Worth Reading: Cisco’s identity crisis

Our Cisco team has been reaching out to get feedback on our relationship with Cisco and its products — a healthy practice for any vendor. I’ve tried to be open, honest, and consistent in all our talks. As I mentally review our conversations, I conclude I’ve been contradictory. On one hand, I’ve talked about how the industry is changing and Cisco’s products need to evolve in a software-defined marketplace. At the same time, I’ve decried their decision to move last-generation data center products to the campus portfolio to make way for newer technology. —Eyvonne Sharp

The post Worth Reading: Cisco’s identity crisis appeared first on 'net work.

Automation

The post Automation appeared first on 'net work.

Worth Reading: Ransomware for Dummies

Among today’s fastest-growing cybercrime epidemics is “ransomware,” malicious software that encrypts your computer files, photos, music and documents and then demands payment in Bitcoin to recover access to the files. A big reason for the steep increase in ransomware attacks in recent years comes from the proliferation of point-and-click tools sold in the cybercrime underground that make it stupid simple for anyone to begin extorting others for money. —Krebs on Security

The post Worth Reading: Ransomware for Dummies appeared first on 'net work.

Worth Reading: Five jobs robots will take first

Oxford University researchers have estimated that 47 percent of U.S. jobs could be automated within the next two decades. But which white-collar jobs will robots take first? First, we should define “robots” (for this article only) as technologies, such as machine learning algorithms running on purpose-built computer platforms, that have been trained to perform tasks that currently require humans to perform. —Shelly Palmer

The post Worth Reading: Five jobs robots will take first appeared first on 'net work.

CoDel and Active Queue Management

Buffering packets in a network is both good and bad. It is good because a buffer can hold packets from one stream while another stream’s packets are being processed, to take up and release short bursts of traffic, to hold and then release packets when there is a very short interruption on the wire (or during a route change), and in many other situations. However, queues are bad when there is a standing queue, which means a particular flow always has some number of packets in a particular queue along the path between the source and the destination. This normally occurs at the narrowest point along the path, or rather the link with the lowest bandwidth. In a previous post, I looked at BBR, a change to the way TCP computes its window sizes, that attempts to reduce the amount of traffic “in flight” between a sender and receiver to reduce the number of packets being held in a particular buffer along the way.

This post will consider another solution: CoDel. CoDel is essentially an improved tail drop mechanism that provides the correct signals to TCP to slow down its send rate, or rather to reduce the window size (and Continue reading

Worth Reading: Redliner

…due to the nature of rapid-growing web services like LinkedIn, we face big challenges when trying to measure service capacity limits. These challenges come from the constantly changing traffic shape, the heterogeneous infrastructure characteristics, and the evolving bottlenecks. In order to determine service capacity limits accurately and pinpoint capacity bottlenecks effectively, we need a solution that… —LinkedIn Engineering Blog

The post Worth Reading: Redliner appeared first on 'net work.

Administravia 030417

Just a few notes on the blog site in general. I’ve rebuilt the sixty books pages without tables. I don’t know if this is better, but it does load a bit faster. I’ve also added links to my GoodReads and Feedly profiles just in case you’re interested in what I’m currently reading/read on a regular basis. I didn’t include all the RSS feeds I read in the shared Feedly profile, just general, culture, and technology.

The post Administravia 030417 appeared first on 'net work.

Worth Reading: The digital age produces binary outcomes

The digital age produces binary outcomes. Winners tend to win overwhelmingly—in war as well as in business. The Soviet Union crumbled in the late 1980s when American technology bested Soviet military spending, then estimated at a quarter of GDP. The enormous Russian bet on military power lost and Communism fell. America emerged from the Cold War with a degree of military superiority greater than any country in modern history. It also emerged with a technologically driven economy that had no real competitor, with Russia close to ruin after the collapse of Communism and China in an early stage of economic development. —American Affairs

The post Worth Reading: The digital age produces binary outcomes appeared first on 'net work.

Pier into the Marsh

The post Pier into the Marsh appeared first on 'net work.

Worth Reading: Current trends in machine learning

During the past decade, enterprises have begun using machine learning (ML) to collect and analyze large amounts of data to obtain a competitive advantage. Now some are looking to go even deeper – using a subset of machine learning techniques called deep learning (DL), they are seeking to delve into the more esoteric properties hidden in the data. The goal is to create predictive applications for such areas as fraud detection, demand forecasting, click prediction, and other data-intensive analyses. —The Next Platform

The post Worth Reading: Current trends in machine learning appeared first on 'net work.

Worth Reading: The data deletion landscape

Delete is a word built into the vocabulary of users from the beginning of personal computing. When commanded to “del,” an operating system appeared to erase a file completely. However, right from the start, a users’ commonsense understanding of the command to “delete” differed from companies’ practices; rather than erasing a file, “delete” meant “put in the recycle bin.” “Deleted” files were not really gone but rather out of sight, available to be recovered if necessary. The rise of cloud computing, where files live remotely from their owners’ devices and are frequently accessible from multiple devices, has further muddied the concept of deletion by saving all of a user’s files in an ambiguous location until called upon. While this change may seem trivial, it represents a larger truth about our digital files: they are almost never really “deleted.” —CDT

The post Worth Reading: The data deletion landscape appeared first on 'net work.

On the ‘net: LinkedIn’s DC Design Principles

Operating a large-scale, rapidly growing network requires a philosophical change in how you plan, deploy, and operate your infrastructure. At LinkedIn, as we scaled our data center network, it became evident that we needed to provision and build networks not only as quickly as possible, but also with the most simple and minimalistic approaches possible — something that previously was not quite apparent to us. Adding a new component, a new feature, or a new service without any traffic loss or architectural change is challenging. —Network Computing

The post On the ‘net: LinkedIn’s DC Design Principles appeared first on 'net work.

Worth Reading: Lessons learned from decommissioning a legacy service

Last quarter, I worked on a project called “kill-inbox-war.” Inbox-war was a frontend service that served legacy LinkedIn messaging UI, RPC (Remote Procedure Call) endpoints before Rest.li, and some parts of notifications and invitations for LinkedIn. Even though most of the functionality related to messaging had already been moved out of inbox-war before the project started, the service still had greater than 1,400 QPS (queries per second) at peak. Finally, after almost four months of hard work, the QPS has dropped to almost 0. The graph below is inbox-war QPS for the past six months. —LinkedIn Engineering

The post Worth Reading: Lessons learned from decommissioning a legacy service appeared first on 'net work.

Worth Reading: The rise of SSL based threats

The majority of Internet traffic is now encrypted. With the advent of free SSL providers like Let’s Encrypt, the move to encryption has become easy and free. On any given day in the Zscaler cloud, more than half of the traffic that inspected uses SSL. It is no surprise, then, that malicious actors have also been using the SSL protocol in their activities over the last several years. The increasing use of SSL creates problems for organizations that are unable to monitor SSL traffic, as they must rely on less-effective techniques like IP and domain blocking in an attempt to identify and block threats. —CSA

The post Worth Reading: The rise of SSL based threats appeared first on 'net work.

Why no YANG??

I was at Cisco Live in Berlin last week, and I came away with a question: why no YANG?

Here is a YANG model represented in YIN—this one describes an interface in Quagga, and is easy to read:

YANG can be expressed in many ways, such as YIN, or in a model format (which is still easy to read), or in json format. This is an example of HTML, taken from the Vimeo site:

The YIN representation of YANG is XML, and XML is also a superset of HTML.

The post Why no YANG?? appeared first on 'net work.

Worth Reading: How to bury a breach notification

Amid the hustle and bustle of the RSA Security Conference in San Francisco last week, researchers at RSA released a startling report that received very little press coverage relative to its overall importance. The report detailed a malware campaign that piggybacked on a popular piece of software used by system administrators at some of the nation’s largest companies. Incredibly, the report did not name the affected software, and the vendor in question has apparently chosen to bury its breach disclosure. This post is an attempt to remedy that. —Krebs on Security

The post Worth Reading: How to bury a breach notification appeared first on 'net work.

Worth Reading: Making it easy to share annotations on the ‘web

The W3C has announced the publication of three new standards aimed to enable an ecosystem of interoperable products that let the world comment on, describe, tag, and link any resource on the Web. Many websites already allow comments, but current annotation systems rely on unique, usually proprietary technologies chosen and provided by publishers. Notes cannot be shared easily across the Web and comments about a Web page can only be saved and viewed via a single website. Readers cannot select their own tools, choose their own service providers or bring their own communities. The adoption of the Web Annotation standards will spell the end of the phrase “Don’t read the comments!”, returning power to the readers decide where and how they provide and consume such feedback. —W3C

The post Worth Reading: Making it easy to share annotations on the ‘web appeared first on 'net work.

Into the Gray Zone: Considering Active Defense

Most engineers focus on purely technical mechanisms for defending against various kinds of cyber attacks, including “the old magic bullet,” the firewall. The game of cannons and walls is over, however, and the cannons have won; those who depend on walls are in for a shocking future. What is the proper response, then? What defenses are there The reality is that just like in physical warfare, the defenses will take some time to develop and articulate.

One very promising line of thinking is that of active defense. While the concept is often attributed to some recent action, active defense has been one form of warfare for many centuries; there are instances of what might be called active defense outlined in the Bible and in Greek histories. But it is only recently, in light of the many wars around Israel, that defense in depth has taken on its modern shape in active defense. What about active defense is so interesting from a network security perspective? It is primarily this: in active defense, the defender seeks to tire an attacker out by remaining mobile, misdirecting the attacker, and using every opportunity to learn about the attacker’s techniques, aims, and resources to reflect Continue reading

Worth Reading: Commercial incentives behind IPv6 deployment

The Best Practice Forum (BPF) on IPv6 at the Internet Governance Forum (IGF) explored what economic and commercial incentives drive providers, companies and organizations to deploy IPv6 on their networks and for their services. The BPF collected case studies, held open discussions online and at the 2016 IGF meeting, and produced a comprehensive output report. This article gives a high-level overview. —CircleID

The post Worth Reading: Commercial incentives behind IPv6 deployment appeared first on 'net work.

Worth Reading: SHA-1 collision found

Cryptographic hash functions like SHA-1 are a cryptographer’s swiss army knife. You’ll find that hashes play a role in browser security, managing code repositories, or even just detecting duplicate files in storage. Hash functions compress large amounts of data into a small message digest. As a cryptographic requirement for wide-spread use, finding two messages that lead to the same digest should be computationally infeasible. Over time however, this requirement can fail due to attacks on the mathematical underpinnings of hash functions or to increases in computational power. —Google Security Blog

The post Worth Reading: SHA-1 collision found appeared first on 'net work.