Worth Reading: Agile is values and principles

Many things get called Agile — especially by people who are selling something. But the Agile Manifesto makes it clear that it isn’t a methodology. …. Agile is a set of values and principles. —Mark Shead @Free Code Camp

Network Collective: Building Resilient Networks

On this community roundtable at the Network Collective, we’re talking about building resilient networks with Pete Welcher, Jody Lemoine, and John Herbert. This was a terrific discussion of all those things you might not think about.

Worth Reading: Bufferbloat and Satellite Comm

In the case of satellite connections, it does not matter too much whether the buffer queue is managed with schemes such as random early drop (RED) and/or explicit congestion notification (ECN). The feedback path for such schemes traverses the link in both directions, and the resulting timeframes are typically too long to give short-term relief to queues that are becoming congested. —Ulrich Speidel @APNIC

Worth Reading: Why we need more crypto

Last week, researchers at Citizen Lab discovered that Sandvine’s PacketLogic devices were being used to hijack users’ unencrypted internet connections, making yet another case for encrypting the web with HTTPS. —Sydny Li @EFF

Short Take: The Agile State of Mind

Worth Reading: Should I allow UDP over my satellite link?

ISPs that use satellite links for international IP connectivity often block User Datagram Protocol (UDP) traffic because it is deemed ‘unfriendly’ in the presence of Transmission Control Protocol (TCP) on the link and considered too unimportant a protocol to be mission-critical. —Ulrich Speidel @APNIC

Worth Reading: US versus Microsoft

On Tuesday, the Supreme Court heard oral argument in United States v. Microsoft, a case that many observers believe could have significant ramifications for how cloud computing and other technology companies interact with the US government. —Olivier Douliery @Wired

Side Channel Attacks in the Wild: The Smart Home

Side channel attacks are not something most network engineers are familiar with; I provided a brief introduction to the concept over at The Network Collective in this Short Take. If you aren’t familiar with the concept, it might be worth watching that video (a little over 4 minutes) before reading this post.

Side channel attacks are more common, and more dangerous, than many engineers understand. In this post, I’ll take a look at a 2017 research paper that builds and exploits a side channel attack against several smart home devices to see how such a side channel attack plays out. They begin their test with a series of devices, including a children’s sleep monitor, a pair of security cameras, a pair of smart power plugs, and a voice based home assistant.

The attack itself takes place in two steps. The first is to correlate individual traffic flows with a particular device (where a traffic flow is a 5 tuple. The researchers did this in three different ways. First, they observed the MAC address of each device talking on the network, comparing the first three octets of this address to a list of known manufacturers. Most home device manufacturers use a Continue reading

Worth Reading: Manual work is a bug

Let me tell you about two systems administrators I know. Both were overloaded, busy IT engineers. —Thomas A. Limoncelli @ACM Queue

Fishy Tire

Weekend reads 031618: Notes on memcache, GDPR and whois, and the end of Symantec certificates

ICANN has consistently said its intention in complying with the European Union’s General Data Protection Regulation (GDPR) is to comply while at the same time maintaining access to the WHOIS domain name registration database “to greatest extent possible.” On February 28, ICANN published its proposed model. —Brian Winterfeldt @CircleID

We previously announced plans to deprecate Chrome’s trust in the Symantec certificate authority (including Symantec-owned brands like Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL). This post outlines how site operators can determine if they’re affected by this deprecation, and if so, what needs to be done and by when. Failure to replace these certificates will result in site breakage in upcoming versions of major browsers, including Chrome. @Google

I’ve been prompted to write this brief opinion piece in response to a recent article posted on CircleID by Tony Rutkowski, where he characterises the IETF as a collection of “crypto zealots”. He offers the view that the IETF is behaving irresponsibly in attempting to place as much of the Internet’s protocols behind session level encryption as it possibly can. He argues that ETSI’s work on middlebox security protocols is a more responsible approach, and the enthusiastic application of TLS in IETF protocol Continue reading

Worth Reading: The dark side of Internet scale shopping

But if this aspect was already known and widely expected for years, another that we often underestimate is that related to our privacy. Amazon, Ebay, but also Google, Facebook and others, base their business on our personal data. —Fabiana Aloisi @Connecting

History of Hardware Switching

On this episode of the history of networking, we talk to Tony Li about the origin and history of the Cisco Silicon Switching Engine.

Worth Reading: Do IP transfers impact network operations?

Last year, a record number of IPv4 addresses were transferred into the APNIC region — over 10.6 million — thanks to the reciprocal inter-RIR transfer policies between APNIC, ARIN and RIPE NCC. —Sanjaya @APNIC

Worth Reading: Changes to the DNS marketplace

The new gTLD program and the introduction of 1200+ new domain name registries has significantly altered the marketplace dynamics. New domain name registries must navigate an environment that is, to an extent, stacked against them. —Kurt Pritz @CircleID

On the ‘net: Thinking about APIs

Network disaggregation is a lot of work for engineers, and it’s fraught with potential hurdles posed by sourcing hardware, a control plane, network operating system and how you manage necessary APIs. @Search Networking

Worth Reading: Intel fights for its life

The Smartphone 2.0 era has destroyed many companies: Nokia, Blackberry, Palm… Will Intel be another victim, either as a result of the proposed Broadcom-Qualcomm combination, or as a consequence of a suicidal defensive move? —Jean-Louis Gassée @ Monday Note

Worth Reading: The IPv4 market

The IPv4 market has grown significantly in the last four years. It finished particularly strong in 2017, both in terms of the total volume of addresses traded and overall number of intra- and inter-RIR transactions in the ARIN region. —Janine Goodman @CircleID

Short Take: Side Channel Attacks

In this short take, recently posted over at the Network Collective, I discuss what a side channel attack is, and why they are important.

Worth Reading: Top 4 problems with “doing DevOps”

“Doing DevOps” sounds so easy. You’ve read the books. You’ve gone to the conferences. You follow the right people on Twitter. But it’s taking so long. What’s going on? —Magnus Hedemark @Opensource.com