Weekend Reads 111923

Bad queries tend to propagate to the root zone due to the hierarchical nature of DNS, so studying traffic at a root server can provide key insights into overall network usage.

This blog covers an interesting case of suspected abuse in a gTLD registry between February and April 2023.

YouTube wants its pound of flesh. Disable your ad blocker or pay for Premium, warns a new message being shown to an unsuspecting test audience, with the barely hidden subtext of “you freeloading scum.”

The shift towards chiplet architecture is inevitable for almost all high-end CPUs/GPUs, accelerators, and networking silicon vendors. It is not a question of ‘if’ but ‘when’.

The Global Coalition on Telecommunications (GCOT) purports to be about synching up how the five countries approach telecoms. The scope of corporation includes information sharing, joint R&D, funding alignment, the development of standards, skills, supply chain diversification, security, and 6G, so says the release.

Securing mainframes remains top of mind, with 61% of mainframe and IT professionals ranking security as the top problem they are facing, according to BMC’s annual survey of mainframe users for 2023.

Gartner has raised the specter of departments outside of tech running their own IT Continue reading

Hedge 203: Terry Slattery on Network Automation

Terry Slattery joins Tom and Russ to continue the conversation on network automation—and why networks are not as automated as they should be. This is part one of a two-part series; the second part will be published in two weeks as Hedge episode 204.

download

Hedge 202: Internet Governance with George Michaelson

How is the Internet governed? Who sets the rules for the Internet, civil society, and government control? How much input should techies have, and how much should government control things? These are questions we don’t often ask, and yet are crucial to building and operating networks connected to the global Internet. George Michaelson joins Toms and Russ to talk about Internet governance—including contrary views of where things should be versus where they are.

download

On the ‘net: Two on AI

I occasionally write over at Mind Matters on topics “other than technical.” Here are my two latest posts over there.

But what if you could steal something just as valuable as the contents of a lady’s handbag without anyone suspecting it and without impacting your user’s trust? What if you could take private information about millions of people, across the world, using that information to create what Shoshana Zuboff calls “behavioral surplus?” What if you could use that information to discover — and shape — people’s preferences without them even realizing it is happening? What if you could sell your user’s attention to the highest bidder?

While it seems evident that content created by a user prompt should not be copyrightable by the user, what about the designer and operator of the AI system? It might seem reasonable to infer the humans who create a system that, in turn, creates new “works” should be able to copyright those works.

On the ‘net: Model Based Thinking

Running a little late on cross posting stuff from Packet Pushers … but I suppose better late than never.

Model-based thinking can help engineers understand protocols and networks at a fundamental level. My previous post on network models focused on the Four Things model, an alternative to the OSI model for understanding network transport. I’ll continue with the Four Things, this time with a focus on routing.

Weekend Reads 110323

With security, the battle between good and evil is always a swinging pendulum. Traditionally, the shrewdness of the attack has depended on the skill of the attacker and the sophistication of the arsenal.

While cyberattacks on websites receive much attention, there are often unaddressed risks that can lead to businesses facing lawsuits and privacy violations even in the absence of hacking incidents.

A new login technique is becoming available in 2023: the passkey. The passkey promises to solve phishing and prevent password reuse.

Security researchers have discovered what they believe may be a government attempt to covertly wiretap an instant messaging service in Germany — an attempt that was blown because the potential intercepting authorities failed to reissue a TLS certificate.

Artists suing generative artificial intelligence art generators have hit a stumbling block in a first-of-its-kind lawsuit over the uncompensated and unauthorized use of billions of images downloaded from the internet to train AI systems, with a federal judge’s dismissal of most claims.

Professional artists and photographers annoyed at generative AI firms using their work to train their technology may soon have an effective way to respond that doesn’t involve going to the courts.

Intel is shedding its silicon photonics transceiver module business as part of restructuring and cost-cutting measures, offloading it to manufacturing company Jabil.

Domain Name System (DNS) abuse stands has proven a constant in the internet threat landscape, posing risk to the overall digital trust.

SpaceX is equipping its new satellites with inter-satellite laser links (ISLLs). They now have over 8,000 optical terminals in orbit (3 per satellite) and they communicate at up to 100 Gbps.

Hedge 201: Roundtable

It’s time to gather round the hedge and discuss whatever Eyvonne, Tom, and Russ find interesting! In this episode we discuss business logic vulnerabilities, and how we often forget to think outside the box to understand the attack surfaces that matter. We also discuss upcoming network speed increases like Wi-Fi 7 and 800G Ethernet. Do we really need these speeds, or are we just getting caught up in a hype cycle?

download

Weekend Reads 102723

Passkeys are appearing more and more in tech news, with support for them increasing. Since many administrators test out new technologies themselves first, we at CIS embarked on a short project to see what happened when an intern with our CTO team had the opportunity to implement passkeys.

Draft proposals setting a “remuneration obligation” for digital platforms started to pop up in the Brazilian congress after Australia adopted its own News Media Bargaining Code.

And can companies finally trust their data to cloud providers and actually trust that CC removes the need to worry about the cloud provider as a sub-processor with access to the data?

Google says it plans to prototype a technique to mask IP addresses via network proxies in future versions of its Chrome browser, a privacy protection similar to Apple’s iCloud Private Relay service for its Safari browser.

The cryptanalytic threat of quantum computing, particularly the “store data; decrypt later” approach, is drawing ever nearer. Unsurprisingly, the U.S. government is among those most alert to the danger.

A common critique of HTTP/3 and QUIC is that they primarily benefit the big players and companies (for example, Google and Meta), who often control one or even Continue reading

Hedge 200: Automation with Ethan Banks

We’ve been on a long streak of discussions about automation, why it works, why it isn’t working, and what the networking industry can do about it. For this episode, we’re joined by the indubitable Ethan Banks. If you don’t think there’s anything left to say, you’ve not yet listened to Ethan!

download

Hedge 199: Automation with Carl Buchmann

Automation is a big topic–folks had a lot of feedback on our first couple of Hedge episodes on the topic. We return to automation in this episode of the Hedge with Carl Buchmann to discuss one effort at unifying automation with humble beginnings.

download

Weekend Reads 102023

When we were not looking – and forcing ourselves to not look at any IT news because we have other things going on – that is the moment when Nvidia decides to put out a financial presentation that embeds a new product roadmap within it.

SiFive today launched a pair of RISC-V CPU cores aimed at high-performance and AI/ML applications.

LPO is short for Linear Pluggable Optics (or Linear-drive Pluggable Optics), it is a potential technology to satisfy the low power consumption and high bandwidth demand of data centers like CPO (Co-packaged Optics).

One colocation provider has come up with a unique solution: It’s building small nuclear power plants for itself.

That’s no longer the case, however, as its latest variant, encased in compromised OfficeNote installation packages (currently in beta mode), can cause damage to any macOS devices.

In an era where every click, tap or keystroke leaves a digital trail, Americans remain uneasy and uncertain about their personal data and feel they have little control over how it’s used.

An investigation from the Wall Street Journal identified a company called Near Intelligence that purchased data about individuals and their devices from brokers who usually sell to advertisers. The company Continue reading

Upcoming Class: How the Internet Really Works

Join me for How the Internet Really Works on the 27th! This four hour live webinar on Safari Books Online:

… de-mystifies the overall structure and “moving parts” of the global Internet. The class begins with a user connecting to a web site, and the process of translating the name of the service the user is seeking to a logical location (a server) where the service is actually located. From there, the path of the packets between the user and the server is traced, exposing each of the different kinds of providers that carry the packet along the way.

Register here.

Controversial Reads 101423

Imagine a future in which AIs automatically interpret—and enforce—laws.

Using the proposed “Web Environment Integrity” means websites can select on which devices (browsers) they wish to be displayed, and can refuse service to other devices. It binds client side software to a website, creating a silo’d app.

When Alexa wouldn’t respond to his commands, he called the Amazon help desk to see what the issue was. Evidently, the company locked him out because of his apparent racism: “I was told that the driver who had delivered my package reported receiving racist remarks from my ‘Ring doorbell’ (it’s actually a Eufy, but I’ll let it slide).” Later, without any explanation or apology, Amazon allowed Jackson access again.

According to Harari, “AI has all it needs in order to cocoon us in a Matrix-like world of illusions,” and, even more chillingly, “you don’t really need to implant chips in people’s brains in order to control them or to manipulate them.”

Yet given how most of the internet is currently structured, our online expression largely depends on a set of private companies ranging from our direct Internet service providers and platforms, to upstream ISPs (sometimes called Tier 2 and 3), all Continue reading

Weekend Reads 101323

Dereferencing null pointers is one of the most common software errors. It is so infamous that Tony Hoare called the invention of null pointers his billion-dollar mistake.

To detect DDoS attacks in a telecommunications network we need to see the traffic that traverses the network, and we have multiple protocols for that purpose.

A recent trend in cloud-native development is the use of multi-architecture infrastructures, which can run workloads on either x86 or Arm architectures.

On 28 Aug., the California Privacy Protection Agency released its initial draft regulations for cybersecurity audits and risk assessments.

The Sun is about to turn upside down – magnetically speaking, of course.

Telecoms giant Vodafone is backing more than one horse in the OpenRAN arena, confirming a collaboration with Arm on energy efficient silicon for 5G base stations and continuing to work with Intel on OpenRAN silicon.

However, DNSSEC can cause problems when combined with a widely used method for synchronising secondary DNS servers with their primaries, Incremental Zone Transfer (IXFR).

Antitrust cases like the FTC’s hinge on “threshold” issues, fundamental elements that must be proven for a case to proceed. Here, those issues are threefold: market definition, documentary evidence, and the validity of Continue reading

Hedge 198: Nephio with Wim Henderickx

Automation is a bit of theme recently on the Hedge. In this episode we’re joined by Wim Henderickx to talk about the Linux Foundation Nephio project, which adapts Kubernetes management into a cloud native network management platform. This new take on managing networks is definitely discovering.

download

On the ‘net: Building Consensus in the IETF

You cannot simply post a draft to the IETF repository and expect “someone, somewhere,” to take action. No one is going to read your draft. No one is going to send you comments. No one is going to call for your document to progress forward through the process.

On the ‘net: Mediocrates and LLMs

Might I suggest a name for anyone building yet another Large Language Model (LLM)? Mediocrates would be a far more honest name than the ones big tech companies choose.

Weekend Reads 100323

Google has rolled out “Privacy Sandbox,” a Chrome feature first announced back in 2019 that, among other things, exchanges third-party cookies—the most common form of tracking technology—for what the company is now calling “Topics.”

By virtue of engineering pushing the acceptable boundaries of a system, failures occur. This is inevitable, and that’s also the joy and perils of engineering — discovering the acceptable limits of system resilience.

The resource-intensive inefficiencies inherent to telecom ordering, billing, and service level agreement (SLA) enforcement between carriers is an industry-wide problem that MEF and its member organizations have been working to solve for years.

Cybersecurity agencies from Japan and the U.S. have warned of attacks mounted by a state-backed hacking group from China to stealthily tamper with branch routers and use them as jumping-off points to access the networks of various companies in the two countries.

To help solve this problem, QUIC no longer relies (purely) on IP addresses to define connections. Instead, it assigns a number to each connection (a so-called Connection ID or CID).

You are a distributor that sells your supplier’s brands, so aside from worrying about your own company’s domains, you’ve got nothing else to worry about, right?

Continue reading

Hedge 197: Old Engineering Books (1)

It’s time for the October Roundtable! This month Eyvonne, Tom, and Russ are reading quotes from an engineering book published in 1911 and reacting to them. How much has engineering changed? How much has engineering stayed the same? How well can advice from a hundred years ago apply to modern engineering problems and life? It turns out that, in spite of their faults, there is a lot of great wisdom in these old books.

download

Weekend Reads 092923

Since its discovery in 2019, cyber espionage group RedHotel has successfully stolen secret information from at least 17 target nations worldwide.

The vast majority of Internet users won’t notice any difference, but the update will support enhanced security for several Verisign-operated TLDs and pave the way for broader adoption and the next era of Domain Name System (DNS) security measures.

New research has found that close to 12,000 internet-exposed Juniper firewall devices are vulnerable to a recently disclosed remote code execution flaw.

At the birth of the registry model, Internet engineers could already foresee that the supply of IPv4 addresses would not sustain the predicted rate of consumption.

Attacks related to Domain Name System infrastructure – such as DNS hijacking, DNS tunneling and DNS amplification attacks – are on the rise, and many IT organizations are questioning the security of their DNS infrastructure.

An old Chinese state-linked threat actor has been quietly manipulating Cisco routers to breach multinational organizations in the US and Japan.

Can open source software be regulated? Should it be regulated? And if so, will it lead to enhanced security?

There are currently no restrictions on .AI registrations and it doesn’t help that the domain market is Continue reading