Over at ipspace.net, Ivan is discussing using DNS to program firewall rules—
Could you use DNS names to translate human-readable rules into packet filters? The traditional answer was “no, because I don’t trust DNS”.
This has been a pet peeve of mine for some years—particularly after my time at Verisign Labs, looking at the DNS system, and its interaction with the control plane, in some detail. I’m just going to say this simply and plainly; maybe someone, somewhere, will pay attention—
The Domain Name System is a part of the IP networking stack.
Network engineers and application developers seem to treat DNS as some sort of red-headed-stepchild; it’s best if we just hide it in some little corner someplace, and hope someone figures out how to make it work, but we’re not going to act like it should or will work. We’re just going to ignore it, and somehow hope it goes away so we don’t have to deal with it.
Let’s look at some of the wonderful ideas this we’ll just ignore DNS has brought us over the years, like, “let’s embed the IP address in the packet someplace so we know who we’re talking to,” and “we Continue reading
Colt moves from proprietary routers to x86.
Both indoor and outdoor tests resulted in speeds of 5 Gb/s and latency under 2 milliseconds.
Internet Society says more network operators have signed on to secure the internet's routing infrastructure.
Security vulnerabilities can't hold back developers working on open source code.
For a visual of the growth Uber is experiencing take a look at the first few seconds of the above video. It will start in the right place. It's from an amazing talk given by Matt Ranney, Chief Systems Architect at Uber and Co-founder of Voxer: What I Wish I Had Known Before Scaling Uber to 1000 Services (slides).
It shows a ceaseless, rhythmic, undulating traffic grid of growth occurring in a few Chinese cities. This same pattern of explosive growth is happening in cities all over the world. In fact, Uber is now in 40 cities and 70 countries. They have over 6000 employees, 2000 of whom are engineers. Only a year and half a go there were just 200 engineers. Those engineers have produced over 1000 microservices which are stored in over 8000 git repositories.
That's crazy 10x growth in a crazy short period of time. Who has experienced that? Not many. And as you might expect that sort of unique, compressed, fast paced, high stakes experience has to teach you something new, something deeper than you understood before.
Matt is not new to this game. He was co-founder of Voxer, which experienced its Continue reading
The post Worth Reading: Predictive Policing appeared first on 'net work.
One of the base principles of cryptography is that you can't just encrypt multiple messages with the same key. At the very least, what will happen is that two messages that have identical plaintext will also have identical ciphertext, which is a dangerous leak. (This is similar to why you can't encrypt blocks with ECB.)

If you think about it, a pure encryption function is just like any other pure computer function: deterministic. Given the same set of inputs (key and message) it will always return the same output (the encrypted message). And we don't want an attacker to be able to tell that two encrypted messages came from the same plaintext.

The solution is the use of IVs (Initialization Vectors) or nonces (numbers used once). These are byte strings that are different for each encrypted message. They are the source of non-determinism that is needed to make duplicates indistinguishable. They are usually not secret, and distributed prepended to the ciphertext since they are necessary for decryption.
The distinction between IVs and nonces is controversial and not binary. Different encryption schemes require different properties to be secure: some just need them to never repeat, in which case we commonly Continue reading
The post Worth Reading Digital Monoculture appeared first on 'net work.
The company is targeting enterprise customers with the service.
The northern Syrian city of Aleppo is one of the key battlegrounds of that country’s on-going civil war as well as the epicenter of the European refugee crisis. The most appropriate United States response to events in Aleppo has become a major foreign policy question among the candidates in this year’s U.S. presidential election. Experts are now predicting that forces loyal to President Bashar al-Assad, backed by the Russian military, will take control of rebel-held eastern Aleppo within weeks. The image below (from Wikipedia) illustrates the the current state (as of 9 October 2016) of the conflict in Aleppo, depicting rebel-held regions in green and those under government control in red.

From a BGP routing standpoint, this development was reflected by the disappearance of AS24814 — we first reported the appearance of AS24814 serving Aleppo in 2013. At 14:42 Continue reading