Archive

Category Archives for "Russ White"

Hedge 150: Micah Beck and Universal Broadband

What would the Internet look like—or what kinds of services would need to be developed and deployed—to make boradband class service available to every user? What could this kind of development do to drive entire societies forward? Micah Beck, from the University of Tennessee, joins Tom Ammon and Russ White to discuss universal broadband on this episode of the Hedge.

download

Weekend Reads 100722


Meta Platforms Inc. Chief Executive Officer Mark Zuckerberg outlined sweeping plans to reorganize teams and reduce headcount for the first time ever, calling an end to an era of rapid growth at the social media giant.


A food delivery drone operated by Alphabet subsidiary Wing landed on overhead power lines in Brisbane, Australia, and caught fire. As a result, the network was shut down by energy firm Energex to respond to the incident, leaving thousands without power.


If you know about DNS, you’ve probably heard of the Time-to-Live (TTL) field. But mistakes with TTL are more common than you might think. Here we look at the quirks of DNS record sets, parent/child domains and how to avoid TTL problems.


While some have given up on Moore’s Law, Intel CEO Pat Gelsinger clearly hasn’t. “For decades now, I’ve been in the debate: is Moore’s Law dead? And the answer is no,” he said, during his keynote at the Intel Innovation event this week.


In this post, we will demonstrate how malicious actors can force UDP DNS answers to fragment so they can inject forged DNS data into DNS resolver caches and highlight what percentage of servers are at risk.


We identify Continue reading

Weekend Reads 093022


Indeed, Juniper Research predicts that operator 5G FWA revenue will reach $24 billion worldwide by 2027, driven essentially by the use of the technology as a fibre replacement for consumer services.


Floppy disks may have gone the way of the dodo and joined other extinct media such as punched cards and paper tape, but some people are apparently still using them, and one company even continues to sell them.


Many companies also have changed how they operate, from having to deal with a more remote hybrid workforce to adapting to supply chains that have yet to completely rebound from the battering they took during the pandemic.


It’s going to be really interesting to see if Comcast, Charter, and the other big cable companies raise prices later this year. The industry has changed, and it doesn’t seem as obvious as in the past that cable companies can raise rates and that customers will just begrudgingly go along with it.


Extended spellcheck features in Google Chrome and Microsoft Edge web browsers transmit form data, including personally identifiable information (PII) and in some cases, passwords, to Google and Microsoft respectively.


Operator Telefónica and chip firm Qualcomm are putting their heads together Continue reading

Privacy And Networking Part 7: DNS Queries And Having A Breach Plan

In the final post in this privacy series, Russ White looks at privacy information that can be gleaned from DNS queries, and outlines essential steps in developing your breach plan. Don't have a breach plan? Here's your opportunity to start one.

The post Privacy And Networking Part 7: DNS Queries And Having A Breach Plan appeared first on Packet Pushers.

Weekend Reads 092322


Arm says Nvidia’s Grace processor will be among the first chips to use its upcoming Neoverse V2 CPU cores.


The early deceased Heinz Rutishauser (1918–1970) of ETH Zurich is considered the most important Swiss pioneer from the early era of computer science.


According to Dell’Oro, datacenter switching set a new record for revenues for any second quarter in history and also for any first six months of any year since it has been keeping records.


A key requirement for a bad actor wanting to launch a brand attack is the registration of a carefully chosen domain name.


Here, we introduce the concept of the data bill of materials or personal data bill of materials, a comprehensive inventory of personal data used in software systems.


VirusTotal recently identified 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp as the most-mimicked software brands in malware attacks.


No business can own the generic word for the product it sells. We would find it preposterous if a single airline claimed exclusive use of the word “air,” or a broadband service tried to stop its rivals from using the word “broadband.”


Cisco has revealed new hardware it is willing to sell to Continue reading

Hedge 148: The SRE with Niall Murphy (part 2)

It seems like only yesterday we started talking about the Site Reliability Engineer, and their place in the IT ecosystem. Over the last several years, the role of the SRE has changed—and it’s bound to continue changing. On this episode of the Hedge, Niall Murphy joins Tom Ammon and Russ White to discuss the changing role of the SRE, and what the SRE could be.

download

If you want to read more on this topic, check out Niall’s article over a USENIX.

Weekend Reads 091622

Running a little late this week …


Smartphone shipments are forecast to shrink globally by 6.5 percent this year as many households feeling the pinch of inflation decide to prioritize paying for food, energy and other essentials over refreshing handsets.


SmartNICs have long been the domain of hyperscale and cloud datacenters, but they remain relatively uncommon in enterprise environments due in large part to the lack of software compatibility.


The last few years have demonstrated that breaches occur, no matter how much security organizations put in place.


Finally, one of the big challenges with subsea cabling has been power, and in particular how to provide power mid-cable for repeater equipment.


French cloud provider OVHcloud has opened up a Bring Your Own IP service, which it said allows customers to reuse existing public IPv4 blocks as failover addresses in the event of an outage.


Microsoft moves ahead with a plan to sunset basic authentication, and other providers are moving — or have moved — to requiring more secure authentication as well. Is your company ready?


You only have to follow cryptocurrency news casually to be struck by the size and frequency of cryptocurrency security failures.


Earlier this year, Motherboard reported Continue reading

Hedge 147: The SRE with Niall Murphy (part 1)

It seems like only yesterday we started talking about the Site Reliability Engineer, and their place in the IT ecosystem. Over the last several years, the role of the SRE has changed—and it’s bound to continue changing. On this episode of the Hedge, Niall Murphy joins Tom Ammon and Russ White to discuss the changing role of the SRE, and what the SRE could be.

download

If you want to read more on this topic, check out Niall’s article over a USENIX.

Controversial Reads 091022

https://www.theregister.com/2022/08/01/column_7nm_chips_china/
After decades trailing the rest of the world in leading-edge chip making, Chinese sand stamper Semiconductor Manufacturing International Corporation (SMIC) has quietly got into the 7nm business. That’s a huge and unexpected leap. Has the West’s embargo of the latest fab furniture failed?

https://www.theepochtimes.com/semiconductors-emerge-as-battleground-in-us-china-race-to-make-global-tech-norms-in-their-image_4648523.html
Although the United States and China are not engaged in traditional warfare, they are engaged in a war of ideas, trade, and technology, especially in semiconductor hegemony, where both sides are battling for supply and advancement.

https://www.piratewires.com/p/american-hustle-microchip-edition
Trade was global, the world was inextricably connected, and your job’s in China now but you should thank us, actually, because everything is cheap and fast and out-of-work factory workers can simply learn to code.

https://www.lawfareblog.com/defending-open-internet-confronting-reality-fragmented-cyberspace-reflecting-upon-two-cfr-reports-us
Last month, CFR issued the report of a new task force, “Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet.” (I was project director for both reports.)

https://www.lawfareblog.com/should-uncle-sam-worry-about-foreign-open-source-software-geographic-known-unknowns-and-open-source
Nationalism has come to software. While downloading TikTok or WeChat onto your cell phone isn’t quite tantamount to installing Huawei equipment in your local cell tower, all indications suggest that a software geopolitical divide has arrived and won’t be going Continue reading

Weekend Reads 090922


CXL is supported by pretty much every hardware vendor and built on top of PCI Express for coherent memory access between a CPU and a device, such as a hardware accelerator, or a CPU and memory.


Challenges pertaining to outdated infrastructure could easily be compounded by the fact that many IT and security teams don’t seem to have a plan in place to mobilize if and when a cyberattack occurs.


Chinese military researchers are threatening that Musk’s Starlink satellites must be destroyed.


Early versions of QUIC had FEC, but for all resources. The redundancy overheads for all data were considered too high, and the feature was dropped.


Aside from counterfeiting, cybersquatting domains can also serve as vehicles for other types of cybercrime, such as spear phishing, scams, and spamming.


In 2020, the ICANN Generic Name Supporting Organization (GNSO) Council approved a plan to revamp the WHOIS system as per the recommendations given by the ICANN Expedited Policy Development Process (EPDP). This plan directed ICANN to develop a centralized System for Standardized Access/Disclosure (SSAD) for WHOIS records.


A couple of months ago, in July 2022, I wrote about our work in measuring the level of use of QUIC in the Continue reading

Upcoming Live Training: Data Center Fabrics

I’ve rebuilt my data center fabrics live training class, adding a lot of new material across the board, and adding a few new topics. To cover all this new material, the class has been expanded from three to six hours. I’m teaching it for the first time on the 29th and 30th of this month.

Register here.

From the Safari Books description—

Data centers are the foundation of the cloud, whether private, public, on the edge, or in the center of the network. This training will focus on topologies and control planes, including scale, performance, and centralization. This training is important for network designers and operators who want to understand the elements of data center design that apply across all hardware and software types.

This class consists of two three-hour sessions. The first session will focus on the physical topology, including a short history of spine-and-leaf fabrics, the characteristics of fabrics (versus the broader characteristics of a network), and laying out a spine-and-leaf network to support fabric lifecycle and scaling the network out. The first session will also consider the positive and negative aspects of using single- and multi-forwarding engine (FE) devices to build a fabric, and various aspects of Continue reading

Hedge 146: Leslie Daigle and Unwanted Traffic in the DFZ

How much of the traffic on the Internet is wasted—traffic no-one really wanted, and yet is being carried and paid for by providers and end users? In a world increasingly concerned about the waste of precious resources, this is an important topic to consider. Leslie Daigle joins Russ White and Tom Ammon on this episode of the Hedge to discuss the kinds of traffic she’s seeing hit their large-scale honey-trap, and the implications for the Internet.

download

Weekend Reads 090222


However, a recent study from cybersecurity training platform Hoxhunt revealed that the skill of distinguishing between legitimate and phishing emails varies based on job functions.


How will the market change in the future? Estimates of cloud market share are highly variable, with one of the biggest challenges being that different providers report different products and services in the “cloud” revenue category.


All companies should be using two-factor authentication at least to secure their systems, but relying on text messages alone is foolish, cybersecurity experts say.


The goal for co-packaged optics using DWDM is to have lower power consumption than an electrical cable but with a similar cost, have a reach comparable to an active electrical cable, and offer signal density that is on par with a printed circuit board.


“A lack of 5G industrial devices has stalled manufacturers’ interest in 5G private wireless,” said ABI Research. “In turn, the lack of enthusiasm has discouraged hardware suppliers from creating the necessary devices.”


There are tens of millions of lines of code in thousands of software programs, on a typical server in the datacenter. All of which collectively present a huge attack surface for various kinds of malware.


Huawei CEO Ren Continue reading

Hedge 145: Roundtable on Professional Liability

The software world is known for overdue projects, costs overrun, lots of defects, and lots of failure all the way around. Many other engineering fields have stricter requirements to take on projects and liability insurance driving correct practice and care. The networking world, and the larger IT world, however, has neither of these things. Does this make IT folks less likely to “do the right thing,” or is the self-regulation we have today enough? Join Tom Ammon, Eyvonne Sharp, and Russ White as they discuss the possibilities of professional liability in information technology.

download

Weekend Reads 082522


I dabble with DNS for work, and I’m frequently checking if CNAMEs are properly configured. CNAMEs are Canonical NAMEs, kind of like nicknames, that indicate that one domain name is a nickname for another domain name.


Overall, A and MX queries are successfully resolved most frequently, while AAAA and PTR manifest lower success rates. Specifically, the failure rate of AAAA queries is surprisingly over 64.2% — two out of three AAAA queries failed.


Growth in hyperscaler data centers and processor-intensive enterprise workloads, such as high-performance computing (HPC) and AI, is set to drive broadscale adoption of SmartNICs.


Email is, without doubt, the communication tool of choice for almost everyone, and it is critical for those of us running a business. Therefore, is it any wonder that against this backdrop of increasing email use, we see that fraudsters and cybercriminals use email as their primary delivery mechanism for phishing and malware?


Broadcom will deploy its 25.6Tbit/sec Humbolt co-packaged optical (CPO) switches in China-based cloud provider Tencent’s datacenters in a bid to accelerate adoption of the emerging network tech.


Atlanta-based cyber risk intelligence company, Cyble discovered a new Remote Access Trojan (RAT) malware. What makes this particular RAT malware Continue reading

Hedge 144: IPv6 Lessons Learned

We don’t often do a post-mortem on the development and deployment of new protocols … but here at the Hedge we’re going to brave these deep waters to discuss some of the lessons we can learn from the development and deployment of IPv6, especially as they apply to design and deployment cycles in the “average network” (if there is such at thing). Join us as James Harr, Tom Ammon, and Russ White consider the lessons we can learn from IPv6’s checkered history.

download

1 12 13 14 15 16 164