Worth Reading: Hacking wireless keyboards

You should be able to trust your wireless keyboard. And yet security researchers have been warning people to be suspicious of wireless computer accessories using sketchy radio protocols for years. Those warnings peaked five months ago, when hackers at the security firm Bastille found that millions of cheap keyboard and mouse dongles let hackers inject keystrokes onto your machine from hundreds of yards away. Now, in case you missed that message, the same researchers have extended their attack to millions more devices—and this time, they can not only inject keystrokes, but also read yours, too. —Wired

The post Worth Reading: Hacking wireless keyboards appeared first on 'net work.

DC Fabric Segment Routing Use Case (3)

In the second post in this series, we considered the use of IGP-Prefix segments to carry a flow along a specific path in a data center fabric. Specifically, we looked at pulling the green flow in this diagram—

—along the path [A,F,G,D,E]. Let’s assume this single flow is an elephant flow that we’re trying to separate out from the rest of the traffic crossing the fabric. So—we’ve pulled the elephant flow onto its own path, but this still leaves other flows to simple ECMP forwarding through the fabric. This means some number of other flows are still going to follow the [A,F,G,D,E] path. The flows that are randomly selected (or selected by the ECMP has) to follow the same path as the elephant flow are still going to contend with the elephant flow for queue space, etc.

So we need more than just a way to pull an elephant flow onto a specific path. In fact, we also need a way to pull a specific set of flows off a particular path in the ECMP set. Returning to our diagram, assume we want all the traffic other than the elephant flow to be load shared between H and B, and Continue reading

Worth Reading: Exploiting man in the middle against HTTPS

A key guarantee provided by HTTPS encryption is that the addresses of visited websites aren’t visible to attackers who may be monitoring an end user’s network traffic. Now, researchers have devised an attack that breaks this protection. The attack can be carried out by operators of just about any type of network, including public Wi-Fi networks, which arguably are the places where Web surfers need HTTPS the most. It works by abusing a feature known as WPAD—short for Web Proxy Autodisovery—in a way that exposes certain browser requests to attacker-controlled code. —ARS Technica

The post Worth Reading: Exploiting man in the middle against HTTPS appeared first on 'net work.

Worth reading: The making of algorithm markets

Algorithmia’s approach is to containerize algorithms, packaging them as microservices and hosting on their scalable and serverless cloud infrastructure, and which are called up through their API, via a few lines of code. … Since the company’s launch in 2013, it has amassed over 2,200 algorithms from 19,000 authors — some of them hailing from the finest research universities in the world — in its online libraries. —New Stack

The post Worth reading: The making of algorithm markets appeared first on 'net work.

Reaction: Standardization versus Innovation

Should the Docker container image format be completely standardized? Or should Docker not be held back from evolving the format ahead of the open specification? This was the topic of a heated Twitter tussle last week between Google evangelist Kelsey Hightower and the creator of the Docker itself, Solomon Hykes. —New Stack

What is at stake here is the standardization versus innovation. Should Docker standardize their container technology or not?

On the one side is the belief that standardizing squashes innovation. Once you’ve standardized something, and other people start building on it, you can’t change the standard without a lot of agreement and effort—after all, other people are now depending on your product remaining the same across many cycles of development. This certainly kills innovation, as implementing new things both exposes your ideas to public view before you can implement them, and slows down the pace at which new ideas can be deployed in the real world.

On the other side is the belief that standardizing is necessary for the market to mature, and for a healthy ecosystem to develop that’s better for the entire community. How can customers and other vendors build products around a particular product if the Continue reading

Worth Reading: Routing Area Director’s thoughts on IETF Berlin

Kicking off IETF 96 in Berlin, Germany was the weekend’s IETF Hackathon. There is growing engagement between the Open Source communities and the IETF. The IETF Hackathon had more participants than ever and we experimented with having a place for it in the IETF Lounge all week. —IETF

The post Worth Reading: Routing Area Director’s thoughts on IETF Berlin appeared first on 'net work.

Worth Reading: The geeks guide to the Barton Aquaduct

The Grade II-listed Barton Swing Aqueduct in Salford was built to solve the knotty problem of how to get the Bridgewater Canal across the proposed Manchester Ship Canal. And bar some routine maintenance, the odd lick of paint and a change of power source from steam to electricity, it has been doing the same job on a daily basis for over 120 years. What makes the Barton Aqueduct even more interesting is that not only was it the first swing aqueduct to be built but it was also the last. To this day it is unique. And not just in the UK. Scour the globe and you’ll not find another one. —the Register

The post Worth Reading: The geeks guide to the Barton Aquaduct appeared first on 'net work.

snaproute Go BGP Code Dive (7): Moving to Connect

In last week’s post, we looked at how snaproute’s implementation of BGP in Go moves into trying to connect to a new peer—we chased down the connectRetryTimer to see what it does, but we didn’t fully work through what the code does when actually moving to connect. To jump back into the code, this is where we stopped—

func (st *ConnectState) processEvent(event BGPFSMEvent, data interface{}) {
  switch event {
  ....
    case BGPEventConnRetryTimerExp:
      st.fsm.StopConnToPeer()
      st.fsm.StartConnectRetryTimer()
      st.fsm.InitiateConnToPeer()
....

When the connectRetryTimer timer expires, it is not only restarted, but a new connection to the peer is attempted through st.fsm.InitiateConnToPeer(). This, then, is the next stop on the road to figuring out how this implementation of BGP brings up a peer. Before we get there, though, there’s an oddity here that needs to be addressed. If you look through the BGP FSM code, you will only find this call to initiate a connection to a peer in a few places. There is this call, and then one other call, here—

func (st *ConnectState) enter() {
  ....
  st.fsm.AcceptPeerConn()
  st.fsm.InitiateConnToPeer()
}

The rest of the instances of InitiateConnToPeer() are related to the definition of the function. Continue reading

Worth Reading: The languages that almost became CSS

When HTML was announced by Tim Berners-Lee in 1991 there was no method of styling pages. How given HTML tags were rendered was determined by the browser, often with significant input from the user’s preferences. It seemed, however, like a good idea to create a standard way for pages to ‘suggest’ how they might prefer to be rendered stylistically. —Eager

The post Worth Reading: The languages that almost became CSS appeared first on 'net work.

Worth Reading: Top performance items to watch

What’s eating your network? What is (quietly) killing performance? What performance items should you be watching, but probably are not? I’m a big fan of appropriate network management data, with the right tool(s). If you don’t monitor absolutely every interface, and capture historical data, you’re flying blind. —Netcraftsmen

The post Worth Reading: Top performance items to watch appeared first on 'net work.

Buenos Aires

The post Buenos Aires appeared first on 'net work.

Worth Reading: Hot Commodities

A Booz Allen Hamilton Industrial Cybersecurity Threat Briefing reports that cyber incidents targeting Integrated Control Systems (ICS), like the ones used to run the nation’s electric grid, reached an all-time high in 2015. The briefing also predicted that the number of these incidents will likely continue to increase, and cited nation-state backed groups as a key threat. —Lawfare

The post Worth Reading: Hot Commodities appeared first on 'net work.

Worth Reading: Real world security and the Internet of Things

Right now, the only way to patch most home routers is to throw them away and buy new ones. And the security that comes from replacing your computer and phone every few years won’t work with your refrigerator and thermostat: on the average, you replace the former every 15 years, and the latter approximately never. A recent Princeton survey found 500,000 insecure devices on the Internet. That number is about to explode. —Schneier on Security

The post Worth Reading: Real world security and the Internet of Things appeared first on 'net work.

On the ‘net: The future of networking

Lately I have been thinking a lot about the future of networking and the career paths in this domain. As you probably know I like to guide and mentor people and with everything going on in the industry it can be confusing to find your way and to know what skills to work on to stay ahead of the curve. —Lost in Transit

The post On the ‘net: The future of networking appeared first on 'net work.

Worth Reading: Ten years of Cisco Live

Technology changes every day. We change from hardware to software and back again. Routers give way to switches. Fabrics rise. Analytics tell all. But all this technology still has people behind it. Those people make the difference. People learn and grow and change. They figure out how to make SDN work today after learning ISDN and Frame Relay yesterday. They have the power to expand beyond their station and be truly amazing. —Networking Nerd

The post Worth Reading: Ten years of Cisco Live appeared first on 'net work.

On the ‘net: Layered Control Planes

I was recently a guest on the Packet Pushers Podcast, where I talked with Ethan for a bit about the concept of layered control planes, and how the idea related to complexity.

The post On the ‘net: Layered Control Planes appeared first on 'net work.

Worth Reading: The Self Taught Engineers of the Erie Canal

We often assume that a workforce needs to be highly educated to propel an economy forward. Often, it is the opposite, it is economic opportunity that compels a workforce toward more education. So it was with the Erie Canal, by far the greatest engineering project of its day, and one of the greatest in history to that point. The problem was that there were very few trained engineers… —Delaney Place

The post Worth Reading: The Self Taught Engineers of the Erie Canal appeared first on 'net work.

Worth Reading: One second warning

Time, as measured according to the Earth’s rotation, is getting slower. If we want 86,400 seconds to measure precisely one rotation of the earth on its axis then over time each second will have to get shorter. Instead, we defined “one second” as a fixed unit of time based on atomic vibrations (9,192,631,770 periods of the radiation emitted by a caesium-133 atom in the transition between the two hyperfine levels of its ground state). But as the earth’s rotation slows, the fixed time period will mean that the time of day, the solar time, will drift. —potaroo

The post Worth Reading: One second warning appeared first on 'net work.

Worth Reading: Learning from email breaches

It isn’t at all uncommon for people to share colorful thoughts about superiors, co-workers, subordinates and customers over email. But think for a moment: What business benefit does this add? Email is auditable. Having done some audits, I know there’s a lot of stuff people feel free to share on company email that can, and does, get them fired. —IT Business Edge

The post Worth Reading: Learning from email breaches appeared first on 'net work.

Layer 2 Routing—Haven’t we been here before?

We often think the entire Internet, as we know it, just popped out of “thin air,” somehow complete and whole, with all the pieces in place. In reality, there have been many side roads taken, and many attempts to solve the problem of pushing the maximum amount of data across a wire along the way. One of these ways came to mind this last week, when I ran across this story—

Also on the virtualisation list is the customer premises equipment (CPE), and this deserves a little explanation. Obviously every premises needs some sort of physical connection to the network providing the services. What CPE virtualisation refers to is making the CPE as generic as possible. —The Register

Pulling layer 2 into the network to centralize the edge—where have I heard this before? Maybe it was all those years ago, when I was in TAC, and we used to support Cisco 1001’s, or the LEX—LAN Extenders. The promise then was the same as the promise now: a lightweight, easy to manage device that would relocate all the intelligence from the network edge into the access layer of the “mother ship,” where it could be properly managed.

Remember Rule 11? If Continue reading