0

Uganda’s January 13, 2021 Internet Shut Down

Two days ago, through its communications regulator, Uganda's government ordered the "Suspension Of The Operation Of Internet Gateways" the day before the country's general election. This action was confirmed by several users and journalists who got access to the letter sent to Internet providers. In other words, the government effectively cut off Internet access from the population to the rest of the world.

Ahead of tomorrow’s election the Internet has been shutdown in Uganda (confirmed by a few friends in Kampala).
Letter from communications commission below: pic.twitter.com/tRpTIXTPcW

— Samira Sawlani (@samirasawlani) January 13, 2021

On Cloudflare Radar, we want to help anyone understand what happens on the Internet. We are continually monitoring our network and exposing insights, threats, and trends based on the aggregated data that we see.

Uganda's unusual traffic patterns quickly popped up in our charts. Our 7-day change in Internet Traffic chart in Uganda shows a clear drop to near zero starting around 1900 local time, when the providers received the letter.

This is also obvious in the Application-level Attacks chart.

The traffic drop was also confirmed by the Uganda Internet eXchange point, a place where many providers exchange their data traffic, on their Continue reading

0

Heavy Networking 557: User Experience Is A Full-Stack Responsibility (Sponsored)

Digital Experience Monitoring (DEM) is the topic on today's Heavy Networking. IT folks tend to view user experience from their own particular area of responsibility--networking, security, app development--but the reality is there's a common set of data that IT should consume and understand. Sponsor Catchpoint joins us to discuss its DEM platform and how it measures user experience using metrics that are relevant across the IT stack. Our guest is JP Blaho, Director, Product Marketing at Catchpoint.

0

Heavy Networking 557: User Experience Is A Full-Stack Responsibility (Sponsored)

Digital Experience Monitoring (DEM) is the topic on today's Heavy Networking. IT folks tend to view user experience from their own particular area of responsibility--networking, security, app development--but the reality is there's a common set of data that IT should consume and understand. Sponsor Catchpoint joins us to discuss its DEM platform and how it measures user experience using metrics that are relevant across the IT stack. Our guest is JP Blaho, Director, Product Marketing at Catchpoint.

The post Heavy Networking 557: User Experience Is A Full-Stack Responsibility (Sponsored) appeared first on Packet Pushers.

0

Managing Leaders, Or Why Pat Gelsinger Is Awesome

In case you missed it, Intel CEO Bob Swan is stepping down from his role effective February 15 and will be replaced by current VMware CEO Pat Gelsinger. Gelsinger was the former CTO at Intel for a number of years before leaving to run EMC and VMware. His return is a bright spot in an otherwise dismal past few months for the chip giant.

Why is Gelsinger’s return such a cause for celebration? The analysts that have been interviewed say that Intel has been in need of a technical leader for a while now. Swan came from the office of the CFO to run Intel on an interim basis after the resignation of Brian Krzanich. The past year has been a rough one for Intel, with delays in their new smaller chip manufacturing process and competition heating up from long-time rival AMD but also from new threats like ARM being potentially sold to NVIDIA. It’s a challenging course for any company captain to sail. However, I think one key thing makes is nigh impossible for Swan.

Management Mentality

Swan is a manager. That’s not meant as a slight inasmuch as an accurate label. Managers are people that have things and Continue reading

0

KEMTLS: Post-quantum TLS without signatures

The Transport Layer Security protocol (TLS), which secures most Internet connections, has mainly been a protocol consisting of a key exchange authenticated by digital signatures used to encrypt data at transport^[1]. Even though it has undergone major changes since 1994, when SSL 1.0 was introduced by Netscape, its main mechanism has remained the same. The key exchange was first based on RSA, and later on traditional Diffie-Hellman (DH) and Elliptic-curve Diffie-Hellman (ECDH). The signatures used for authentication have almost always been RSA-based, though in recent years other kinds of signatures have been adopted, mainly ECDSA and Ed25519. This recent change to elliptic curve cryptography in both at the key exchange and at the signature level has resulted in considerable speed and bandwidth benefits in comparison to traditional Diffie-Hellman and RSA.

TLS is the main protocol that protects the connections we use everyday. It’s everywhere: we use it when we buy products online, when we register for a newsletter — when we access any kind of website, IoT device, API for mobile apps and more, really. But with the imminent threat of the arrival of quantum computers (a threat that seems to be getting closer and closer), we need Continue reading

0

Looking into Linux user logins with lslogins

One convenient way to list details about user logins on a Linux system is to use the lslogins command. You'll get a very useful and nicely formatted display that includes quite a few important details.On my system and likely most others, user accounts will start with UID 1000. To list just these accounts rather than include all of the service accounts like daemon, mail and syslog, add the -u option as shown in the example below.$ sudo lslogins -u UID USER PROC PWD-LOCK PWD-DENY LAST-LOGIN GECOS 0 root 151 0 0 root 1000 shs 68 0 0 12:35 Sandra H-S 1001 nemo 0 0 0 2021-Jan05 Nemo Demo,,, 1002 dbell 0 0 1 Dory Bell 1003 shark 2 0 0 7:15 Sharon Hark 1004 tadpole 0 0 0 2020-Dec05 Ted Pole 1005 eel 0 0 0 2021-Jan11 Ellen McDay 1006 bugfarm 0 0 0 2021-Jan01 Bug Farm 1008 dorothy 0 0 1 Dorothy Reuben 1012 jadep 0 0 1 2021-Jan04 Jade Jones 1013 myself 0 0 0 2021-Jan12 My Self 1014 marym 0 0 0 2020-Mar20 Mary McShea 1017 gijoe 0 0 0 GI Joe 65534 nobody 0 0 1 nobody What the lslogins command does is grab Continue reading

0

Looking into Linux user logins with lslogins

One convenient way to list details about user logins on a Linux system is to use the lslogins command. You'll get a very useful and nicely formatted display that includes quite a few important details.On my system and likely most others, user accounts will start with UID 1000. To list just these accounts rather than include all of the service accounts like daemon, mail and syslog, add the -u option as shown in the example below.$ sudo lslogins -u UID USER PROC PWD-LOCK PWD-DENY LAST-LOGIN GECOS 0 root 151 0 0 root 1000 shs 68 0 0 12:35 Sandra H-S 1001 nemo 0 0 0 2021-Jan05 Nemo Demo,,, 1002 dbell 0 0 1 Dory Bell 1003 shark 2 0 0 7:15 Sharon Hark 1004 tadpole 0 0 0 2020-Dec05 Ted Pole 1005 eel 0 0 0 2021-Jan11 Ellen McDay 1006 bugfarm 0 0 0 2021-Jan01 Bug Farm 1008 dorothy 0 0 1 Dorothy Reuben 1012 jadep 0 0 1 2021-Jan04 Jade Jones 1013 myself 0 0 0 2021-Jan12 My Self 1014 marym 0 0 0 2020-Mar20 Mary McShea 1017 gijoe 0 0 0 GI Joe 65534 nobody 0 0 1 nobody What the lslogins command does is grab Continue reading

0

Video: Multi-Layer Switching and Tunneling

After discussing the technology options one has when trying to get a packet across the network, we dived deep into two interesting topics:

• How do you combine packet forwarding at multiple layers of OSI stack (multi-layer switching)?
• What happens when you do layer-N forwarding over layer-M transport core where N <= M (example: IPv6 packets over IPv4 packets) aka tunneling?

You’ll find more details (including other hybrids like Loose Source Routing) in Multi-Layer Switching and Tunneling video.

0

Video: Multi-Layer Switching and Tunneling

After discussing the technology options one has when trying to get a packet across the network, we dived deep into two interesting topics:

• How do you combine packet forwarding at multiple layers of OSI stack (multi-layer switching)?
• What happens when you do layer-N forwarding over layer-M transport core where N <= M (example: IPv6 packets over IPv4 packets) aka tunneling?

You’ll find more details (including other hybrids like Loose Source Routing) in Multi-Layer Switching and Tunneling video.

0

Addressing 2020

Time for another annual roundup from the world of IP addresses. Let’s see what has changed in the past 12 months in addressing the Internet and look at how IP address allocation information can inform us of the changing nature of the network itself.

0

Webinar: How the Internet Really Works Part 1

On the 22nd, I’m giving a three hour course called How the Internet Really Works. I tried making this into a four hour course, but found I still have too much material, so I’ve split the webinar into two parts; the second part will be given in February. This part is about how systems work, who pays for what, and other higher level stuff. The second part will be all about navigating the DFZ. From the Safari Books site:

This training is designed for beginning engineers who do not understand the operation of the Internet, experienced engineers who want to “fill in the gaps,” project managers, coders, and anyone else who interacts with the Internet and wants to better understand the various parts of this complex, global ecosystem.

You can register here.

0

IPv6 Buzz 067: IPv6 In The Cloud With Ivan PepeInjak

Today's IPv6 Buzz episode examines the state of IPv6 in the public cloud, including capabilities and limitations with current v6 support in AWS and Azure, ongoing customer demand for v4, and more. Our guest is Ivan Pepelnjak.

0

IPv6 Buzz 067: IPv6 In The Cloud With Ivan PepeInjak

Today's IPv6 Buzz episode examines the state of IPv6 in the public cloud, including capabilities and limitations with current v6 support in AWS and Azure, ongoing customer demand for v4, and more. Our guest is Ivan Pepelnjak.

The post IPv6 Buzz 067: IPv6 In The Cloud With Ivan PepeInjak appeared first on Packet Pushers.

0

Hedge #66: Tyler McDaniel and BGP Peer Locking

Tyler McDaniel joins Eyvonne, Tom, and Russ to discuss a study on BGP peerlocking, which is designed to prevent route leaks in the global Internet. From the study abstract:

BGP route leaks frequently precipitate serious disruptions to interdomain routing. These incidents have plagued the Internet for decades while deployment and usability issues cripple efforts to mitigate the problem. Peerlock, introduced in 2016, addresses route leaks with a new approach. Peerlock enables filtering agreements between transit providers to protect their own networks without the need for broad cooperation or a trust infrastructure.

download

0

Want to Make the Internet Even Better in 2021? Register for Our Special Edition Community Event

Early last year, as people across the world quarantined to slow the spread of the COVID-19 virus, the Internet became critical to maintaining a semblance of routine and getting the latest lifesaving information. But there was a stark reality. Those without Internet access would have to grapple without this vital resource amidst a global pandemic.

Internet Society volunteers around the world understood the gravity of the situation. They jumped in to enable secure access.

In North America, NYC Mesh, a community network supported by the Internet Society, rushed to connect as many households as they could. While it was still safe to do so, they crossed rooftops to bring connectivity to some of the city’s most underserved.

In Europe, the Internet Society Italy Chapter launched SOSDigitale to mobilize resources and volunteers to respond to urgent technology gaps. The Portugal Chapter followed with their own SOS Digital campaign to donate computers and digital support to at-risk youth.

And in Latin America, residents of El Cuy, in remote Patagonia, Argentina, were able to reduce their potential exposure to COVID-19 via their newly-established community network, accessing medical prescriptions, education, banking, and government resources online.

No one could have predicted the events of 2020. Continue reading

0

Holistic web protection: industry recognition for a prolific 2020

I love building products that solve real problems for our customers. These days I don’t get to do so as much directly with our Engineering teams. Instead, about half my time is spent with customers listening to and learning from their security challenges, while the other half of my time is spent with other Cloudflare Product Managers (PMs) helping them solve these customer challenges as simply and elegantly as possible. While I miss the deeply technical engineering discussions, I am proud to have the opportunity to look back every year on all that we’ve shipped across our application security teams.

Taking the time to reflect on what we’ve delivered also helps to reinforce my belief in the Cloudflare approach to shipping product: release early, stay close to customers for feedback, and iterate quickly to deliver incremental value. To borrow a term from the investment world, this approach brings the benefits of compounded returns to our customers: we put new products that solve real-world problems into their hands as quickly as possible, and then reinvest the proceeds of our shared learnings immediately back into the product.

It is these sustained investments that allow us to release a flurry of small improvements Continue reading

0

Why Multi-Cloud Will Dominate 2021

Added cloud architecture will be needed to support the accelerated shift to remote work as many workers remain at home this year.

0

Cisco coughs up another $1.9B to buy Acacia

After some saber-rattling, Cisco has sweetened the pot to acquire optical technology firm Acacia. The amended agreement calls for Cisco to pay $4.5 billion instead of the originally agreed upon $2.6 billion deal.The companies said the amended acquisition should close by the end of the first calendar quarter of 2021, but it is still subject to closing conditions, including Acacia stockholder approval. Upon completion of the acquisition, Acacia CEO Raj Shanmugaraj and company employees will join Cisco's Optics business.To read this article in full, please click here

0

Soar: Simulation for Observability, reliAbility, and secuRity

Serving more than approximately 25 million Internet properties is not an easy thing, and neither is serving 20 million requests per second on average. At Cloudflare, we achieve this by running a homogeneous edge environment: almost every Cloudflare server runs all Cloudflare products.

As we offer more and more products and enjoy the benefit of horizontal scalability, our edge stack continues to grow in complexity. Originally, we only operated at the application layer with our CDN service and DoS protection. Then we launched transport layer products, such as Spectrum and Argo. Now we have further expanded our footprint into the IP layer and physical link with Magic Transit. They all run on every machine we have. The work of our engineers enables our products to evolve at a fast pace, and to serve our customers better.

However, such software complexity presents a sheer challenge to operation: the more changes you make, the more likely it is that something is going to break. Continue reading

0

Tier 1 Carriers Performance Report: December, 2020

The post Tier 1 Carriers Performance Report: December, 2020 appeared first on Noction.