Russ

Author Archives: Russ

A glance back at the looking glass: Will IP really take over the world?

In 2003, the world of network engineering was far different than it is today. For instance, EIGRP was still being implemented on the basis of its ability to support multi-protocol routing. SONET, and other optical technologies, were just starting to come into their own, and all optical switching was just beginning to be considered for large scale deployment. What Hartley says of history holds true when looking back at what seems to be a former age: “The past is a foreign country; they do things differently there.”

In the midst of this change, the Association for Computing Machinery (the ACM) published a paper entitled “Will IP really take over the world (of communications)?” This paper, written during the ongoing discussion within the engineering community over whether packet switching or circuit switching is the “better” technology, provides a lot of insight into the thinking of the time. Specifically, as the author say, the belief that IP is better:

…is based on our collective belief that packet switching is inherently superior to circuit switching because of the efficiencies of statistical multiplexing, and the ability of IP to route around failures. It is widely assumed that IP is simpler than circuit Continue reading

Worth Reading: Should we trust geolocation?

Geolocation databases are often used by both researchers and network operators to learn the real-world location of a given IP address. But how reliable are these in terms of coverage and accuracy at both country- or city-level resolutions? Evaluation studies of previous geolocation databases are dominated by the results over end-host addresses. As a result, the users are left unsure about the reliability of geolocation databases over infrastructure IP addresses such as those of router interfaces. –Manaf Gharaibeh @ APNIC

Reaction: Enabling Privacy is not Harmful

The argument for end-to-end encryption is apparently heating up with the work moving forward on TLSv1.3 currently in progress in the IETF. The naysayers, however, are also out in force, arguing that end-to-end encryption is a net negative. What is the line of argument? According to a recent article in CircleID, it seems to be something like this:

  • Governments have a right to asymmetrical encryption capabilities in order to maintain order. In other words, governments have the right to ensure that all private communication is ultimately readable by the government for any lawful purpose.
  • Standards bodies that enable end-to-end encryption that will prevent this absolute governmental good endanger society. The leaders of such standards bodies may, in fact, be prosecuted for their role in subverting government power.

The idea of end-to-end encryption is recast as a form of extremism, a radical idea that should not be supported by the network engineering community. Is end-to-end encryption really extremist? Is it really a threat to the social order?

Let me begin here: this is not just a technical issue. There are two opposing worldviews in play. Engineers don’t often study worldviews, or philosophy, so these questions tend to get buried in Continue reading

Worth Reading: Checklists

Thirty-six seconds after launch, lightning struck the Apollo 12 and its six million pounds of high explosive fuel. The instruments blacked out. Twenty-two seconds later lightning struck again. What few instruments remained started flashing red failure lights. The “you’re about to die” alarm started blaring. Over the radio the crew heard the voice of John Aaron: “Flight, try SCE to Aux.” Astronaut Alan Bean flipped the tiny switch immediately. —Jonathan Solórzano-Hamilton @ Free Code Camp

Worth Reading: Low Earth Satellite Internet Access

Satellites are now cheaper, smaller and lighter. OneWeb and their manufacturing partner Airbus say automation and re-design will enable them to manufacture three satellites per day at a cost of less than $1 million each and launch cost per satellite will be low since they are small and light. In a talk at the opening of the SpaceX satellite engineering office in 2015, CEO and Lead Designer Elon Musk expressed confidence that they would be able to mass produce satellites and also pointed out that the failure of one or a few satellites in a constellation of thousands was relatively unimportant. If a satellite fails, the remaining satellites will route around it, and increased tolerance of failure reduces manufacturing cost. —Larry Pess @ CircleID

Worth Reading: Hack it back is a bad idea

If there were a prize for the worst cybersecurity policy idea that just won’t die, it would have to go to “hacking back,” or making it legal for people to attack the computers that are attacking them. This idea has been around for years, which means that for years, people have been warning that this is a very bad idea—it’s not the first time I’ve written about this topic myself. But it’s a strangely persistent piece of policy, regardless of the fact that it’s been condemned by just about everyone, including law enforcement, and openly endorsed by almost no one. —Josephine Wolff @ Slate

Worth Reading: The calm before the IoT Storm (Reaper)

It’s been just over a year since the world witnessed some of the world’s top online Web sites being taken down for much of the day by “Mirai,” a zombie malware strain that enslaved “Internet of Things” (IoT) devices such as wireless routers, security cameras and digital video recorders for use in large-scale online attacks. Now, experts are sounding the alarm about the emergence of what appears to be a far more powerful strain of IoT attack malware — variously named “Reaper” and “IoTroop” — that spreads via security holes in IoT software and hardware. And there are indications that over a million organizations may be affected already. —Krebs on Security

Applying Software Agility to Network Design

The paper we are looking at in this post is tangential to the world of network engineering, rather than being directly targeted at network engineering. The thesis of On Understanding Software Agility—A Social Complexity Point of View, is that at least some elements of software development are a wicked problem, and hence need to be managed through complexity. The paper sets the following criteria for complexity—

  • Interaction: made up of a lot of interacting systems
  • Autonomy: subsystems are largely autonomous within specified bounds
  • Emergence: global behavior is unpredictable, but can be explained in subsystem interactions
  • Lack of equilibrium: events prevent the system from reaching a state of equilibrium
  • Nonlinearity: small events cause large output changes
  • Self-organization: self-organizing response to disruptive events
  • Co-evolution: the system and its environment adapt to one another

It’s pretty clear network design and operation would fit into the 7 points made above; the control plane, transport protocols, the physical layer, hardware, and software are all subsystems of an overall system. Between these subsystems, there is clearly interaction, and each subsystem acts autonomously within bounds. The result is a set of systemic behaviors that cannot be predicted from examining the system itself. The network design process is, Continue reading

Worth Reading: An observatory for path transparency measurement

Though the end-to-end principle and the four-layer TCP/IP architecture suggest that what happens above the IPv4 or IPv6 header isn’t any of the network’s business, the widespread deployment of firewalls, network address translators, proxies, and other middleboxes at layers four and seven mean that, in practice, TCP usually works, UDP usually works, and for everything else, your mileage may vary. —Brian Trammell @ APNIC

Worth Reading: Raw sockets in IPv6

As part of a measurement experiment, we wanted an implementation of an IPv6 UDP server and a TCP server that generated fragmented IPv6 packets. However, as an added condition, we wanted the application to directly control the packet fragmentation function. The conventional standard socket interface masks any visibility to the underlying packet transactions, and therefore cannot be used for this experiment. —Geoff Huston @Potaroo

Several on KRACK

Three articles of interest on the new WiFi KRACK—

This is not a crypto bug but a protocol bug (a pretty obvious and trivial protocol bug). When a client connects to the network, the access-point will at some point send a random “key” data to use for encryption. Because this packet may be lost in transmission, it can be repeated many times. What the hacker does is just repeatedly sends this packet, potentially hours later. Each time it does so, it resets the “keystream” back to the starting conditions. The obvious patch that device vendors will make is to only accept the first such packet it receives, ignore all the duplicates. —Robert Graham @Errata Security

So this is essentially a replay attack—something that is not taken seriously enough in the security world, by and large.

Researchers this week published information about a newfound, serious weakness in WPA2 — the security standard that protects all modern Wi-Fi networks. What follows is a short rundown on what exactly is at stake here, who’s most at-risk from this vulnerability, and what organizations and individuals can do about it. —Krebs on Security

And, finally, an article on protecting your network from KRACK—

Wi-Fi is Continue reading

Worth Reading: 4 Tips to Fight Propoganda

Disturbingly, both men confirmed the totality of propaganda in our society. And they did that many, many decades ago and well before the internet, social media, cable TV, or data mining. By 2017, many generations have been raised from infancy immersed in corporate, political, and ideological propaganda. Your grandparents were victims of propaganda, your parents were victims of propaganda, and you are, without a doubt, a victim of propaganda. —Devin Foley @Intellectual Takeout

The post Worth Reading: 4 Tips to Fight Propoganda appeared first on rule 11 reader.

1 75 76 77 78 79 162