Reaction: DNS is Part of the Stack

Over at ipspace.net, Ivan is discussing using DNS to program firewall rules—

Could you use DNS names to translate human-readable rules into packet filters? The traditional answer was “no, because I don’t trust DNS”.

This has been a pet peeve of mine for some years—particularly after my time at Verisign Labs, looking at the DNS system, and its interaction with the control plane, in some detail. I’m just going to say this simply and plainly; maybe someone, somewhere, will pay attention—

The Domain Name System is a part of the IP networking stack.

Network engineers and application developers seem to treat DNS as some sort of red-headed-stepchild; it’s best if we just hide it in some little corner someplace, and hope someone figures out how to make it work, but we’re not going to act like it should or will work. We’re just going to ignore it, and somehow hope it goes away so we don’t have to deal with it.

Let’s look at some of the wonderful ideas this we’ll just ignore DNS has brought us over the years, like, “let’s embed the IP address in the packet someplace so we know who we’re talking to,” and “we Continue reading

Lessons Learned from Scaling Uber to 2000 Engineers, 1000 Services, and 8000 Git repositories

For a visual of the growth Uber is experiencing take a look at the first few seconds of the above video. It will start in the right place. It's from an amazing talk given by Matt Ranney, Chief Systems Architect at Uber and Co-founder of Voxer: What I Wish I Had Known Before Scaling Uber to 1000 Services (slides).

It shows a ceaseless, rhythmic, undulating traffic grid of growth occurring in a few Chinese cities. This same pattern of explosive growth is happening in cities all over the world. In fact, Uber is now in 40 cities and 70 countries. They have over 6000 employees, 2000 of whom are engineers. Only a year and half a go there were just 200 engineers. Those engineers have produced over 1000 microservices which are stored in over 8000 git repositories.

That's crazy 10x growth in a crazy short period of time. Who has experienced that? Not many. And as you might expect that sort of unique, compressed, fast paced, high stakes experience has to teach you something new, something deeper than you understood before.

Matt is not new to this game. He was co-founder of Voxer, which experienced its Continue reading

Worth Reading: Predictive Policing

Can predictive policing prevent crime before it happens? It sounds like an idea out of science fiction — specifically, out of Philip K. Dick’s “Minority Report,” a 1956 short story about a “Precrime Division” that arrests suspects before any crime had been committed. Can technology make this dream come true? It turns out that predictive policing is already being used by 60 different police departments around America, according to an article late last month in Science magazine, reporting that everything from Facebook profiles, statistics on minor crimes, and information from 911 calls are now being fed into algorithms. —New Stack

LinkedInTwitterGoogle+Facebook

The post Worth Reading: Predictive Policing appeared first on 'net work.

IDG Contributor Network: A night to remember: Engineering lessons from the Titanic

Some 31 years ago, the RMS Titanic was discovered resting on the ocean floor. The legend of its sinking has been retold many times in books and movies. One compelling aspect of the story is the safety claims made by its creators. Even as reports of the disaster began to filter into New York, the vice president of the White Star Line stated, without qualification, “We place absolute confidence in the Titanic. We believe that the boat is unsinkable.” Obviously reality betrayed those maritime engineers’ confidence.What lessons might this famous disaster teach engineers in modern data centers? In particular, how do we prevent hostile attacks—the “icebergs” that lurk on the seas we sail—from causing catastrophic breaches?To read this article in full or to leave a comment, please click here

IDG Contributor Network: A night to remember: Engineering lessons from the Titanic

Some 31 years ago, the RMS Titanic was discovered resting on the ocean floor. The legend of its sinking has been retold many times in books and movies. One compelling aspect of the story is the safety claims made by its creators. Even as reports of the disaster began to filter into New York, the vice president of the White Star Line stated, without qualification, “We place absolute confidence in the Titanic. We believe that the boat is unsinkable.” Obviously reality betrayed those maritime engineers’ confidence.What lessons might this famous disaster teach engineers in modern data centers? In particular, how do we prevent hostile attacks—the “icebergs” that lurk on the seas we sail—from causing catastrophic breaches?To read this article in full or to leave a comment, please click here

IDG Contributor Network: A night to remember: Engineering lessons from the Titanic

Some 31 years ago, the RMS Titanic was discovered resting on the ocean floor. The legend of its sinking has been retold many times in books and movies. One compelling aspect of the story is the safety claims made by its creators. Even as reports of the disaster began to filter into New York, the vice president of the White Star Line stated, without qualification, “We place absolute confidence in the Titanic. We believe that the boat is unsinkable.” Obviously reality betrayed those maritime engineers’ confidence.What lessons might this famous disaster teach engineers in modern data centers? In particular, how do we prevent hostile attacks—the “icebergs” that lurk on the seas we sail—from causing catastrophic breaches?To read this article in full or to leave a comment, please click here

Review: Pearl RearVision quickly retrofits a backup camera to your old jalopy (with video)

The scoop: RearVision backup camera license plate bracket, by Pearl Auto, about $500.What is it? This package includes a license plate bracket for the back of your automobile, but it’s not an ordinary bracket. Inside are two video cameras that provide you with a view for behind your car. The system includes an on-board diagnostics adapter (OBD) that communicates with the camera via Bluetooth and Wi-Fi to your smartphone to provide the view. The cameras are charged via solar sensors, so you don’t need to have a professional installation in order to power up the cameras. To complete the package, the system includes a mounting bracket for either your car’s dashboard or air vents, depending on your personal preference (or state laws that prohibit dashboard mounts).To read this article in full or to leave a comment, please click here

Foreign spies used RAT to hack Australian weather bureau with weak security controls

Foreign spies made off with an “unknown quantity of documents” after infecting Australia’s meteorology bureau with a RAT, but the fact that security controls at the bureau were “insufficient” even for common cybercrime threats only helped the “state-sponsored cyber adversaries.”After Australia’s Bureau of Meteorology systems was hacked, unnamed government officials immediately blamed China and China immediately denied the “groundless accusations.” When the hack hit the news in December 2015, the Bureau of Meteorology (BOM) would not confirm if its systems had been compromised. In April, Australian’s Prime Minister did confirm there had been a “significant cyber intrusion” at the Bureau.To read this article in full or to leave a comment, please click here

Foreign spies used RAT to hack Australian weather bureau with weak security controls

Foreign spies made off with an “unknown quantity of documents” after infecting Australia’s meteorology bureau with a RAT, but the fact that security controls at the bureau were “insufficient” even for common cybercrime threats only helped the “state-sponsored cyber adversaries.”After Australia’s Bureau of Meteorology systems was hacked, unnamed government officials immediately blamed China and China immediately denied the “groundless accusations.” When the hack hit the news in December 2015, the Bureau of Meteorology (BOM) would not confirm if its systems had been compromised. In April, Australian’s Prime Minister did confirm there had been a “significant cyber intrusion” at the Bureau.To read this article in full or to leave a comment, please click here

Galaxy Note 7 flameout: Worst-case scenario

As readers are now no doubt aware, the Samsung Galaxy Note 7 phablet has been on fire lately. Literally. To the point where the Korean manufacturer has given up on fixing the design and killed the entire project. Buyers have been told to stop using the phones and return them in, get this, a fireproof box.+ Also on Network World: The Note 7 is dead: What Samsung must do now +Given the Galaxy Note 7’s propensity for spontaneous combustion and Samsung’s inability to definitively fix the problem, the move shouldn’t come as too much of a surprise. Still, the fallout from Galaxy Note 7 debacle will be felt far and wide, and not just by Samsung and the users and sellers of this particularly flawed device.To read this article in full or to leave a comment, please click here

TLS nonce-nse

One of the base principles of cryptography is that you can't just encrypt multiple messages with the same key. At the very least, what will happen is that two messages that have identical plaintext will also have identical ciphertext, which is a dangerous leak. (This is similar to why you can't encrypt blocks with ECB.)

One Does Not Simply

If you think about it, a pure encryption function is just like any other pure computer function: deterministic. Given the same set of inputs (key and message) it will always return the same output (the encrypted message). And we don't want an attacker to be able to tell that two encrypted messages came from the same plaintext.

Same inputs, same output

The solution is the use of IVs (Initialization Vectors) or nonces (numbers used once). These are byte strings that are different for each encrypted message. They are the source of non-determinism that is needed to make duplicates indistinguishable. They are usually not secret, and distributed prepended to the ciphertext since they are necessary for decryption.

The distinction between IVs and nonces is controversial and not binary. Different encryption schemes require different properties to be secure: some just need them to never repeat, in which case we commonly Continue reading

Worth Reading Digital Monoculture

While Waze leads us to our destinations via the quickest route, our dependence on this kind of decision support system may also be the quickest route to a monocultural society. You’ve said the word “algorithm” a thousand times this year, and you may have even written out your algorithmic goals in English, but have you ever coded an algorithm? Do you really know how any AI model is performing? What tiny mistakes (or purposeful small changes) are being made to subtly guide our decision-making? —Shelly Palmer

LinkedInTwitterGoogle+Facebook

The post Worth Reading Digital Monoculture appeared first on 'net work.

War-torn Syrian city gets new fiber link

The northern Syrian city of Aleppo is one of the key battlegrounds of that country’s on-going civil war as well as the epicenter of the European refugee crisis.  The most appropriate United States response to events in Aleppo has become a major foreign policy question among the candidates in this year’s U.S. presidential election.  Experts are now predicting that forces loyal to President Bashar al-Assad, backed by the Russian military, will take control of rebel-held eastern Aleppo within weeks.  The image below (from Wikipedia) illustrates the the current state (as of 9 October 2016) of the conflict in Aleppo, depicting rebel-held regions in green and those under government control in red.

aleppo_situation
Amidst all of this, the Syrian Communications and Technology Ministry announced this week that they had completed a new fiber optic line connecting the parts of Aleppo loyal to President Assad to the state telecom’s core network in Damascus, increasing available bandwidth for residents.  It had previously been connected by a high-capacity microwave link.

From a BGP routing standpoint, this development was reflected by the disappearance of AS24814 — we first reported the appearance of AS24814 serving Aleppo in 2013.  At 14:42 Continue reading

Samsung issues elaborate fireproof boxes for Note7 returns

Samsung has begun sending customers of its discontinued Galaxy Note7 smartphones special boxes designed to protect the fire-prone phablets from doing any damage on their way back to the vendor through the mail. The lithium-ion batteries in the phones are being fingered for the devices overheating, and in some cases, catching on fire.The shipping package, as discussed by XDA Developers, includes an instruction sheet that shows how the Note7 should be insulated before being sent off. First comes a static shield bag, then a small OEM replacement box, then another box and finally a thermal insulated box. Oh, and there's a set of gloves that you're supposed to put on before handling all of the contents.To read this article in full or to leave a comment, please click here

BT Selects Nuage’s SD-WAN for Global Reach

BT Selects Nuage's SD-WAN for Global Reach THE HAGUE, Netherlands — Nuage Networks has landed its biggest customer yet for software-defined wide-area networking (SD-WAN), as BT plans to offer the service to its enterprise customers globally. More specifically, BT has selected Nuage‘s Virtualized Network Services (VNS), which the vendor considers a superset of SD-WAN. The deal hasn’t been announced, but Neil McRae,... Read more →

1 2,605 2,606 2,607 2,608 2,609 3,841