught this course.

If you register, you can watch the recording at a later date.

Register here.

Hedge 194: Network Automation with the Network Automation Forum

Year after year network engineering media, vendors, and influencers talk about the importance of network automation—and yet according to surveys, most network operators still have not automated their network operations. In this episode of the Hedge, part 2 of 2, Chris Grundemann and Scott Robohn join the Hedge to give their ideas on why network automation isn’t happening, and how we can resolve the many blockers to automation.

download

Weekend Reads 090123

However, unlike most of the world, which is taking a flexible, adaptive Zero Trust Model approach of continuous controls for cyberdefense, the EU government is pursuing a vastly expanded version of the failed Common Criteria certification model coupled with regulatory extremism and exceptionalism strategies.

Enabled by SD-WAN, internet-first networking strategies are now the order of the day for wide-area connectivity and have been for some time.

The European Union’s Digital Services Act comes into effect today, August 25, and it’s unclear if the hoped-for consumer protections are going to have their desired impact.

Domain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows.

I like monitoring stuff. That’s what I do at work and when my home ISP started giving me random problems I decided it would be nice to monitor my home network as well.

Although we cannot fix humans, we can put extra measures in place to minimize the risk of having wrongly issued certificates operational in the wild. In comes Certificate Transparency (CT), a concept introduced by Google in 2013.

Hedge 193: Network Automation with the Network Automation Forum

Year after year network engineering media, vendors, and influencers talk about the importance of network automation—and yet according to surveys, most network operators still have not automated their network operations. In this episode of the Hedge, part 1 of 2, Chris Grundemann and Scott Robohn join the Hedge to give their ideas on why network automation isn’t happening, and how we can resolve the many blockers to automation.

download

To find out more about the Network Automation Forum and their upcoming meeting, check out their web site.

Weekend Reads 082623

This open-source hardware optimized implementation uses a novel ECC/Dilithium hybrid signature schema that benefits from the security of ECC against standard attacks and Dilithium’s resilience against quantum attacks.

Dig Security, the cloud data security leader, today released findings from its first-ever “State of Cloud Data Security 2023 Report.” The analysis of more than 13 billion files stored in public cloud environments reveals how – and why – sensitive data is at risk in the modern enterprise.

Dr. Read Schuchardt, professor of communications at Wheaton College (IL), identifies five primary ways digital technology can erode our lives and relationships, or produce what he calls “vices of the virtual life”

In the name of taking the global cybersecurity lead and protecting EU citizens, it seeks to impose dozens of onerous, if not impossible, conformance requirements on all “products with digital elements” and associated obligations on every “manufacturer, importer, or distributor.”

Given the exuberance surrounding machine learning (ML) and deep learning (DL) in particular, the claims I will make in this short article will be quite controversial, to say the least.

We all know there are many skilled cyber attackers out there, professionals with the technical know-how to manipulate and exploit Continue reading