The Week in Internet News: U.S. Big Tech Firms Skip Chinese Internet Conference

Not our model: Google, Twitter, Facebook, and Apple skipped a Chinese conference focused on a global governance model for the Internet, Asia One reports. During the conference, China promoted its highly restrictive model of the Internet. Google, Twitter, and Facebook are blocked in China, while Apple must use a local partner to offer cloud services, the story notes.

No news for you: Meanwhile, the Chinese government’s Great Firewall blocks 23 percent of the news organizations that have journalists stationed in the country, reports the South China Morning Post, citing statistics from the Foreign Correspondents’ Club of China. Nearly a third of English-language sites are blocked. Blocked sites include the BBC, The Guardian, The New York Times, The Wall Street Journal, and the Washington Post.

Flying cars and smart mirrors: Among the Internet of Things trends to look for in 2020 are flying cars and mirrors that deliver news and weather while you’re brushing your hair, What Mobile says. Widespread use of flying cars may be a way off, but one startup is working on them. Multilingual voice assistants and flexible displays are other things to watch for.

Opposed to encryption: A large U.S. Internet service provider is lobbying lawmakers in opposition to Continue reading

Supporting the latest version of the Privacy Pass Protocol

Supporting the latest version of the Privacy Pass Protocol
Supporting the latest version of the Privacy Pass Protocol

At Cloudflare, we are committed to supporting and developing new privacy-preserving technologies that benefit all Internet users. In November 2017, we announced server-side support for the Privacy Pass protocol, a piece of work developed in collaboration with the academic community. Privacy Pass, in a nutshell, allows clients to provide proof of trust without revealing where and when the trust was provided. The aim of the protocol is then to allow anyone to prove they are trusted by a server, without that server being able to track the user via the trust that was assigned.

On a technical level, Privacy Pass clients receive attestation tokens from a server, that can then be redeemed in the future. These tokens are provided when a server deems the client to be trusted; for example, after they have logged into a service or if they prove certain characteristics. The redeemed tokens are cryptographically unlinkable to the attestation originally provided by the server, and so they do not reveal anything about the client.

Supporting the latest version of the Privacy Pass Protocol
Supporting the latest version of the Privacy Pass Protocol

To use Privacy Pass, clients can install an open-source browser extension available in Chrome & Firefox. There have been over 150,000 individual downloads of Privacy Pass worldwide; approximately 130,000 in Chrome and Continue reading

Whitebox Hardware and Open-Source Software

One of my subscribers was interested in trying out whitebox solutions. He wrote:

What open source/whitebox software/hardware should I look at if I wanted to build a leaf-and-spine VXLAN/EVPN/BGP data center.

I don’t think you can get a fully-open-source solution because the ASIC manufacturers hide their SDK behind a mountain of NDAs (that strategy must make perfect sense – after all, it generated such awesome PR for NVIDIA). Anyway, the closest you can get (AFAIK) if you're a mere mortal is Cumulus Linux, and you just choose any whitebox hardware off their Hardware Compatibility List.

Read more ...

Stop explaining black box machine learning models for high stakes decisions and use interpretable models instead

Stop explaining black box machine learning models for high stakes decisions and use interpretable models instead Rudin et al., arXiv 2019

With thanks to Glyn Normington for pointing out this paper to me.

It’s pretty clear from the title alone what Cynthia Rudin would like us to do! The paper is a mix of technical and philosophical arguments and comes with two main takeaways for me: firstly, a sharpening of my understanding of the difference between explainability and interpretability, and why the former may be problematic; and secondly some great pointers to techniques for creating truly interpretable models.

There has been a increasing trend in healthcare and criminal justice to leverage machine learning (ML) for high-stakes prediction applications that deeply impact human lives… The lack of transparency and accountability of predictive models can have (and has already had) severe consequences…

Defining terms

A model can be a black box for one of two reasons: (a) the function that the model computes is far too complicated for any human to comprehend, or (b) the model may in actual fact be simple, but its details are proprietary and not available for inspection.

In explainable ML we make predictions using a complicated Continue reading

Object storage in the cloud: Is backup needed?

The failure to back up data that is stored in a cloud block-storage service can be lost forever if not properly backed up. This article explains how object storage works very differently from block storage and how it offers better built-in protections.What is Object Storage? Each cloud vendor offers an object storage service, and they include Amazon's Simple Storage Service (S3), Azure’s Blob Store, and Google’s Cloud Storage.Think of object storage systems like a file system with no hierarchical structure of directories and subdirectories. Where a file system uses a combination of a directory structure and file name to identify and locate a file, every object stored in an object storage system gets a unique identifier (UID) based on its content.To read this article in full, please click here

Object storage in the cloud: Is backup needed?

The failure to back up data that is stored in a cloud block-storage service can be lost forever if not properly backed up. This article explains how object storage works very differently from block storage and how it offers better built-in protections.What is Object Storage? Each cloud vendor offers an object storage service, and they include Amazon's Simple Storage Service (S3), Azure’s Blob Store, and Google’s Cloud Storage.Think of object storage systems like a file system with no hierarchical structure of directories and subdirectories. Where a file system uses a combination of a directory structure and file name to identify and locate a file, every object stored in an object storage system gets a unique identifier (UID) based on its content.To read this article in full, please click here

OpenBSD in 2019

I’ve used OpenBSD on and off since 2.1. More back then than in the last 10 years or so though, so I thought I’d try it again.

What triggered this was me finding a silly bug in GNU cpio that has existed with a “FIXME” comment since at least 1994. I checked OpenBSD to see if it had a related bug, but as expected no it was just fine.

I don’t quite remember why I stopped using OpenBSD for servers, but I do remember filesystem corruption on “unexpected power disconnections” (even with softdep turned on), which I’ve never really seen on Linux.

That and that fewer things “just worked” than with Linux, which matters more when I installed more random things than I do now. I’ve become a lot more minimalist. Probably due to less spare time. Life is better when you don’t run things like PHP (not that OpenBSD doesn’t support PHP, just an example) or your own email server with various antispam tooling, and other things.

This is all experience from running OpenBSD on a server. On my next laptop I intend to try running OpenBSD on the dektop, and will see if that more ad-hoc environment Continue reading

Tales from the Crypt(o team)

Tales from the Crypt(o team)
Tales from the Crypt(o team)

Halloween season is upon us. This week we’re sharing a series of blog posts about work being done at Cloudflare involving cryptography, one of the spookiest technologies around. So bookmark this page and come back every day for tricks, treats, and deep technical content.

A long-term mission

Cryptography is one of the most powerful technological tools we have, and Cloudflare has been at the forefront of using cryptography to help build a better Internet. Of course, we haven’t been alone on this journey. Making meaningful changes to the way the Internet works requires time, effort, experimentation, momentum, and willing partners. Cloudflare has been involved with several multi-year efforts to leverage cryptography to help make the Internet better.

Here are some highlights to expect this week:

  • We’re renewing Cloudflare’s commitment to privacy-enhancing technologies by sharing some of the recent work being done on Privacy Pass
  • We’re helping forge a path to a quantum-safe Internet by sharing some of the results of the Post-quantum Cryptography experiment
  • We’re sharing the rust-based software we use to power time.cloudflare.com
  • We’re doing a deep dive into the technical details of Encrypted DNS
  • We’re announcing support for a new technique we developed with industry partners Continue reading

Path Prepending in BGP

In this article I'd like to look at one particular aspect of the Internet's inter-domain routing framework, namely the role of the Autonomous System (AS) Path in the operation of BGP, and in particular the use of AS Prepending.

TCP MD5

TCP_MD5 (RFC 2385) is something that doesn’t come up often. There’s a couple fo reasons for that, good and bad.

I used it with tlssh, but this should explain why I didn’t enable it by default.

What it is

In short it’s a TCP option that adds an MD5-based signature to every TCP packet. It signs the source and destination IP address, and the ports, and the payload. That way the data is both authenticated and integrity protected.

When an endpoint enables TCP MD5, all unsigned packets (including SYN packets) are silently dropped. For a signed connection it’s not even possible for an eavesdropper to reset the connection, since the RST would need to be signed.

It’s used by the BGP protocol to set a password on the connection, instead of sending the password in the handshake. If the password doesn’t match the TCP connection doesn’t even establish.

But outside of BGP it’s essentially not used, which is a shame. If we could enable it for any TCP service it’d add a preshared key and completely replace the silly port knocking. It probably couldn’t replace user passwords, but it could add a layer and greatly reduce attack surface much Continue reading

Cisco Networking Trends Report: ‘Intent-Based Networking Is Coming’

Winter is coming, and according to Cisco's 2020 Global Networking Trends Report released today, so...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

AWS Invests In Iron And People To Court Enterprises

In the early years of Amazon Web Services, the collection of compute, storage, networking, and platform services (database, analytics, and such) were so good that Amazon, its parent company, did not have to spend a lot of money on sales and marketing to get startups to flock in droves to this public cloud to use it as their computing platform.

AWS Invests In Iron And People To Court Enterprises was written by Timothy Prickett Morgan at The Next Platform.

Heavy Networking 481: Enhancing Cloud Security With Network Detection And Response From ExtraHop (Sponsored)

ExtraHop is our sponsor for today's Heavy Networking podcast. We dive into Network Detection and Response (NDR) with CTO and co-founder Jesse Rothstein. We explore how to enhance your security posture with NDR, how to use it in the cloud, ExtraHop's ability to take advantage of native cloud traffic mirroring, how ExtraHop deals with encrypted traffic, and more.

The post Heavy Networking 481: Enhancing Cloud Security With Network Detection And Response From ExtraHop (Sponsored) appeared first on Packet Pushers.

Slow Service Provider Sales Muddle Juniper’s Q3 Earnings

Growth within the company's enterprise, security and software businesses wasn't enough to offset...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Cloud Wars: Amazon, Microsoft Report Declining Cloud Growth

Cloud giants Amazon and Microsoft reported declining quarterly cloud growth this week. Still, both...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Verizon Touts 5G Scenarios Amid ‘Worrisome Signs’

Verizon announced a collaborative effort with SAP to deliver edge computing and real-time analytics...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Hyperscalers And Cloud Builders Resume Their Spending Spree

After two and a half quarters of tightening the purse strings, the world’s largest consumers of infrastructure – the eight major hyperscalers and cloud builders – plus their peers in the adjacent communications service provider space all started spending money on servers and storage again, and Intel can breathe a sigh of relief as it works to get its 10 nanometer manufacturing on track for the delivery of “Ice Lake” Xeon SP processors sometime in the second half of next year.

Hyperscalers And Cloud Builders Resume Their Spending Spree was written by Timothy Prickett Morgan at The Next Platform.

1 1,114 1,115 1,116 1,117 1,118 3,841