The Post-Quantum State: a taxonomy of challenges

The Post-Quantum State: a taxonomy of challenges
The Post-Quantum State: a taxonomy of challenges

At Cloudflare, we help to build a better Internet. In the face of quantum computers and their threat to cryptography, we want to provide protections for this future challenge. The only way that we can change the future is by analyzing and perusing the past. Only in the present, with the past in mind and the future in sight, can we categorize and unfold events. Predicting, understanding and anticipating quantum computers (with the opportunities and challenges they bring) is a daunting task. We can, though, create a taxonomy of these challenges, so the future can be better unrolled.

This is the first blog post in a post-quantum series, where we talk about our past, present and future “adventures in the Post-Quantum land”. We have written about previous post-quantum efforts at Cloudflare, but we think that here first we need to understand and categorize the problem by looking at what we have done and what lies ahead. So, welcome to our adventures!

A taxonomy of the challenges ahead that quantum computers and their threat to cryptography bring (for more information about it, read our other blog posts) could be a good way to approach this problem. This taxonomy should Continue reading

The quantum solace and spectre

The quantum solace and spectre
Not only is the universe stranger than we think, but it is stranger than we can think of
Werner Heisenberg
The quantum solace and spectre

Even for a physicist as renowned as Heisenberg, the universe was strange. And it was strange because several phenomena could only be explained through the lens of quantum mechanics. This field changed the way we understood the world, challenged our imagination, and, since the Fifth Solvay Conference in 1927, has been integrated into every explanation of the physical world (it is, to this day, our best description of the inner workings of nature). Quantum mechanics created a rift: every physical phenomena (even the most micro and macro ones) stopped being explained only by classical physics and started to be explained by quantum mechanics. There is another world in which quantum mechanics has not yet created this rift: the realm of computers (note, though, that manufacturers have been affected by quantum effects for a long time). That is about to change.

In the 80s, several physicists (including, for example, Richard Feynman and Yuri Manin) asked themselves these questions: are there computers that can, with high accuracy and in a reasonable amount of time, simulate physics? And, specifically, can they Continue reading

Top 7 next-generation firewall vendors

With more employees accessing network resources remotely, the increase in companies deploying hybrid cloud architectures, and the overall escalation of security threats, firewall technology is critical to the integrity, security and the very lifeblood of any enterprise.  Traditional firewalls are security devices which inspect traffic at the point of network ingress/egress, as well as provide Virtual Private Network (VPN) and encryption capabilities. Firewalls watch traffic by state, port and protocol, and control the flow of the traffic passing through. In a traditional firewall, advanced security features are typically provided by external appliances and services that live outside the firewall platform.To read this article in full, please click here

Feedback: DMVPN Webinars

Some webinars on ipSpace.net are ancient (= more than a decade old). I’m refreshing some of them (the overhaul of Introduction to Virtualized Networking was completed earlier this month); others will stay as they are because the technology hasn’t changed in a long while, and it’s always nice to hear someone still finds them useful. This is a recent feedback I got on the DMVPN webinars:

As with any other webinar I have viewed on ipspace.net, this one provides the background as to why you may or may not want to do certain things and what impact that may have (positive or negative) on your network. Then it digs into the how of actually doing something. Brilliant content as always.

IPSpace.net is my go-to for deep dives on existing and emerging technologies in the networking industry. No unnecessary preamble. Gets straight to the point of why you are looking at a specific technology and explains the what and the why before getting into the how.

Feedback: DMVPN Webinars

Some webinars on ipSpace.net are ancient (= more than a decade old). I’m refreshing some of them (the overhaul of Introduction to Virtualized Networking was completed earlier this month); others will stay as they are because the technology hasn’t changed in a long while, and it’s always nice to hear someone still finds them useful. This is a recent feedback I got on the DMVPN webinars:

As with any other webinar I have viewed on ipspace.net, this one provides the background as to why you may or may not want to do certain things and what impact that may have (positive or negative) on your network. Then it digs into the how of actually doing something. Brilliant content as always.

IPSpace.net is my go-to for deep dives on existing and emerging technologies in the networking industry. No unnecessary preamble. Gets straight to the point of why you are looking at a specific technology and explains the what and the why before getting into the how.

Localisation isn’t translation

If you only have your app in English then you’ll still be understood[1] by the new market whose official language isn’t English.

If you show farenheit (a word I can’t even spell), then 96% of the world cannot understand your app. At all.

For most of the west I would argue that translation doesn’t even matter at all, but you cannot have your app start your weeks on Sunday, you cannot show fahrenheit, or feet, or furlongs, or cubits or whatever US-only units exist. And you cannot use MM/DD/YY.

NONE of these things are tied to language. Most users of English don’t want any of this US-only failure to communicate.

[1] While most of the world doesn’t speak English fluently, they may know words. And they can look up words. You cannot “look up” understanding fahrenheit or US-only date formats.

Go programs are not portable

A while ago I was asked why I wrote Sim in C++ instead of Go. I stumbled upon my answer again and realized it could be a blog post.

So here’s what I wrote then. I think I stand by it still, and I don’t think the situation has improved.

Why not write portable system tools in Go

My previous experience with “low level” things in Go (being very careful about which syscalls are used, and in which order) has had some frustrations in Go. Especially with portability. E.g. different definitions of syscall.Select between BSDs and Linux, making me have to use reflection at some points. (e.g. see this Go bug.

And to work around those things Go unfortunately uses the antipattern of (essentially) #ifdef __OpenBSD__, which we’ve known for decades is vastly inferior to checking for specific capabilities.

To me the Go proverb “Syscall must always be guarded with build tags” essentially means “Go is not an option for any program that needs to be portable and may at some point in the future require the syscalls package”. And since this tool is meant to be portable, and calls what would be syscall.Setresuid, Continue reading

Events. My experience from taking part in NANOG #84 Hackathon

Hello my friend,

collaboration, team work, team spirit… These and other similar words we are using quite often to show the importance of working together to achieve something big. Especially, if you have very limited time. This is a good description of the hackathon – the team effort to achieve something big (i.e., MVP of working product) in a short term (i.e., in 24 hours). Let’s see what’s that all about.



1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

What Was the Hackathon?

There are many hackathons worldwide. The trend we observe now is that many technical events have hackathon as a warm-up event or a part of the main program. In this case, the event was NANOG 84, which is one of the biggest gatherings for all Service Providers, Telco equipment vendors, and system integrators in North America. It is a massive opportunity to learn some interesting things from some leading companies, like their experience and lessons learned Continue reading

Marvell’s Building Blocks For Carrier Edge, 5G Networking

This article was originally posted on the Packet Pushers Ignition site on December 17, 2020. 5G and edge computing are mainstays of almost every tech company’s growth strategy, but their combined potential for market disruption is acute among network equipment vendors, carriers, and related component suppliers. Both trends have been brewing for years, but have […]

The post Marvell’s Building Blocks For Carrier Edge, 5G Networking appeared first on Packet Pushers.

Interop IP infusion and MikroTik: part 2 – VPLS

VPLS is a pretty common technology in ISPs to either sell layer 2 services or backhaul traffic to a centralized aggregation point to conserve IPv4 space; check out more on that here.

How can I take advantage of segment routing but still deliver the same services? We already looked at how to setup the label switched paths utilizing IP Infusion as a segment routing mapping server in this interop post. Now let’s see how we can deliver a VPLS service over this with mikrotik as a provider edge router.

Delivering a service with a L2VPN

After setting up the IGP and label distribution between the PEs we will start building the L2VPN.

Why a BGP signaled VPLS session instead of LDP signaled VPLS?

In the segment-routing domain there is no LDP running. However, some vendors support static pseudowires or other methods to bring up a targeted LDP session for VPLS. I did some basic testing here couldn’t easily identify the right combination of knobs to make this work. Don’t worry; I’ll come back to it.

BGP signaled VPLS is a standards based technology that both vendors support.

First thing we need to do after having loopback reachability is to build Continue reading

Rust Notes: Vectors

A vector is a collection of items of the same type. Vector Considerations When an empty vector is created with Vec::new it is un-allocated until elements are pushed into it. A vector with elements has allocated memory and lives on the heap. A vector is represented as a pointer to the...continue reading

Rust Notes: Enums

An enum is a type which can be ONE of a FEW different variants. // Create an instance of the enum variants with the double colon. let blah = StuffAndThings::Blah; let bleh = StuffAndThings::Bleh(42); let stuff = StuffAndThings::Stuff(String::from("Stuff"), true); let things =...continue reading

Controversial Reads 021921


The main purpose of algorithms, like digital programs and datacenters more broadly, is not to make money or influence thoughts, but to control people—in a direct and alien way hostile to our core beliefs and principles.


But as I testified to the Senate last week, you can basically reidentify anything. “Anonymity” is an abstraction.


Many people think that NoSQL databases are the “next big thing” in technology, and that we should write all of our core applications using them. However, NoSQL databases actually predate relational databases, and common relational databases were established to solve the problems that NoSQL brings.


One reason is that the most widely used methods of recycling more traditional batteries, like lead-acid batteries, don’t work well with Li batteries. The latter are typically larger, heavier, much more complex and even dangerous if taken apart wrong.


Apple has a rather complicated relationship with privacy, which it always points to as a differentiator with Google. But delivering on it is a different tale.


The problem is Web3 is not all that distributed, nor is it particularly equitable or transparent. It is highly centralized, despite being touted as a decentralized alternative to the web.


But rampant misinformation and days-long internet Continue reading

Worth Reading: Performance Testing of Commercial BGP Stacks

For whatever reason, most IT vendors attach “you cannot use this for performance testing and/or publish any results” caveat to their licensing agreements, so it’s really hard to get any independent test results that are not vendor-sponsored and thus suitably biased.

Justin Pietsch managed to get a permission to publish test results of Junos container implementation (cRPD) – no surprise there, Junos outperformed all open-source implementations Justin tested in the past.

What about other commercial BGP stacks? Justin did the best he could: he published Testing Commercial BGP Stacks instructions, so you can do the measurements on your own.

Worth Reading: Performance Testing of Commercial BGP Stacks

For whatever reason, most IT vendors attach “you cannot use this for performance testing and/or publish any results” caveat to their licensing agreements, so it’s really hard to get any independent test results that are not vendor-sponsored and thus suitably biased.

Justin Pietsch managed to get a permission to publish test results of Junos container implementation (cRPD) – no surprise there, Junos outperformed all open-source implementations Justin tested in the past.

What about other commercial BGP stacks? Justin did the best he could: he published Testing Commercial BGP Stacks instructions, so you can do the measurements on your own.

1 568 569 570 571 572 3,841