That Alfa-Trump Sussman indictment
Five years ago, online magazine Slate broke a story about how DNS packets showed secret communications between Alfa Bank in Russia and the Trump Organization, proving a link that Trump denied. I was the only prominent tech expert that debunked this as just a conspiracy-theory[*][*][*].
Last week, I was vindicated by the indictment of a lawyer involved, a Michael Sussman. It tells a story of where this data came from, and some problems with it.
But we should first avoid reading too much into this indictment. It cherry picks data supporting its argument while excluding anything that disagrees with it. We see chat messages expressing doubt in the DNS data. If chat messages existed expressing confidence in the data, we wouldn't see them in the indictment.
In addition, the indictment tries to make strong ties to the Hillary campaign and the Steele Dossier, but ultimately, it's weak. It looks to me like an outsider trying to ingratiated themselves with the Hillary campaign rather than there being part of a grand Clinton-lead conspiracy against Trump.
With these caveats, we do see some important things about where the data came from.
We see how Tech-Executive-1 used Continue reading
Full Stack Journey 058: New Challenges And Embracing Change
In episode 58 of the Full Stack Podcast, Scott talks to Nick Korte about a change that happened with his own podcast, The Nerd Journey. What lessons did Nick learn from this change, and how can those lessons be applied to careers in general? Scott and Nick's conversation uncovers some true gems of career advice.
Full Stack Journey 058: New Challenges And Embracing Change
In episode 58 of the Full Stack Podcast, Scott talks to Nick Korte about a change that happened with his own podcast, The Nerd Journey. What lessons did Nick learn from this change, and how can those lessons be applied to careers in general? Scott and Nick's conversation uncovers some true gems of career advice.
The post Full Stack Journey 058: New Challenges And Embracing Change appeared first on Packet Pushers.
The Top Network Upgrades You Should Consider Today
Network technologies and threats are advancing rapidly. Don't let your organization fall behind the times.Big Iron Will Always Drive Big Spending
Starting way back in the late 1980s, when Sun Microsystems was on the rise in the datacenter and Hewlett Packard was its main rival in Unix-based systems, market forces compelled IBM to finally and forcefully field its own open systems machines to combat Sun, HP, and others behind the Unix movement. …
Big Iron Will Always Drive Big Spending was written by Timothy Prickett Morgan at The Next Platform.
Thoughts on the Collapsed Spine
One of the designs I’ve been encountering a lot of recently is a “collapsed spine” data center network, as shown in the illustration below.
In this design, and B are spine routers, while C-F are top of rack switches. The terminology is important here, because C-F are just switches—they don’t route packets. When G sends a packet to H, the packet is switched by C to A, which then routes the packet towards F, which then switches the packet towards H. C and F do not perform an IP lookup, just a MAC address lookup. A and B are responsible for setting the correct next hop MAC address to forward packets through F to H.
What are the positive aspects of this design? Primarily that all processing is handled on the two spine routers—the top of rack switches don’t need to keep any sort of routing table, nor do any IP lookups. This means you can use very inexpensive devices for your ToR. In brownfield deployments, so long as the existing ToR devices can switch based on MAC addresses, existing hardware can be used.
This design also centralizes almost all aspects of network configuration and management on the spine routers. Continue reading
Mixed Results With A64X Port for Seismic HPC
Seismic processing cloud infrastructure provider, DUG, has enough combined compute power to grace the leading ten systems on the Top 500 list of the world’s most powerful supercomputers, with around 30 petaflops for seismic processing, full waveform inversion, petrophysics, and other HPC applications in oil and gas via many of its own software packages. …
Mixed Results With A64X Port for Seismic HPC was written by Nicole Hemsoth at The Next Platform.
AWS Networking – Part V: Create Subnet Using AWS Console
When we have created a new VPC, we can start adding subnets to it. We are going to create two subnets. Subnet 10.10.0.0/24 is a Public Subnet in Availability Zone eu-west2c, where we later add an Internet GW. Subnet 10.10.0.0/24 is a Private Subnet in Availability Zone eu-west2a that will use a NAT GW for uni-directional Internet access.
Figure 1-18: VPC Route Table: Routes.
Continue reading
AWS Networking – Part IV: Create VPC Using the AWZ CloudFormation
The focus of this section is to show how we can create a VPC using AWS CloudFormation service. Figure 1-12 shows our example AWS CloudFormation Templates. Its first section, AWSTemplateFormatVersion, specifies the template language format. At the time of writing, 2010-09-09 is the latest and only valid version. We can use the Description section to describe our template. Note that it must follow the AWSTemplateFormatVersion Section. AWSTemplateFormation-Version and Description are optional sections. The Resourcessection specifies the actual AWS resources and their properties. Each AWS resource is identified with a logical name. I have given the logical name NwktVPC for our example VPC. We can use resource-specific logical names for defining dependencies between resources. For example, when adding the AWS::EC2::Subnet resource to our template, we assign the VpcId value by calling it from the AWS::EC2::VPC resource using !REF intrinsinc function. I will explain the process in the Subnet section later. The resources and their properties are defined under logical names. The Resources section is the only required section in AWS CloudFormation-Template. AWS CloudFormation Templates are identified by using Stack Names in AWS Cloud Formation. Our example Stack Name is MyNetworkStack.
Figure 1-12: AWS CloudFormation: VPC.
Continue reading
Another SD-WAN Security SNAFU: SQL Injections in Cisco SD-WAN Admin Interface
Christoph Jaggi sent me a link to an interesting article describing security vulnerabilities pentesters found in Cisco SD-WAN admin/management code.
I’m positive the bugs have been fixed in the meantime, but what riled me most was the root cause: Little Bobby Tables (aka SQL injection) dropped by. Come on, it’s 2021, SD-WAN is supposed to be about building secure replacements for MPLS/VPN networks, and they couldn’t get someone who could write SQL-injection-safe code (the top web application security risk)?
Another SD-WAN Security SNAFU: SQL Injections in Cisco SD-WAN Admin Interface
Christoph Jaggi sent me a link to an interesting article describing security vulnerabilities pentesters found in Cisco SD-WAN admin/management code.
I’m positive the bugs have been fixed in the meantime, but what riled me most was the root cause: Little Bobby Tables (aka SQL injection) dropped by. Come on, it’s 2021, SD-WAN is supposed to be about building secure replacements for MPLS/VPN networks, and they couldn’t get someone who could write SQL-injection-safe code (the top web application security risk)?
Bird on Bird, Episode 4 of BGP Perf testing
1st Post Comparing Open Source BGP Stacks 2nd Post Followup Measuring BGP Stacks Performance 3rd Post Comparing Open Source BGP stacks with internet routes After the last post, I thought the this post would be either adding interesting BGP policy. But that’s tricky. It’s going to take some rethinking about...Tech Bytes: Operationalizing EVPN For Data Center Networks With Nokia (Sponsored)
On today’s Tech Bytes podcast, sponsored by Nokia, we dive into data center networking and EVPN. Nokia’s SR-Linux operating system can help you build a data center fabric with EVPN, and in this episode we’re going to discuss how Nokia operationalizes that protocol.Tech Bytes: Operationalizing EVPN For Data Center Networks With Nokia (Sponsored)
On today’s Tech Bytes podcast, sponsored by Nokia, we dive into data center networking and EVPN. Nokia’s SR-Linux operating system can help you build a data center fabric with EVPN, and in this episode we’re going to discuss how Nokia operationalizes that protocol.
The post Tech Bytes: Operationalizing EVPN For Data Center Networks With Nokia (Sponsored) appeared first on Packet Pushers.