Archive

Category Archives for "Russ White"

Hedge 193: Network Automation with the Network Automation Forum

Year after year network engineering media, vendors, and influencers talk about the importance of network automation—and yet according to surveys, most network operators still have not automated their network operations. In this episode of the Hedge, part 1 of 2, Chris Grundemann and Scott Robohn join the Hedge to give their ideas on why network automation isn’t happening, and how we can resolve the many blockers to automation.

download

To find out more about the Network Automation Forum and their upcoming meeting, check out their web site.

Weekend Reads 082623


This open-source hardware optimized implementation uses a novel ECC/Dilithium hybrid signature schema that benefits from the security of ECC against standard attacks and Dilithium’s resilience against quantum attacks.


Dig Security, the cloud data security leader, today released findings from its first-ever “State of Cloud Data Security 2023 Report.” The analysis of more than 13 billion files stored in public cloud environments reveals how – and why – sensitive data is at risk in the modern enterprise.


Dr. Read Schuchardt, professor of communications at Wheaton College (IL), identifies five primary ways digital technology can erode our lives and relationships, or produce what he calls “vices of the virtual life”


In the name of taking the global cybersecurity lead and protecting EU citizens, it seeks to impose dozens of onerous, if not impossible, conformance requirements on all “products with digital elements” and associated obligations on every “manufacturer, importer, or distributor.”


Given the exuberance surrounding machine learning (ML) and deep learning (DL) in particular, the claims I will make in this short article will be quite controversial, to say the least.


We all know there are many skilled cyber attackers out there, professionals with the technical know-how to manipulate and exploit Continue reading

Hedge 192: Addiction Recovery

Addiction and addiction recovery are not a “normal” Hedge topic, but addiction afflicts many people in Information Technology. We’re all “hard driven” types, who feel failure keenly, and we tend to spend more time working than is probably healthy for us. Brett Lovins has been through addiction and recovery, and joins Tom Ammon, Russ White, and Eyvonne Sharp to talk about this high impact topic.

download

Weekend Reads 081823


A group of academics has devised a “deep learning-based acoustic side-channel attack” that can be used to classify laptop keystrokes that are recorded using a nearby phone with 95% accuracy.


Of all vertical industries, manufacturing saw a 42% increase in total victims between Q4 2021 and Q4 2022, underscoring the potential threat to global supply chains.


In this article, we discuss the constant back and forth that has been going on for the last 5 years or so in protecting the privacy of data through FL. Just when it looks like FL is able to keep local data private, out comes a study to deflate us.


New research has revealed that threat actors are abusing Cloudflare Tunnels to establish covert communication channels from compromised hosts and retain persistent access.


Luckily there is a huge amount of research underway to look for batteries that last longer, charge faster, and are made from more readily available minerals.


Vade’s Threat Intelligence and Response Center (TIRC) researchers analyzed what they dubbed the “Eevilcorp phishing campaign” and the malware its perpetrators used in depth.


The latest quarterly report from Backblaze on hard drive reliability reveals a rise in failures among certain drives.


In 2020 a Continue reading

Hedge 190: Sunspots

What impact would Electromagnetic Pulses (EMP) from a large-scale sunspot have in the modern world? One this episode of the Hedge, Ulrich Speidel and Jaap Akkerhuis join George Michaelson and Russ White to discuss space weather and its impact on communication systems. Note this is a joint episode with Ping, APNIC’s podcast. Because this is a joint recording, the format is a little different than normal.

download

Hedge 189: Data Center Careers with Carrie Goetz

When network engineers think of a data center, we think of fabrics and routers and switches. There is a lot more to a data center, though—there is power, building construction, environmentals, and a lot of others. What possible jobs are out there in the data center space for people who want to work in IT, but don’t either want to code or build networks? Carrie Goetz, author of Jumpstart Your Career in Data Centers joins Tom Ammon and Russ White to tell us about a few, and about the importance of other careers in the data center.

download

In case you didn’t see it I’m uploading the rough “machine generated” transcript of each episode about a week after the episode airs. It takes a little time for the transcription to be created, and then for me to log back in and upload the file.

Weekend Reads 072823


Incredible as it may seem, US tax preparation companies using Google and Meta tracking technology have been sending sensitive information back to the megacorps, not to mention other tech firms, it is claimed.


The Federal Trade Commission (F.T.C.) sent a letter to OpenAI, the San Fransisco company responsible for creating ChatGPT, the Large Language Model that captured the world’s imagination in November of 2022.


Steganography is the art of hiding secret data in plain sight. It sounds kind of counter-intuitive, but you’d be surprised how effective it is.


On Wednesday, Microsoft announced that Chinese hackers had managed to secretly access email accounts belonging to 25 different organizations across the country, including government agencies.


But for a human to interact with this hardware, they must really know and understand how it works. The person must also know the order in which to give the computer various tasks to produce a meaningful result.


The UK’s Competition Market Authority (CMA) has provisionally cleared Broadcom’s proposed acquisition of VMWare, paving the way for the $61 billion deal to go ahead.


In 2021, we discussed a potential future shift from established public-key algorithms to so-called “post-quantum” algorithms, which may help protect sensitive Continue reading

Hedge 188: Sidewalk, Who’s Responsible?, and Data Breaches

It’s the last show of the month, which means it is time for a roundtable! Today we are discussing three news stories, including Amazon’s Sidewalk Labs, a court case in California involving Cisco and the Great Firewall of China, and yet another data breach.

In case you didn’t see it I’m uploading the rough *machine generated) transcript of each episode about a week after the episode airs. It takes a little time for the transcription to be created, and then for me to log back in and upload the file.

download

Hedge 187: Buffer Bloat with Bjørn T

Buffer bloat causes permanent delay at multiple points along the path between a server and client—but it is hard to measure and resolve. Bjørn Teigen joins Tom and Russ on this episode of the Hedge to discuss the problem, solutions based in routers, and research into how to solve the problem at the host. You can find Bjørn’s recent paper in this area here, and he blogs here.

download

Upcoming BGP Policy Course

This coming Friday I’m teaching a course in BGP policy over at Safari Books Online. It’s three hours of straight-up BGP policy goodness. From the description:

This course begins by simplifying the entire BGP policy space into three basic kinds of policies that operators implement using BGP—selecting the outbound path, selecting the inbound path, and “do not transit.” A use case is given for each of these three kinds, or classes, of policies from the perspective of a transit provider, and another from the perspective of a nontransit operator connected to the edge of the ‘net.

Please register here.

Controversial Reads 071423


Indian-born CEOs are closing their firms and fleeing back to India to escape charges of fraud in the annual lotteries for visas to import H-1B foreign contract workers, says a lawyer for many Indian-owned subcontractors and visa workers.


Over the past few years, Apple has pursued a meal-prepping app with a pear logo, a singer-songwriter named Frankie Pineapple, a German cycling route, a pair of stationery makers, and a school district, among others.


Reddit, a link-aggregating website that claims to be the “front page of the internet,” has turned into a hotbed for radicalization.


Wolk wasn’t saying cable news was necessarily a terrible product; it was an obsolete one on an obsolete platform. While he didn’t predict that the death of cable was imminent, he made it clear it might be time to start looking for hospice care.


However, where the previous labor nuke decimated the white working class in flyover states, this one will explode closer to the power center of Corporate America. Creative AIs like ChatGPT most threaten one of the Regime’s most powerful assets: the managerial class.


A bid to legally muzzle critics of the Irish Data Protection Commission (DPC) is just the tip of the iceberg Continue reading

Weekend Reads 071423


For example, at a certain level, your password must include today’s Wordle answer. And then there’s rule #27: “At least 50% of your password must be in the Wingdings font.”


On 12 June, the DFIR Report published an in-depth analysis of a Truebot intrusion that began with several page redirects via a Traffic Distribution System (TDS) and ended with dropping a Master Boot Record (MBR) killer wiper onto a victim’s computer.


PL/I stands for Programming Language 1, and its aim was to be the Highlander of programming languages: there would be no need for 2, 3, or 4 if everything went to plan.


In this episode of PING, APNIC’s Chief Scientist Geoff Huston discusses how Sweden built a national time distribution system and the nature of time in the modern Internet.


When system architects sit down to design their next platforms, they start by looking at a bunch of roadmaps from suppliers of CPUs, accelerators, memory, flash, network interface cards – and PCI-Express controllers and switches.


In a recent investigation by Microsoft Incident Response of an intrusion, we found that the threat actor progressed through the full attack chain, from initial access to impact, in less than five days, Continue reading

Hedge 186: Hardware Root of Trust

The idea of a root of trust is somewhat foreign to network engineers—what is it, and why would it be important? Michael and Marcus from Hedgehog join Tom Ammon and Russ White to discuss how hardware roots of trust work, what problems they are designed to solve for network hardware, and the current state of this technology.

download

rough transcript will be supplied in a few days

Weekend Reads 070723


To help organizations avoid the potential perils that the .zip and similarly confusing ngTLD extensions (i.e., .app, .cab, .cam, .mobi, .mov, .pub, .rip, and .win) may pose, the WhoisXML API research team scoured the DNS for such domains created between 1 January and 31 May 2023 to see if any of them should be considered suspicious and treated with caution.


When you write some code and put it on a spacecraft headed into the far reaches of space, you need to it work, no matter what. Mistakes can mean loss of mission or even loss of life.


That’s right, no need to be picky — any CA can sign any domain name, so you can pick from literally hundreds since that is the number of trusted CA root certificates baked into your browser or included in most operating systems.


Some 50 years ago, at the Palo Alto Research Centre of that renowned photocopier company Xerox, a revolutionary approach to local digital networks was born.


The proposed new European Union (EU) Artificial Intelligence Act has been extolled in the media as a bold action by a major legislative body against the perceived dangers of emerging new computer technology.


In Continue reading

Hedge 185: Retrocomputing

Computers only have a history stretching back some 60 or 70 years—and yet much of that history has already been lost in this mist of time. Are we focusing so deeply on the future that we have forgotten our past? What might we learn from the past, even the recent past, and how does forgetting our past impact the future. Federico Lucifredi joins Tom Ammon and Russ White to discuss some of his projects finding, repairing, and operating old personal computers.

download

transcript will be linked in a few days

If you are interested in retrocomputing, you might want to start with this Stack Exchange, the Retrocomputing Forum, this Reddit forum.

Weekend Reads 063023


Enterprises can use multiple DNS providers to serve their zone. This increases the reliability of the service and will likely help them to keep their zone available if one provider is suffering from a critical failure.


According to the Astrix Security Research Group, mid size organizations already have, on average, 54 Generative-AI integrations to core systems like Slack, GitHub and Google Workspace and this number is only expected to grow.


With browser fingerprinting, many pieces of data can be collected about a user’s web browser and device, such as screen resolution, location, language, and operating system. When you stitch these pieces together, they reveal a unique combination of information that forms every user’s visitor ID or “digital fingerprint.


John Goodenough, who shared the 2019 Nobel Prize in chemistry for his work developing the lithium-ion battery that transformed technology with rechargeable power for devices ranging from cellphones, computers, and pacemakers to electric cars, has died at 100, the University of Texas announced Monday.


Microsoft has been increasingly moving Windows to the cloud on the commercial side with Windows 365, but the software giant also wants to do the same for consumers


Moonlighter, a foot-long toaster-sized CubeSat, is designed for hacking contests Continue reading

Is The OSI Model Good For Understanding How Networks Work? Not Really

Looking back at my career in network engineering, beyond some basic concepts and naming conventions, I cannot remember using the OSI model once. Not for troubleshooting, not for protocol design. I have used the concept of layering, but never the OSI model specifically.

The post Is The OSI Model Good For Understanding How Networks Work? Not Really appeared first on Packet Pushers.

1 6 7 8 9 10 164