ICT Diplomacy: A Change in the Dynamics

12 October to 6 November 1998, Minneapolis, United States: a point in time that cannot be forgotten. The ITU Plenipotentiary conference (PP-98) took place, recognizing perhaps for the first time points that impacted the future of Information and Communication Technologies (ICT) diplomacy.

The conference acknowledged the need to have the private sector as part of the union membership, together with the “associates category” for some of its study groups. Furthermore, the resolution calling for the World Summit on the Information Society (WSIS) first emerged, introducing ITU’s role in the “evolution of Internet as a means of global communication.”

The scene prior to this was an intense discussion on digital evolution. Governments were starting to understand how ICTs could help solve many issues and contribute to economic growth. The “divide” that was once prevailing between the north and the south economically, or between the developing and developed world, quickly started to shift to a “digital divide,” not only between different countries and regions, but among one country and its own boundaries and cities.

In 2001, the ITU Council approved the WSIS Summit in two phases (2003 in Geneva and 2005 in Tunisia). Later, the UN General Assembly approved the Continue reading

What Makes a Security Company?

When you think of a “security” company, what comes to mind? Is it a software house making leaps in technology to save us from DDoS attacks or malicious actors? Maybe it’s a company that makes firewalls or intrusion detection systems that stand guard to keep the bad people out of places they aren’t supposed to be. Or maybe it’s something else entirely.

Tradition Since Twenty Minutes Ago

What comes to mind when you think of a traditional security company? What kinds of technology do they make? Maybe it’s a firewall. Maybe it’s an anti-virus program. Or maybe it’s something else that you’ve never thought of.

Is a lock company like Schlage a security company? Perhaps they aren’t a “traditional” IT security company but you can guarantee that you’ve seen their products protecting data centers and IDF closets. What about a Halon system manufacturer? They may not be a first thought for security, but you can believe that a fire in your data center is going cause security issues. Also, I remember that I learned more about Halon and wet/dry pipe fire sprinkler systems from my CISSP study than anywhere else.

The problem with classifying security companies as “traditional” or “non-traditional” Continue reading

The Week in Internet News: Artificial Intelligence Will Affect Every Job

AI and your job: Artificial Intelligence will affect 100 percent of the jobs out there, IBM CEO Ginni Rometty predicted, as noted at ZDNet.com. Everyone will have to change the way they work, she said. IBM’s work with its Watson AI system “starts with a fundamental belief that it’s going to change 100 percent of jobs, 100 percent of industries, and 100 percent of professions,” she added.

AI and your vote: Meanwhile, AI is creating new threats to election security, says CBS News. AI will help hackers better design attacks against voting systems, some security experts said. Automated bots can also be used to help hackers guess passwords, they said.

Big money for AI: Before we leave AI as a topic, the Massachusetts Institute of Technology has announced it will spend US$1 billion on a new college of computing with an AI focus, Fortune reports. The new college will serve as an interdisciplinary hub for data and computer science-related work.

Call it a comeback: BlackBerry, the down-on-its-luck smartphone maker, plans to reinvent itself as a secure Internet of Things hub, FT.com reports. Building on its past reputation as a maker of secure phones, BlackBerry wants to become a Continue reading

Cloudflare Peering Portal – Beta

Cloudflare Peering Portal - Beta
Cloudflare Peering Portal - Beta

It can be a big deal for Internet users when Cloudflare rolls into town. After our recent Mongolia launch, we received lots of feedback from happy customers that all of a sudden, Internet performance noticeably improved.

As a result, it's not a surprising that we regularly receive requests from all over the world to either peer with our network, or to host a node. However, potential partners are always keen to know just how much traffic will be served over that link. What performance benefits can end-users expect? How much upstream traffic will the ISP save? What new bandwidth will they have available for traffic management?

Starting today, ISPs and hosting providers can request a login to the Cloudflare Peering Portal to find the answers to these questions. After validating ownership of your ASN, the Cloudflare network team will provide a login to the newly launched Peering Portal - Beta. You can find more information at: cloudflare.com/partners/peering-portal/

What problem does peering solve?

If you're new to the core infrastructure of the Internet, the best way to understand peering is to frame the problems it solves:

  1. Bandwidth costs money
  2. Internet users don't like slow websites
  3. Network operators have limited Continue reading

Red Hat underpins the growing importance of Linux and open source

While you may not spend a lot of time thinking about this, the role Linux plays in the technology that we all use everyday is growing quite significantly. In an effort to more fully appreciate this, I had an opportunity to speak with the new vice resident and general manager of Red Hat's RHEL Business Unit — Dr. Stefanie Chiras — and ask about her vision for RHEL and Linux in general. She was very enthusiastic — not just for Red Hat, but for the open source movement overall and the rising importance of Linux.Chiras started with Red Hat in July — not quite four months ago — and already describes herself as a “true Red Hatter.” She explained that she has had a serious focus on Linux for the last six years or more. As she points out, we all do development differently these days because of the open source movement. The changes in just the last five years have moved us to very different ways of doing things whether we're working on public or private clouds, containers, or bare metal.To read this article in full, please click here

Automation Win: Configure Cisco ACI with an Ansible Playbook

This blog post was initially sent to subscribers of my mailing list. Subscribe here.

Following on his previous work with Cisco ACI Dirk Feldhaus decided to create an Ansible playbook that would create and configure a new tenant and provision a vSRX firewall for the tenant when working on the Create Network Services hands-on exercise in the Building Network Automation Solutions online course.

Read more ...

LegoOS: a disseminated, distributed OS for hardware resource disaggregation

LegoOS: a disseminated, distributed OS for hardware resource disaggregation Shan et al., OSDI’18

One of the interesting trends in hardware is the proliferation and importance of dedicated accelerators as general purposes CPUs stopped benefitting from Moore’s law. At the same time we’ve seen networking getting faster and faster, causing us to rethink some of the trade-offs between local I/O and network access. The monolithic server as the unit of packaging for collections of such devices is starting to look less attractive:

  • It leads to inefficient resource utilisation, since CPU and memory for a job have to be allocated from the same machine. This can lead to eviction even when utilisation is overall low (e.g. 50%).

  • It is difficult to add, move, remove, or reconfigure hardware components after they have been installed in a server, leading to long up-front planning cycles for hardware rollouts at odds with the fast-moving rate of change in requirements.
  • It creates a coarse failure domain – when any hardware component within a server fails, the whole server is often unusable.
  • It doesn’t work well with heterogeneous devices and their rollout: e.g. GPGPUs, TPUs, DPUs, FGPAs, NVM, and NVMe-based SSDs.

To fully support the Continue reading

Test Driving Inter Regional VPC peering in AWS

Connect AWS VPCs hosted in different regions. AWS Virtual Private Cloud(VPC) provides a way to isolate a tenant’s cloud infrastructure. To a tenant a VPCs provide a view of his own virtual infrastructure in the cloud that is completely isolated, has its own compute, storage, network connectivity, security settings etc. In the physical world, Amazon’s … Continue reading Test Driving Inter Regional VPC peering in AWS

Custom VPC and Internet Access in AWS

Create your VPC, launch EC2 instances and get internet access with Public IP. With a Virtual Private Cloud(VPC), tenants can create his own cloud based infrastructure in AWS. While AWS provides a default VPC for a new tenant, there are always use cases that need creation of custom VPC. While exploring custom VPC, I found … Continue reading Custom VPC and Internet Access in AWS

TCP/IP, Sockets, and SIGPIPE

There is a spectre haunting the Internet -- the spectre of SIGPIPE errors. It's a bug in the original design of Unix networking from 1981 that is perpetuated by college textbooks, which teach students to ignore it. As a consequence, sometimes software unexpectedly crashes. This is particularly acute on industrial and medical networks, where security professionals can't run port/security scans for fear of crashing critical devices.

An example of why this bug persists is the well-known college textbook "Unix Network Programming" by Richard Stevens. In section 5.13, he correctly describes the problem.
When a process writes to a socket that has received an RST, the SIGPIPE signal is sent to the process. The default action of this signal is to terminate the process, so the process must catch the signal to avoid being involuntarily terminated.
This description is accurate. The "Sockets" network APIs was based on the "pipes" interprocess communication when TCP/IP was first added to the Unix operating system back in 1981. This made it straightforward and comprehensible to the programmers at the time. This SIGPIPE behavior made sense when piping the output of one program to another program on the command-line, as is typical under Unix: Continue reading

BGP LLGR: robust and reactive BGP sessions

On a BGP-routed network with multiple redundant paths, we seek to achieve two goals concerning reliability:

  1. A failure on a path should quickly bring down the related BGP sessions. A common expectation is to recover in less than a second by diverting the traffic to the remaining paths.

  2. As long as a path is operational, the related BGP sessions should stay up, even under duress.

Detecting failures fast: BFD⚓︎

To quickly detect a failure, BGP can be associated with BFD, a protocol to detect faults in bidirectional paths,1 defined in RFC 5880 and RFC 5882. BFD can use very low timers, like 100 ms.

However, when BFD runs in a process on top of a generic kernel,2 notably when running BGP on the host, it is not unexpected to loose a few BFD packets on adverse conditions: the daemon handling the BFD sessions may not get enough CPU to answer in a timely manner. In this scenario, it is not unlikely for all the BGP sessions to go down at the same time, creating an outage, as depicted in the last case in the diagram below.

BGP and failed sessions
Examples of failures on a network using BGP Continue reading

Validating RAML Files Using Docker

Back in July of this year I introduced Polyglot, a project whose only purpose is to provide a means for me to learn more about software development and programming (areas where am I sorely lacking real knowledge). In the limited spare time I’ve had to work on Polyglot in the ensuing months, I’ve been building out an API specification using RAML, and in this post I’ll share how I use Docker and a Docker image to validate my RAML files.

Since I was (am) using Visual Studio Code as my primary text editor/development environment these days, I started out by looking for a RAML extension that would provide some sort of linting/validation functionality. I found an extension to do RAML syntax highlighting, which seemed like a reasonable first step.

After a bit more research, I found that there was a raml-cli NPM package that one could use to validate RAML files from the command line. I was a bit leery of installing an NPM package on my system, so I thought, “Why not use a Docker container for this?” It will keep my system clean of excess/unnecessary packages and dependencies, and it will provide some practice with Continue reading

Election interference from Uber and Lyft

Almost nothing can escape the taint of election interference. A good example is the announcements by Uber and Lyft that they'll provide free rides to the polls on election day. This well-meaning gesture nonetheless calls into question how this might influence the election.

"Free rides" to the polls is a common thing. Taxi companies have long offered such services for people in general. Political groups have long offered such services for their constituencies in particular. Political groups target retirement communities to get them to the polls, black churches have long had their "Souls to the Polls" program across the 37 states that allow early voting on Sundays.

But with Uber and Lyft getting into this we now have concerns about "big data", "algorithms", and "hacking".

As the various Facebook controversies have taught us, these companies have a lot of data on us that can reliably predict how we are going to vote. If their leaders wanted to, these companies could use this information in order to get those on one side of an issue to the polls. On hotly contested elections, it wouldn't take much to swing the result to one side.

Even if they don't do this consciously, their Continue reading

Tech calendar 2018-19: Upcoming events of interest to IT pros

Tech Events Event Description Starts Ends Location AWS re:Invent AWS Re:invent is Amazon's opportunity to update IT and business leaders on the latest features of its cloud service.The event features keynote announcements, training and certification opportunities, access to more than 2,000 technical sessions, a partner expo, and more. 2018-11-26 2018-11-30 Las Vegas, NV IT Roadmap This one-day event focused on powering the agile enterprise looks at the latest approaches to make IT more responsive, nimble, and robust. 2018-12-06 2018-12-06 Washington, D.C. SXSW Covering everything from entertainment to entrepreneurship, this sprawling conference has tracks dedicated to Tech Industry & Enterprise, Coding & Development, Blockchain & Cryptocurrency, Health & Medtech, and VR/AR/MR. 2019-03-08 2019-03-17 Austin, TX Enterprise Connect Aimed at companies looking to upgrade or replace legacy systems or deploy and integrate next-gen communications and collaboration systems, services, apps and networks. 2019-03-18 2019-03-21 Orlando, FL Google Cloud Next Google Cloud Next is where the company announces all the latest updates to the Google Cloud Platform. The conference also offers educational, networking and hands-on opportunities for its more than 10,000 attendees. 2019-04-09 2019-04-11 San Francisco, CA Computex Taipei Based in Asia, this massive technology trade show and expo focuses on information Continue reading

Tech calendar 2018-19: Upcoming events of interest to IT pros

Tech Events Event Description Starts Ends Location AWS re:Invent AWS Re:invent is Amazon's opportunity to update IT and business leaders on the latest features of its cloud service.The event features keynote announcements, training and certification opportunities, access to more than 2,000 technical sessions, a partner expo, and more. 2018-11-26 2018-11-30 Las Vegas, NV IT Roadmap This one-day event focused on powering the agile enterprise looks at the latest approaches to make IT more responsive, nimble, and robust. 2018-12-06 2018-12-06 Washington, D.C. SXSW Covering everything from entertainment to entrepreneurship, this sprawling conference has tracks dedicated to Tech Industry & Enterprise, Coding & Development, Blockchain & Cryptocurrency, Health & Medtech, and VR/AR/MR. 2019-03-08 2019-03-17 Austin, TX Enterprise Connect Aimed at companies looking to upgrade or replace legacy systems or deploy and integrate next-gen communications and collaboration systems, services, apps and networks. 2019-03-18 2019-03-21 Orlando, FL Google Cloud Next Google Cloud Next is where the company announces all the latest updates to the Google Cloud Platform. The conference also offers educational, networking and hands-on opportunities for its more than 10,000 attendees. 2019-04-09 2019-04-11 San Francisco, CA Computex Taipei Based in Asia, this massive technology trade show and expo focuses on information Continue reading

1 1,424 1,425 1,426 1,427 1,428 3,839