HN715: Prescribing The Right Dose Of Automation For A Hospital Network

At NewYork-Presbyterian Hospital, patients are the priority. That focus on patient care extends to the hospital’s campus network, data center, wireless network, and SD-WAN. These networks are instrumental for delivering medical applications and connecting medical devices. On today’s Heavy Networking, we talk with network architects and engineers at NewYork-Presbyterian about their use of automation to... Read more »

HN715: Prescribing The Right Dose Of Automation For A Hospital Network

We talk with network architects and engineers at NewYork-Presbyterian Hospital about their automation strategy for mission-critical networks that support patient care. We explore the automation progress they've made, long-term goals, technical and cultural challenges, what they'd like to see from vendors, and more.

The post HN715: Prescribing The Right Dose Of Automation For A Hospital Network appeared first on Packet Pushers.

Weekend Reads 011524

Thanks to Mark Prosser for a few links to add to the pile this week.


There’s a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents.


Microsoft found that a popular form of video-based training reduces phish-clicking behavior by about 3%, at best. This number has been stable over the years, says Microsoft, while phishing attacks are increasing yearly.


The Internet Architecture Board (IAB) has warned that policy proposals requiring or enabling the automated scouring of people’s devices for illegal material – as floated by the European Union, the United Kingdom, and the United States – threaten the open internet.


Another update of the Ultimate PCAP is available. Again, there are some special new packets in there which I want to point out here. Feel free to download the newest version to examine those new protocols and packets by yourself. Featuring: SNMPv3, WoL, IPMI, HSRP, Zabbix, Pile of Poo, and Packet Comments.


The Genesis Market began operating in 2017, four years after Silk Road closed shop. Like its predecessor, though, the Federal Bureau of Investigation (FBI) and other law enforcement agencies took the Genesis Market down last April.


Miyake events are believed to be Continue reading

Technology Short Take 172

Welcome to Technology Short Take #172, the first Technology Short Take of 2024! This one is really short, which I’m assuming reflects a lack of blogging activity over the 2023 holiday season. Nevertheless, I have managed to scrape together a few links to share with readers. As usual, I hope you find something useful. Enjoy!

Networking

  • Via this blog post, I learned that Ivan Pepelnjak has a GitHub repository of hands-on examples for learning public cloud networking (including both AWS and Azure). Ivan’s materials are always excellent, so if you’re looking for resources to help with expanding your networking skills into the public cloud, this should be on the short list. (I plan to submit a PR soon to add Pulumi examples, which the repository is currently missing.)

Cloud Computing/Cloud Management

  • Jonathan Major shares his experience using Pulumi with Google Cloud APIs. I think there are some code snippets in Jonathan’s article, but my instance of Firefox wouldn’t render the code snippets (instead only showing empty black boxes).
  • Nisar Ahmad explores whether Terraform or Pulumi is better for your use case.

Operating Systems/Applications

Public Videos: Routing Protocols

One of the delightful side effects of leaving the paid content business is that I no longer have to try to persuade anyone that my content is any good. That includes the “this video is now public” announcements – instead of elaborate introductions, I’ll just publish a short blog post with the links.

As of today, these videos (along with dozens of previously-released videos) from the Routing Protocols section of the How Networks Really Work webinar are no longer behind a login wall:

Read more …

Advertising IPs In EVPN Route Type 2

In my last post EVPN Deepdive Route Types 2 and 3, we took a deepdive into these two route types. I mentioned that the IP address of a host, a /32 or /128 address, could optionally be advertised. I also mentioned that this is mainly to facilitate features such as ARP suppression where a VTEP will be aware of the MAC/IP mapping and not have to flood BUM frames. However, in my last lab no IP addresses were advertised. Why is that? How do we get them advertised?

Currently, I have only setup a L2 VNI in the lab. This provides connectivity for the VLAN that my hosts are in, but it does not provide any L3 services. There is no SVI configured and there is also no L3 service configured that can route between different VNIs. The “standard” way of setting this up would be to configure anycast gateway on the leafs where every leaf that hosts the VNI has the same IP/MAC, but I consider this to be an optimization that I want to cover in a future posts. I prefer to break things down into their components and focus on the configuration needed for each component Continue reading

KU044: Making Kubernetes And Cloud-Native Workloads Environmentally Sustainable

Can clouds be green? Today we discuss sustainability in the tech industry, focusing on running Kubernetes and workloads in more efficient and environmentally friendly ways. Co-hosts Kristina Devochko and Michael Levan explore current tools, the reuse of resources like excess heat from data centers, and the challenges of sustainable energy infrastructure, such as electric cars... Read more »

Privacy Pass: Upgrading to the latest protocol version

Enabling anonymous access to the web with privacy-preserving cryptography

The challenge of telling humans and bots apart is almost as old as the web itself. From online ticket vendors to dating apps, to ecommerce and finance — there are many legitimate reasons why you'd want to know if it's a person or a machine knocking on the front door of your website.

Unfortunately, the tools for the web have traditionally been clunky and sometimes involved a bad user experience. None more so than the CAPTCHA — an irksome solution that humanity wastes a staggering amount of time on. A more subtle but intrusive approach is IP tracking, which uses IP addresses to identify and take action on suspicious traffic, but that too can come with unforeseen consequences.

And yet, the problem of distinguishing legitimate human requests from automated bots remains as vital as ever. This is why for years Cloudflare has invested in the Privacy Pass protocol — a novel approach to establishing a user’s identity by relying on cryptography, rather than crude puzzles — all while providing a streamlined, privacy-preserving, and often frictionless experience to end users.

Cloudflare began supporting Privacy Pass in 2017, with the release of browser Continue reading

Upcoming BGP Labs, 2024 Edition

It’s that time of the year when we create unreachable goals and make empty promises to ourselves (or others) that we subconsciously know we’ll fail.

I tried to make that process a bit more structured and create external storage for my lab ideas – I started publishing more details on future BGP lab scenarios. The lab descriptions contain a high-level overview of the challenge and the lab topology; the details will be filled in later.

Want to know what’s coming in 2024? Check out the Upcoming Labs page of the BGP Labs project.

Upcoming BGP Labs, 2024 Edition

It’s that time of the year when we create unreachable goals and make empty promises to ourselves (or others) that we subconsciously know we’ll fail.

I tried to make that process a bit more structured and create external storage for my lab ideas – I started publishing more details on future BGP lab scenarios. The lab descriptions contain a high-level overview of the challenge and the lab topology; the details will be filled in later.

Want to know what’s coming in 2024? Check out the Upcoming Labs page of the BGP Labs project.

A While, Career update and Ends with various Junos load commands.

It has been quite some time since my last blog post. The past few months have been busy, leaving little time to write. I am happy to share that I have started working as a site-reliability developer at Oracle. While it has only been a short while, I am enjoying the work.

Reflecting on the past year, I am happy to say it has been productive overall. I have had the opportunity to collaborate with various networking and software teams, which has taught me a lot about high-scale traffic patterns and migrations. Working in an operations role has been beneficial since it requires constant fire-fighting and documentation for improvements. This has made me more aware of traffic patterns and ways to improve reliability.

What can be improved?

However, I could benefit from more study on the software architecture and distributed system design parameters from a business perspective. I want to write more this year; the first half was better, but lacked in the second half, where most of the writing was private.

From a personal standpoint, 2024 needs more travel absolutely and some improvements in garden automation for summer 2024

Other updates

Finally, I have been working on some JNCIA-Devops Continue reading

About password security and credential stuffing

Common Falsehoods About Password Security and Credential Stuffing

TechCrunch published an article that gives class-action lawyers suing 23andMe a mouthpiece to editorialize about password security practices, masquerading as a news article. The upshot of the ~article~ editorial is this:

  1. A large number of 23andMe’s customers were subject to a credential stuffing attack.
  2. Design choices in 23andMe’s site allowed other customer data to be exposed via accounts compromised in the credential stuffing attack.
  3. 23andMe’s mitigations for credential stuffing attacks were inadequate.
  4. 23andMe should be held liable for this.

I want to focus here on the third point: credential stuffing attack mitigations. I’ve worked quite a bit on analyzing large credential stuffing attacks and recommending mitigations for them. I also served as a technical escalation point for customers who had a wide variety of strongly held false beliefs about password security credential stuffing mitigation. In reading various social media responses the 23andMe case, I see all these false beliefs turning up again. Let’s have a look at some.

False: Rate limiting login attempts is a great mitigation

The first question we need to answer here is: what do you mean by rate limiting? Usually there are two main rate limits that people Continue reading

Meshtastic quick setup

I wanted some nice offline mid range chat app, for when I don’t have data, or data roaming is too expensive. I also want it to work for people who are not amateur radio licensed, since my girlfriend stubbornly refuses to be interested in that.

Looks like the answer I’m looking for is Meshtastic, preferably with LoRalora]. I bought a couple of Heltec V3 ESP32 LoRa OLED and the matching case.

Maybe I’ll buy a battery, but I’m fine just powering it from a USB power bank.

The documentation makes a fair bit of assumptions about the user knowing the name for what they want, and what firmware provides what.

In short, what I think I want is to ignore the Heltec firmware, and instead just treat the Heltec V3 as the hardware that Meshtastic runs on.

The recommended way to flash, and for some cases even use, is the Meshtastic Web UI. It uses browser integration for serial ports and bluetooth. A nice idea, but it was extremely unreliable for me. The flasher worked for one device, but not the other. The chat client never worked at all.

Here’s what worked reliably for me:

  1. Download “stable” firmware Continue reading

With “Big Chip,” China Lays Out Aspirations For Waferscale

The end of Moore’s Law – the real Moore’s Law where transistors get cheaper and faster with every process shrink – is making chip makers crazy.

The post With “Big Chip,” China Lays Out Aspirations For Waferscale first appeared on The Next Platform.

With “Big Chip,” China Lays Out Aspirations For Waferscale was written by Timothy Prickett Morgan at The Next Platform.

Selectively Replacing Resources with Pulumi

Because Pulumi operates declaratively, you can write a Pulumi program that you can safely run (via pulumi up) multiple times. If no changes are needed—meaning that the current state of the infrastructure matches what you’ve defined in your Pulumi program—then nothing happens. If only one resource needs to be updated, then it will update only that one resource (and any dependencies, if there are any). There may be times, however, when you want to force the replacement of specific resources. In this post, I’ll show you how to target specific resources for replacement when using Pulumi.

Here’s an example: I use Pulumi to manage my AWS-based lab resources, including SSH bastion hosts. However, because my code uses a dynamic AMI lookup, I’ve instructed Pulumi to ignore changes in the AMI ID for the bastion hosts (by appending pulumi.IgnoreChanges([]string{"ami"}) as a resource option). This gives me the control over when the bastion hosts get replaced, instead of Pulumi wanting to replace them every time the AMI ID changes.

With this in place, then, how do I tell Pulumi that I’m ready to replace the bastion hosts? Tearing down the entire stack isn’t an option. Fortunately, the pulumi CLI Continue reading

1 104 105 106 107 108 3,763