Worth Reading: Docker meets zombies

Last week a Dutch site reliability engineer at Wehkamp Labs shared a way to combine Docker container management with the video game Half-Life 2. The labs created an exotic hybrid where applications are represented in the game-world as virtual people who all need defending from an attack of zombies. -The New Stack

The post Worth Reading: Docker meets zombies appeared first on 'net work.

Bird in flight

The post Bird in flight appeared first on 'net work.

Worth Reading: The history of the Intel CPU

The first microprocessor sold by Intel was the four-bit 4004 in 1971. It was designed to work in conjunction with three other microchips, the 4001 ROM, 4002 RAM and the 4003 Shift Register. Whereas the 4004 itself performed calculations, those other components were critical to making the processor function. -Tom’s Hardware
(Note: this is a slide show, rather than an article)

The post Worth Reading: The history of the Intel CPU appeared first on 'net work.

Worth Reading: Public cloud versus private data center

Few companies can afford to spend $20 billion a year on global data centers, have the cachet to employ some of the best and brightest engineers and thought leaders of the computing world, the ability to build and deploy their own custom microchips, access to training datasets comprising the web itself or the hardware and personnel capacity to iterate their infrastructure in realtime. Whether you’re talking about Google, Amazon, Microsoft or any of the other cloud vendors, this is the power of the commercial cloud today – trading hardware management for solving problems in realtime at nearly limitless scale. -Forbes

The post Worth Reading: Public cloud versus private data center appeared first on 'net work.

DNS Cookies and DDoS Attacks

DDoS attacks, particularly for ransom—essentially, “give me some bitcoin, or we’ll attack your server(s) and bring you down,” seem to be on the rise. While ransom attacks rarely actually materialize, the threat of DDoS overall is very large, and very large scale. Financial institutions, content providers, and others regularly consume tens of gigabits of attack traffic in the normal course of operation. What can be done about stopping, or at least slowing down, these attacks?

To answer, this question, we need to start with some better idea of some of the common mechanisms used to build a DDoS attack. It’s often not effective to simply take over a bunch of computers and send traffic from them at full speed; the users, and the user’s providers, will often notice machine sending large amounts of traffic in this way. Instead, what the attacker needs is some sort of public server that can (and will) act as an amplifier. Sending this intermediate server should cause the server to send an order of a magnitude more traffic towards the attack target. Ideally, the server, or set of servers, will have almost unlimited bandwidth, and bandwidth utilization characteristics that will make the attack appear Continue reading

Worth Reading: The danger of macros

Back in 2012, faced with the need to write the identical thing—language regarding FISA minimization procedures—many, many times, NSA tried to develop some efficiency by automating a portion of their Word templates. This worked fine, until for whatever reason, NSA Hawaii redesigned its network to block external access from other parts of the NSA. -Lawfare

The post Worth Reading: The danger of macros appeared first on 'net work.

Worth Reading: Leaky end users

Insider threat once again tops the list of enterprise cyber security threats in the 2016 Verizon Data Breach Investigations Report (DBIR). For the second straight year, Verizon research showed that the average enterprise is less likely to have its data stolen than to have an end user give away sensitive credentials and data—whether unintentionally or maliciously. -Cloud Security Alliance

The post Worth Reading: Leaky end users appeared first on 'net work.

People Skills

The post People Skills appeared first on 'net work.

Worth Reading: Leaving fixed function switches behind

There are two competing trends in platform designs that architects always have to contend with. They can build a platform that performs a specific function and does it well, or create a more generic platform that sacrifices some efficiency but does a lot of jobs well. Sometimes you try to shoot the gap between these two poles. -The Next Platform

The post Worth Reading: Leaving fixed function switches behind appeared first on 'net work.

Worth Reading: The end of the hypervisor

The death knell of the hypervisor was sounded when Intel provided much of the unique capabilities of the hypervisor directly in the chip via the Intel-VTx instruction set. Prior to this, VMware and Xen had two unique approaches to providing hypervisor capabilities: binary translation and paravirtualization respectively. Arguments raged about which was faster, but once Intel-VTx came along, by virtue of being on the chip die, it was the de facto speed winner. -Cloud Scaling

The post Worth Reading: The end of the hypervisor appeared first on 'net work.

No Capes, No Wands

As a keen observer of the network engineering world for the last twenty… okay, maybe longer, but I don’t want to sound like an old man telling stories quite yet… years, there’s one thing I’ve always found kind-of strange. We have a strong tendency towards hero worship.

I don’t really know why this might be, but I’ve seen it in Cisco TAC—the almost hushed tones around a senior engineer who “is brilliant.” I’ve seen it while sitting in a meeting in the middle of an argument over some technical point in a particular RFC. Someone says, “we should just ask the author…” Which is almost always followed by something like: “Really? You know them?”

To some degree, this is understandable—network engineering is difficult, and we should truly honor those in our world who have made a huge impact. In many other ways, it’s unhelpful, and even unhealthy. Why?

First, it tends to create an “us versus them,” atmosphere in our world. There are engineers who work on “normal” networks, and then there are those who work on, well, you know, special ones. Not everyone needs those “special skills,” so we end up creating a vast pool of people Continue reading

Worth Reading: Policymakers are from Mars

This week, Herb Lin and I are giving a joint talk about the suit-hoodie divide, and whether relations between Washington and Silicon Valley are getting worse (I think the answer is yes). Part of the problem stems from conflicting interests and serious differences of opinion about policy. But a large part of the problem—and perhaps the hardest and most hidden part—stems from cultural differences. -Lawfare

The post Worth Reading: Policymakers are from Mars appeared first on 'net work.

Worth Reading: Big thinkers leave Cisco

The industry is reeling from Monday’s report that four of Cisco’s best-known executives are leaving the company. An internal memo from Cisco CEO Chuck Robbins, first reported by the Wall Street Journal, announced the resignations of Mario Mazzola, Prem Jain, Luca Cafiero and Soni Jiandani, effective June 17. The four formed a team that many referred to as MPLS — letters that represent the initials of their first names. -Channel Partners

The post Worth Reading: Big thinkers leave Cisco appeared first on 'net work.

When prepend fails, what next? (3)

We began this short series with a simple problem—what do you do if your inbound traffic across two Internet facing links is imbalanced? In other words, how do you do BGP load balancing? The first post looked at problems with AS Path prepend, while the second looked at de-aggregating and using communities to modify the local preference within the upstream provider’s network.

There is one specific solution I want to discuss a bit more before I end this little series: de-aggregation. Advertising longer prefixes is the “big hammer” of routing; you should always be careful when advertising more specifics. The Default Free Zone (DFZ) is much like the “commons” of an old village. No-one actually “owns” the routing table in the global Internet, but everyone benefits from it. De-aggregating don’t really cost you anything, but it does cost everyone else something. It’s easy enough to inject another route into the routing table, but remember the longer prefix you inject shows up everywhere in the world. You’re fixing your problem by taking up some small amount of memory in every router that’s connected to the DFZ in the world. If everyone de-aggregates, everyone has to buy larger routers and more Continue reading

Worth Reading: GeekPwn Hacking Contest

Geeks showed their power at the GeekPwn Macau and succeeded in finding vulnerabilities in dozens of mainstream routers, remote controls, smart cameras, hacker-proof safes and other smart devices including TCP protocol stack vulnerabilities leading to remote hijacking. -Mitnick Security

The post Worth Reading: GeekPwn Hacking Contest appeared first on 'net work.

Worth Reading: Radicalizing data collection

Like many Silicon Valley start-ups, Larry Gadea’s company collects heaps of sensitive data from his customers. Recently, he decided to do something with that data trove that was long considered unthinkable: He is getting rid of it. The reason? Gadea fears that one day the FBI might do to him what it did to Apple in their recent legal battle: demand that he give the agency access to his encrypted data. Rather than make what he considers a Faustian bargain, he’s building a system that he hopes will avoid the situation entirely. Washington Post

The post Worth Reading: Radicalizing data collection appeared first on 'net work.

The License Agreement

The post The License Agreement appeared first on 'net work.

Worth Reading: Journey to the CCDE

On May the 17th I passed the CCDE practical in Madrid and became Swedens 2nd CCDE, CCDE #20160011. This post describes my journey to passing the CCDE practical in my 1st attempt and the materials that I used to do so. Lost in Transit

The post Worth Reading: Journey to the CCDE appeared first on 'net work.

Worth Reading: The age of the GPU

Having made the improbable jump from the game console to the supercomputer, GPUs are now invading the datacenter. This movement is led by Google, Facebook, Amazon, Microsoft, Tesla, Baidu and others who have quietly but rapidly shifted their hardware philosophy over the past twelve months. Each of these companies have significantly upgraded their investment in GPU hardware and in doing so have put legacy CPU infrastructure on notice. The Next Platform

The post Worth Reading: The age of the GPU appeared first on 'net work.

Reading List: 060916

A few of the papers, RFCs, and drafts I’m reading this week, along with a short description of each.

A Survey of Worldwide Censorship Techniques
draft-hall-censorship-tech-03

Censorship is a large problem on the Internet—but it’s often difficult to find any good description of the various ways censors can both find and block “offending” content. This draft is a short, readable overview of the various techniques actually seen in the wild, along with pointers to research about the techniques themselves, and instances where they’ve been used in the real world.

IPv6 Extension Headers and Packet Drops
draft-gont-v6ops-ipv6-ehs-in-real-world

One of the interesting features of IPv6 is its support for extension headers, which are variable length bits of information—metadata about the packet, for instance—that can be attached to a packet and processed by either the receiving host or forwarding devices along the way. Extension headers are useful, in that they allow IPv6 to be easily extended on the fly, rather than forcing the protocol designer to create a set of metadata “in stone.” Extension headers, however, are also controversial; how should an ASIC designer decide which ones to support in hardware, and how should extension headers that cannot be handled in hardware Continue reading