Who named “shellshock”?

Because it's terribly important to cybersec, many are debating the origin of the name "shellshock". I thought I'd write up the definitive answer.

The answer is that it came from this tweet by Andreas Lindh. That's the absolute origin of the term. Andreas made it up himself.



Also, to some extent Davi Ottenheimer deserves some credit for starting the conversation among a bunch of people with his tweet saying "it's not big until there's a logo". Lots of people posted logos as that point.

Also to some extent I deserve some credit for then pimping the "shellshock" name in my blogposts, which received a lot of attention in the early hours of the shellshock crisis. As you can see from the pageview stats below, these posts got a lot of attention. Also, most of the early news stories on "real" news websites referenced me and my posts. Those news sites got the name from me, and I got it from Andreas and nobody else.



I suspect what really helped it along is that when I scanned the Internet for the bug, putting it in everybody's webserver logs. I included a pointer to the "shellshock scan" post in the Continue reading

HP talks SDN at Interop NYC 2014

I generally try to avoid combing my thoughts about presentations, but I have to mention that after sitting down with Glue Networks and their “SDN” presentation, it was truly a breath of fresh air to hear from HP. They went into some details on how they demonstrated the capabilities of their SDN platform. They purposely stretched their network out the limits of what they thought was possible.

On top of that, they spent some time talking about the launch of the very first SDN application ecosystem to market. I have to say, this is a fantastic idea and I’m glad that they brought it to fruition. Not only will the App Store help customers understand the real value behind SDN, as well as discover specific network applications that could help solve problems they’re facing today.

Take a few minutes to listen to Chris Young and Jeff Enters from HP give a fantastic white boarding session on the architecture behind the network they brought to Interop and the specific challenges of building it. Checkout http://hp.com/go/sdn for more info.

Standard TFD Disclaimer

While Cisco and HP were responsible for paying a portion of the travel and lodging costs for me during Continue reading

The little extra that comes with Universal SSL

CC BY 2.0 by JD Hancock

Last Monday we announced our SSL for Free plan users called Universal SSL. Universal SSL means that any site running on CloudFlare gets a free SSL certificate, and is automatically secured over HTTPS.

Using SSL for a web site helps make the site more secure, but there's another benefit: it can also make the site faster. That's because the SPDY protocol, created by Google to speed up the web, actually requires SSL and only web sites that support HTTPS can use SPDY.

CloudFlare has long supported SPDY, and kept up to date with improvements in the protocol. We currently support the most recent version of SPDY: 3.1.

CloudFlare's mission to bring the tools of the Internet giants to everyone is two fold: security and performance. As part of the Universal SSL launch, we also rolled out SPDY for everyone. Many of the web's largest sites use SPDY; now all sites that use CloudFlare are in the same league.

If your site is on CloudFlare, and you use a modern browser that supports SPDY, you'll find that the HTTPS version of your site is now served over SPDY. SPDY allows the Continue reading

Understanding the HP split

HP is splitting itself into "enterprise" and "consumer" companies. Why the split? Isn't the goal of big companies to get bigger? Well, no, that's just the cynical view of companies. The actual goal is to deliver value to stockholders. Splitting delivers value in two ways. The first is that it "exposes" the underlying business. The second is that it avoids dis-economies of scale.

Conglomerates like GE (General Electric) have a problem. While some businesses do well and grow, other businesses fail and shrink. You can't buy stock in the individual components of GE's business you think are growing, you have to take all or none. GE Medical has been growing fast, but you can't invest in it individually.

Thus, big companies frequently spin out such companies, either to divest themselves of the dead weight that isn't growing, or conversely, to let a growing part of these business to fly free without being held back by the deadweight. The fast growing parts of a business aren't inherently better. They tend to also be riskier, meaning that while their stock may surge, they have equal probability of going bankrupt soon.

We can see how this philosophy worked in the case of HP's Continue reading

Bufferbloat and Other Challenges

Vint Cerf wrote a wonderful piece on the problems I’ve been wrestling with the last number of years, called “Bufferbloat and Other Internet Challenges“. It is funny how one thing leads to another; I started just wanting my home network to work as I knew it should, and started turning over rocks. The swamp we’re in is very deep and dangerous, the security problem the worst of all (and given how widespread bufferbloat is, that’s saying something). The “Other Challenges” dwarf bufferbloat, as large a problem as it is.

I gave a lunch talk at the Berkman Center at Harvard in June on the situation and recommend people read the articles by Bruce Schneier and Dan Geer you will find linked there, which is their takes on the situation I laid out to them (both articles were triggered by the information in that talk).

Dan Geer’s piece is particularly important from a policy perspective.

I also recommend reading “Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities“, by Clark, Fry, Blaze and Smith, which makes clear to me that our engineering processes need fundamental reform in the face of very Continue reading

Good Ansible News, Everyone

Good_News,_Everyone

There are lots of great things happening at Ansible (and we aren't just talking about the new coffee in the breakroom). We've had a great summer with the hiring a bunch of new Ansible team members, the release of Ansible 1.7.2 and Ansible Tower 2.0. Fall is shaping up to be even better.

-- Inforworld names Ansible one of The best open source data center and cloud software companies.

Continue reading

How Big is That Network?

There is a careful policy path to be followed that encourages continued investment and innovation in national telecommunications-related infrastructure and services, while at the time same time avoiding the formation of market distortions and inefficiencies. What helps in this regulatory process is clear information about the state of the industry itself. One of those pieces of information concerns the market scope of the retail Internet Service Provider sector. To put it another way, how “big” is a particular network? How many customers does it serve? Is its market share increasing or falling?

Write Like You Mean It (Part 1)

old-booksEngineers are supposed to be able to gather information, arrange it in a way that makes sense, and then propose a solution that actually solves the problem at hand — right? So why is it I’m almost constantly astounded at the lack of writing skills in the engineering community? Why don’t engineers know how to write, given the almost complete overlap between the way the engineering process is supposed to work, and the way writing is supposed to work?

I suspect there are a number of reasons, probably foremost of which is that engineers don’t think in the logical chains we like to believe. Engineers are too often caught in the modern “search engine world” — find a thesis, search for a few exports to support your belief, and declare the issue decided. We’re sorely lacking the serious interplay between ideas, the pros and cons way of thinking, that exist in many other intellectual pursuits (though honestly, on a decreasing level every day).

If you need some encouragement, let me put it another way: learning to write will not only enhance your thinking skills as an engineer, it will also advance your career. Seriously.

What to do? Well, we can’t Continue reading

OpEx savings and the ever-present emergence of SDN

Software-defined networking is fundamentally about two things: the centralization of network intelligence to make smarter decisions, and the creation of a single (or smaller number of) administrative touch points to allow for streamlined operations and to promote workflow automation. The former can potentially lead to new capabilities that make networks better (or create new revenue streams), and the latter is about reducing the overall operating costs of managing a network.

Generating revenue makes perfect sense for the service providers who use their network primarily as a means to drive the business. But most enterprises use the network as an enabling entity, which means they are more interested in the bottom line than the top. For these network technology consumers, the notion of reducing costs can be extremely powerful.

But how do those OpEx savings manifest themselves?

OpEx you can measure

When we consider OpEx, it’s easy to point to the things that are measurable: space, power and cooling. So as enterprise customers examine various solutions, they will look at how many devices are required, and then how those devices consume space, power, and cooling. It is relatively straightforward to do these calculations and line up competing solutions. Essentially, you calculate Continue reading

Now that We’ve Buried the Seven Layer Model…

“But the seven layer model is still useful for teaching networking…” So ran the most common reaction to my post last week about the seven layer model being dead. But let me ask something — how useful is the seven layer model for teaching networking? It doesn’t match the TCP/IP stack, it doesn’t account for […]

Author information

Russ White

Russ White
Principle Engineer at Ericsson

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about, or don't really care about. You want numbers and letters? Okay: CCIE 2635, CCDE 2007:001, CCAr, BSIT, MSIT (Network Design & Architecture, Capella University), MACM (Biblical Literature, Shepherds Theological Seminary). Russ is a Principal Engineer in the IPOS Team at Ericsson, where he works on lots of different stuff, serves on the Routing Area Directorate at the IETF, and is a cochair of the Internet Society Advisory Council. Russ will be speaking in November at the Ericsson Technology Day. he recently published The Art of Network Architecture, is currently working on a new book in the area Continue reading

Interop New York: It Was Great Fun

Last week’s Interop New York was hard work (three workshops in two days), but also lots of nerdy fun. I love doing workshops with smart participants who bring their real-life problems to the room and challenge my assumptions and conclusions, and I had plenty of these interactions during the week. Thank you all (you know who you are)!

Read more ...

Interop NYC & Software Gone Wild

Last week I had the pleasure of speaking at Interop in NYC.  It wasn’t the best turn out for a conference, but all of the sessions that were about automation, APIs, DevOps, and programmability seemed to do fairly well.  For those that didn't attend, the title of the presentation was A Practical Look at Network Automation --- the deck is posted below. 
I also had the opportunity to be a guest on Ivan Pepelnjak’s podcast Software Gone Wild recently and it was just posted yesterday.  Have a listen.
edelman-interopnyc-092014pv.pdf
File Size: 4237 kb
File Type: pdf
Download File

Feel free to reach out with any questions or comments regarding any of the material.

Thanks,
Jason

Twitter: @jedelman8

CCIE RSv5 Workbook Troubleshooting Labs Now Available

Troubleshooting Lab 1 has been added to the CCIE Routing & Switching v5 Workbook. This is in addition to Full Scale Lab 1 which was posted yesterday. More Foundation, Troubleshooting, and Full Scale Labs will be added soon to the workbook. More information about additional content and its release schedule will be available shortly.

This lab uses a 20 router topology which will be available through our rack rental system shortly.  In the meantime if you have your own lab built on CSR1000v, IOU/IOL, etc. the initial configs are available to download on the lab 1 tasks page.  For technical discussion of this lab, please visit the Troubleshooting Labs section of our Online Community here.

Utility-Based Pricing Troubles Me

Utility, or Consumption-Based pricing models offer an interesting way of matching costs to revenues. But if they’re not managed well, customer costs could blow out just trying to keep the lights on. We’ve come to expect rapidly declining hardware prices. Have vendors realised their utility prices need to decline at a similar rate?

I’ve been doing more architecture work over the last twelve months, and this has changed some of my thinking about technology. Previously I was only really interested in speeds & feeds, and technical capabilities. Scaling was only about how to add capacity – not what it would cost. When I looked at costs, it was just to shake my head at the ridiculous prices charged for things like a second power supply.

But now I find myself interested in things like cost curves, and trying to figure out how my costs will change as demand changes. The ideal is for their to be a clear relationship between costs & revenue, hopefully with costs growing at a slower rate than demand (and revenue).

Previously we had high upfront costs to buy hardware and software, and we aimed to amortise it over the life of the service. Our costs Continue reading

Cisco Adds New Routers In the ISR 4000 Family

The Cisco ISR G2 routers have been around for a while now. Roughly a year ago, Cisco released the Cisco 4451-X router which was the first ISR running IOS-XE. Cisco has now added new routers to the 4000 family, which means that the ISR G2 family will eventually go away. Don’t panic though! That will not happen for a while but if you are looking to buy new ISR routers, then take a look at the new 4000 family.

ISR4000

One great thing about the new ISR 4000 routers is that they support upgrading of the bandwidth capacity by buying a license. That means that you can keep the same router for a longer time and grow into it, rather than doing a complete replacement as your demand for bandwidth increases. The new models are ISR 4321, 4331, 4351 and 4431.

ISR4000-family

If you need a router that does 10 Mbit/s, then you can get the 4321 and you can keep using it until you reach 100 Mbit/s. The 4331 will get you from 100-300 Mbit/s which would cover a lot of customers that I currently have.

The next slide shows some of the new features of the ISR 4000:ISR4000-architecture

The ISR Continue reading