Worth Reading: Stop Trying to Deter Cyber Criminals

With the foregoing in mind, the key question today is, “Given the very problematic historical record, why should anybody think that cyber deterrence will somehow now become a useful and functional policy option?” And when one adds the fresh wrinkles of anonymity and/or deniability of the perpetrator, the low cost—relative to other forms of aggression—of cyberspace-based attack, and the virtually nonexistent barriers to entry that diffuse power to swarms of hackers, the goal of achieving reliable, robust cyber deterrence seems well out of reach. —ACM

The post Worth Reading: Stop Trying to Deter Cyber Criminals appeared first on 'net work.

Worth Reading: Building the LinkedIn Knowledge Graph

At LinkedIn, we use machine learning technology widely to optimize our products: for instance, ranking search results, advertisements, and updates in the news feed, or recommending people, jobs, articles, and learning opportunities to members. An important component of this technology stack is a knowledge graph that provides input signals to machine learning models and data insight pipelines to power LinkedIn products. This post gives an overview of how we build this knowledge graph. —LinkedIn Engineering Blog

The post Worth Reading: Building the LinkedIn Knowledge Graph appeared first on 'net work.

Basement Hall

The post Basement Hall appeared first on 'net work.

Worth Reading: Limitations of Current Branch Office WAN

A key characteristic of the traditional branch office WAN architecture is to have T1/E1-based access to a service provider’s MPLS network at each branch office and to have one or more high speed links at each data center. In this architecture it is common to backhaul some or all of a company’s Internet traffic to a data center before handing that traffic off to the Internet. In order to understand how common this architectural approach is, the survey respondents were asked to indicate how much of their Internet traffic that is generated in branch offices is backhauled to a data center before being handed off to the Internet. —ECI

The post Worth Reading: Limitations of Current Branch Office WAN appeared first on 'net work.

Worth Reading: Data Centric Computing

Unlike enterprise business applications of the 1990s, systems processing this growing deluge of unstructured data have to deal with an entirely different class of problems. As data scales beyond petabytes, simply ingesting, storing, retrieving, and processing data becomes challenging using traditional server and application architectures. currentThe sheer scale of infrastructure needed to support these workflows is, for most companies, daunting. There is network complexity required to support terabytes per hour data ingest rates, a large and growing storage tier, and a compute infrastructure that continuously scans incoming data to classify and process it. —The Next Platform

The post Worth Reading: Data Centric Computing appeared first on 'net work.

Humans, to Computers

The post Humans, to Computers appeared first on 'net work.

Worth Reading: The Wild West of Performance Measurement

Data-driven decision making relies on contextual understanding of how data is gathered and the type of analysis used to arrive at an outcome. The popularity of data-driven decision-making has increased the number of companies using statistics to support a preference or vendor selection. The Internet Performance Management (IPM) market hasn’t been spared, but, unlike other markets where institutions have codified a standard for qualification and quantification, such as the FDA’s nutrition labels, Insurance Institute for Highway Safety, or the Coffee Quality Institute, the IPM market is still in the Wild West stage. —Circle ID

The post Worth Reading: The Wild West of Performance Measurement appeared first on 'net work.

Worth Reading: Why I care about Segment Routing

As a WAN guy by chance and opportunity, and a service provider engineer and architect by choice (and also chance and opportunity), segment routing (SR) is one of those wonderful new technologies that keeps rearing its head over and over in recent days – and it’s already playing in the big leagues. SR is supported by many of the large network equipment providers including Cisco, Juniper, and Nokia (Alcatel-Lucent), and as I have just learned, Arista. Why is this a notable tech you may want to pay attention to? —Forwarding Plane

The post Worth Reading: Why I care about Segment Routing appeared first on 'net work.

Reaction: DNS is Part of the Stack

Over at ipspace.net, Ivan is discussing using DNS to program firewall rules—

Could you use DNS names to translate human-readable rules into packet filters? The traditional answer was “no, because I don’t trust DNS”.

This has been a pet peeve of mine for some years—particularly after my time at Verisign Labs, looking at the DNS system, and its interaction with the control plane, in some detail. I’m just going to say this simply and plainly; maybe someone, somewhere, will pay attention—

The Domain Name System is a part of the IP networking stack.

Network engineers and application developers seem to treat DNS as some sort of red-headed-stepchild; it’s best if we just hide it in some little corner someplace, and hope someone figures out how to make it work, but we’re not going to act like it should or will work. We’re just going to ignore it, and somehow hope it goes away so we don’t have to deal with it.

Let’s look at some of the wonderful ideas this we’ll just ignore DNS has brought us over the years, like, “let’s embed the IP address in the packet someplace so we know who we’re talking to,” and “we Continue reading

Worth Reading: Predictive Policing

Can predictive policing prevent crime before it happens? It sounds like an idea out of science fiction — specifically, out of Philip K. Dick’s “Minority Report,” a 1956 short story about a “Precrime Division” that arrests suspects before any crime had been committed. Can technology make this dream come true? It turns out that predictive policing is already being used by 60 different police departments around America, according to an article late last month in Science magazine, reporting that everything from Facebook profiles, statistics on minor crimes, and information from 911 calls are now being fed into algorithms. —New Stack

The post Worth Reading: Predictive Policing appeared first on 'net work.

Worth Reading Digital Monoculture

While Waze leads us to our destinations via the quickest route, our dependence on this kind of decision support system may also be the quickest route to a monocultural society. You’ve said the word “algorithm” a thousand times this year, and you may have even written out your algorithmic goals in English, but have you ever coded an algorithm? Do you really know how any AI model is performing? What tiny mistakes (or purposeful small changes) are being made to subtly guide our decision-making? —Shelly Palmer

The post Worth Reading Digital Monoculture appeared first on 'net work.

Worth Reading: Elliptic Curve Cryptography and DNS

Erasthosthenes of Cyrene was an ancient Greek of some astounding learning, becoming the Chief Librarian at that fabled wonder of the ancient world, the library of Alexandria, in the third century BCE. Not only has he been credited as the first person to calculate the circumference of the earth, but for the purposes of this article his claim for posterity is based on his work in number theory, and in particular his invention of the Sieve of Erastosthenes as a means of identifying prime numbers. His method is complete and accurate, but for very large numbers the process is inordinately slow. And we haven’t really made it much faster in the intervening 2,200 years. The related problem, that of computing the prime number factors of a very large integer also takes a long time as at its heart is a basic enumeration problem that grows as the size of the number grows. —Potaroo

The post Worth Reading: Elliptic Curve Cryptography and DNS appeared first on 'net work.

On the ‘net: BGP as an SDN

There are probably a dozen other ways to influence the path in this situation using a route reflector in BGP. Each of these methods have advantages and disadvantages; for instance, flowspec and segment routing can classify traffic based on the source address, or other fields in the packet header, while modifying just the destination will modify the flow for every packet destined to F. But what’s interesting here is not the specific mechanisms used and their limitations, but rather that the RR can be treated as a controller which modifies the base BGP routing information using only mechanisms available within BGP itself. —ECI

The post On the ‘net: BGP as an SDN appeared first on 'net work.

Worth Reading: Stop Trying to Change Users

The problem isn’t the users: it’s that we’ve designed our computer systems’ security so badly that we demand the user do all of these counterintuitive things. Why can’t users choose easy-to-remember passwords? Why can’t they click on links in emails with wild abandon? Why can’t they plug a USB stick into a computer without facing a myriad of viruses? Why are we trying to fix the user instead of solving the underlying security problem? Traditionally, we’ve thought about security and usability as a trade-off: a more secure system is less functional and more annoying, and a more capable, flexible, and powerful system is less secure. This “either/or” thinking results in systems that are neither usable nor secure. —Schneier on Security

The post Worth Reading: Stop Trying to Change Users appeared first on 'net work.

Worth Reading: Why Google Gadgets are so Cheap

With its newest gadgets, Google will be able to serve up ads that are more personal and even more relevant to everything its users are doing, as it learns more about them with the voice queries made via Google’s answer to Apple’s Siri, Google Assistant. The more it knows you and your habits, the better to pitch its advertising services to the brands that want your dollars and are willing to pay Alphabet to get them. That’s why Google is able to price all its new hardware below or at parity with its rivals. —Market Watch

The post Worth Reading: Why Google Gadgets are so Cheap appeared first on 'net work.

snaproute Go BGP Code Dive (12): Moving to Established

In last week’s post, the new BGP peer we’re tracing through the snaproute BGP code moved from open to openconfirmed by receiving, and processing, the open message. In processing the open message, the list of AFIs this peer will support was built, the hold timer set, and the hold timer started. The next step is to move to established. RFC 4271, around page 70, describes the process as—

If the local system receives a KEEPALIVE message (KeepAliveMsg (Event 26)), the local system:
 - restarts the HoldTimer and
 - changes its state to Established.

In response to any other event (Events 9, 12-13, 20, 27-28), the local system:
 - sends a NOTIFICATION with a code of Finite State Machine Error,
 - sets the ConnectRetryTimer to zero,
 - releases all BGP resources,
 - drops the TCP connection,
 - increments the ConnectRetryCounter by 1,
 - (optionally) performs peer oscillation damping if the DampPeerOscillations attribute is set to TRUE, and
 - changes its state to Idle.

For a bit of review (because this is running so long, you might forget how the state machine works), the way the snaproute code is written is as a state machine. The way the state machine works is Continue reading

Worth Reading: Creating a PCE Prototype

So almost, a little bit over an year ago, when I wasn’t working for a Vendor and was looking for a PCE to fool around with RSVP-TE/SR-TE but I wasn’t able to find anything. At that time, Only thing I was able to found was Open daylight but its PCEP implementation didn’t have Segment Routing support, so I was out of luck. At the same time I was also working on improving my programmatic skills. So I thought why not combine both problems together and write my own PCEP prototype… —Packet Pushers

The post Worth Reading: Creating a PCE Prototype appeared first on 'net work.

Worth Reading: Three great lies of cloud computing

It’s elastic! It’s on-demand! It scales dynamically to meet your needs! It streamlines your operations, gives you persistent access to data, and it’s always, always cheaper. It’s cloud computing, and it’s here to save your enterprise. And yet, for all the promise of cloud, there are still segments of IT, such as HPC and many categories of big data analytics, that have been resistant to wholesale outsourcing to public cloud resources. At present cloud computing makes up only 2.4 percent of the HPC market by revenue, and although Intersect360 Research is forecast its growth at a robust 10.9 per year, that still keeps it well under 5 percent throughout the five-year forecast period. —The Next Platform

The post Worth Reading: Three great lies of cloud computing appeared first on 'net work.

Sand Castle

The post Sand Castle appeared first on 'net work.

Worth Reading: Modernizing business services through the CPE

In a previous blog, I discussed how equipment providers are facing a lucrative but pitfall-laden path in deciding how to invest in NFV to displace dedicated appliances. CSPs have similar NFV investment decisions to make on the user side of the equation. They need to answer the question: “Where should I start implementing an NFV strategy to deliver network functions and customer services as a means of improving my bottom line and business success?” One strong candidate for this starting point is Universal Customer Premises Equipment. —ECI

The post Worth Reading: Modernizing business services through the CPE appeared first on 'net work.