Russ

Author Archives: Russ

Worth Reading: The Dead DRM Canary

EFF has been fighting against DRM and the laws behind it for a decade and a half, intervening in the US Broadcast Flag, the UN Broadcasting Treaty, the European DVB CPCM standard, the W3C EME standard and many other skirmishes, battles and even wars over the years. With that long history behind us, there are two things we want you to know about DRM… —Cory Doctorow @ Deep LinksEFF has been fighting against DRM and the laws behind it for a decade and a half, intervening in the US Broadcast Flag, the UN Broadcasting Treaty, the European DVB CPCM standard, the W3C EME standard and many other skirmishes, battles and even wars over the years. With that long history behind us, there are two things we want you to know about DRM… —Cory Doctorow @ Deep Links

DDOS and The DNS

The Mirai DDOS attack happened just over a year ago, on the 21st October 2016. The attack was certainly a major landmark regarding the sorry history of “landmark” DDOS attacks on the Internet. It’s up there with the Morris Worm of 1988, Slammer of 2002, Sapphine/Slammer of 2009 and of course Conficker in 2008. What made the Mirai attack so special? It was the largest we have seen so far, with an attack that amassed around 1Tb of attack traffic, which is a volume that creates not only a direct impact on the intended victim but wipes out much of the network infrastructure surrounding the attack point as well. Secondly, it used a bot army of co-opted webcams and other connected devices, which is perhaps a rather forbidding portent of the ugly side of the over-hyped Internet of Things. Thirdly, the target of the attack was aimed at the Internet’s DNS infrastructure. —Geoff Huston @ CircleID

SLAAC and DHCPv6

When deploying IPv6, one of the fundamental questions the network engineer needs to ask is: DHCPv6, or SLAAC? As the argument between these two has reached almost political dimensions, perhaps a quick look at the positive and negative attributes of each solution are. Originally, the idea was that IPv6 addresses would be created using stateless configuration (SLAAC). The network parts of the address would be obtained by listening for a Router Advertisement (RA), and the host part would be built using a local (presumably unique) physical (MAC) address. In this way, a host can be connected to the network, and come up and run, without any manual configuration. Of course, there is still the problem of DNS—how should a host discover which server it should contact to resolve domain names? To resolve this part, the DHCPv6 protocol would be used. So in IPv6 configuration, as initially conceived, the information obtained from RA would be combined with DNS information from DHCPv6 to fully configure an IPv6 host when it is attached to the network.

There are several problems with this scheme, as you might expect. The most obvious is that most network operators do not want to deploy two protocols to Continue reading

Worth Reading: The Tradeoffs of NVM-Express

NVM-Express isn’t new. Development on the interface, which provides lean and mean access to non-volatile memory, first came to light a decade ago, with technical work starting two years later through a work group that comprised more than 90 tech vendors. The first NVM-Express specification came out in 2011, and now the technology is going mainstream. How quickly and pervasively remains to be seen. NVM-Express promises significant boosts in performance to SSDs while driving down the latency, which would be a boon to HPC organizations and the wider world of enterprises as prices for SSDs continue to fall and adoption grows. —Jeffery Burt @ The Next Platform

Worth Reading: Hiding the DNS

Among all the working groups that met at IETF 100 in Singapore was the first meeting of the DNS over HTTPs Working Group (DOH). I wrote on a related topic of DNS privacy a little over a year ago, looking at the work at the time on the privacy-related topics of QNAME minimisation, DNS over TLS, and what I called then ‘Secure DNS over JSON’, which was a variant of DNS queries over HTTPS. In this article, I’d like to look in a little more detail at the efforts to hide the DNS behind HTTPS and put the work in the DOH Working Group into a broader perspective. —Geoff Huston @ APNIC

Worth Reading: Big Four Shift Open Source Licensing

The GNU Public License version 2 (GPLv2) is arguably the most important open-source license for one reason: It’s the license Linux uses. On November 27, three Linux-using technology powers, Facebook, Google, and IBM, and the major Linux distributor Red Hat announced they would extend additional rights to help companies who’ve made GPLv2 open-source license compliance errors and mistakes. —Steven J. Vaughan-Nichols @ ZDNetThe GNU Public License version 2 (GPLv2) is arguably the most important open-source license for one reason: It’s the license Linux uses. On November 27, three Linux-using technology powers, Facebook, Google, and IBM, and the major Linux distributor Red Hat announced they would extend additional rights to help companies who’ve made GPLv2 open-source license compliance errors and mistakes. —Steven J. Vaughan-Nichols @ ZDNet

Weekend Reads 120117

There’s an “automation meteor” headed right at us, according to financial adviser and Reformed Broker blogger Josh Brown, who used this troubling “chart o’ the day” from Wharton to show just “how quickly things have changed” over the past decade. And how they’re going to keep on changing. —Shawn Langlois @ MarketWatchThere’s an “automation meteor” headed right at us, according to financial adviser and Reformed Broker blogger Josh Brown, who used this troubling “chart o’ the day” from Wharton to show just “how quickly things have changed” over the past decade. And how they’re going to keep on changing. —Shawn Langlois @ MarketWatch

Andrew Ng, formerly the head of AI for Chinese search giant Baidu and, before that, creator of Google’s deep-learning Brain project, knows as well as anyone that artificial intelligence is coming for plenty of jobs. And many of us don’t even know it. —Rachel Metz @ MIT Technology Review

Many historians believe that one of the main reasons why the U.S. won the Cold War was its decisive lead over the Soviet Union in computer and telecommunications technology, which, by the 1980s, made it virtually impossible for the Soviets to compete, either economically or militarily. Continue reading

Worth Reading: Open Source Supply Chain

Diversity and inclusivity in the technology industry—and in open source communities more specifically—have received a lot of coverage, both on Opensource.com and elsewhere. One approach to the issue foregrounds arguments about concepts that are more abstract—like human decency, for example. But the “supply chain” metaphor works, too. And it can be an effective argument for championing greater inclusivity in our open organizations, especially when people dismiss arguments based on appeals to abstract concepts. —Ben Cotton @ Open Source

Worth Reading: Can technology help privacy evolve?

The topic of privacy came up over coffee, of course – and I was glad to hear that it is not only seen as a key issue for technology and governance, but it’s also seen as being closely interconnected with issues of cybersecurity. As readers of the Internet Society’s blogs will know, we think so too. You can’t have good privacy if you don’t have good security tools, and you can’t have good security in the absence of privacy. — Robin Wilton @ The Internet Society

Worth Reading: Openstack and CITC

In this blog post I will be discussing how I leveraged a flat network to initially create simple instance deployments. Then I’ll dive more deeply into how I created a VXLAN network for my OpenStack instances to create more scalable east-west communication. In the previous post I used the CITC console as my primary interface for configuration. This time I will be using an SSH client and the direct SSH information, as the outputs I’m gathering have wider width that is easier to obtain via an SSH client. —Rama Darbha @ Cumulus

Worth Reading: Gen-Z

Servers have become increasingly powerful in recent years, with more processing cores being added and accelerators like GPUs and field-programmable gate arrays (FPGAs) being added, and the amount of data that can be processed is growing rapidly. However, a key problem has been the enabling interconnect technologies to keep pace with server evolution. It is a challenge that last year spawned the Gen-Z Consortium, a group founded by a dozen top-tier tech vendors including Hewlett Packard Enterprise, IBM, Dell EMC, AMD, Arm, and Cray that wanted to create the next-generation interconnect that can leverage existing tech while paving the way for new ones at a time of rapid change within the computing industry where massive amounts of data are being created and processed. —Jeffery Burt @ The Next Platform

Worth Reading: ONAP Amsterdam

The Open Network Automation Platform, a Linux Foundation project, has released ONAP Amsterdam, an open-source platform to enable network automation for carriers and service providers. ONAP Amsterdam includes open-source software for orchestration and automation, as well as verified blueprints for two use cases. Carriers and service providers can download and deploy Amsterdam to automate their networks. Integrators and vendors can also build products and services around Amsterdam. —Drew Conry-Murray @ Packet Pushers

Worth Reading: Quad9

In a joint project, IBM Security along with Packet Clearing House (PCH) and The Global Cyber Alliance (GCA) today launched a free service designed to give consumers and businesses added online privacy and security protection. The new DNS service is called Quad9 in reference to the IP address 9.9.9.9 offered for the service. The group says the service is aimed at protecting users from accessing malicious websites known to steal personal information, infect users with ransomware and malware, or conduct fraudulent activity. —CircleIDIn a joint project, IBM Security along with Packet Clearing House (PCH) and The Global Cyber Alliance (GCA) today launched a free service designed to give consumers and businesses added online privacy and security protection. The new DNS service is called Quad9 in reference to the IP address 9.9.9.9 offered for the service. The group says the service is aimed at protecting users from accessing malicious websites known to steal personal information, infect users with ransomware and malware, or conduct fraudulent activity. —CircleID

Worth Reading: DNS performance metrics

Most of these benchmarks focus on denial-of-service resistance: What is the maximum query load that can be served? This is indeed a metric that is good to know. Less discussed, however, is performance under normal conditions. Every time a nameserver is slow, a user somewhere is waiting. And not only is a user waiting, some government agencies, one of which is the UK’s OFCOM, take a very strong interest in DNS latencies. In addition, in contractual relations, there is frequently the desire to specify guaranteed performance levels. —Bert Hubert @ APNIC

Worth Reading: Assessing Cloud Vendors

When it comes to evaluating new vendors, it can be challenging to know how best to communicate the requirements of your vendor assessment process and ultimately select the right partner to help your business move forward — while at the same time avoiding the risk of a third-party security incident. After all, 63 percent of data breaches are linked to third parties in some way. In fact, we all recently learned about how an Equifax vendor was serving up malicious code on their website in a newly discovered security incident. —Nick Sorenson @ the Cloud Security Alliance

1 73 74 75 76 77 163