Ideal programming language

My last post about Go got some attention.

In fact, two of my posts got attention that day, which broke my nginx since I was running livecount behind nginx, making me run out of file descriptors when thousands of people had the page opened.

It’s a shame that I had to turn off livecount, since it’d be cool to see the stats. But I was out of the country, with unreliable access to both Internet and even electricity in hotels, so I couldn’t implement the real fix until I got back, when it had already mostly died down.

traffic

I knew this was a problem with livecount, of course, and I even allude to it in its blog post.

Anyway, back to programming languages.

The reactions to my post can be summarized as:

  • Oh yes, these things are definite flaws in the language.
  • What you’re saying is true, but it’s not a problem. Your post is pointless.
  • You’re dumb. You don’t understand Go. Here let me explain your own blog post to you […]

I respect the first two. The last one has to be from people who are too emotionally invested with their tools, and take articles like this Continue reading

Linux For Network Engineers (LFNE) – AlmaLinux & Alpine Editions

After the release of the Ubuntu 24.04 edition of Linux For Network Engineers (LFNE) I’ve got some questions from the community. Here are two new flavors of LFNE based on your requests. LFNE AlmaLinux 10 OS For Red Hat fans who prefer a RHEL-style environment. Since CentOS is no longer maintained, AlmaLinux is the closest […]

<p>The post Linux For Network Engineers (LFNE) – AlmaLinux & Alpine Editions first appeared on IPNET.</p>

Broadcom Lands Shepherding Deal For OpenAI “Titan” XPU

Broadcom turned in its financial results for its third quarter last night, and all of the tongues in the IT sector are wagging about how the chip maker and enterprise software giant has landed a fourth customer for its burgeoning custom XPU design and shepherding business.

Broadcom Lands Shepherding Deal For OpenAI “Titan” XPU was written by Timothy Prickett Morgan at The Next Platform.

HPE Systems Rebound As Juniper Brings A Further Boost

Sales of GPU-accelerated servers are still hurting margins at Hewlett Packard Enterprise, as they are doing at all OEMs and probably the ODMs, too, but the good news is that they will be hurting less and less as sales of beefier and more profitable general purpose servers are on the rise and as sovereign clouds and neoclouds turn to HPE for iron and pay higher unit prices for gear.

HPE Systems Rebound As Juniper Brings A Further Boost was written by Timothy Prickett Morgan at The Next Platform.

Calico Egress Gateway: A Cost-Effective NAT for Kubernetes

The Need for a Kubernetes NAT Gateway

When Kubernetes workloads need to connect to the outside world, whether to access external APIs, integrate with external systems, or connect to partner networks, they often face a unique challenge. The problem? Pod IP addresses inside Kubernetes clusters are dynamic and non-routable. For external systems to recognize and trust this traffic, workloads need a consistent, dependable identity. This means outbound connections require fixed, routable IP addresses that external services can rely on. This is where Network Address Translation (NAT) becomes essential. It assigns Kubernetes pods with a static, consistent IP for all outbound traffic, ensuring those connections work properly.

If you’re running Kubernetes in the cloud, a common solution is to use your cloud provider’s managed NAT gateway service. These are easy to use, but they can come at a cost. In AWS, Azure, and Google Cloud, cloud-managed NAT gateways charge both an hourly fee and a per-gigabyte data processing fee. For high-traffic deployments, those charges can quickly add up, sometimes even exceeding your compute costs.

The good news: with Calico, you can handle NAT from inside your Kubernetes cluster, avoiding cloud NAT gateway fees and giving you more control over how egress Continue reading

Addressing the unauthorized issuance of multiple TLS certificates for 1.1.1.1

Over the past few days Cloudflare has been notified through our vulnerability disclosure program and the certificate transparency mailing list that unauthorized certificates were issued by Fina CA for 1.1.1.1, one of the IP addresses used by our public DNS resolver service. From February 2024 to August 2025, Fina CA issued twelve certificates for 1.1.1.1 without our permission. We did not observe unauthorized issuance for any properties managed by Cloudflare other than 1.1.1.1.

We have no evidence that bad actors took advantage of this error. To impersonate Cloudflare's public DNS resolver 1.1.1.1, an attacker would not only require an unauthorized certificate and its corresponding private key, but attacked users would also need to trust the Fina CA. Furthermore, traffic between the client and 1.1.1.1 would have to be intercepted.

While this unauthorized issuance is an unacceptable lapse in security by Fina CA, we should have caught and responded to it earlier. After speaking with Fina CA, it appears that they issued these certificates for the purposes of internal testing. However, no CA should be issuing certificates for domains and IP addresses without checking control. At Continue reading

Linux For Network Engineers (LFNE) – Now on Ubuntu 24.04

The Linux For Network Engineers (LFNE) Docker container has been refreshed and is now built on Ubuntu 24.04 LTS. For those new to it, LFNE is a ready-to-use Linux environment preloaded with the most popular tools used by network engineers—from packet capture and traffic analysis utilities to configuration helpers and scripting support. Instead of spending […]

<p>The post Linux For Network Engineers (LFNE) – Now on Ubuntu 24.04 first appeared on IPNET.</p>

How Many Lab Devices Can netlab Handle?

TL&DR: Over 3000

A few weeks ago, Christian opened an issue describing how netlab breaks when the lab topology has more than 250 devices. We fixed that, only to get into another morass: some code has complexity higher than O(n) (meaning that going from 100 to 200 devices makes things more than twice as slow). Christian is working on one of those problems at the moment (it’s not that his ginormous labs won’t start, it just takes a long time), and I decided it’s time to polish a few other bits of the code.

Read more …

Worth Reading 090325


Among the plethora of advanced attacker tools that exemplify how threat actors continuously evolve their tactics, techniques, and procedures (TTPs) to evade detection and maximize impact, PipeMagic, a highly modular backdoor used by Storm-2460 masquerading as a legitimate open-source ChatGPT Desktop Application, stands out as particularly advanced.


In this episode of PING, APNIC’s Chief Scientist, Geoff Huston, explores the economic inevitability of centrality in the modern Internet.


Philipp delivers a sober message for innovators: invention is only half the battle; defending your invention can define your company’s fate.


Google now estimates that the specs for a Cryptographically Relevant Quantum Computer (CRQC), which can break conventional public key encryption in a useful amount of time, are lower than they had previously estimatedナby 95%.


In this report, I’ll focus on the material presented at the DELEG and DNSOP Working Groups.

AI Week 2025: Recap

How do we embrace the power of AI without losing control? 

That was one of our big themes for AI Week 2025, which has now come to a close. We announced products, partnerships, and features to help companies successfully navigate this new era.

Everything we built was based on feedback from customers like you that want to get the most out of AI without sacrificing control and safety. Over the next year, we will double down on our efforts to deliver world-class features that augment and secure AI. Please keep an eye on our Blog, AI Avenue, Product Change Log and CloudflareTV for more announcements.

This week we focused on four core areas to help companies secure and deliver AI experiences safely and securely:

  • Securing AI environments and workflows

  • Protecting original content from misuse by AI

  • Helping developers build world-class, secure, AI experiences 

  • Making Cloudflare better for you with AI

Thank you for following along with our first ever AI week at Cloudflare. This recap blog will summarize each announcement across these four core areas. For more information, check out our “This Week in NET” recap episode also featured at the end of this blog.

Securing AI Continue reading

The impact of the Salesloft Drift breach on Cloudflare and our customers

Last week, Cloudflare was notified that we (and our customers) are affected by the Salesloft Drift breach. Because of this breach, someone outside Cloudflare got access to our Salesforce instance, which we use for customer support and internal customer case management, and some of the data it contains. Most of this information is customer contact information and basic support case data, but some customer support interactions may reveal information about a customer's configuration and could contain sensitive information like access tokens. Given that Salesforce support case data contains the contents of support tickets with Cloudflare, any information that a customer may have shared with Cloudflare in our support system—including logs, tokens or passwords—should be considered compromised, and we strongly urge you to rotate any credentials that you may have shared with us through this channel.

As part of our response to this incident, we did our own search through the compromised data to look for tokens or passwords and found 104 Cloudflare API tokens. We have identified no suspicious activity associated with those tokens, but all of these have been rotated in an abundance of caution. All customers whose data was compromised in this breach have been informed directly by Continue reading

Worth Reading 090125


Can we trust AI? Will AI take our jobs? Is an AI app safe? Shall we invest in AI company? Create an AI startup? Will AI accelerate cybercrime?


This study highlights the inadequacy of current privacy protection measures and proposes an automated, sustainable approach to correlate user profiles, including homonyms and pseudonyms, solely through publicly available data.


Bargury’s attack starts with a poisoned document, which is shared to a potential victim’s Google Drive. (Bargury says a victim could have also uploaded a compromised file to their own account.)


I wrote last week about three examples of the new GPT 5.0 chatbot contradicting Sam Altman’s claim that “it really feels like talking to an expert in any topic, like a PhD-level expert.”


RFCs are, inherently, the result of a design-by-committee writing process; usually intended for engineers to read. Especially with cryptography, they err on the side of technical specification rather than introductory blog post.


The transition to IPv6 is now a practical necessity for networks under pressure to scale, secure, and streamline their operations.

Automate IP, VLAN & BGP Resource Allocation With Infrahub Resource Manager

Automate IP, VLAN & BGP Resource Allocation With Infrahub Resource Manager

Have you ever had two teams accidentally assign the same IP address? Or heard someone ask, “Can I get a VLAN? I’m not sure which one to use.” I’m also certain you have because manually managing infrastructure resources like IP addresses, IP prefixes, VLAN IDs, and BGP ASNs is still all too common in a lot of environments. Manual resource management is also time-consuming and painful, and often results in duplicate resource assignments, which means more work to clean things up later.

SPONSORED

Disclaimer – OpsMill has partnered with me for this post, and they also support my blog as a sponsor. The post is originally published under https://opsmill.com/blog/infrahub-resource-manager-automate-allocation/

The Infrahub Resource Manager is designed to eliminate those pains while speeding up your workflows. The Resource Manager automatically hands out resources from managed pools and ensures every allocation is tracked and unique.

Automate IP, VLAN & BGP Resource Allocation With Infrahub Resource Manager

In this guide, we’ll show you how the Infrahub Resource Manager works and give you three ways to build pools and allocate resources with it.


Common use cases for the Infrahub Resource Manager

The Resource Manager can be used in many areas of network design and automation. A common use case is data center expansion Continue reading

Worth Reading 082925


In this episode of PING, Robert Kisteleki from the RIPE NCC discusses the RIPE Atlas system — a network of over 13,000 measurement devices deployed worldwide in homes, exchange points, stub and transit Autonomous Systems, densely connected regions and sparse island states.


The common denominator in both tests was technology called “Innovative Optical and Wireless Network” (IOWN), an all-optical networking stack that NTT hopes will mature in 2030 and expects will reduce power consumption by 100x, improve transmission capacity by 125x, and reduce network latency to 0.5 percent of current levels.


Internet Exchange Points (IXPs) are often overlooked in discussions about critical infrastructure. Yet their role in routing stability, local resilience, and digital sovereignty is undeniable.


Is adding AI to your environment a software purchase? Or is it more like hiring an employee?


Design by committee should always ring alarm bells, particularly in technology. The desire to achieve acceptable compromises between various opinions often leads to compromised technical outcomes, and it seems to me that the current work on redefining zone cuts and delegation in the DNS is leading to this same outcome


The TCP/IP Interoperability Conference—later renamed Interop—began as a small workshop in August 1986. It quickly grew Continue reading

1 2 3 4 5 3,809