Worth Reading: Microsoft’s Container Strategy Continues to Evolve

Although Microsoft is still a giant in the enterprise IT space, as almost every company of any size is running Windows servers and its related systems software stack, the company is well aware of which way the wind is blowing: corporate workloads are slowly but surely drifting to the cloud, and Linux is the only growing operating system. —Daniel Robinson @The Next Platform

Weekend Reads: 071918

In this post, we present ARTEMIS (Automatic and Real-Time dEtection and MItigation System), a defence system that can be used by operators to protect their own network from BGP prefix hijacking events. Using real experiments, we’ve shown that ARTEMIS can detect prefix hijacking events within seconds and neutralize them within a minute; orders of magnitude faster than with current practices. —Vasileios Kotronis @APNIC

You could sum up the security advantages of serverless this way: What containers did for ensuring the operating system and hardware layer could be maintained and secured separately, serverless offers the same at the application and web server layer. And yet — serverless is no silver bullet from a security perspective. Serverless environments still need to be designed and managed with security in mind at every moment. —Vince Power @The New Stack

Another lesson is that privacy defenses don’t need to be perfect. Many researchers and engineers think about privacy in all-or-nothing terms: a single mistake can be devastating, and if a defense won’t be perfect, we shouldn’t deploy it at all. That might make sense for some applications such as the Tor browser, but for everyday users of mainstream browsers, the threat model is death by Continue reading

Columns

Worth Reading: Your IoT Security Fears are Stupid

Lots of government people are focused on IoT security, such as this bill or this recent effort. They are usually wrong. It’s a typical cybersecurity policy effort which knows the answer without paying attention to the question. Government efforts focus on vulns and patching, ignoring more important issues. @Errata Security

Site Reliability Engineering at the Network Collective

The Site Reliability Engineer (SRE) role often seems a bit mysterious to folks working at smaller and mid-sized companies, where the team isn’t large enough to separate into SRE, operations, and other teams. What does and SRE do, and how is it different from what the average network engineer does? In this Network Collective Off the Cuff, we sit with Michael Kehoe of LinkedIn to discuss the role of the SRE.

Worth Reading: WPA3

Wi-Fi devices have been using the same security protocol for over a decade. But today, that’ll begin to change: the Wi-Fi Alliance, which oversees adoption of the Wi-Fi standard, is beginning to certify products that support WPA3… —Jacob Kastrenakes @The Verge

Worth Reading: The IPv4 Market

On September 24, 2015, the free supply of IPv4 numbers in North America dwindled to zero. Despite fears to the contrary, IPv4 network operators have been able to support and extend their IP networks by purchasing the IPv4 address space they need from organizations with excess unused supply through the IPv4 market. —Marc Lindsey @CircleID

Complexity Sells

Networks are complex. But why? There are two fundamental reasons. The first is complexity is required to solve hard problems, specifically in the area of resilience. The second is that complexity sells. In this short take, I look at the second reason in a little more depth.

Worth Reading: The End of the API Economy

Companies that rely upon third-party public APIs (for example, those from Facebook, Twitter, and other API providers) to do business have always been at risk. This is nothing new. —Bob Reselman @Programmableweb

Worth Reading: Living in the Moment

We spend most of our lives not truly living at all but shoring up goods for some time in the future when we can enjoy them—which never comes. —Michael De Sapio @Intellectual Takeout

Thoughts on Impostor Syndrome

How many times, on reading my blog, a book, or watching some video of mine over these many years (the first article I remember writing that was publicly available, many years ago, was the EIGRP white paper on Cisco Online, somewhere in 1997), have you thought—here is an engineer who has it all together, who knows technology in depth and breadth, and who symbolizes everything I think an engineer should be? And yet, how many times have you faced that feeling of self-doubt we call impostor synddome?

I am going to let you in on a little secret. I’m an impostor, too. After all these years, I still feel like I am going to be speaking in front of a crowd, explaining something at a meeting, I am going to hit publish on something, and the entire world is going to “see through the charade,” and realize I’m not all that good of an engineer. That I am an ordinary person, just doing ordinary things.

While I often think about these things, what has led me down the path of thinking about them this week is some reading I’ve been doing for a PhD seminar about human nature, work Continue reading

Worth Reading: Source Address Dependent Routing

Having multiple connections to the Internet, or being multihomed, is often a must to avoid a single point of failure. But, it is not as simple as getting two connections to the Internet — most Internet Service Providers (ISP) apply anti-spoofing so all packets sent on one ISP uplink must use a source address from this ISP. —Eric Vyncke @APNIC

Worth Reading: Is Everyone Missing the SD-WAN Boat?

What’s in a name? Too much, in many cases, because we tend to use a single very popular name (one with good media visibility) to cover a product space that may have little in the way of uniform features or even missions. We clearly have that problem with SD-WAN. —Tom Nolle @CIMI

On the ‘net: The Tradeoffs of Information Hiding

I recently joined Ethan Banks for a Packet Pushers episode around the trade offs of hiding information in the control plane. This was a terrific show; you can listen to it by clicking on the link below.

Today on the Priority Queue, we’re gonna hide some information. Oh, like route summarization? Sure, like route summarization. That’s an example of information hiding. But there’s much more to the story than that. Our guest is Russ White. Russ is a serial networking book author, network architect, RFC writer, patent holder, technical instructor, and much of the motive force behind the early iterations of the CCDE program.

Worth Reading: Shutting down a BGP Hijack Factory

It started with a lengthy email to the NANOG mailing list on 25 June 2018: independent security researcher Ronald Guilmette detailed the suspicious routing activities of a company called Bitcanal, whom he referred to as a “Hijack Factory.” —Doug Madory @Dyn

Weekend Reads 071318: Nice to Haves

I had about four hours of highway driving yesterday. Even though I probably could’ve navigated it on my own, I opted to use Apple Maps, which is integrated with my car’s Apple CarPlay “infotainment center.” It was nice. It told me how many miles I had remaining and my expected time of arrival. But it wasn’t a life changer. @The Old Reader

More than ever before Internet users are now interacting with people living/working in other economies. And as a result of these interactions, there are an increasing number of ‘legal contracts’ (intentional or not). Internet policy researchers and academics debate about the changing landscape and the boundaries of the international and domestic laws, without conclusive agreements. —Yeseul Kim @APNIC

The plague that is Spectre continues to evolve and adapt, showing up in two new variants this week dubbed Spectre 1.1 and Spectre 1.2 that follow the original Spectre’s playbook while expanding on the ways they can do damage. —Curtis Franklin Jr. @Dark Reading

These vast routing events that are propagated globally already provide a hint that some ISPs do not set filters at all, or there are vastly malformed AS-SETs. We decided to measure the number Continue reading

Computer Science Department

Worth Reading: Top open source tools for security

While the intrusion detection and security markets are largely catered to by the likes of proprietary offerings like McAfee, Symantec and Juniper, various open source variants are also being deployed within a large number of corporates. Intrusion prevention and detection has been the major focus in the launching of such tools. —Swapneel Mehta @opensourceforu

Reaction: Some Sayings that Sum Up Networking

Over at the CIMI blog, Tom Nolle has a mixed bag of sayings and thoughts about the computer networking world, in particular how it relates to the media. Some of these were interesting enough that they seemed worth highlighting and writing a bit more on.

“News” means “novelty”, not “truth”. In much of the computer networking world, news is what sells products, rather than business need. In turn, Novelty is what drives the news. The “straight line” connection, then is from novelty to news to product, and product manufacturers know this. This is not just a vendor driven problem, however; this is also driven by recruitment, and padding resumes, and many other facets of the networking nerd culture.

On the other hand, novelty is never a good starting place for network design. Rather, network design needs to start with problems that need to be solved, proceeds by considering how those problems can be solved with technologies, then builds requirements based on the problems and technologies, and finally considers which products can be used to implement all of this at the lowest long term cost. This is not to say novelty is not useful, or is not justified, but rather that Continue reading

Worth Reading: Technology’s trustbuster

People are wont to say that tech empires naturally come and go, and they cite examples like BlackBerry and MySpace. But the reality of the industry is that it’s always been monopolized. —Martin Giles @Technology Review