The Week in Internet News: Balloon-based Internet Service Passes a Big Test

The sky’s the limit: An Internet connectivity balloon, operated by Google sister company Loon, has spent 223 days in the air and circled the globe in an effort to demonstrate the feasibility of balloon mesh networks, CNET reports. The P-496 spent 140 days testing flight algorithms off South America.

Bad for business: A recent law that forces Australian communications firms to give the government access to encrypted messages has hurt business there, the government says. The public perception about the downsides of the law has “had a material impact on the Australian market and the ability for Australian companies to compete globally,” Computerworld Australia reports.

Weak security: D-Link, a maker of routers, IP cameras and other Internet-connected devices, would be required to stand up a new comprehensive security program in a proposed cybersecurity settlement with the U.S. Federal Trade Commission, GovInfoSecurity says. In early 2017, the FTC alleged that D-Link “failed to take reasonable software testing and remediation measures to protect their routers and IP cameras against well-known and easily preventable software security flaws.” The company allegedly left default usernames and passwords on devices and stored login credentials insecurely, and it left a private code-signing key on a Continue reading

Software engineering for machine learning: a case study

Software engineering for machine learning: a case study Amershi et al., ICSE’19

Previously on The Morning Paper we’ve looked at the spread of machine learning through Facebook and Google and some of the lessons learned together with processes and tools to address the challenges arising. Today it’s the turn of Microsoft. More specifically, we’ll be looking at the results of an internal study with over 500 participants designed to figure out how product development and software engineering is changing at Microsoft with the rise of AI and ML.

… integration of machine learning components is happening all over the company, not just on teams historically known for it.

A list of application areas includes search, advertising, machine translation, predicting customer purchases, voice recognition, image recognition, identifying customer leads, providing design advice for presentations and word processing documents, creating unique drawing features, healthcare, improving gameplay, sales forecasting, decision optimisation, incident reporting, bug analysis, fraud detection, and security monitoring.

As you might imagine, these are underpinned by a wide variety of different ML models. The teams doing the work are also varied in their make-up, some containing data scientists with many years of experience, and others just starting out. In a Continue reading

Building Jsonnet from Source

I recently decided to start working with jsonnet, a data templating language and associated command-line interface (CLI) tool for manipulating and/or generating various data formats (like JSON, YAML, or other formats; see the Jsonnet web site for more information). However, I found that there are no prebuilt binaries for jsonnet (at least, not that I could find), and so I thought I’d share here the process for building jsonnet from source. It’s not hard or complicated, but hopefully sharing this information will streamline the process for others.

As some readers may already know, my primary OS is Fedora. Thus, the process I share here will be specific to Fedora (and/or CentOS and possibly RHEL).

To keep my Fedora installation clean of any unnecessary packages, I decided to use a CentOS 7 VM—instantiated and managed by Vagrant—for the build process. If you don’t want to use a build VM, you can omit the steps involving Vagrant. You’ll also need to modify the commands used to install the necessary packages (on Fedora, you’d use dnf instead of yum, for example). Different distributions may also use different package names for some of the dependencies, so keep that in mind.

  1. Run Continue reading

Myanmar’s March Towards a Digital Future

Earlier this month, in collaboration with the Asia-Pacific Telecommunity (APT) and the Government of the Republic of the Union of Myanmar, we delivered a training program on Internet Governance for 32 government officials in Myanmar’s capital city, Naypyidaw.

The program ran over three days covering various topics such as Internet policy principles and regulatory frameworks, Internet infrastructure and standards, Internet for development, and cybersecurity.

What impressed me was the participants’ interest in asking questions and their active participation in discussions – it was obvious they were all very eager to learn and explore ways they could apply the learnings in their roles in the various departments they were from. We also got to discuss and see what promise digital technology holds for the country.

I have had the opportunity to visit Myanmar several times, including well before the democratic reforms began. In the few years since those reforms brought Myanmar to the world stage, the country has gone through tremendous transformation. I distinctly remember the difficulties in getting access to the Internet and the lack of mobile phones during my earlier visits.

Today, it’s a very different story. There are multiple service providers, and multiple cable landing stations that provide Continue reading

What Happens When The Internet Breaks?

It’s a crazy idea to think that a network built to be completely decentralized and resilient can be so easily knocked offline in a matter of minutes. But that basically happened twice in the past couple of weeks. CloudFlare is a service provide that offers to sit in front of your website and provide all kinds of important services. They can prevent smaller sites from being knocked offline by an influx of traffic. They can provide security and DNS services for you. They’re quickly becoming an indispensable part of the way the Internet functions. And what happens when we all start to rely on one service too much?

Bad BGP Behavior

The first outage on June 24, 2019 wasn’t the fault of CloudFlare. A small service provider in Pennsylvania decided to use a BGP Optimizer from Noction to do some route optimization inside their autonomous system (AS). That in and of itself shouldn’t have caused a problem. At least, not until someone leaked those routes to the greater internet.

It was a comedy of errors. The provider in question announced their more specific routes to an upstream customer, who in turn announced them to Verizon. After that all bets are Continue reading

Technology Short Take 116

Welcome to Technology Short Take #116! This one is a bit shorter than usual, due to holidays in the US and my life being busy. Nevertheless, I hope that I managed to capture something you find useful or helpful. As always, your feedback is welcome, so if you have suggestions, corrections, or comments, you’re welcome to contact me via Twitter.

Networking

  • David Gee discusses jSNAPy and how it can be used to enable unit tests in infrastructure-as-code scenarios.
  • Jon Langemak tackles understanding RTs (Route Targets) and RDs (Route Distinguishers) are in MPLS VPNs. I also appreciate that Jon included a “Lab time” section in his article that encourages readers to try out the concepts he’s explaining.

Servers/Hardware

  • Although I’ve by and large moved away from Apple hardware (I still have a MacBook Pro running macOS that sees very little use, and a Mac Pro running Fedora), I did see this article regarding a new keyboard for the MacBook Air and MacBook Pro. That’s good—the butterfly keyboards are awful (in my opinion).

Security

  • If you’re unfamiliar with public key infrastructure (PKI), digital certificates, or encryption, you may find this Linux Journal article helpful. It provides the basics behind X.509v3 digital Continue reading

Setting up an encrypted SOCKS proxy using Dante and stunnel

Overview

Why Dante?

In the previous post, I talked about why we might need a SOCKS proxy at all, and how we can properly setup a secure one using only stunnel.

That approach is fine and all, but it still suffers from some limitations. The most important of which are:

  • UDP relaying is not supported.
  • Advanced SOCKS options like BIND or UDPASSOCIATE is not available.
  • Only suited for personal use and should not be shared with untrusted clients.

Comparing to the stunnel limited SOCKS functionality, Dante (which is one of the most popular SOCKS server available), comes with pretty much every functionality one can imagine out of a SOCKS server.

From advanced authentication and access control, to server chaining, traffic monitoring and even bandwidth control1, Dante has got them all.

Dante and SOCKS encryption

While it might be okay to use a non-encrypted SOCKS proxy in you local network, it is definitely not a good idea to do so over the internet.

For this, RFC 1961 added GSS-API authentication protocol for SOCKS Version 5. GSS-API provides integrity, authentication and confidentiality. Dante of course completely supports GSS-API authentication and encryption.

But GSS-API (which is typically used with Kerberos Continue reading

Automating chaos experiments in production

Automating chaos experiments in production Basiri et al., ICSE 2019

Are you ready to take your system assurance programme to the next level? This is a fascinating paper from members of Netflix’s Resilience Engineering team describing their chaos engineering initiatives: automated controlled experiments designed to verify hypotheses about how the system should behave under gray failure conditions, and to probe for and flush out any weaknesses. The ‘controlled’ part is important here because given the scale and complexity of the environment under test, the only meaningful place to do this is in production with real users.

Maybe that sounds scary, but one of the interesting perspectives this paper brings is to make you realise that it’s really not so different from any other change you might be rolling out into production (e.g. a bug fix, configuration change, new feature, or A/B test). In all cases we need to be able to carefully monitor the impact on the system, and back out if things start going badly wrong. Moreover, just like an A/B test, we’ll be collecting metrics while the experiment is underway and performing statistical analysis at the end to interpret the results.

Netflix’s system is deployed on Continue reading

In Patagonia: A New Community Network in the Village of El Cuy

Patagonia, a region in Argentina made up of deserts, pampas, and grasslands, is known for its large areas of uninhabited territory. In the north sits the village of El Cuy, with just 400 residents. Far from the large urban centers, the people of El Cuy have adapted to the difficulties of accessing different services and technologies. The Internet is no exception, thanks to a new community network.

In several ways, the community network model represents the Internet model of networking come to life. Community networks are built and implemented by people, through collaboration – all stages of the process include the community working together. In the case of the El Cuy community network, support was also provided by the CABASE and the ENACOM.

For Christian O’Flaherty, the Internet Society’s senior development manager for Latin America and the Caribbean, Internet access has become a positive catalyst for community development. “The operation of this pilot program has motivated the residents to organize themselves into a cooperative. This step will allow inhabitants from El Cuy to have access to various fundings offered by actors such as ENACOM to increase the capacity of the Internet connection.”

Abel Martínez, a resident of El Cuy Continue reading

Becoming Broadband Ready Means Community Innovation and Collaboration

There are countless communities across North America that are hungry to see better broadband access for their residents. It’s clear to local leaders that high-quality Internet access is the bedrock of a healthy and successful community – providing job opportunities, bolstering education, transforming health care, and democratizing access to information. What isn’t always so clear is how to make it happen.

That’s why Next Century Cities teamed up with the Internet Society and Neighborly to create the Becoming Broadband Ready toolkit. This comprehensive toolkit provides local leaders with a roadmap to encourage broadband investment in their community.

While every community will choose to tackle connectivity a little differently – a small island community and a large urban center will likely have unique considerations and approaches – there are many common threads that run through successful broadband projects. Becoming Broadband Ready compiles these threads into an easy-to-use and impactful resource for any community, providing resources specific to:

  • Establish Leadership
  • Build a Community Movement
  • Identify Goals
  • Evaluate the Current Circumstance
  • Establish Policies and Procedures to Support Investment
  • Prioritize Digital Inclusion
  • Identify Legislative and Regulatory Barriers
  • Explore Connectivity Options
  • Explore Financing Options
  • Be a Clear Collaborator
  • Measure Success

Next Century Cities identified the Continue reading

Datanauts 168: Why Design Process Matters For Data Centers And The Cloud

When you're tasked with a new infrastructure project on premises or in the cloud, a design process will significantly improve your chances of success. Guest Adam Post joins the Datanauts podcast to discuss a proper design process, examine frameworks for virtualized and cloud environments, and more.

The post Datanauts 168: Why Design Process Matters For Data Centers And The Cloud appeared first on Packet Pushers.

Campus design feature set-up : Part 5

In this blog series, we’ve been on a journey of sorts. We’ve shown you all the different ways to set up the CL 3.7.5 campus feature: Multi-Domain Authentication in this 6-part series and guess what? We’re getting into the home stretch!

In blogs 1-4 we had guides for Wired 802.1x using Aruba ClearPass, Wired MAC Authentication using Aruba ClearPass, Multi-Domain Authentication using Aruba ClearPass and Wired 802.1x using Cisco ISE. After this blog, we’ll just have one more covering. Multi-Domain Authentication using Cisco ISE. But we’re not here to talk about those now.

In this fifth guide, I’ll be sharing how to enable Wired MAC Authentication in Cumulus Linux 3.7.5+ using Cisco ISE (Identity Services Engine) 2.4, Patch 8.

Keep in mind that this step-by-step guide assumes that you have already performed an initial setup of Cisco ISE .

Cisco ISE Configuration:

1. Add a Cumulus Switch group to Cisco ISE:

First, we are going to add a Network Device Group to Cisco ISE:

Administration > Network Resources > Network Device Groups. Click the “+Add” button

Make sure to set the “Parent Group” to “All Device Types.” The result will look Continue reading

1 1,188 1,189 1,190 1,191 1,192 3,836