Worth Reading: Cloud Key and Key Escrow
The post Worth Reading: Cloud Key and Key Escrow appeared first on 'net work.
snaproute Go BGP Code Dive (9): Moving to Open
a href=”http://ntwrk.guru/bgp-code-dive-8/”>In the last session of snaproute BGP code dive—number 8, in fact— I started looking at how snaproute’s BGP moves from connect to open. This is the chain of calls from that post—
- st.fsm.StopConnectRetryTimer()
- st.fsm.SetPeerConn(data)
- st.fsm.sendOpenMessage()
- st.fsm.SetHoldTime(st.fsm.neighborConf.RunningConf.HoldTime, st.fsm.neighborConf.RunningConf.KeepaliveTime)
- st.fsm.StartHoldTimer()
- st.BaseState.fsm.ChangeState(NewOpenSentState(st.BaseState.fsm))
The past post covered the first two steps in this process, so this post will begin with the third step, st.fsm.sendOpenMessage(). Note the function call has st.fm... in the front, so this is a call by reference. Each FSM that is spun up (think of them as threads, or even processes, if you must, to get this concept in your head, even though they’re not) can have its own copy of this function, with its own state. When reading the code to sort out how it works, this doesn’t have much practical impact, other than telling us the sendOpenMessage function we’re looking for is going to be in the FSM file. The function is located around line 1233 in fsm.go:
func (fsm *FSM) sendOpenMessage() {
optParams := packet.ConstructOptParams(uint32(fsm. Continue reading
Worth Reading: Stream Processing’s Hard Problems
Before we dive into why data access is a hard problem in stream processing, here is some background information. At LinkedIn, we develop and use Apache Samza as our stream processing framework, Apache Kafka as our durable pub-sub messaging pipe, and Databus (and its next generation replacement) for capturing change events from our databases. Our streams infrastructure team gets feedback from application developers across the company (and from the open source community) on scalability, reliability, usability, and other problems that they encounter in their production applications. —LinkedIn Engineering Blog
The post Worth Reading: Stream Processing’s Hard Problems appeared first on 'net work.
Worth Reading: Is Openstack becoming Trumpstack?
The post Worth Reading: Is Openstack becoming Trumpstack? appeared first on 'net work.
Worth Reading: Go versus Python performance
The post Worth Reading: Go versus Python performance appeared first on 'net work.
Worth Reading: Remember the lead time
The post Worth Reading: Remember the lead time appeared first on 'net work.
Reaction: Forced Updates
The controversy over Microsoft forcing upgrades on users is in the news again, as the EFF has posted an article once again about the forced upgrades to Windows 10, and the various data collection schemes Microsoft has put in place. I understand the concern, but… A couple of points to consider, starting with forced upgrades—
When I worked in customer support I sometimes wished we had forced upgrades (rather than paid ones, in fact). There are so many times someone doesn’t upgrade past an obvious bug. We would spend hours working around the bug because they didn’t want to upgrade. It probably cost the company I worked for millions of dollars in support a year so we could refrain from saying, “take two upgrades and call me in the morning.”
As an operator, I see the other side of this story—if I don’t need the upgrade, or I’m not hitting the bug, I shouldn’t need to upgrade.
The world of IoT—in fact, the world in which we live, where millions of machines are used as botnets without the knowledge of their owners—is pretty frightening without forced upgrades. I wonder how many millions of dollars a year machines with Continue reading
Worth Reading: Apcera NATS messaging service
The post Worth Reading: Apcera NATS messaging service appeared first on 'net work.
Worth Reading: One old guy’s advice
The post Worth Reading: One old guy’s advice appeared first on 'net work.
Worth Reading: IPv6 performance (again)
The post Worth Reading: IPv6 performance (again) appeared first on 'net work.
On the ‘net: I2RS on Packet Pushers
While Greg was at the IETF in Berlin, Sue Hares and I—the two current co-chairs of the I2RS working group—had a general discussion around what the big idea is and where the working group is headed. You can listen to the recording at Packet Pushers.
The post On the ‘net: I2RS on Packet Pushers appeared first on 'net work.
VIRL on Packet Cloud—Some thoughts
For the last couple of days I’ve been messing with Cisco’s VIRL on Packet’s bare metal service. I don’t do enough labbing now to spend multiple thousands of dollars building a lab in my house, and I want something that I can use from anywhere without opening a lot of holes in my home network when I’m on the road, so the Packet service seems like something useful to get running.
Forthwith, some observations and hints for those who might be thinking about doing this. Some of this might be obvious to other folks, I know, but—maybe me writing them down here will be somehow helpful, and save other folks some time.
An observation—this all feels a little (okay, maybe a lot) clunky’ish. There’s a lot of steps, it takes a long time to set up, etc. There are a lot of moving parts, and they interconnect in interesting ways. Maybe this will all get better over time, but for now, if you’re going to do this, plan on spending at least a half a day, probably more, just getting all the pieces to work.
Some places I ran into trouble, and things I needed to configure that I had Continue reading
Worth Reading: Photographing the Internet
The post Worth Reading: Photographing the Internet appeared first on 'net work.
Do what you love?
How many times have you heard this? Or this?
Two of the most oft repeated, and driven home, ideas in modern times are be true to yourself and do what you love. But just because they’re oft repeated and driven home doesn’t mean they are actually true. The problem with both statements is they have just enough truth to sound really plausible—and yet they are both simplistic enough to be dangerous when taken raw.
Or maybe it’s just that I’m a grumpy old man who’s been in a bad mood for the last couple of weeks, and misery likes company. 
Let’s try to put some reality into the do what you love statement.
Sometimes you’re just not very good at what you love to do. When I was a kid, I wanted to be an artist. And then a musician. Apparently there are no real jobs for artists or musicians with my somewhat mediocre skills in these two areas. I just have to face it—I’m never going to be a professional basketball player, either. Sometimes it doesn’t matter how much you love something, you just don’t have the skills to master it.
Sometimes there’s just no market for what you Continue reading
Worth Reading: A new bit flipping attack
We introduce Flip Feng Shui (FFS), a new exploitation vector which allows an attacker to induce bit flips overarbitrary physical memory in a fully controlled way. FFS relies on hardware bugs to induce bit flips over memoryand on the ability to surgically control the physical memory layout to corrupt attacker-targeted data anywhere inthe software stack. We show FFS is possible today with very few constraints on the target data, by implementingan instance using the Rowhammer bug and memory deduplication (an OS feature widely deployed in production).Memory deduplication allows an attacker to reverse-map any physical page into a virtual page she owns as long as the page’s contents are known. Rowhammer, in turn, allows an attacker to flip bits in controlled (initially unknown) locations in the target page. -(PDF) Usenix via Schneier on Security
The post Worth Reading: A new bit flipping attack appeared first on 'net work.
Worth Reading: Big data is making us more more boring
The post Worth Reading: Big data is making us more more boring appeared first on 'net work.
DC Fabric Segment Routing Use Case (4)
In the last post in this series, I discussed using SR labels to direct traffic from one flow onto, and from other flows off of, a particular path through a DC fabric. Throughout this series, though, I’ve been using node (or prefix) SIDs to direct the traffic. There is another kind of SID in SR that needs to be considered—the adj-sid. Let’s consider the same fabric used throughout this series—
So far, I’ve been describing the green marked path using the node or (loopback) prefix-sids: [A,F,G,D,E]. What’s interesting is I could describe the same path using adj-sids: [a->f,f->g,g->d,d->e], where the vector in each hop is described by a single entry on the SR stack. There is, in fact, no difference between the two ways of describing this path, as there is only one link between each pair of routers in the path. This means everything discussed in this series so far could be accomplished with either a set of adj SIDs ore a set of node (prefix) SIDs.
Given this, why are both types of SIDs defined? Assume we zoom in a little on the border leaf node in this topology, and find—
Assume—
- Router E, a ToR on the Continue reading
Worth Reading: What Sauron Tells Us
The post Worth Reading: What Sauron Tells Us appeared first on 'net work.