Russ White Archives - Page 131 of 160

IPSpace

ipspace-net

I will be presenting as part of a new online class at IPSpace.net. Check here for details.

The post IPSpace appeared first on 'net work.

Worth Reading: The IETF as a model

Imagine a world where you would be judged by the power of your ideas and not by your title, your origin, your age, your sex or even your academic credentials. Imagine a world where ideas can be debated with great openness and where it is still possible to make decisions by consensus. Imagine a world where competitors work together for the future of humanity.

The post Worth Reading: The IETF as a model appeared first on 'net work.

Worth Reading: Certification road map

Are you struggling to complete a vendor certification? Do you have the will, but perhaps not the way? Getting through a cert program is tough — I’ve completed several of them. And I’ve developed a methodology for successfully completing a cert. With luck, this process might help you move ahead.

The post Worth Reading: Certification road map appeared first on 'net work.

Worth Reading: Is your tax data secure?

Monday is Tax Day. Many of us are thinking about our taxes. Are they too high or too low? What’s our money being spent on? Do we have a government worth paying for? I’m not here to answer any of those questions — I’m here to give you something else to think about. In addition to sending the IRS your money, you’re also sending them your data. It’s a lot of highly personal financial data, so it’s sensitive and important information. Is that data secure?

The post Worth Reading: Is your tax data secure? appeared first on 'net work.

Sunrise over Oak Island

The post Sunrise over Oak Island appeared first on 'net work.

Worth Reading: Topology of malicious activity

We have recently focused our research on how these tools can work together to provide unique insights on the state of the Internet. In this post, we’ll present the beginning of our explorations to identify stable, macro-level attacks trends invisible on the scale of IP addresses.

The post Worth Reading: Topology of malicious activity appeared first on 'net work.

Worth Reading: Rolling the root

…no cryptographic secret can be regarded as “absolute”. It’s all relative and the use of a key has some element of associated risk that the key is not a strict secret. If that’s the case, and if we cannot really understand the exact levels of risk associated with the use of a key, then why should we place our trust in any form of public key cryptography?

The post Worth Reading: Rolling the root appeared first on 'net work.

While we normally think of RFCs as standards, there is actually a lot of useful information published through the IETF process that relates to basic network engineering concepts. Since this information is specifically and intentionally vendor independent, it often goes back to the theoretical basis of a line of thinking, or explains things in a way that’s free of vendor implementation jargon. From time to time, I like to highlight these sorts of drafts, to bring them to the notice of the wider networking community.

A lot of basic research has gone into quality of service from the perspective of queuing, marking, and dropping mechanisms. The result of this research is a wide array of quality of service mechanisms, which tend to be explained either using deep math, or in terms of “look what feature we’ve implemented, and here’s how to configure it.” RFC7806, published this month, is a useful intermediary between the high math and vendor implementation styles of presentation. This RFC describes a model often used for understanding quality of service, the Generalized Processor Sharing model, and how it applies to a few packet queuing, marking, and drop strategies.

Benchmarking routing protocols might not be something you Continue reading

Worth Reading: Court rules cell phone location isn’t private information

This week, the Sixth Circuit Court of Appeals held, in United States v. Carpenter, that we lack any privacy interest in the location information generated by our cell phones. The opinion shows a complete disregard for the sensitive and revealing nature of cell site location information (CSLI) and a misguided response to the differences between the analog technologies addressed in old cases and the data-rich technologies of today.

The post Worth Reading: Court rules cell phone location isn’t private information appeared first on 'net work.

Worth Reading: Datera emerges from stealth

Today Datera emerged from stealth launching its first product, Datera Elastic Data Fabric. Datera Elastic Data Fabric is scale-out storage software that turns standard, commodity hardware into a RESTful API-driven, policy-based storage fabric for large-scale clouds.

The post Worth Reading: Datera emerges from stealth appeared first on 'net work.

Something Old, Something New…

Some time back a reader sent this question in—

Is there some list of design fundamentals which were “true” or at least “good rules of thumb” in the past (2 months to 20 years and beyond) which are still proclaimed as true and good, which we need to throw out, or at least question closely today?

It’s an interesting question—the problem is, of course, that there are two sorts of answers to this type of question. The first is rather specific, and the second is rather general. Let’s try the more specific answer first, and see if we can get to the more general one.

There are several rules of thumb that are no longer useful today.

OSPF and IS-IS flooding domains should be limited to 50/100/200 routers/intermediate systems. The old “50 in an area rule” is something several of us asked to be removed from Cisco Online something like 10 years ago, as it didn’t even apply then. I’ve heard 200 more recently, but the reality is—there is no right number here. I just did a two post series on dividing up flooding domains that might be useful here (part 1 and part 2).

There are provider Continue reading

Worth Reading: 30 years later, where is the smart home?

…it is rather puzzling that now, 30 years later, our homes are not much smarter than those of the 1980s. Yes, we have more gadgets and devices but no integrated holistic smart home. Given this, I can’t see that the version we now have in mind regarding the design for the smart home of 2016 will see a sudden rapid deployment.

The post Worth Reading: 30 years later, where is the smart home? appeared first on 'net work.

Worth Reading: Reddit’s Warrant Canary

A critical aspect of that promise was a legally experimental, categorical statement known as a “warrant canary.” A warrant canary, as the Electronic Frontier Foundation explains, “is a colloquial term for a regularly published statement that a service provider has not received legal process that it would be prohibited from saying it had received. Once a service provider does receive legal process, the speech prohibition goes into place, and the canary statement is removed,” thereby informing the public that the process has been received. -via Just Security

The post Worth Reading: Reddit’s Warrant Canary appeared first on 'net work.

Securing BGP: A Case Study (7)

In the last post on this series on securing BGP, I considered a couple of extra questions around business problems that relate to BGP. This time, I want to consider the problem of convergence speed in light of any sort of BGP security system. The next post (to provide something of a road map) should pull all the requirements side together into a single post, so we can begin working through some of the solutions available. Ultimately, as this is a case study, we’re after a set of tradeoffs for each solution, rather than a final decision about which solution to use.

The question we need to consider here is: should the information used to provide validation for BGP be somewhat centralized, or fully distributed? The CAP theorem tells us that there are a range of choices here, with the two extreme cases being—

A single copy of the database we’re using to provide validation information which is always consistent
Multiple disconnected copies of the database we’re using to provide validation which is only intermittently consistent

Between these two extremes there are a range of choices (reducing all possibilities to these two extremes is, in fact, a misuse of the Continue reading

Worth Reading: OpenStack

OpenStack is still less than six years old and will forever be a work-in-progress, as any major software platform is. But it’s become mature enough to be the basis of large-scale production deployments from the likes of AT&T and Walmart. -via SDX Central

The post Worth Reading: OpenStack appeared first on 'net work.

Worth Reading: Cryptography isn’t easy

Cryptography is harder than it looks, primarily because it looks like math. Both algorithms and protocols can be precisely defined and analyzed. This isn’t easy, and there’s a lot of insecure crypto out there, but we cryptographers have gotten pretty good at getting this part right. However, math has no agency; it can’t actually secure anything. For cryptography to work, it needs to be written in software, embedded in a larger software system, managed by an operating system, run on hardware, connected to a network, and configured and operated by users. Each of these steps brings with it difficulties and vulnerabilities. -via Schneier on Security

The post Worth Reading: Cryptography isn’t easy appeared first on 'net work.

Review; Algorithms in a Nutshell

algorithms-in-a-nutshell Algorithms in a Nutshell
George T. Heineman, Gary Pollice, Stanley Selkow
O’Reilly Media

In the midst of the SDN craze (or haze, depending on your point of view), we often forget that all networks are, in the final analysis, driven by software. Every control plane ever developed or deployed is a software application running on top of a physical device. And every control plane, every queuing mechanism, every forwarding mechanism, and everything we work on in the networking field is based on some sort of algorithm. But what is an algorithm, really? What sorts of algorithms are there, and what are they used for? These are the questions this book specifically takes aim at answering.

The authors begin with a chapter discussing the concepts of algorithms; this chapter contains a really helpful section on the difference between the classes of algorithms available, such as greedy and Chapter 2 focuses on the math of algorithm performance, providing information on the difference between O(1), O(n), O(n log n), and many other expressions describing the feed at which algorithms operate. This is one of the most helpful and clearly explained sections in the book. The third chapter explains the building blocks of algorithms, specifically focusing on the conventions used in the book, and some challenges around measuring the performance and accuracy of any given algorithm.

Chapter 4 considers sorting algorithms, and chapter 5 search. These three kinds of algorithms probably cover 80-90% of all algorithm usage in real code. These three classes of algorithms actually provide the building blocks for many other kinds of algorithms. For instance, Shortest Path First (SPF) requires a sorted heap or list of nodes, edges, and reachable destinations in the network—but we have to sort a list to have a sorted list to use in SPF.

Chapter 6 jumps into material directly applicable to network engineering; here is where Dijkstra’s SPF algorithm is covered. This chapter will be extremely useful to network engineers to read and understand, even though the terminology is often different. Chapters 7, 9, and 11, on path finding in AI, computational geometry, and emerging algorithm categories, are interesting, but not all that useful for the average (or above average) network engineer.

Chapter 8 discusses network flow diagrams, which are a superset of many of the traffic engineering, service chaining, and queuing theory problems engineers face in real networks. Chapter 10 should be familiar to engineers who’ve looked at the m-way trees and treis used in packet switching.

Overall, this is really useful book for network engineers who want to dig deeper into the software roots of how network protocols and switching work. There are a few chapters that don’t directly apply to the common sets of problems network engineering involves, but readers won’t miss a lot skipping those sections if the overall length of the book seems like it’s too much.

The reading difficulty is moderate, and the time to read is pretty long (partially because of the many code examples and the depth of the concepts covered).

The post Review; Algorithms in a Nutshell appeared first on 'net work.

Russ

April 15, 2016

Russ White

0
Worth Reading: Crowd Sourcing

I’ve been hired by a company called Crowds on Demand. If you need a crowd of people — for nearly any reason — Crowds on Demand can make it happen. Now it has taken me on as one of its crowd members, although the specifics remain a mystery. It’s an odd sensation to be headed into a gig with no idea what task I’m expected to perform. All I know is that I’ll be making 15 bucks an hour.

Continue reading

Russ

April 15, 2016

Russ White

0
IETF 96: Berlin

I will be attending the 96th IETF in Berlin, Germany, July 17-22, 2016. There are always tons of interesting things going on at the IETF. If you’re going to be there, please let me know so we can find some time to chat.

The post IETF 96: Berlin appeared first on 'net work.

Russ

April 14, 2016

Russ White

0
Werewolf and Trust Security

There are, however, a number of interesting lessons that come out of Werewolf that make it a fun tool for thinking about trust, organization and cooperation. And many strategies – including some that are quite ruthless – are quite rational under these conditions. -via eaves.ca

The post Werewolf and Trust Security appeared first on 'net work.

Russ

April 14, 2016

Russ White

« Previous 1 … 129 130 131 132 133 … 160 Next »