Have your data and hide it too: An introduction to differential privacy
Many applications rely on user data to deliver useful features. For instance, browser telemetry can identify network errors or buggy websites by collecting and aggregating data from individuals. However, browsing history can be sensitive, and sharing this information opens the door to privacy risks. Interestingly, these applications are often not interested in individual data points (e.g. whether a particular user faced a network error while trying to access Wikipedia) but only care about aggregated data (e.g. the total number of users who had trouble connecting to Wikipedia).
The Distributed Aggregation Protocol (DAP) allows data to be aggregated without revealing any individual data point. It is useful for applications where a data collector is interested in general trends over a population without having access to sensitive data. There are many use cases for DAP, from COVID-19 exposure notification to telemetry in Firefox to personalizing photo albums in iOS. Cloudflare is helping to standardize DAP and its underlying primitives. We are working on an open-source implementation of DAP and building a service to run with current and future partners. Check out this blog post to learn more about how DAP works.
DAP takes a significant step in the right direction, Continue reading
Happy Holidays and All the Best in 2024!
My video editor sent me the perfect let’s-wrap-up-this-year video:
I wish you a few quiet days disconnected from the technology and all the best in 2024!
What do I know about boats
Oh a boat, how do you know it wont sink………..
Thoughts on 2023
As we close out 2023, some random observations about engineering, culture, and life.
Network engineering needs help. I am hearing, from all over the place, that network engineering is “not cool.” There is a dearth of students entering the pipeline. College programs are struggling, and many organizations are struggling with a lack of engineering talent—in fact, I would guess the most common reason for companies to move to “the cloud” is because they cannot find anyone who knows how to build an operate a network any longer.
It probably didn’t help that for the last few years many “thought leaders” in the network engineering space have been saying there is no future in network engineering. It also doesn’t help that network engineering training has become stilted and … boring. Coders are off talking about how to solve problems. Robotics folks are working on cool projects that solve problems.
Network engineers are being taught how to spend less money and told to “find another career.”
I don’t know how we think we can sustain a healthy world of IT without network engineers.
And yes, I know there are folks who think networking problems are simple, easy enough to solve Continue reading
Next-Level Lateral Security for Your Private Cloud
Cyber attacks are growing in frequency and complexity. And at an average cost of $4.35M1, data breaches are no joke. With Generative AI, this threat will grow even further—equipping even an unsophisticated attacker with the means to become a sophisticated hacker.
Reality is, you can’t get away with just protecting your perimeter anymore. Today, the most common type of attack vectors—lateral movement, vulnerability exploits and zero day attacks — are all matters of lateral security. And with the majority of your traffic going east-west, protecting the inside of your network is beyond critical.
Traditional security solutions aren’t enough when it comes to lateral security: implemented with multiple appliances, they lead to traffic hairpinning, create bottlenecks, are cost-prohibitive, and only protect a subset of workloads. To make matters worse, they’re blind to VM-to-VM traffic, since traditional methods of using network taps only see traffic between physical hosts. And you can’t protect what you can’t see.
To protect the inside of your private cloud, you need a comprehensive lateral security solution that gives you complete visibility and security.
VMware’s Lateral Security answers that call; it is distributed, built into the hypervisor, and scales seamlessly to meet your evolving Continue reading
How High-Tech Production Design Powers Immersive Entertainment Experiences
Lars Pedersen, a leading stage and lighting equipment executive behind major theater productions and live acts since 1979, explains the infrastructure required to bring complex visual displays to large-scale shows.Laying the Network Foundation for Digital Economy Development in Indonesia
In Indonesia, next-generation 400GE IP transport networks are playing an important role in meeting the ultra-broadband connection requirements of mobile broadband, home broadband, enterprise private line, and enterprise campus scenarios.A return to US net neutrality rules?
For nearly 15 years, the Federal Communications Commission (FCC) in the United States has gone back and forth on open Internet rules – promulgating and then repealing, with some court battles thrown in for good measure. Last week was the deadline for Internet stakeholders to submit comments to the FCC about their recently proposed net neutrality rules for Internet Service Providers (ISPs), which would introduce considerable protections for consumers and codify the responsibility held by ISPs.
For anyone who has worked to help to build a better Internet, as Cloudflare has for the past 13 years, the reemergence of net neutrality is déjà vu all over again. Cloudflare has long supported the open Internet principles that are behind net neutrality, and we still do today. That’s why we filed comments with the FCC expressing our support for these principles, and concurring with many of the technical definitions and proposals that largely would reinstitute the net neutrality rules that were previously in place.
But let’s back up and talk about net neutrality. Net neutrality is the principle that ISPs should not discriminate against the traffic that flows through them. Specifically, when these rules were adopted by the FCC in 2015, there Continue reading
End-of-Year Cleanup: OSPF Blog Posts
After procrastinating for months, I finally spent a few days cleaning up and organizing OSPF blog posts (it turns out I wrote almost 100 blog posts on the topic in the 18 years of blogging).
End-of-Year Cleanup: OSPF Blog Posts
After procrastinating for months, I finally spent a few days cleaning up and organizing OSPF blog posts (it turns out I wrote almost 100 blog posts on the topic in the 18 years of blogging).
D2C226: Creating An Effective Cloud Migration Strategy
On today's Day Two Cloud podcast we talk about a cloud project where things didn't go as planned. There were people problems, technical problems, and regulatory problems. Our guest Jonah Andersson shares lessons learned and how they can inform your own cloud strategies. We also talk about how to determine if cloud is the right choice, why you need to account for people and processes and not just tech, and more.
The post D2C226: Creating An Effective Cloud Migration Strategy appeared first on Packet Pushers.
D2C226: Creating An Effective Cloud Migration Strategy
On today’s Day Two Cloud podcast we talk about a cloud project where things didn’t go as planned. There were people problems, technical problems, and regulatory problems. Our guest Jonah Andersson shares lessons learned and how they can inform your own cloud strategies. We also talk about how to identify your project goals to determine... Read more »Don’t Let the Cyber Grinch Ruin your Winter Break: Project Cybersafe Schools protects small school districts in the US
As the last school bell rings before winter break, one thing school districts should keep in mind is that during the winter break, schools can become particularly vulnerable to cyberattacks as the reduced staff presence and extended downtime create an environment conducive to security lapses. Criminal actors make their move when organizations are most vulnerable: on weekends and holiday breaks. With fewer personnel on-site, routine monitoring and response to potential threats may be delayed, providing cybercriminals with a window of opportunity. Schools store sensitive student and staff data, including personally identifiable information, financial records, and confidential academic information, and therefore consequences of a successful cyberattack can be severe. It is imperative that educational institutions implement robust cybersecurity measures to safeguard their digital infrastructure.
If you are a small public school district in the United States, Project Cybersafe Schools is here to help. Don’t let the Cyber Grinch ruin your winter break.
The impact of Project Cybersafe Schools thus far
In August of this year, as part of the White House Back to School Safely: K-12 Cybersecurity Summit, Cloudflare announced Project Cybersafe Schools to help support eligible K-12 public school districts with a package of Zero Trust cybersecurity solutions — Continue reading
Setting Source IP Address on Traffic Started by a Multihomed Host
In the Path Failure Detection on Multi-Homed Servers blog post, I mentioned running BGP on servers as one of the best ways to detect server-to-network failures. As always, things aren’t as simple as they look, as Cathal Mooney quickly pointed out:
One annoyance is what IP address gets used by default by the system for outbound traffic. It would be nice to have a generic OS-level way to say, “This IP on lo0 should be default for outbound IP traffic unless to the connected link subnet itself.”
That’s definitely a tough nut to crack, and Cathal described a few solutions he used in the past:
Setting Source IP Address on Traffic Started by a Multihomed Host
In the Path Failure Detection on Multi-Homed Servers blog post, I mentioned running BGP on servers as one of the best ways to detect server-to-network failures. As always, things aren’t as simple as they look, as Cathal Mooney quickly pointed out:
One annoyance is what IP address gets used by default by the system for outbound traffic. It would be nice to have a generic OS-level way to say, “This IP on lo0 should be default for outbound IP traffic unless to the connected link subnet itself.”
That’s definitely a tough nut to crack, and Cathal described a few solutions he used in the past:
10 SD-WAN Providers & Solutions to Consider in 2024: An Overview
IT leaders are increasingly turning to a Software-Defined Wide-Area Network (SD-WAN) overlay. Here, we look into ten of the most popular SD-WAN providers.HS061 What is IT Training or Education
The difference between training and education is signficant and technology industry often conflates these terms. They are vastly different ways to providing learning and we dive into why we need more education and less training.
The post HS061 What is IT Training or Education appeared first on Packet Pushers.
HS061 What is IT Training or Education
The difference between training and education is signficant and technology industry often conflates these terms. They are vastly different ways to providing learning and we dive into why we need more education and less training.
BGP Challenge: Merge Autonomous Systems
Here’s a challenge in case you get bored during the Christmas break: merge two networks running BGP (two autonomous systems) without changing anything but the configurations of the routers connecting them (the red BGP session in the diagram). I won’t give you any hints; you can discuss it in the comments or a GitHub discussion.
Hopefully, you won’t have to deal with something similar in real life, but then we know that crazy requirements trump good designs any day of the week.