Setting clock source with GNU Radio

I bought a GPS Disciplined Oscillator (GPSDO), because I thought it’d be fun for various projects. Specifically I bought this one.

I started by calibrating my ICOM IC-9700. I made sure it got a GPS lock, and connected it to the 9700 10MHz reference port, with a 20dB attenuator inline, just in case. Ok, the receive frequency moved a bit, but how do I know it was improved? My D75 was still about 200Hz off frequency.

IC9700 screenshot showing D75

Segal’s law parahrased: “Someone with one radio knows what frequency they’re on. Someone with two radios is never sure”.

Unless, of course, that person has two radios with disciplined oscillators. Which I do. I also have a USRP B200 with an added GPSDO accessory.

Sidenote: wow, that’s gotten expensive. Today I’d probably use the same GPSDO from DXPatrol instead. Note that if you do have the GPSDO installed in the B200, then you cannot use an external 10MHz reference. It’s a known issue. Then again if you paid this much, why would you not use it?

Configuring GNU Radio to use the GPSDO

First I thought that surely the best reference would be the default, so I should be able to just send Continue reading

Software defined KISS modem

I’ve kept working on my SDR framework in Rust called RustRadio, that I’ve blogged about twice before. I’ve been adding a little bit here, a little bit there, with one of my goals being to control a whole AX.25 stack.

As seen in the diagram in this post, we need:

  1. Applications, client and server — I’ve made those.
  2. AX.25 connected mode stack (OSI layer 4, basically) — The kernel’s sucks, so I made that too.
  3. A modem (OSI layer 2), turning digital packets into analog radio — The topic of this post.

The job of the modem

Applications talk in terms of streams. AX.25 implementation turns that into individual data frames. The most common protocol for sending and receiving frames is KISS.

I’ve not been happy with the existing KISS modems for a few reasons. The main one is that they just convert between packets and audio. I don’t want audio, I want I/Q signals suitable for SDRs.

On the transmit side it’s less of a problem for regular 1200bps AX.25, since either the radio will turn audio into a FM-modulated signal, or if using an SDR it’s trivial to add the audio-to-I/Q step.

Continue reading

HN786: From Intent-Based to Autonomous Ops With Cisco Crosswork and Provider Connectivity Assurance (Sponsored)

Service provider networks face a couple of difficult challenges: how to map service level agreements to actual network health and performance, and how to deliver service assurance to customers regardless of what happens on the network. On today’s sponsored Heavy Networking we talk with Cisco Systems about its approach to service assurance, how Cisco is... Read more »

Palo Alto Create Bulk Address Objects using Pan-OS Python SDK

Palo Alto Create Bulk Address Objects using Pan-OS Python SDK

In this blog post, we'll see how to configure bulk Address-Objects at once and then add them to an Address-Group using the pan-os-python Library. If you haven't used the pan-os-python library before, have a look at my other blog post to learn more.

Palo Alto PAN-OS SDK for Python
Let’s start learning the pan-os-python library with a simple script. This script will be our foundation, and it’s as straightforward as it gets, creating a basic firewall rule on a Palo Alto firewall.
Palo Alto Create Bulk Address Objects using Pan-OS Python SDK

Methods we will use

Here is the official guide for the useful methods

  1. add() - This method is used to add an object as a child of another object. In our scenario, it's for adding an Address Object to the firewall or panorama object.
  2. extend() - This method allows you to add a list of objects as children. In our context, it means adding a 'list' of Address objects to the firewall or panorama object.
  3. create() - Once you've defined an object in the script, the create() method is used to push this object to the live device, making the configuration active.
  4. create_similar() - This method pushes objects of the same type to the live Continue reading

Everything you need to know about NIST’s new guidance in “SP 1800-35: Implementing a Zero Trust Architecture”

For decades, the United States National Institute of Standards and Technology (NIST) has been guiding industry efforts through the many publications in its Computer Security Resource Center. NIST has played an especially important role in the adoption of Zero Trust architecture, through its series of publications that began with NIST SP 800-207: Zero Trust Architecture, released in 2020.

NIST has released another Special Publication in this series, SP 1800-35, titled "Implementing a Zero Trust Architecture (ZTA)" which aims to provide practical steps and best practices for deploying ZTA across various environments.  NIST’s publications about ZTA have been extremely influential across the industry, but are often lengthy and highly detailed, so this blog provides a short and easier-to-read summary of NIST’s latest guidance on ZTA.

And so, in this blog post:

  • We summarize the key items you need to know about this new NIST publication, which presents a reference architecture for Zero Trust Architecture (ZTA) along with a series of “Builds” that demonstrate how different products from various vendors can be combined to construct a ZTA that complies with the reference architecture.

  • We show how Cloudflare’s Zero Trust product suite can be integrated with offerings from other vendors Continue reading

Defending the Internet: how Cloudflare blocked a monumental 7.3 Tbps DDoS attack

In mid-May 2025, Cloudflare blocked the largest DDoS attack ever recorded: a staggering 7.3 terabits per second (Tbps). This comes shortly after the publication of our DDoS threat report for 2025 Q1 on April 27, 2025, where we highlighted attacks reaching 6.5 Tbps and 4.8 billion packets per second (pps). The 7.3 Tbps attack is 12% larger than our previous record and 1 Tbps greater than a recent attack reported by cyber security reporter Brian Krebs at KrebsOnSecurity.

New world record: 7.3 Tbps DDoS attack autonomously blocked by Cloudflare

The attack targeted a Cloudflare customer, a hosting provider, that uses Magic Transit to defend their IP network. Hosting providers and critical Internet infrastructure have increasingly become targets of DDoS attacks, as we reported in our latest DDoS threat report. Pictured below is an attack campaign from January and February 2025 that blasted over 13.5 million DDoS attacks against Cloudflare’s infrastructure and hosting providers protected by Cloudflare.

DDoS attack campaign target Cloudflare infrastructure and hosting providers protected by Cloudflare

Let's start with some stats, and then we’ll dive into how our systems detected and mitigated this attack.

The 7.3 Tbps attack delivered 37.4 Continue reading

Intel Starts Re-Engineering Its Executive Ranks

It has been two and a half months since new chief executive officer Lip-Bu Tan gave the keynote at Intel’s Vision 2025 event, and the company has been relatively quiet by its own standards over the past several decades as Tan gets the lay of the land and tries to plot out the course of the company to rebuild its foundry business and reorient and focus its chip design and sales business.

Intel Starts Re-Engineering Its Executive Ranks was written by Timothy Prickett Morgan at The Next Platform.

Cloudflare Log Explorer is now GA, providing native observability and forensics

We are thrilled to announce the General Availability of Cloudflare Log Explorer, a powerful new product designed to bring observability and forensics capabilities directly into your Cloudflare dashboard. Built on the foundation of Cloudflare's vast global network, Log Explorer leverages the unique position of our platform to provide a comprehensive and contextualized view of your environment.

Security teams and developers use Cloudflare to detect and mitigate threats in real-time and to optimize application performance. Over the years, users have asked for additional telemetry with full context to investigate security incidents or troubleshoot application performance issues without having to forward data to third party log analytics and Security Information and Event Management (SIEM) tools. Besides avoidable costs, forwarding data externally comes with other drawbacks such as: complex setups, delayed access to crucial data, and a frustrating lack of context that complicates quick mitigation. 

Log Explorer has been previewed by several hundred customers over the last year, and they attest to its benefits: 

“Having WAF logs (firewall events) instantly available in Log Explorer with full context — no waiting, no external tools — has completely changed how we manage our firewall rules. I can spot an issue, adjust the Continue reading

Connect any React application to an MCP server in three lines of code

You can deploy a remote Model Context Protocol (MCP) server on Cloudflare in just one-click. Don’t believe us? Click the button below.

This will get you started with a remote MCP server that supports the latest MCP standards and is the reason why thousands of remote MCP servers have been deployed on Cloudflare, including ones from companies like Atlassian, Linear, PayPal, and more

But deploying servers is only half of the equation — we also wanted to make it just as easy to build and deploy remote MCP clients that can connect to these servers to enable new AI-powered service integrations. That's why we built use-mcp, a React library for connecting to remote MCP servers, and we're excited to contribute it to the MCP ecosystem to enable more developers to build remote MCP clients.

Today, we're open-sourcing two tools that make it easy to build and deploy MCP clients:

  1. use-mcp — A React library that connects to any remote MCP server in just 3 lines of code, with transport, authentication, and session management automatically handled. We're excited to contribute this library to the MCP ecosystem to enable more developers to build remote MCP clients. 

  2. The AI Playground Continue reading

Dear Vendors, EVPN Route Attributes Matter

Another scary tale from the Archives of Sloppy Code: we can’t decide whether some attributes are mandatory or optional.

When I was fixing the errors in netlab SR-OS configuration templates, I couldn’t get the EBGP-based EVPN with overlapping leaf AS numbers to work. I could see the EVPN routes in the SR-OS BGP table, but the device refused to use them. I concluded (incorrectly) that there must be a quirk in the SR-OS EVPN code and moved on.

Is Cisco Live Still The Place To Be

You may recall from my post about Cisco Live last year that I talked about legacy and passing the torch to a new generation of people being active at the event. It was a moment where I was happy for what was occurring and thrilled to see the continuation of the community. It’s now a year later and I have a very different outlook on Cisco Live that isn’t nearly as rosy. Which is why I asked the question in the post title.

Destination Unknown

If you are a Cisco customer or partner that wants the latest news about Cisco products and services then Cisco Live is the place you need to be to get them. Sure, you can watch the keynotes virtually and read all the press releases online. However, if you really want to get up close and personal with the technology you have to be there. After all, it was this need to be in-person that inspired our community in the first place. We showed up. We met up. And we made the event even better because we were there.

That was then. 2025 is a different story. The first hints about the situation came when I Continue reading