Worth Reading: AI Forgeries are in the Future

Today, when people see a video of a politician taking a bribe, a soldier perpetrating a war crime, or a celebrity starring in a sex tape, viewers can safely assume that the depicted events have actually occurred, provided, of course, that the video is of a certain quality and not obviously edited. But that world of truth—where seeing is believing—is about to be upended by artificial intelligence technologies. —Wired

The post Worth Reading: AI Forgeries are in the Future appeared first on rule 11 reader.

Worth Reading: The Internet and Trust

This narrative refers to the understanding that trust mitigates the basic uncertainties that the Internet architecture has imposed upon its operators since its inception. To this day, network engineers cannot generally be certain about the validity of the routing announcements that they receive from interconnected networks, and they have little insight into the legitimacy of the traffic that they are mandated to transmit. Historically, network operators knew and trusted one another, and, as a result, the Internet worked in spite of its uncertainties. —APNIC

The post Worth Reading: The Internet and Trust appeared first on rule 11 reader.

Random Thoughts on Grey Failures and Scale

I have used the example of increasing paths to the point where the control plane converges more slowly, impacting convergence, hence increasing the Mean Time to Repair, to show that too much redundancy can actually reduce overall network availability. Many engineers I’ve talked to balk at this idea, because it seems hard to believe that adding another link could, in fact, impact routing protocol convergence in such a way. I ran across a paper a while back that provides a different kind of example about the trade-off around redundancy in a network, but I never got around to actually reading the entire paper and trying to figure out how it fits in.

In Gray Failure: The Achilles’ Heel of Cloud-Scale Systems, the authors argue that one of the main problems with building a cloud system is with grey failures—when a router fails only some of the time, or drops (or delays) only some small percentage of the traffic. The example given is—

• A single service must collect information from many other services on the network to complete a particular operation
• Each of these information collection operations represent a single transaction carried across the network
• The more transactions there are, the Continue reading

Worth Reading: The Value of DRM Locks

My co-authors and I at the University of Glasgow are investigating how restrictions on interoperability imposed by Digital Rights Management (DRM) systems might impact the market for goods. We are doing this as part of a larger project to better understand the economics of DRM and to figure out what changes would likely occur if the laws were reformed. Our recent working paper is titled ‘How much do consumers value interoperability: Evidence from the price of DVD players’. —EFF

The post Worth Reading: The Value of DRM Locks appeared first on rule 11 reader.

Worth Reading: Converge your network with priority flow control

Back in April, we talked about a feature called Explicit Congestion Notification (ECN). We discussed how ECN is an end-to-end method used to converge networks and save money. Priority flow control (PFC) is a different way to accomplish the same goal. Since PFC supports lossless or near lossless Ethernet, you can run applications, like RDMA, over Converged Ethernet (RoCE or RoCEv2) over your current data center infrastructure. Since RoCE runs directly over Ethernet, a different method than ECN must be used to control congestion. In this post, we’ll concentrate on the Layer 2 solution for RoCE — PFC, and how it can help you optimize your network. —Cumulus

The post Worth Reading: Converge your network with priority flow control appeared first on rule 11 reader.

Herons

The post Herons appeared first on rule 11 reader.

Worth Reading: Implementing security as a set of services

In this post, I will focus on the implementation of the security services in terms of an ITIL-type framework. This is a blog post that took a long time to write — but some of the considerations here are essential if you are in the process of implementing security as a service, and especially if you are looking at ITIL as a service delivery methodology. —APNIC

The post Worth Reading: Implementing security as a set of services appeared first on rule 11 reader.

Worth Reading: New German law encourages censorship

Social media companies and other hosts of third-party content will soon face potential fines of €50 million in Germany if they fail to promptly censor speech that may violate German law. Last week, the German parliament approved the NetzDG legislation, which goes into effect 1 October and will require social media sites and other hosts of user-generated content to remove “obviously illegal” speech within 24 hours of being notified of it. —Center for Democracy and Technology

The post Worth Reading: New German law encourages censorship appeared first on rule 11 reader.

Worth Reading: Journey into the hybrid cloud

“In the cloud” is more now than just a phrase that describes a feeling. Although the cloud began as a vision, over the past decade it has become an integral part of everyday business decisions, even being evaluated for an enterprise’s most critical high-value operations. Thanks to the public cloud, many startups find it quick and easy to set up their initial operation and product-development cycles. Some, such as Uber and Airbnb, even go to market entirely in the cloud. —The Data Center Journal

The post Worth Reading: Journey into the hybrid cloud appeared first on rule 11 reader.

Worth Reading: Cutting through the segment routing hype

Segment Routing (SR) is a new traffic-engineering technology being developed by the IETF’s SPRING Working Group. Two forwarding plane encapsulations are being defined for SR: Multiprotocol Label Switching (MPLS) and IPv6 with a Segment Routing Extension Header. This article provides some historical context by describing the MPLS forwarding plane and control plane protocols, explains how Segment Routing works, introduces the MPLS-SR forwarding plane, and shows how the SR control plane is used. Finally, the article compares SR with legacy MPLS systems, and identifies its unique merits. —The IETF Journal

The post Worth Reading: Cutting through the segment routing hype appeared first on rule 11 reader.

On the ‘web: Is it really simpler?

Simplification is the metabuzzword overlaying the networking world today. For instance, Software Defined Wide Area Networks (SD-WANs), which propose to reduce the complexity of the enterprise wide area network, particularly the network connecting to the many thousands of remote sites many enterprises operate, by replacing MPLS and private line services purchased from service providers, with services that operate over the top of “plain jane Internet” connectivity. A second area where network operators are simplifying is by purchasing pre-integrated stacks of compute, storage, and networking, in a single rack, and controlled through a single GUI—a form of hyperconvergence. A third area is in the large amounts of interest in deploying Software Defined Networks (SDNs), which are being promoted based on the simplifications possible from removing “complex” distributed control planes from the network. There are three questions network engineers should ask in response to the simplification metabuzzword, however. —Tech Target

The post On the ‘web: Is it really simpler? appeared first on rule 11 reader.

Worth Reading: ISPs simplifying customer IPv6 addressing

One of the main issues for an ISP planning to deliver IPv6 services is to decide how to address the customers. In a generic way, we could say that the first thing to do for any IPv6 deployment is the complete network addressing plan, even before obtaining your addressing space from your Regional Internet Registry (RIR), so you get it right from the very beginning. In the case of corporate customers, generally nobody doubts that they should receive a /48 IPv6 GUA (Global Unicast Address) at every end-site, and of course, those prefixes should be persistent (often called static) to each customer. —APNIC

The post Worth Reading: ISPs simplifying customer IPv6 addressing appeared first on rule 11 reader.

Worth Reading: Take a pause on ransomware

As these devastating global ransomware attacks illustrate, cybersecurity is not an issue that can be ignored. Any time a device or system is connected to the Internet, it is a potential target. What was once just another lucrative means of extorting money from Internet users, ransomware is emerging as a preferred tool for causing widespread disruption of vital services such as hospitals, banks, shipping, or airports. Attacks are growing more sophisticated and more enduring, with longer term damaging effects and wider impact. Ransomware exploits the slow pace of security patching, systems that are dependent on old software, and poor backup practices. It also provides a smokescreen for other nefarious acts including stealing data and credentials, or even wiping data. So, the name “ransomware” becomes illusory: what we are really dealing with is “hydraware.” —The Internet Society

The post Worth Reading: Take a pause on ransomware appeared first on rule 11 reader.

Join me at SDxE

The post Join me at SDxE appeared first on rule 11 reader.

Worth Reading: Internet of Terror

Before we get to the question of encryption and key length, I would like to point out two things. An IoT device is nothing more than an embedded system with a TCP/IP stack. It is not a magical object that is somehow protected from attackers because of how cool, interesting, or colorful it is. Second, and I can’t believe I have to point this out to people who would read or write to KV, but the Internet has a lot of stuff on it, and it’s getting bigger every day. Once upon a time, there were fewer than 100 nodes on the Internet, and that time is long past. KV has three Internet-enabled devices within arm’s reach, and, if you think a billion users of the Internet aren’t scary, try multiplying that by 10 once every fridge, microwave, and hotel alarm clock can spew packets into the ether(net). Let’s get this straight: if you attach something to a network—any network—it had better be secured as well as possible, because I am quite tired of being awakened by the sound of the gnashing of teeth caused by each and every new network security breach. The Internet reaches everywhere, and if even Continue reading

Worth Reading: Moving Computing to the Edge (Again)

Our perception of what makes a data center is shifting all the time. We’ve already seen a move away from the large, monolithic bricks and mortar structures of old and seeing new manifestations in smaller form factors. … Project Volutus, with hundreds of Kilowatts of compute capacity in each location, makes it possible to run data center scale workloads at the edge, doing everything from IoT data ingestion to distributed machine learning on GPUs. —The New Stack

The post Worth Reading: Moving Computing to the Edge (Again) appeared first on rule 11 reader.

Complexity and the Thin Waist

In recent years, we have become accustomed to—and often accosted by—the phrase software eats the world. It’s become a mantra in the networking world that software defined is the future. full stop This research paper by Microsoft, however, tells a different story. According to Baumann, hardware is the new software. Or, to put it differently, even as software eats the world, hardware is taking over an ever increasing amount of the functionality software is doing. In showing this point, the paper also points out the complexity problems involved in dissolving the thin waist of an architecture.

The specific example used in the paper is the Intel x86 Instruction Set Architecture (ISA). Many years ago, when I was a “youngster” in the information technology field, there were a number of different processor platforms; the processor wars waged in full. There were, primarily, the x86 platform, by Intel, beginning with the 8086, and its subsequent generations, the 8088, 80286, 80386, then the Pentium, etc. On the other side of the world, there were the RISC based processors, the kind stuffed into Apple products, Cisco routers, and Sun Sparc workstations (like the one that I used daily while in Cisco TAC). The argument Continue reading

Worth Reading: 5G and Internet Technology

5G is the latest generation of cellular network standards. There’s a tremendous amount of activity around it in the industry. But how does 5G relate to Internet technology? Are there 5G-related work items that the IETF should be working on, for instance? —APNIC

The post Worth Reading: 5G and Internet Technology appeared first on rule 11 reader.

Worth Reading: The next generation of whois

Similar to Internet DNS, WHOIS is not a single, centrally managed database. Rather, domain name registration data is held in disparate locations and administered by multiple Registries and Registrars. Further, a similar WHOIS service (maintained by Regional and National Internet Registries) exists for Numbering Resources (IPV4/V6 addresses, ASN numbers) on Internet. For the sake of simplicity and clarity, we will only talk about domain name WHOIS in this article. —APNIC

The post Worth Reading: The next generation of whois appeared first on rule 11 reader.

Worth Reading: Why isn’t everyone running DNSSEC?

Given how critical DNS is to the functioning of the Internet, it’s a mystery that the world is prepared to accept such a security-deficient protocol at the core of all its infrastructure. What’s even crazier is that there’s a secure solution that’s been in the pipeline for over a decade: DNS security extensions, or DNSSEC. —APNIC

The post Worth Reading: Why isn’t everyone running DNSSEC? appeared first on rule 11 reader.