This is the fastpath - quick notes only, minimum commentary, single page.

Askbow fastpath

1 November 2016

Google, Apple, Mozilla distrust WoSign & StartCom CA

https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html https://support.apple.com/en-us/HT204132 https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/

https://www.youtube.com/watch?v=kb-m2fasdDY

https://gist.github.com/hellerbarde/2843375

https://www.theguardian.com/technology/2016/oct/11/crash-how-computers-are-setting-us-up-disaster

https://github.com/kdeldycke/awesome-falsehood

https://video.mtgsf.com/channel/vmware

Future: Net #vmware #conference #networking

https://www.cisco.com/c/en/us/solutions/enterprise/design-zone-branch-wan/index.html#~designs

Updated October 2016

#cisco #design #IWAN #CVD

https://blog.kaspersky.com/fantom-ransomware/12891/

next comes a malware that pretends to be a BSOD 😉

#windows #infosec

http://blog.sonicwall.com/2016/11/sonicwall-becomes-independent-security-company/

SonicWall is now independent of Dell

#infosec #networking #business

2 November 2016

http://www.cisco.com/c/en/us/products/security/fireamp-endpoints/index.html

Anti-malware software by Cisco for computers - new Immunet Pro?

#infosec #cisco

http://www.cisco.com/c/en/us/products/collateral/servers-unified-computing/ucs-s-series-storage-servers/datasheet-c78-738059.html

Cisco UCS S-Series Storage Servers - update of the UCS C3000 series

#storage #servers #cisco

http://www.profitap.com/profishark-1g/

A dedicated network tap for easy packet capturing - USB3

#networking #tools

https://govolution.wordpress.com/2016/10/24/the-first-15-days-of-a-password-honeypot/

Interesting statistics and a dump of passwords used by attackers

Also, shows that mirai attacks start as soon as 6 minutes after the host becomes available.

#infosec #iot #research

http://longnow.org/essays/richard-feynman-connection-machine/

A story of Richard Feynman’s contribution to computer science

#history #person #cs

4 November 2016

https://zmap.io/download.html

Zmap - a very fast port scanner Though it scans only one port per IP, you can quickly find every host with that port open - even in a very big network

#infosec #tools

https://www.youtube.com/watch?v=vvr9AMWEU-c

For those of us who remembers the good ol’days

#history #technology #networking

7 November 2016

https://blog.warcop.com/2016/11/03/cisco-expressway-exporting-certificates/

How one exports TLS certs from an expressway server

#uc #infosec #cisco

https://drive.google.com/file/d/0B5hBKwgSgYFad1YybERxTmpURms/view

An anatomy of security exploitation This presentation is more theoretical CS than last yaer’s “how security flaws work” writeup on Ars

#infosec #cs

http://speedtestbeta.xfinity.com/

New speedtest entered beta stage - HTML5, mobile layout By Comcast - so probably comes as one of the results of the recent hackathlon

#networking #troubleshouting #tools

http://arstechnica.com/information-technology/2016/11/private-microwave-networks-financial-hft/

a little glimpse into microwave radio networking

#technology #networking

http://www.investopedia.com/news/cisco-exec-gets-55m-termination-package-csco/

Not the first time I read about key people leaving Cisco recently

#cisco #business

8 November 2016

http://muratbuffalo.blogspot.ru/2016/11/why-does-cloud-stop-computing-lessons.html

Cloud services are not five-nines reliable, no matter how some people would like others to believe in magic

#cloud #reliability

http://faststorage.eu/public-cloud-iaas-is-it-really-that-cheap/

reiteration of the fact that IaaS isn’t cheaper (longterm) for many usecases compared to buying hardware

#cloud #business

9 November 2016

http://unix.stackexchange.com/questions/22615/how-can-i-get-my-external-ip-address-in-a-shell-script

one very useful StEx Q&A; notable mentions:

nslookup . ifcfg.me dig +short myip.opendns.com @resolver1.opendns.com curl wgetip.com wget -qO- ident.me

#tools #networking

10 November 2016

https://blog.acolyer.org/2016/11/10/when-csi-meets-public-wifi-inferring-your-mobile-phone-password-via-wifi-signals/

password-stealing by way of monitoring your phone’s wifi signal

there are already a few methods to counteract it (shuffling the numbers on the keypad each time for one), so paranoia level remains at yellow

#infosec #wifi

12 November 2016

http://www.dialabc.com/sound/generate/index.html?pnum=42&auFormat=wavpcm44&toneLength=300&mtcontinue=Generate+DTMF+Tones

a DTMF tone sample generator

#uc #tools

https://www.cisco.com/c/en/us/products/collateral/routers/4000-series-integrated-services-routers-isr/datasheet-c78-732542.html

#cisco ISR 4k datasheet was updated recently with the new 4221 model looks like it’s there to kill the 1900/800-series

#networking #devices

15 November 2016

https://www.openssl.org/news/secadv/20161110.txt

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl

fresh and already patched in upstream, so just wait for #cisco and other $vendor to update

#infosec

http://blacknurse.dk/

another DoS for many firewalls, problem in ICMP handling

#cisco ASA, sonicwall, palo alto, fortinet are vulnerable; iptables, windows firewall, pfsense are not

#infosec

http://www.dimensiondata.com/Global/Downloadable%20Documents/Network%20Barometer%20Report%202016.pdf

- companies are starting to refresh network equipment earlier - 76% of network devices have at least one known vulnerability and nobody is patching - adoption of IPv6-ready devices has risen - only 26% of incidents are mitigated by support contracts

#infosec #networking #business #reliability #research

16 November 2016

https://www.vmguru.com/2016/11/vsphere-6-5-general-available-today/

new release of ESXi

#virtualization #vmware

19 November 2016

https://twitter.com/USNavy/status/799057846373613568

Rear Admiral Grace Hopper was awarded POTUS Medal of Freedom

#cs #history

http://www.analysisgroup.com/uploadedfiles/content/insights/publishing/broadband_competition_report_november_2016.pdf

a recent study that shows that competition between ISPs and introduction of higher access speeds is good for the customers; no surprise, but now we have research data to back the claim

#research #isp #business

https://samy.pl/poisontap/

now 1. make this USB-key sized, 2. distribute a few around any office building … PROFIT!

#infosec #tools

https://duo.com/docs/cisco

discovered a neat 2FA system compatible with #cisco anyconnect the downside is it’s a “cloud” offering, so not everybody will like it

#infosec #tools

21 November 2016

http://www.ietfjournal.org/multipath-tcp-deployments/

some practical applications and challenges in MP TCP delpoyment

#networking #technology

https://code.facebook.com/posts/1709127516080157/networking-scale-boston/

Networking @Scale Boston 2016 conference recordings

#networking #cloud #conference

22 November 2016

http://6lab.cisco.com/

discovered this collection of data on global IPv6 deployment; looks like an aggregation from other sources

#ipv6 #networking #cisco #tools

https://about.gitlab.com/2016/11/10/why-choose-bare-metal/?

the story of GitLab leaving AWS for baremetal servers to support their growing storage performance needs - once again demonstrates the limits of cloud computing

#cloud #business

https://www.microsoft.com/en-us/research/wp-content/uploads/2016/10/Cloud-Scale-Acceleration-Architecture.pdf

on the use of FPGAs between network and servers for service/network acceleration

#networking #cloud #research

24 November 2016

http://arstechnica.com/tech-policy/2016/11/trump-hires-two-net-neutrality-opponents-to-oversee-fcc-transition/

there’s a HUGE celebration at AT&T / Verizon HQ, this thanksgiving they are thankful to Trump

#networking #policy #isp

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd

while #cisco is investigating, those of us who run #linux are updating

#infosec

25 November 2016

http://motherboard.vice.com/read/a-loud-sound-just-shut-down-a-banks-data-center-for-10-hours

so yeah, you can put a datacenter down by being very loud

also, test your fire suppression system after installation, not during operation

#technology #business #reliability #storage

http://arstechnica.com/security/2016/11/us-navy-warns-134000-sailors-data-breach-hpe-laptop-compromised/

personal information of thousands of people was leaked due to a single laptop compromise this is telling, security is often a matter of one weak link failing

#infosec

http://www.crn.com/slide-shows/networking/300082398/top-22-cisco-technology-innovators-who-have-headed-for-the-door.htm

maketh one contemplate much about #cisco internal politics at play in these occasions who’s to say it’s good that so many veterans are leaving to pursue positions with competitors in such a short timeframe after new CEO comes to chair?

#business #people

26 November 2016

http://www.dailydot.com/layer8/bruce-schneier-internet-of-things/

Bruce Schneier testified in front of a HoR committee on the problems with IoT and Internet in general, recognizing the growing need for regulation

#infosec #policy #people

http://www.wsj.com/articles/avaya-weighing-bankruptcy-filing-sale-of-call-center-software-unit-1479941695

Avaya is indebted and on the brink of bankruptcy? huh…

#business #uc

29 November 2016

http://sprobe.cs.washington.edu/

use sprobe to measure bandwidth between hosts when installing a remote agent is not an option PDF version of sprobe paper follows (thanks to Vadim Gabel for conversion) #tools #networking #cs

1 December 2016

http://www.nil.com/en/blog/so-you-want-to-become-a-cloud-provider/

a realistic look at the most common #cloud provider wannabe pitfalls

#business

https://aws.amazon.com/snowmobile/

never underestimate the bandwidth of a truck full of hard drives speeding on a highway, they said

#technology #cloud

https://twitter.com/YusufBhaiji/status/804203566508347393

#CCIE infrastructure datacenter video tour - quite interesting to have a peek at how they do the #wireless racks

#cisco #networking #technology #servers

https://www.suse.com/communities/blog/acquisition-news-suse-acquiring-iaas-and-paas-technology-and-talent-from-hpe/

ok, this was unexpected: SUSE buys OpenStack and CloudFoundry from HPE, engineering force included

#business #cloud #linux

3 December 2016

https://blogs.cisco.com/cin/cisco-apple

it’s no secret #cisco and apple were working together a lot to make wifi on the iphones better for years so here’s another glimpse at what was gong on in that area recently

#networking #wifi

https://amazonlightsail.com/

a new #cloud service by amazon targeted at the market currently served by digital ocean and a plenthora of VPS providers at the moment, the pricing model is almost exacly like that of DO, but the service is provided from us-east-1 region only (probably subject to change)

#business #servers #virtualization

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc33783

interesting severe bug in #cisco nexus 9k - when dst MAC address starts with 4 or 6, the packet is dropped - something with VPLS: does not affect normal processing - happens because software sets a flag wrong wen programming the ASIC (from a follow-up in nanog mailing list) - as Pete Lumbis puts it, it’s the classic “look at the nibble to determine if ethernet or IP under label” problem

#networking #technology #reliability #troubleshouting

http://arstechnica.com/gadgets/2016/12/the-nokia-licensing-deal-gets-finalized-android-phones-coming-in-2017/

what can I say?

MAKE 3310 GREAT AGAIN

Upd: http://www.nokia.com/en_int/phones/all-phones

#business #sswa

6 December 2016

http://www.infoworld.com/article/3143062/cloud-computing/memo-to-cloud-providers-stop-selling-pipe-dreams.html

a concise opinion on what #cloud providers should do: >Enterprises want cloud computing providers to provide the basics, > provide those basics without outages or security issues, and meet > their SLAs. The rest is fluff.

#business

http://blog.kraken.com/post/153209105847/security-advisory-mobile-phones

on the security of phone-based two-factor authentication TL;DR: ditch it, use other means or at least setup a Google Voice

#infosec

7 December 2016

http://arstechnica.com/security/2016/12/millions-exposed-to-malvertising-that-hid-attack-code-in-banner-pixels/

sneaky, attacks Flash in IE;

#infosec

8 December 2016

https://www.nngroup.com/articles/computer-skill-levels/

a survey of computer skills among people of OECD countries

#business #technology #policy #cs

https://gchq.github.io/CyberChef/

interesting tool to learn encryption

#infosec #tools

9 December 2016

http://rackstuds.com/

#tools #hardware

13 December 2016

http://www.theregister.co.uk/2016/12/13/cisco_to_kill_its_intercloud_public_cloud_on_march_31st_2017/

intercloud eol well, let’s still wait for an official announcement

#cisco #cloud #business

http://www.itnews.com.au/news/hpe-storage-crash-killed-ato-online-services-444490

i hope we’ll see a technical postmortem on this made available to public but what’s clear is that an “enterprise-grade” storage system with redundancies, failsafes, and backups, is still a single failure domain

#storage #hardware #reliability

https://aws.amazon.com/ru/blogs/aws/aws-managed-services-infrastructure-operations-management-for-the-enterprise/

while some are closing public #cloud #business others open doors to a wider range of enterprise customers go figure

http://www.seattletimes.com/business/boeing-aerospace/faa-orders-787-safety-fix-reboot-power-once-in-a-while/

so yeah, there are bugs in that industry’s computers too reminds of an old joke “if operating systems were airlines”: you have a chace to hang midflight

#reliability

28 December 2016

http://iepg.org/2016-11-13-ietf97/2016-11-13-ddos.pdf

a discussion of recent attacks on DNS and possible mitigations Personally, I’m inclined towards option 4 (IP filtering)

#infosec #networking #technology #research

https://tools.ietf.org/html/draft-ietf-ntp-bcp-02

for those interested in keeping up with time, an updated NTP BCP #rfc includes such important information as: - leap second handling (we’ll have one quite soon) - ntp security - pool.ntp.org usage guidelines

#infosec #technology

https://www.technologyreview.com/s/602981/social-media-is-killing-discourse-because-its-too-much-like-tv/

“…we should write and read more, link more often, and watch less television and fewer videos—and spend less time on Facebook, Instagram, and YouTube”

#it #society

http://etherealmind.com/aws-shield-managed-ddos-protection/

a concise analysis of AWS newest feature - the DDoS protection $AMZN continues to disrupt incumbent services / devices I see that they are targetting a rather narrow band of consumers though, so there’s always room for others under the sun

#cloud #business #infosec

http://arstechnica.com/security/2016/12/thieves-can-guess-your-secret-visa-card-details-in-just-seconds/

a practical and already automated attack on the payment system that allows for card data to be obtained I bet some bank’s antifraud would stop this early, but then not every bank round the globe is that good

#infosec

https://www.theatlantic.com/technology/archive/2016/12/cuban-telephone-fraud/509006/

some light reading: fascinating phone fraud stories

#infosec #isp

6 January 2017

I hope there’s more to come, as this seems to be the only way the situation can ever be set right

#business #networking #infosec #iot #policy

8 January 2017

http://www.wsj.com/articles/ai-program-vanquishes-human-players-of-go-in-china-1483601561

hate the paywall, but this article on AlphaGo is rather interesting chief takeout is, we don’t readily understand its way of decisionmaking, but it’s very good at one of our games

#business #iot #people #history #Accomplishments

http://www.theregister.co.uk/2017/01/07/tv_anchor_says_alexa_buy_me_a_dollhouse_and_she_does/

this wasn’t the first time something like this happened and many have been predicting this outcome for years, so no surprise that voice-activated tech is vulnerable to such attacks

#iot #infosec

12 January 2017

http://www.hiddenvoicecommands.com/demo

and here’s an attack which can’t be normally heard by humans; works great for exploiting voice command vulnerabilities mentionned above

#iot #infosec

21 January 2017

http://arstechnica.com/security/2017/01/already-on-probation-symantec-issues-more-illegit-https-certificates/

I said it before and I say it again: Symantec & co. should be distrusted web as we have it is fragile enough in this respect

#infosec #business

http://www.avaya.com/en/about-avaya/newsroom/news-releases/2017/pr-us-170119a/

Avaya filed for bankrupcy

#business #uc

https://www.schneier.com/blog/files/Privacy_in_Our_Digital_Lives.pdf

privacy is a right or at least it was considered as such during Obama’s time well, at least in speaches

Bruce Schneier mentions that the document was deleted from whitehouse.gov during Trump transition so much for preserving freedoms for future generations

#policy #infosec

1 February 2017

https://www.ietf.org/blog/2017/01/barriers-to-entry/

https://www.usenix.org/blog/usenix-reaction-presidential-executive-order-%E2%80%9Cprotecting-nation-foreign-terrorist-entry-united

at least two major organizations in computing have publicly reacted to Trump’s ban IETF apparently will move the next meeting out of the USA

#policy #cs

4 February 2017

https://arxiv.org/pdf/1701.05789.pdf

Consequences of Unhappiness While Developing Software

I daresay this applies to other engineering jobs as well

#research #people

https://www.cisco.com/c/dam/m/digital/1198689/Cisco_2017_ACR_PDF.pdf

Cisco Annual Cybersecurity report 2017 (i.e. it covers 2016)

#research #infosec

8 February 2017

https://system76.com/cart/configure/lemu7

I really wish all laptop vendors allowed configure-to-order in this simple and comprehensible no-nonsense way

#tools

https://www.cisco.com/c/en/us/support/web/clock-signal.html

networkers on twitter/reddit already found that despite the trigger being the quartz, the real problem lies in faulty Intel Atom C2000 SoC

see also: https://www-ssl.intel.com/content/dam/www/public/us/en/documents/specification-updates/atom-c2000-family-spec-update.pdf http://www.tomshardware.com/news/intel-cpu-failure-atom-processor,33538.html

at the moment, we know that #cisco is the only vendor to come forward about the problem; but the same SoC is used also in Synology NAS appliances, HPE 6921/6941 switches and in many other devices

#tech #business #reliabilty

11 February 2017

https://www.us-cert.gov/sites/default/files/publications/AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity.pdf

finally there’s some meat to that empty shell released earlier this year

#policy #infosec

https://www.theregister.co.uk/2017/02/10/windows_mirai_bot/

Windows version of Mirai fascinating

#infosec

13 February 2017

https://jhalderm.com/pub/papers/interception-ndss17.pdf

The security impact of HTTPS interception

i.e. MITM of TLS considered harmful

#research #infosec

https://www.linkedin.com/pulse/adi-shamir-makes-15-predictions-next-years-andreas-sfakianakis

Adi Shamir’s predictions for #infosec

https://www.google.com/maps/d/viewer?mid=1Z1dI8hoBZSJNWFx2xr_MMxSxSxY&hl&ll=16.914334595056022%2C39.739915100000076&z=2

a great collection, useful for travellers

#tools

14 February 2017

https://arstechnica.com/information-technology/2017/02/munichs-linux-deployment-once-again-in-doubt-may-switch-to-windows-10-by-2020/

#policy #windows #linux

https://arstechnica.com/science/2017/02/as-us-russia-eye-stagnant-space-budgets-india-ramps-up-investment/

well, somebody must be investing in space exploration at all times - it was fruitful before, and all of humanity will reap the benefits of continuing these endeavours

#policy #research

https://arstechnica.com/gadgets/2017/02/intel-coffee-lake-14nm-release-date/

the sunset of the Moore’s law? apparently Intel hit a roadblock and won’t go beyond 14nm (and as such won’t be packing much more transistors on the same die)

#hardware #research #business

16 February 2017

https://arstechnica.com/information-technology/2017/02/microsoft-cancels-february-patch-tuesday-despite-0-day-in-wild/

Intel breaks tick/tock, $MSFT breaks patch Tuesdays the end in nie, mark my words!

#infosec

https://arstechnica.com/gadgets/2017/02/all-new-smartphones-run-ios-android/

#business

17 February 2017

http://www.zdnet.com/article/google-sorry-for-wide-scope-outage-but-canary-testing-brought-our-cloud-down/

last month’s Google cloud downtime explained. sort of.

#business #reliability

https://arstechnica.com/information-technology/2017/02/verizon-offers-unlimited-data-and-wont-throttle-video-unlike-t-mobile/

unlimited internet access plans return to US ISPs offering after 6 years of absence what’s still bothering me is the tethering restriction; if I pay for my bandwidth, what do they care how I use it? It’s like an electricity company saying I can’t use an extension cord

#business

http://www.bbc.com/news/world-europe-39002142

that’s actually rather disturbing

#iot #infosec #policy

18 February 2017

http://www.slideshare.net/diogomonica/from-0-to-0xdeadbeef-security-mistakes-that-will-haunt-your-startup

some points are questionable, but overall - a good security advice

#infosec

https://tinyletter.com/b0rk/letters/how-do-you-become-an-excellent-programmer

as usual, many points are applicable to any engineer

#business

https://twitter.com/Cisco/status/831982020351832064

so, #cisco now is definitely a security vendor

#business #infosec

http://www.reed.com/blog-dpr/?page_id=6

brief history of how UDP was introduced

that actually goes a bit au contraire to what I’ve read in “Where wizards stay up late” and “OSI: the Internet that wasn’t” so cool to get another perspective on these events that led to networking as we know it today

#history #research

19 February 2017

http://notcp.io/

continuing on UDP goodness

TCP might be nice (not for long links though), but UDP gives you (the app developer) more raw control over communication

#research

20 February 2017

https://www.ietf.org/blog/2017/01/a-new-rfc-archive/

the IETF is patnering with the National Library of Sweden to archive RFCs

#policy #history

21 February 2017

http://www.slideshare.net/mrembetsy/devops-picc12-management-talk/

how to manage a network engineering team not only for devops

#networking #management

https://www.zyantific.com/blog/bypassing-telekom-fon-hotspot-authentication/

or why it is important to be well versed in regex if you use them for whitelisting

#tools #infosec

http://superuser.com/a/1152960

18./8 was assigned to MIT so long ago…

#history

https://arstechnica.com/gadgets/2016/12/802-11ad-wifi-guide-review/

a short bit about 60GHz wifi

#tech

23 February 2017

https://research.trust.salesforce.com/Meraki-RCE-When-Red-Team-and-Vulnerability-Research-fell-in-love.-Part-1/

the most interesting thing I learned from this post is that Salesforce has several dedicated security research teams

otherwise, the post documents the discovery process of a few vulnerabilities in a Meraki-branded #cisco product oh, and there’s part two!

#infosec #research

24 February 2017

https://www.bussink.ch/?p=1810

where the author describes good reasons for moving from 10GBASE-T to SFP+ ports

#networking

https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

SHA1 collision found, and it’s cheap (compared to bruteforce) Google plans to release the code in 90 days

they did it on GPUs, but I expect someone to make an ASIC farm within a year

#infosec

https://www.sdxcentral.com/articles/news/cisco-makes-tetration-analytics-available-wider-audience/2017/02/

just 700k$ + 80k$/year for 1000VMs monitored that’s just the platform (i.e. the tool), add the (rare) expertise to run it and more to actually make use of it; I wonder what the bottom line is estimated to be over 5y.

As I don’t have relevant experience, I also have little but wonder about how a cost like this is recovered. Note that it’s a tool used to monitor other tools, which are used to run other tools…

#tools #cloud #business

https://www.nanog.org/sites/default/files/Aben_Lost_Stars_-_v1.pdf

some answers as to why ipv6 is still underdeployed

#tech #policy #networking

https://tools.ietf.org/html/draft-palet-v6ops-rfc7084-bis-00

an RFC draft that outlines the basic requirements an ipv6 CE router should meet

#rfc #policy #networking

https://tools.ietf.org/html/draft-farrel-soon-04

from the tone of this one (with fat attempts at sarcasm) it will eigher become April 1st ‘17 RFC or will break some egos in IETF

also, notice that it’s in the 4th edition, so must be quite mature already and will be ratified SOON

#rfc #policy

25 February 2017

https://arxiv.org/pdf/1605.05606.pdf

a very comprehensive study of Carrier-Grade NAT deployments

#networking #isp #research

https://www.cisco.com/c/en/us/products/collateral/security/asa-5500-x-series-next-generation-firewalls/eos-eol-notice-c51-738643.html

oh my so #cisco are really killing the “classical” ASA series…

#networking

http://www.chiark.greenend.org.uk/~sgtatham/putty/

the most popular terminal emulator for windows gets a new release

PuTTY 0.68 released, containing ECC, a 64-bit build, and security fixes

#tools

26 February 2017

https://istlsfastyet.com/

some motivation for those still slacking

#infosec

https://www.cisco.com/c/dam/en/us/products/collateral/security/firepower-4100-series/datasheet-c78-736661.pdf

the devices to replace recently EOS #cisco ASA

#networking #tools #infosec #hardware

1 March 2017

http://www.theregister.co.uk/2017/02/28/aws_is_awol_as_s3_goes_haywire/

it’s the second internet-scale problem (since #cloudbleed ) the world experiences just in one month

my guess is, they tried to do something about SHA-1 collision and it started killing back-end nodes like wildfire

#cloud #reliability #awsdown

https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-666.pdf

an evil-minded virus that spreds through temptation and blackmailing fascinating

#infosec #research

https://arxiv.org/pdf/1702.07800.pdf

a great summary of everything deep learning

#research

https://drive.google.com/file/d/0B5gNT4RRJ0xPcC1mT3Y2T2hJUVk/view

how DNS works in TOR networks

#infosec #tech #networking

https://eprint.iacr.org/2017/190.pdf

the paper describes some technical details of how the recent SHA-1 collision was found, the computational cost of the procedure and the limitations

#research #infosec

2 March 2017

https://zakird.com/papers/https_interception.pdf

The Security Impact of HTTPS Interception

both commercial middleboxes and antivirus products are found to degrade security for the end-user

#infosec #research

https://twitter.com/askbow/status/837184402375471104

#tools

6 March 2017

http://virtualization.info/en/news/2009/06/vmware-asks-veeam-to-remove-support-for.html

the real reason behind Veeam not working on free ESXi what a shame

#business #tools

7 March 2017

http://www.csoonline.com/article/3176433/security/spammers-expose-their-entire-operation-through-bad-backups.html

details of a spamming operation uncovered due to them being sloppy with backups

#business #infosec

https://arstechnica.com/tech-policy/2017/03/us-will-suspend-fast-processing-for-h-1b-visas/

https://arstechnica.com/tech-policy/2017/02/trump-may-soon-sign-executive-order-re-vamping-h-1b-visa-program/

so, lots of tech talent will be affected

#policy #business

8 March 2017

https://blogs.dropbox.com/tech/2017/02/meet-securitybot-open-sourcing-automated-security-at-scale/

dropbox are opensourcing their interactive security alert helper

#tools #infosec

http://www.crn.com/news/networking/300084092/extreme-networks-to-buy-avayas-networking-business-for-100m.htm

so, that’s how avaya is handling their financial problems twitterpeople say it’s a good move for extreme

#business

https://blogs.cisco.com/security/the-wikileaks-vault-7-leak-what-we-know-so-far

#cisco is being cisco, i.e. being honest in talking about #infosec problems their equipment has they admit the problem and saying they’re working on it

#policy

9 March 2017

https://forum.mikrotik.com/viewtopic.php?f=21&t=119308&p=587512#p587512

interstingly, mikrotik is another #networking vendor that is mentionned in the leaked docs a lot

so here’s their official response quite good, honest, consise and to the point

#infosec #business #policy

https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/q4-2016-state-of-the-internet-connectivity-report.pdf

akamai’s state of the internet Q4 2016 report

#tech #business #research #internet

12 March 2017

http://www.esharp.net/cisco-meraki-adds-beta-bgp-support-to-mx-appliances/

BGP support coming to #cisco meraki devices

#networking

13 March 2017

https://tools.ietf.org/html/rfc8117

Current Hostname Practice Considered Harmful

fresh RFC to inform us on privacy problems arising from common ways to use hostnames

#rfc #infosec

18 March 2017

https://arstechnica.com/security/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/

a reminder that nothing is ever fully secure: given enought motivation, some people are capable to remotely get around some of the most effective security measures: sandboxing under a VM

#infosec

20 March 2017

https://arstechnica.com/security/2017/03/a-simple-command-allows-the-cia-to-commandeer-318-models-of-cisco-switches/

-6500, are you connected to the CIA? -…

#cisco #infosec #policy

24 March 2017

https://cumulusnetworks.com/blog/vrf-for-linux/

VRF support in-kernel not another namespace, just a thin layer

#tech #networking

motivation to de-trust Symantec certificates

#infosec #policy

https://communities.vmware.com/community/vmtn/vvd/vmware-validated-design-for-sddc-4x/content?filterID=contentstatus[published]~objecttype~objecttype[document]

newest edition of vmware’s SD DC validated design

#tech

27 March 2017

http://www.citylab.com/crime/2017/02/cellphone-spy-tools-have-flooded-local-police-departments/512543/

on proliferation of cellphone tracking systems in use by law enforcement agents

#tech #policy #infosec

30 March 2017

https://learningnetwork.cisco.com/community/expert-level-certifications-agile-blueprints

#cisco has decided (at last) on a strictierish schedule of #CCIE revisions seems reasonable

https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-2960-l-series-switches/datasheet-c78-737665.html

just discovered new #cisco 2960L switches

#networking

https://www.dropbox.com/s/hzy47qf24mewhea/2017-EU.pdf?dl=0

Mikrotik User Meeting - new products announced

#networking

31 March 2017

https://cmaurice.fr/pdf/ndss17_maurice.pdf

VM isolation is a myth

#infosec

1 April 2017

https://twitter.com/SwiftOnSecurity/status/773234893203451904

wonderful thread about how to use printers to hack networks

#infosec

https://twitter.com/leyrer/status/847816162557689857

nuff’said

#reliability

http://www.reuters.com/article/us-usa-cyber-defense-idUSKBN17013U

“…Across the federal government, about 90 percent of all spending on cyber programs is dedicated to offensive efforts, including … developing the means to disable or degrade infrastructure”

I’ve come across a report recently (you can easily google it, so it’s sorta public) internal to a specific Russian infrastructure org; there they claim that “they haven’t been breached ever” and don’t understand the monetary gain from hacking them, thus they conclude they don’t need to improve #infosec [anymore]. #naïveté <-new tag, yay!

#policy

https://arstechnica.com/security/2017/03/smart-tv-hack-embeds-attack-code-into-broadcast-signal-no-access-required/

who’ve ever believed that “smart tv” was a good idea ever - they spy on you - they are yet another channet to influence you - they can be hacked over the net - [with this news] they can be hacked over the air en masse by anybody

#infosec #iot

2 April 2017

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/16-3/configuration_guide/b_163_consolidated_3850_cg/b_163_consolidated_3850_cg_chapter_010101001.html

#cisco 3850 switches now support VSS aka remote stacking

#tech #networking

3 April 2017

https://www.rfc-editor.org/rfc/rfc8140.txt

new April1st RFC, enjoy!

#networking

4 April 2017

https://spqr.eecs.umich.edu/papers/trippel-IEEE-oaklawn-walnut-2017.pdf

new cool way to breach airgap: accelerometer spoofing

#iot #infosec

https://www.quora.com/What-made-Xerox-PARC-special-Who-else-today-is-like-them/answer/Alan-Kay-11

what was special about Xerox PARC - where maybe half of today’s networking and computing originated

#research #networking #history

https://www.sparkfun.com/news/2231

the story behind 9600 bps modems, 300 bod

#history #networking #tech

13 April 2017

https://mjg59.dreamwidth.org/47803.html

IKEA’s Trådfri is an example of #iot security not perfect but as close as it gets

#infosec

https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-antennas-accessories/prod_white_paper0900aecd806a1a3e.pdf

a very good technical publication about common #wifi antennas, their radiation patterns and other parameters

#tech #networking #mustread

16 April 2017

http://dinosaurspen.tumblr.com/

old computer photoblog - just for fun

#history #tech

24 April 2017

https://github.com/inverse-inc/packetfence/

an open source network access control system

#networking #infosec

26 April 2017

https://tools.ietf.org/html/draft-lvelvindron-curdle-dh-group-exchange-00

this RFC draft proposes to update the minimum recommended modulus length for DH groups to 2048 quite a reasonable proposition, given the developments of the last few years

#infosec

2 May 2017

http://investor.cisco.com/investor-relations/news-and-events/news/news-details/2017/Cisco-Announces-Intent-to-Acquire-Viptela/default.aspx

#cisco is buying an SD-WAN vendor Viptela

#business

3 May 2017

https://www.autodeskresearch.com/publications/samestats

where the authors show why pure statistics without data are useless

#research

11 May 2017

https://blog.webernetz.net/2013/07/30/password-strengthentropy-characters-vs-words/

oldie-but-goldie: about password complexity

#infosec #research

12 May 2017

http://packetpushers.net/ccde-integrity-transparency-trust/

this May’s CCDE exam was cancelled here’s some good thoughts on the event by one of the candidates

#cisco

https://blog.webernetz.net/2017/05/09/basic-cisco-configuration/

a very nice basic config for #cisco #tech

http://silvertonconsulting.com/blog/2016/08/13/facebook-moving-to-jbof-just-a-bunch-of-flash/#sthash.SAljmZFT.dpbs

just a bucnh of flash, by Facebook the “why” section has one intersting point: they are going away from [hyper]converged servers (compute/storage) to be able to scale them cheaply and independently also, this config slightly reminds me of (now EOS) #cisco UCS M-series

#servers #storage #tech

13 May 2017

https://labs.ripe.net/Members/becha/results-dns-measurements-hackathon

there are some [generally] interesting results there; for example, stale NS records are sometimes still propagated for days after an update

#research

https://www.spinellis.gr/blog/20170510/

a bit about Unix archtecture evolution

#tech #history

15 May 2017

http://www.networkworld.com/article/3195838/cloud-computing/you-really-should-know-what-the-andrew-file-system-is.html

AFS is an early example of a secure (by its time standards) networked system worth studying

#tech #history #infosec

http://ethancbanks.com/2017/04/12/managing-your-time-when-you-have-too-many-things-you-want-to-do/

<— so much this a little sad, but true story of a networking engineer managing their time

#nontech #people

http://www.netcraftsmen.com/considering-sd-wan-make-best-decision-organization/

a well-measured opinion on where to go with SD-WAN if you’re a small / medium #cisco shop

#tech #networking

16 May 2017

https://www.cs.utexas.edu/users/EWD/transcriptions/EWD08xx/EWD896.html

“Simplicity is a great virtue but it requires hard work to achieve it and education to appreciate it. And to make matters worse: complexity sells better.”

some problems in computing are rather persistent; even Dijkstra wrote about the complexity thing

#history #research

17 May 2017

https://www.youtube.com/mikrotik/playlists

networking isn’t limited to big $vendors here’s a list of session recordings from Mikrotik User Meetings

#networking

http://www.wlanpros.com/wlpc-client-sensitivity-testing-results/

what makes #wifi testing unreliable is the spread of client sensitivity

https://www.schneier.com/blog/archives/2017/02/security_and_th.html

motivation for more gov.t control over information technology industry and yes, #iot damned lack of security

#infosec #policy

http://doc.cat-v.org/bell_labs/utah2000/utah2000.html

how systems software #research was irrelevant in the early 2000, why, and proposed ways out

#history

18 May 2017

https://howdoesinternetwork.com/2016/6880-issu

a nice detailed step-by-step guide for #cisco VSS ISSU process; I believe the same process should hold for 6500 as well

#tech #networking

https://web.archive.org/web/20161020144256/http://danluu.com/why-ecc/

a case for using ECC memory in servers and other computers

#tech #reliability

19 May 2017

https://www.sunet.se/blogg/we-are-at-the-forefront/

Sweden’s scientific network SUNET is finished and with great results: - current capacity 7.2Tbps, practially scalable to 107Tbps, theoretically - 688Tbps - Juniper routers form the core - 4.1 exabyte of data a month - 100 Gbps core interfaces - 200/400 in the future - 10/40/100 Gbps access interfaces I think their blog is the best example of how to build public knowledge about what you’re doing and why

#networking #tech #research

22 May 2017

https://www.engadget.com/2017/05/17/us-senate-approves-signal-for-staff-use/

that sort-of settles it: Signal is good enough to use

#infosec #policy

24 May 2017

https://medium.com/@istumbler/the-sad-state-of-wi-fi-apis-in-apple-platforms-943893be17a2

the reason behind iphone’s lack of #wifi scan kind of apps - lack of public API

#tech

https://security.radware.com/ddos-threats-attacks/brickerbot-pdos-permanent-denial-of-service/

Radware’s description of an attack on #iot that doesn’t really spread, but instead targets to destroy the victim devices

#infosec

25 May 2017

https://simplesecurity.sensedeep.com/web-developer-security-checklist-f2e4f43c9c56

not only for web devs, this concise checklist will be useful to many people

#infosec

30 May 2017

https://askbow.com/2017/05/30/happens-start-cisco-6500-switch-without-fan-module/

it overheats, obviously

#lab #tech #research #blog

1 June 2017

http://seclists.org/oss-sec/2017/q2/366

several CVEs in linux kernel networking functions can be used for DoS

#infosec #networking

2 June 2017

https://insinuator.net/2015/06/is-ipv6-more-secure-than-ipv4-or-less/

the state of #IPv6 security in 2015 now I wonder if anything has changed for the better since then

#infosec #networking

http://www.prnewswire.com/news-releases/uptime-institute-annual-survey-results-enterprise-owned-data-centers-still-primary-compute-venue-300448367.html

the study shows that not everybody has moved to the cloud, nor do they plan to do it in the near future

#cloud #research

https://vimeo.com/177768909

a nice way to #IPv6 no “transition” or retention of rather dated ipv4 mentality, but a clean purposeful design of addressing

#networking

5 June 2017

https://www.theregister.co.uk/2017/06/02/british_airways_data_centre_configuration/

some light on the british aiways’ recent datacentre meltdow this might be the second [publicly known] instance in the recent history when the failure on one site was automatically propagated to the remote ones

#reliability

http://datacenterfrontier.com/amazon-building-custom-asic-chips-to-accelerate-cloud-networking/

amazon AWS: custom silicon, custom servers

#cloud #business #tech

6 June 2017

http://lostintransit.se/2017/06/06/certification-major-news-expert-level-recertification/

big news: continuing education as a recertification option for ccie/ccde

#cisco

9 June 2017

https://www.internetsociety.org/sites/default/files/IPv6_report_2017-0606.pdf

state of #ipv6 in the global Internet - deployment is growing both across content sources and eyeballs

#networking

https://dq756f9pzlyr3.cloudfront.net/file/Internet+Trends+2017+Report.pdf

what’s happening in the Internet

#business #research

13 June 2017

https://www.itnews.com.au/news/public-cloud-costs-push-cba-to-openstack-464239

a case study showing a move from “public” AWS #cloud to private bare-metal openStack in a bank

#business #tech

14 June 2017

https://arstechnica.com/business/2017/06/charles-thacker-key-designer-of-the-xerox-alto-dies-at-74/

#history #tech

16 June 2017

https://www.theverge.com/2017/6/13/15782200/one-device-secret-history-iphone-brian-merchant-book-excerpt

the story of how the iphone as a product was born

#history

18 June 2017

http://www.tomshardware.com/news/european-parliament-end-to-end-encryption-communications,34809.html

end-to-end encryption FTW!

#infosec #policy

https://blog.cloudflare.com/the-relative-cost-of-bandwidth-around-the-world/

some light on the peering and transit costs in different parts of the world

#business #networking

http://www.lightreading.com/mobile/5g/how-much-will-5g-cost-no-one-has-a-clue/a/d-id/733753

some details on what 5G mobile network economics might look like

#business

21 June 2017

https://standards.ieee.org/findstds/standard/802.11-2016.html

freshest dot11 version is available for download

#wifi #tech #networking

https://arxiv.org/pdf/1607.01639.pdf

wanna know how new #cisco IPS finds malware in encrypted traffic? here’s their research paper going into the gory details: - no decryption / DPI - machine learning FTW

#infosec #research #tech #networking

https://github.com/cisco/joy

and for those so inclined, the open source version of said #cisco IPS (see above)

#tech #infosec #networking

23 June 2017

https://www.ieee-security.org/TC/SP2017/papers/207.pdf

The Password Reset MitM Attack

discusses ways towards designing a secure password reset process and limitations of popular methods

#infosec #research

24 June 2017

https://www.amazon.com/XG-C100C-Network-Adapter-PCI-E-Single/dp/B072N84DG6/

I had my reservations about NBASE-T hype, mostly because its applications were limited (some #cisco dot11ac access points only)

now you can get a NIC for 1-2-5-10G over UTP for $100 and I think it’s pretty cool

#networking

10 July 2017

https://tools.ietf.org/html/rfc8212

another new BGP RFC, proscribing default routing policy for eBGP sessions the default is a safe one - deny any in and out, so the ops need to explicitly configure policy to allow routes to flow

#networking

14 July 2017

http://www.cisco.com/c/en/us/td/docs/wireless/technology/mesh/8-4/b_Dorm_deployment_guide.pdf

#cisco wireless dorm deployment guide

#networking

https://vincent.bernat.im/en/blog/2017-ipv4-route-lookup-linux#lookup-with-a-level-compressed-trie

how route lookup is done in today’s #linux

#networking #tech

http://up2v.nl/2017/05/29/what-went-wrong-in-british-airways-datacenter/

on how one of the biggest recent IT catastrophies progressed

#reliability #tech

16 July 2017

https://tools.ietf.org/rfc/rfc8200.txt

suddenly, ietf published a renewed #ipv6 standard

#networking

18 July 2017

https://www.nextplatform.com/2017/07/17/google-wants-rewire-internet/

google is modernizing its connection to the Internet

#networking #tech

https://blogs.technet.microsoft.com/networking/2017/07/13/core-network-stack-features-in-the-creators-update-for-windows-10/

TCP CUBIC support will be added to Windows (in linux since circa kernel 2.6, i.e. >10 years)

and many other cool enchancements

#tech #networking

21 July 2017

https://insinuator.net/2017/06/testing-rfc-6980-implementations-of-freebsd/

most of this paper is on end-host security in the face of some #ipv6 attacks, but it also shows that important protections should be turned on on the network equipment, namely the RA guard which limits the attack surface a lot

#networking #infosec

https://security.googleblog.com/2017/07/final-removal-of-trust-in-wosign-and.html

google chrome finally completes distrust of WoSign and StartCom CAs; who’s next?

#infosec

24 July 2017

https://cryptosense.com/the-end-of-triple-des/

3des isn’t recommended for anything practical (#networking wise), and outside of that domain you should change keys every 8MB of data

#infosec

25 July 2017

https://www.reddit.com/r/talesfromtechsupport/comments/6ovy0h/how_the_coffeemachine_took_down_a_factories/

#nocomment #infosec #networking

http://www.cisco.com/c/dam/m/digital/elq-cmcglobal/witb/1456403/Cisco_2017_Midyear_Cybersecurity_Report.pdf

#cisco 2017 midyear cybersecurity report

business as usual: increase in spam, more cool malware hitting companies everywhere, flash still a dumpsterfire,

#infosec

26 July 2017

https://blogs.adobe.com/conversations/2017/07/adobe-flash-update.html

“Adobe is planning to end-of-life Flash. Specifically, we will stop updating and distributing the Flash Player at the end of 2020” enfin!

#infosec

27 July 2017

https://www.thingiverse.com/thing:705857

for those of us who are masterful in the art of 3D printing - a mount for AP useful during wireless site surveys

#networking #wifi

https://ripe74.ripe.net/archives/video/48/

for the #iot night is dark and full of terrors

#networking #infosec

https://tools.ietf.org/html/rfc8203

BGP Administrative Shutdown Communication new internet standard

#networking

21 August 2017

https://napalm-automation.net/yang-for-dummies/

YANG basics - one of the clearest explanations of what’s going on in this area

#sdn #networking

23 August 2017

https://blog.ycombinator.com/jeff-deans-lecture-for-yc-ai/

a nice lecture about what’s going on at google in ML division (plan for at least 45 minutes of listening)

#tech

29 August 2017

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/product/vmware-product-guide.pdf

some notes on vmware licensing

#business #tools

1 September 2017

https://hal.inria.fr/hal-01575519/document

Does disabling Wi-Fi prevent my Android phone from sending Wi-Fi frames? Abstract: No.

#infosec #tech #wifi

6 September 2017

https://www.youtube.com/watch?v=Z-Bt3ylCMIU

RIP Solaris

#business

12 September 2017

https://www.telenor.com/innovation/telektronikk/archive/

archives of Telenor’s Telektronikk magazine, which discusses various issues of #networking and SP #business

#worthreading #tech #history

13 September 2017

https://blog.apnic.net/2017/09/06/opinion-defence-nats/

on the #history and importance of NAT, also how #ipv6 effectively failed

#networking

18 September 2017

https://www.ernw.de/download/Enno_Rey_RIPE74_Structural_Deficits_IPv6.pdf

what the real problems with #ipv6 are and what to do with them security-wise

#networking #infosec #policy

https://www.nextplatform.com/2017/09/14/rare-peek-inside-400g-cisco-network-chip/

some dirty details on how some #cisco ASIC is constructed

  • it’s more like a GPU, if you ask me, but I’m not proficient enough to be trusted😉
  • run-to-completion in hardware
  • 800Gbps forwarding;
  • they don’t disclose what devices run on it; my guess is ASR

#tech #networking

20 September 2017

https://www.eff.org/deeplinks/2017/09/open-letter-w3c-director-ceo-team-and-membership

#wow EFF leaves W3C over DRM (an abominable tech that shouldn’t exist in a civilized world)

#policy #infosec

21 September 2017

https://github-debug.com/

a tool every major site has to have blog: https://githubengineering.com/github-debug/

#tools #networking

30 September 2017

https://medium.com/netflix-techblog/serving-100-gbps-from-an-open-connect-appliance-cdb51dda3b99

this is what you can do with your network performance if you take control of your application

#tech #networking

https://www.theregister.co.uk/2017/09/22/cisco_intersight_infrastructure_management_cloud/

rumor is, #cisco is going to kill UCSD

#business #cloud

https://github.com/apple/darwin-xnu

#wow apple published to open source its XNU kernel

are they trying o one-up microsoft?

#tech #business

2 October 2017

http://www.38north.org/2017/10/mwilliams100117/

so, NK was basically single-homed all that time?

#networking

3 October 2017

http://noxxi.de/research/breaking-dkim-on-purpose-and-by-chance.html

how to break DKIM signature validation in email sender verification

#research #infosec

4 October 2017

https://azure.microsoft.com/en-gb/status/history/

29/9 - RCA - Storage Related Incident - North Europe

fire suppression false alarm (during scheduled maintenance) resulted in Azure storage backend shutdown, affecting services in North Europe region

note that fire supression system worked correctly, the same way it would anywhere, so $MSFT was just unlucky to trigger it

#reliability

5 October 2017

https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html

quite a good explanation of why no security-minded person would do SSL inspection by decryption in production

#infosec #tech

7 October 2017

https://arstechnica.com/information-technology/2017/09/attackers-can-use-surveillance-cameras-to-grab-data-from-air-gapped-networks/

yet another air-gap breach, now via infrared capabilities of common security CCTV

#infosec

10 October 2017

https://www.forbrukerradet.no/siste-nytt/connected-health-devices-violate-users-privacy

Norwegian Consumer Council tested a bunch of #iot enabled health trackers and concludes that these are bad for privacy

#policy

14 October 2017

https://www.fastcompany.com/40437402/the-internets-future-is-more-fragile-than-ever-says-one-of-its-inventors

Vint Cerf’s perspective on some of today’s Internet problems; as often with his interviews, it’s a tad cloudy, but provides food for thought nevertheless

#tech #networking #policy

15 October 2017

https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/q1-2017-state-of-the-internet-security-report.pdf

akamai’s state of the internet Q1 2017 report

#tech #business #research #internet

17 October 2017

https://papers.mathyvanhoef.com/ccs2017.pdf

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 Abstract: We introduce the key reinstallation attack. This attack abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use key. This resets the key’s associated parameters such as transmit nonces and receive replay counters. Several types of cryptographic Wi-Fi handshakes are affected by the attack.

#infosec #wifi #research

19 October 2017

https://rule11.tech/reaction-networks-not-cars-cell-phones/

Russ White on disaggregating how we think about networks’ “future proofness” by separating hardware from software and applying separate requirements

#networking

20 October 2017

http://www.doyleassociates.net/blog/files/84a40d0e405b8d51020e764698631838-4.php

on the importance of failures in network operation

#networking #reliability

23 October 2017

https://plajjan.github.io/interoperable-100G/

the way to 100G DWDM interoperability between four major networking vendors (they did it!)

#networking #tech

24 October 2017

https://www.enog.org/wp-content/uploads/presentations/enog-14/8-Peering-Survey-2016-ENOG14.pdf

internet peering survey 5y update:

  • 99+% of peerings are informal, symmetric, IX-based
  • “paid peering” and “private peering” is rare
  • strong preference for countries with prevailing rule-of-law

#networking #research

28 October 2017

https://twitter.com/RoKhanna/status/923701871092441088

the old joke about net neutrality made real?

#networking

31 October 2017

https://www.cisco-freeware.com/

links to all of #cisco “free” stuff: - trial software - “apps” (i.e. software and tools packaged) - services - (some of the) CCO tools - training

#business

2 November 2017

https://www.gartner.com/doc/reprints?id=1-4HTU8NX&ct=171013&st=sb

Gartner MQ for wired & wireless LANs as of October 2017

#networking #business #research

https://www.slideshare.net/PacSecJP/georgi-geshev-warranty-void-if-label-removed

#infosec considerations for MPLS #networking

#research

https://www.cs.princeton.edu/~wlloyd/papers/rr-imc17.pdf

on feasibility and practicality of using IPv4 RR option for Internet-wide measurements and #research

#networking

https://learningnetwork.cisco.com/blogs/community_cafe/2017/10/17/the-magic-of-super-spines-and-rfc7938-with-overlays-guest-post

a detailed overview of BGP EVPN multi-tier Clos network construction considerations for scaling datacenter networks

#networking #tech

7 November 2017

https://staltz.com/the-web-began-dying-in-2014-heres-how.html

thought this article starts with light things like market and traffic dominance of $GOOG $FB and $AMZN, it goes on to paint a picture of a grim future for the web and the #internet as we know it

#business

https://www.wired.com/story/how-a-tiny-error-shut-off-the-internet-for-parts-of-the-us/

a brief note on how Level3 for a brief moment brought down internet service in the US

#reliability #business

14 November 2017

https://kernelnewbies.org/Linux_4.14

New Linux released!

some of the new kernel’s #networking features: +Generic Routing Encapsulation: Add ERSPAN type II tunnel support. One of the purposes is for Linux box to be able to receive ERSPAN monitoring traffic sent from the #cisco switch, by creating a ERSPAN tunnel device. In addition, the patch also adds ERSPAN TX, so Linux virtual switch can redirect monitored traffic to the ERSPAN tunnel device +IPv6 Segment Routing +lots of performance improvements

#tech

https://investor.cisco.com/investor-relations/news-and-events/news/news-details/2017/Cisco-Survey-Indicates-Adding-a-Virtual-Assistant-May-Be-the-Key-to-Happiness-at-Work/default.aspx

the AI future of UC: humans are ready to be conquered

I for one welcome our software-defined cloud-native overlords

#research #business #cisco

15 November 2017

https://www.microsoft.com/en-us/research/wp-content/uploads/2017/10/p599-liu.pdf

network verification is the future

$MSFT and Cumulus and others are already doing it

#networking #tech #research

16 November 2017

https://code.facebook.com/posts/291641674683314/open-r-open-routing-for-modern-networks/

FB open-sourcing thier backbone routing control plane (i.e. they made an IGP)

#networking #research

17 November 2017

http://www.datacenterknowledge.com/uptime/ovh-disassemble-container-data-centers-after-epic-outage-europe

how a double outage (power feed and software bug in equipment) partially brought down the biggest native-European infrastructure and cloud provider

#reliability #business

23 November 2017

https://xrdocs.github.io/design/blogs/2017-08-01-internet-edge-peering-current-practice/

here’s a concise overview of current peering edge architectures, problems, and #tech It’s a little #cisco XR-centric, so not all cool tech is available on every box

#networking

https://blog.apnic.net/2017/06/26/bgp-specifics-routing-vandalism-useful/

on current use cases, practice, and characteristics of more-specific prefix announcements in BGP default-free zone - in ipv4, 50% of all NRI are more-specifics, ipv6 seems to be growing in the same direction - ipv6 more-specifics observed to be less stable - not considered harmful, though some optimization is possible

#networking #research

24 November 2017

https://blogs.dropbox.com/tech/2017/11/deploying-ipv6-in-dropbox-edge-network/

Dropbox’ experience in deploying ipv6 in user-facing POPs also gives insight into multi-layer load balancing strategy

#tech #networking #ipv6

28 November 2017

https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf

OWASP group published quadrennial update to their Top10 guide to Web security

#infosec #research

30 November 2017

https://aws.amazon.com/blogs/aws/new-amazon-ec2-bare-metal-instances-with-direct-access-to-hardware/

I guess, AWS now finally competes with Hetzner😉 the offer at launch is 36 HT cores / 512G / 15T NVMe SSD / 25 Gbps

from networking PoV, 25Gbps looks a bit odd: are these machines single-homed? If dual-homed, why can’t use 2x25Gbps capacity? The requirement to support ENA in AMI points to some hidden virtualization (SR-IOV?)

#business #networking

https://boingboing.net/2017/11/27/piracy-is-always-a-smokescreen.html

Cory Doctorow’s writeup disclosing the way EFF outed DRM proponent’s true intentions: it’s not about IP rights

#infosec #policy

2 December 2017

https://arstechnica.com/science/2017/12/after-37-years-voyager-has-fired-up-its-trajectory-thrusters/

- current RTT is 39 hours, something to think about space Internet wise - the systems still work, after 37 Y in flight through radiation and all - JPL people found a way to prolong useful life for 1-2 Y more than prev. estimate

when we all go up in smoke, V’ger will be humanity’s last testament, still flying in the vast emptiness

#tech #reliability

5 December 2017

https://www.cnbc.com/2017/12/01/nokia-halts-ma-talks-with-juniper-for-now.html

the important part here is that at some point, nokia realy was considering aquisition of juniper but there was some dealbreaker

does that mean problems at juniper?

#business

8 December 2017

https://learningnetwork.cisco.com/blogs/vip-perspectives/2017/11/08/ospf-graphs-lsas-and-the-lsdb

what a neat description of principal LSDB artifacts! worth reading

#networking #tech

16 December 2017

https://www.youtube.com/watch?v=zGIKT1yw27A

why the internet matters, how dumb pipes #business works

#ntworking

19 December 2017

https://www.google.com/patents/US6377577

how #cisco processes ACLs in (T)CAM - a patent worth being a part of #networking #tech textbook

in the current state of their 3-year litigation, this patent is used by CSCO to prevent arista from importing (and thus selling) their products in the US; notice the patent’s authors - both are arista founders who previously worked for CSCO

21 December 2017

https://www.youtube.com/embed/P7JWnosdlr8?rel=0&controls=1&autoplay=1

#ipv6 xmas tree🎄 is up again!

instructions: http://ipv6tree.bitnet.be/

23 December 2017

http://www.computerhistory.org/atchm/born-in-a-van-happy-40th-birthday-to-the-internet/

some moments of early tcp/ip #history

#tech #networking

19 January 2018

https://arxiv.org/pdf/1801.05168.pdf

for those who are curious about QUIC ongoing deployment on the Internet - still mostly $GOOG turf - still work-in-progress - lack of client-side support - large body of broken servers - near 6% of traffic - maybe ~1% of domains

#tech #research

20 January 2018

https://www.youtube.com/watch?v=BO0QhaxBRr0

one way to improve delays in networks - instead of full packet discard on congestion, throw away just the payload but forward the header through PQ, thus allowing endhost to issue a NACK, hence improving sender’s reaction to packet loss

there are other interesting things going on in this NDP system

full SIGCOMM presentation: https://www.youtube.com/watch?v=OI3mh1Vx8xI original paper: http://nets.cs.pub.ro/~costin/files/ndp.pdf

#networking #tech #research

23 January 2018

https://forums.xilinx.com/t5/Xcell-Daily-Blog/Netcope-breaks-100GbE-record-148-8M-packets-sec-the-theoretical/ba-p/783676

We live in wonderful times: now there are 2x100Gbps NICs you can buy for money and plug into your machine

And I remember being asked “who will ever need 1Gbps - that’s too fast” more than once in my career

#networking #tech

24 January 2018

https://tools.ietf.org/html/draft-hildebrand-middlebox-erosion-01

to put it into less mild terms, “middleboxes considered harmful”

#networking #infosec

26 January 2018

http://packetpussies.net/generator/

just for the sake of friday, here’s a #networking marketing buzzword generator

“Our product is an agile operational dashboard including an integrated flow-wrangling integrator which will realize a new network paradigm.”

9 February 2018

https://blog.theitrebel.com/2017/08/28/tip-aiming-external-antennas/

a very efficient DIY tool for directional antenna aiming

#networking #tools #wifi

18 February 2018

http://www.sgdsn.gouv.fr/uploads/2018/02/20180206-np-revue-cyber-public-v3.3-publication.pdf

New French cyberdefense policy the most novell and interesting point is arguably that of cyberliability: the makers of products are to be hold liable for product’s #infosec until end-of-life, and strongly suggested to opensource the code after EOL

19 February 2018

https://ripe69.ripe.net/wp-content/uploads/presentations/11-RIPE69.pdf

a story of a real-life small-scale SDN (service provider) white-box, custom built, openflow

#tech #networking

21 February 2018

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Campus/CVD-Software-Defined-Access-Design-Guide-2018JAN.pdf

#cisco DNA CVD, freshly minted

#networking

22 February 2018

https://www3.cs.stonybrook.edu/~mikepo/papers/proxyscan.ndss18.pdf

A Large-scale Analysis of Content Modification by Open HTTP Proxies

- 38% perform some form of content modification. - 5.15% perform modification considered malicious, of these: - 47% injected ads, - 39% injected code for collecting user information -12% attempted to redirect the user to pages that contain malware.

#research #infosec

https://arxiv.org/pdf/1802.05030.pdf

Facebook Use of Sensitive Data for Advertising in Europe

Facebook labels 73% EU users with sensitive interests. This corresponds to 40% of the overall EU population. We also estimate that a malicious third-party could unveil the identity of Facebook users that have been assigned a sensitive interest at a cost as low as 0.015 EUR per user.

#research #infosec

https://www.bahnhof.se/brf/

Swedish ISP Bahnhof offers broadband connection to the home featuring 10Gbps for ~30 EUR/month

That’s what I call progress

#networking

https://tools.ietf.org/html/rfc8312

after ~11 years in production (Linux), CUBIC is finally an RFC read that to learn how modern TCP works

#networking #tech #research

26 February 2018

10G intercontinental fiber price has dropped in the last 3Y #networking #business

https://2018.apricot.net/assets/files/APNT806/TCP-and-BBR.pdf

BBR considered harmful, or a tale of what happens when some Evil Corp develops an unfair TCP

#networking #research

https://blog.packet-foo.com/2014/09/how-millisecond-delays-may-kill-database-performance/

also, that’s why you might want that WAN optimization thing (when phisically moving that server closer to clients is not feasible)

#networking

https://arxiv.org/ftp/arxiv/papers/1703/1703.06967.pdf

Markov chain-based machine learning employed to optimize load placement (both compute and network)

results of the study show this algorithm was able to place workloads to make more efficient use of network and data centre resources and placed ~5-8% more workloads than other heuristic placement algorithms considered

#networking #research

2 March 2018

https://arstechnica.com/information-technology/2018/03/23000-https-certificates-axed-after-ceo-e-mails-private-keys/

basically, the CA industry is broken and needs be dismantled

this week’s fuckup: a reseller had customer’s private keys stored in such a way they were attached to a plaintext email

#infosec #business

https://tools.ietf.org/html/draft-ietf-mboned-dc-deploy-02.html

This document provides a quick survey of uses of multicast in the data center and should serve as an aid to further discussion of issues related to large amounts of multicast in the data center. (work in progress)

#networking

http://www.broadbandtechreport.com/articles/2018/01/verizon-juniper-ciena-trial-400g-optics.html

IEEE P802.3bs 400 Gbps Ethernet is now considered practical

not sure why the article mentions that they did it on a single labmda: .3bs requires at least 8 lambdas over two fibers, as far as I can tell

#networking #tech

5 March 2018

https://www.youtube.com/watch?v=VpRFo7yEJwY

talk to your #cisco servers via Alexa / AWS Lambda

#tech #justforfun

7 March 2018

https://cyber.dhs.gov/assets/report/bod-16-02.pdf

US Department of Homeland Security published a previously “official use only” directive yesterday

they order federal agencies to patch their vulnerable #cisco machines and periodically report on security status

the interesting part everybody is chewing on is, vulns in cisco asa and routers appaently were successfully used to hack into US agencies networks

#infosec #policy

https://cyber.dhs.gov/assets/report/ar-16-20173.pdf

Report AR-16-20173 mentionned in the BOD-16-02 by the US DHS

#infosec #policy

13 March 2018

https://citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria/

a very thorough investigation of internet censorship in Turkey and Egypt +includes analysys of DPI #tech used +includes a filter to detect packets injected with such a DPI

#policy #infosec

https://panic.com/blog/mystery-of-the-slow-downloads/

I think we all can agree with the author here, it is rather strange that Comcast went out of their way to fix the problem on their side without at least trying to extort money

#networking #business

14 March 2018

https://scotthelme.co.uk/why-we-need-to-do-more-to-reduce-certificate-lifetimes/

why we need to shorten effective validity periods, the history of validity periods in CA industry, what’s more to come

in short: buying 3y certs is a waste and goes against your best interests especially right now

#infosec

15 March 2018

https://www.itnog.it/itnog3/files/ITNOG3-Juniper_RIFT.pdf

this looks like the latest (Nov’17) public info on work-in-progress RIFT, a routing protocol for Clos networks

#networking #research

16 March 2018

https://www.snellman.net/blog/archive/2015-08-25-tcp-optimization-in-mobile-networks/

on TCP optimization #tech for mobile packet networks some nice details on how with relatively simple means (i.e. no caching, gzipping, inventing new congestion control, or going into application inspection) we can hugely optimize TCP for long-RTT networks

#networking

22 March 2018

https://www.farsightsecurity.com/2016/04/28/vixie-magicalthinking/

critique of ‘killchain’ approach to #infosec in real life, blackboxes considered harmful

We are, today, trying to secure technology we do not understand, against attackers who understand our technology better than we do. Worse still, we’re trying to secure technology that our technology vendors do not understand. What’s missing from the models inspired by military doctrine is that this isn’t a war or a battle, it’s a way of life — it’s forever. And our strategic options don’t include whether to fight, or when, or on what ground. All of those options are in the hands of our adversaries.

28 March 2018

https://blogs.cisco.com/datacenter/new-portability-options-for-ciscos-data-center-networking

now you can run an OS of your choice on a #cisco nexus switch looks like a #business move to sell more of them to $MSFT for azure who recently published work on Sonic the ability to run NX-OS on any hardware clearly comes secondary

7 April 2018

https://blog.webernetz.net/using-a-fortigate-for-bitcoin-mining/

FortiGate firewalls support $BTC mining as a standard, though hidden, feature

#infosec #business

12 April 2018

http://www.circleid.com/posts/20180402_oblivious_dns_plugging_the_internets_biggest_privacy_hole/

nice idea: basically, TOR principles applied to DNS

there are caveats in this paper that still need resolving, for example step 5 of the algorithm as constructed is nothing but handwaving, and it differs from the sequence diagram; moreover, the process on the sequence diagram leaks information to the Recursive server

#networking #research #infosec

16 April 2018

https://www.icann.org/en/system/files/correspondence/jelinek-to-marby-11apr18-en.pdf

in compliance with EU’s GDPR, WHOIS service as constructed will soon be illegal

#networking #policy

17 April 2018

https://twitter.com/RIPENCC_IPRAs/status/986164235993526272

RIPE is down to refurbished addresses in IPv4 space

#ipv6

https://amp.businessinsider.com/microsoft-azure-sphere-is-powered-by-linux-2018-4

“After 43 years, this is the first day that we are announcing - and will be distributing - a custom Linux kernel,” Microsoft’s president, Brad Smith, said onstage at an event in San Francisco.

Microsoft(R) Linux(tm) FTW!

#business

23 April 2018

http://uk.businessinsider.com/hackers-stole-a-casinos-database-through-a-thermometer-in-the-lobby-fish-tank-2018-4

“a casino was hacked via a thermometer in an aquarium in the lobby.”

S in #iot stands for Security

#infosec

30 April 2018

https://arxiv.org/pdf/1804.07706.pdf

Securing Email arXiv:1804.07706v1

everything you wanted to know about email security in one concise study TLS-SMTP, DKIM, SPF, DMARC, S/MIME, PGP, etc.

#infosec #tech

4 May 2018

https://www.tummy.com/articles/famous-dns-server/

#history behind the 4.2.2.2 DNS service

  • they were the first to realize that there is value in memorable addresses
  • filtering it would’ve been harder than letting it be public
  • anycast for reliability and easy customer migration

#netwoking

https://www.comodoca.com/en-us/about/blog/on-comodo-ca%E2%80%99s-recent-revocation-of-an-ssl-certifi/

interesting handling of a complex situation by comodo CA:

  • here’s what happened
  • here’s how a wrong decision was made
  • here’s how we are proposing to right it
  • here are our steps to prevent it in the future

#infosec #policy

5 May 2018

https://www.usenix.org/system/files/conference/foci12/foci12-final2.pdf

a 2012 paper on how to block services such as TOR intelligently, and a few simple ways to work around this method

#infosec #networking #tech

8 May 2018

https://www.youtube.com/watch?v=BnhCHOo2Zss

the author describes the political landscape surrounding nation-state APTs and calls for a more fleshed-out #policy

#infosec

9 May 2018

https://ai.googleblog.com/2018/05/duplex-ai-system-for-natural-conversation.html

>The Google Duplex system is capable of carrying out sophisticated conversations and it completes the majority of its tasks fully autonomously, without human involvement.

So that’s why Google voice and Fi projects exist: to train a novell AI how to talk to humans naturally

#tech

10 May 2018

https://www.youtube.com/watch?v=BRUvbiWLwFI

if you only have ~15 mins to spare to learn about the future today, I suggest watching this barebones version of goggle’s keynote (3+ hrs all in all) basically, “AI all the things!”

#futureishere #tech

11 May 2018

https://www.theregister.co.uk/2018/05/10/ibm_bans_all_removable_storage_for_all_staff_everywhere/

IBM moves from sneakernet to something more cloudy

#infosec

17 May 2018

https://arstechnica.com/tech-policy/2018/05/senate-votes-to-overturn-ajit-pais-net-neutrality-repeal/

They did it, with just a 5 vote margin Now though this has to pass through the House, and the POTUS

#policy

28 May 2018

https://status.cloud.google.com/incident/cloud-networking/18009#18009005

google’s GCP most recent incident analysis - that’s the way to write postmortems:

  • impact, root cause (when possible), remediation, prevention

TL;DR: fluke in BGP code caused regional prefixes withdrawal from BGP advertisements, leading to unreachability; mitigated by software rollback

#reliability #networking

https://spectrum.ieee.org/computing/hardware/how-to-kill-a-supercomputer-dirty-power-cosmic-rays-and-bad-solder

if you ever wondered whence comes the majority of parity errors - not only in supercomputers, but in networking equipment as well

#tech #reliability

3 June 2018

https://blog.benjojo.co.uk/post/bgp-battleships

as I mentionned elsewhere, BGP will soon surpass HTTP(S) as preferred transport for everything: first we had a chat, now there’s a game of Battleships

#tech #networking

5 June 2018

https://www.youtube.com/watch?v=iMAThVcqzuk

how the intercontinent fiber cables are terminated on the shore the video also dispels my previous assumption that the undersea cables are at least as thick as my leg due to all the protection required - the deeper they go, the less protection they need, as most of the danger comes from near-shore fishing and anchoring activities

#networking #tech

12 June 2018

https://ripe76.ripe.net/presentations/30-180514.ripe-clos.pdf

how to do SPF routing in BGP for mid-sized Clos fabrics and why would you do that

a fascinating read in protocol design, though I am disturbed by yet another load on top of BGP - the author is right, clearly now only HTTP and SMTP are missing

#networking #tech #research

https://jvns.ca/tcpdump-zine.pdf

for anyone wanting to know and use tcpdump, here’s a zine by Julia Evans it’s a quick and easy read and gets you right into practical stuff

#networking #tools

https://xrdocs.io/cloud-scale-networking/tutorials/2018-02-19-netflow-sampling-interval-and-the-mythical-internet-packet-size/

how NetFlow works under the hood in #cisco IOS-XR systems also contains some fresh data on average packet sizes from a real internet router

#networking #tech #research

https://stratechery.com/2018/the-end-of-windows/

timeline and reflection on recent #business strategy evolutions at $MSFT

https://github.com/alex/what-happens-when

an in-depth (for some definition of depth) exploration of the process under the hood of showing us a webpage

#tech

14 June 2018

https://www.akamai.com/de/de/multimedia/documents/technical-publication/detecting-peering-infrastructure-outages-in-the-wild.pdf

Outages at colocation facilities and IXPs affect the operation of hundreds of networks. In this paper, the authors show that control-plane messages provide an excellent, yet unexplored source of information that can be utilized to detect peering infrastructure outages in the wild. We develop a methodology to analyze the values of the BGP Communities attribute to accurately detect the location of a peering outage at the level of a building.

other notable findings:

  • We find that 53% of the outages are in Europe, 31% in the US, and the remaining ones in the other regions.
  • The median outage duration is 17 minutes and 40% of the outages exceed 1hour
  • 5% of the monitored 403 facilities fail to meet the 99.99% uptime mark and 18% the 99.999% uptime mark.
  • [after an outage] BGP path re-convergence took about 4 hours until 95% of the paths returned

short presentation on the chief contribution of this paper: https://www.youtube.com/watch?v=U_qOSWRe3pQ

#networking #reliability #research

https://sheharbano.com/assets/publications/ccr18-scan-liveness.pdf

Liveness—whether or not a target IP address responds to a probe packet—is a nuanced concept without a simple yes/no answer. Responsiveness directly depends on the probe type, the configuration of the targeted host, as well as on firewalling and filtering behaviors at the edge or within networks.

key findings include: (i) TCP and UDP probes increase the population responsive over ICMP by 18%, (ii) comprehensively capturing reply traffic (i.e., taking into account negative reply packets) increases the responsive population by more than 13%, (iii) TCP stacks do not consistently respond with a TCP Rst for non-available services—in our measurements only 24% of hosts with an active TCP stack respond to all the probes, (iv) our concurrent scans allow us to identify nearly 2M tarpits that would bias measurements that do not take them into account, and (v) we report on the correlation of responsiveness across protocols uncovering potential filtering practices.

other notable findings:

  • probe redundancy [sending deferred repeated probes] increases the population of active IP addresses by 2.2%
  • our scans recorded 487M network alive IPs (IPall) out of 3.6B probed.
  • we see that ICMP Echo probes are most effective in discovering network active IPs, revealing 79% of IPall, followed by TCP probes.
  • we find that 16% of IPall can only exclusively be discovered via TCP, and a small but significant ≈2% can only be discovered via UDP probes.

#networking #research

19 June 2018

https://ripe74.ripe.net/archives/video/58/

https://ripe74.ripe.net/wp-content/uploads/presentations/67-Enno_Rey_RIPE74_Structural_Deficits_IPv6.pdf

Enno Rey, Why IPv6 Security Is So Hard

a quick and lighthearted rant about #ipv6 complexity, with the loveliest questions section ever

#networking #infosec

25 June 2018

http://www.lightreading.com/nfv/nfv-tests-and-trials/validating-ciscos-nfv-infrastructure-pt-1/d/d-id/718684?page_number=8

an overview of #cisco VPP performance

VPP - new-ish software dataplane mechanism, now part of fd.io Linux Foundation project developed in collaboration between multiple vendors and #research groups

#tech #networking

https://fd.io/wp-content/uploads/sites/34/2018/02/performance_analysis_sw_data_planes_dec21_2017-1.pdf

an in-depth discussion of software dataplane performance characteristics and detailed test results for VPP/fd.io and other modern sw dataplanes

#tech #networking #research

5 July 2018

https://conferences.sigcomm.org/sigcomm/2016/files/program/netpl/netpl16-nikolaj.pdf

a short intro presentation showcasing current state of network verification #research

includes some general info on solvers and mapping of research to applications, plus SecGuru, Network optimized Datalog, and a way to scale verification to 10^6-node networks

https://learningnetwork.cisco.com/servlet/JiveServlet/previewBody/31004-102-7-149734/nrusso_ccie_ccde_evolving_tech_1july2018.pdf

Nick Russo has updated his evolving tech guide to now include v.1.1 topics: - Minimal working Viptela example - Minimal working SVN example - Minimal working AWS CodeCommit + AWS CodeBuild example - Minimal working local NFVIS management example - Minimal working DNA-C + NFVIS example - Minimal working IOS-XR gRPC example - Minimal working Docker example - Minimal working Kubernetes example (with AWS EKS discussion) - Inclusion of production Ansible playbook references - SDA discussion - NFVI, VIM, and VTS discussion - Cloud Center discussion - IoT PHY protocol discussion and comparison (LEACH, PEGASIS, MTE, TEEN, DEEC, etc) - Cisco DMo discussion - IoT Threat Defense solution (security)

#study #cisco

http://www.calient.net/wp-content/uploads/downloads/2013/04/CALIENT-S-Series-Photonic-Switch-Hardware-User-Manual-Rev-A-460xxx-00-v10.pdf

everything you wanted to know about photonic #networking in one handy guide

tl;dr: fancy programmable FO patch panels based on electronically-controlled rotating mirrors

#tech

7 July 2018

https://blog.cloudflare.com/how-to-drop-10-million-packets/

a dive into the modern Linux networking stack - same methods apply to any packet handling, not just dropping

#tech

9 July 2018

https://www.usenix.org/node/189019

network verification using Network optimized Datalog includes some nice usecases

#research

P-FatTree: A Multi-channel Datacenter Network Topology

In this work we propose P-FatTree, which is a FatTree topology

basically, their idea is to disbundle sub-channels and connect them do disparate fabrics inside the switch

i.e. apply multiplane topology idea to switch internal design, shifting the ECMP (between channels) burden to the host

#research #tech

Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists

In this paper, the authors show that addresses in IPv6 hitlists are heavily clustered. We present novel techniques that allow to push IPv6 hitlists from quantity to quality. We perform a longitudinal active measurement study over 6 months, targeting more than 50 M addresses. We develop a rigorous method to detect aliased prefixes, which identifies 1.5 % of our prefixes as aliased, pertaining to about half of our target addresses. Using entropy clustering, we group the entire hitlist into just 6 distinct addressing schemes. Furthermore, we perform client measurements by leveraging crowdsourcing.

an attempt to map #ipv6 address space and produce viable hitlists for reproducible #research into the new shiny #internet

#networking

11 July 2018

http://www.gazettabyte.com/home/2018/6/5/400zr-will-signal-coherents-entry-into-the-datacom-world.html

Future is here: 400Gbps optics are coming to datacom applications

400ZR will have a reach of 80km over a single wavelength and a target power consumption of 15W, products are expected by the first half of 2020.

IEEE is also considering a proposal to adopt the 400ZR specification, initially for the data-centre interconnect market

#tech #networking

16 July 2018

https://www.cs.jhu.edu/~huang/paper/grayfailure-hotos17.pdf

Peng Huang et al., Gray Failure: The Achilles’ Heel of Cloud-Scale Systems //Microsoft Research

Cloud scale provides the vast resources necessary to replace failed components, but this is useful only if those failures can be detected. For this reason, the major availability breakdowns and performance anomalies we see in cloud environments tend to be caused by subtle underlying faults, i.e., gray failure rather than fail-stop failure. In this paper, we discuss our experiences with gray failure in production cloud-scale systems to show its broad scope and consequences. We also argue that a key feature of gray failure is differential observability: that the system’s failure detectors may not notice problems even when applications are afflicted by them. This realization leads us to believe that, to best deal with them, we should focus on bridging the gap between different components’ perceptions of what constitutes failure.

  • The ambiguous nature and temporal idiosyncrasy of gray failure make it distinctly different from what is assumed in typical failure models. This defeats traditional fault-tolerance solutions and thus poses significant challenges to cloud practitioners.
  • A natural solution to gray failure is to close the observation gaps between the system and the apps that it services. … This is analogous to making assessments of a human body’s condition: we need to monitor not only his heartbeat, but also other vital signs including temperature and blood pressure.
  • One feasible approach is for a system to measure metrics that approximate the observations of its apps. For example, to tackle the network gray failure example (§2.1), the cloud system can send probes to measure server-to-server latency and reachability to emulate observations of the network by common applications

i.e. PfR is the right approach!

#networking #research #reliability

17 July 2018

https://vimeo.com/267639718

a short introduction into modern HTTP capabilities

#tech

18 July 2018

https://www.microsoft.com/en-us/research/uploads/prod/2018/03/causal-papoc18.pdf

Towards Causal Datacenter Networks

work in progress #research in support of casual delivery in datacenter networks

they propose to perform sequencing in networking hardware

#networking #tech

19 July 2018

https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/46181.pdf

Thinking about Availability in Large Service Infrastructures

some general thoughts on distributed systems availability:

  • tactical service-level objectives
  • adversarial thinking applied to availability - a very interesting approach which I’d like to take further sometime
  • a list of good operational practices: reviews, testing, gradual rollout, partitionning, improve MTTR, fail-static

#research #reliability #networking

20 July 2018

http://yuba.stanford.edu/~casado/fabric.pdf

Fabric: A Retrospective on Evolving SDN

A discussion paper in which the authors are trying to introduce ideas from some interpretation of vanilla MPLS into some interpretation of OpenFlow-like SDN

  • good idea of pushing compexity to the edge! have they read #RFC1925 ?
  • the whole paper is probably “nothing new” from traditional #networking perspective, but is really big for OpenFlow, I guess
  • section 3.5 is rather weird, as the problems stated there stand solved for MPLS with MP-BGP ( though it is my understanding that BGP is considered a swearword in OF community )

#research

21 July 2018

https://tools.ietf.org/html/draft-elders-social-media-apology-00

the fact that this rather humorous internet draft was not published on April 1st is telling

also, the authors are not wrong

#random

23 July 2018

https://arxiv.org/pdf/1806.08420.pdf

Oh, What a Fragile Web We Weave: Third-party Service Dependencies In Modern Webservices and Implications

key findings are: (1) 73.14% of the top 100,000 popular services are vulnerable to reduction in availability due to potential attacks on third-party DNS, CDN, CA services that they exclusively rely on; (2) the use of third-party services is concentrated, so that if the top-10 providers of CDN, DNS and OCSP services go down, they can potentially impact 25%-46% of the top 100K most popular web services; (3) transitive dependencies significantly increase the set of webservices that exclusively depend on popular CDN and DNS service providers, in some cases by ten times (4) targeting even less popular webservices can potentially cause significant collateral damage, affecting upto 20% of the top-100K webservices due to their shared dependencies.

#research #reliability

https://cilium.io/blog/2018/04/17/why-is-the-kernel-community-replacing-iptables/

tl;dr: beacause it’s faster

#tech

25 July 2018

https://www.youtube.com/watch?v=_wRvNINnSQg

some good operational advice on BGP policy for safer #internet

#networking

2 August 2018

https://cloudplatform.googleblog.com/2018/08/repairing-network-hardware-at-scale-with-sre-principles.html

should be “replacing hardware” though

a nice case of automation done right: retrace manual operations, pick those easy to automate first, then build on sucess and extend as much as possible

notable things:

  • $GOOG buys from the big-three vendors, like the rest of us
  • $GOOG keeps spares onsite
  • $GOOG has issues with RMA from vendors just like anybody, multiplied by scale

#networking #reliability

http://www.ecrypt.eu.org/csa/documents/D5.4-FinalAlgKeySizeProt.pdf

Algorithms, Key Size and Protocols Report

a fresh survey of generally usable crypto algorithms and protocols

#infosec

7 August 2018

https://ams-ix.net/technical/specifications-descriptions/controlling-arp-traffic-on-ams-ix-platform

on one of the dangers of excessively large L2 domains and a coping mechanism - ARP Sponge - to bandaid it

#networking #tech

https://support.samsungknox.com/hc/en-us/articles/115013403768-Enhanced-Roaming-Algorithm

how Samsung does #wifi roaming

#networking #tech

https://www.rfc-editor.org/rfc/rfc8422.txt

new standards track #RFC 8422

Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier

#networking #infosec

http://www.futuriom.com/articles/news/cisco-arista-settlement-surprises/2018/08

the Arista v. #cisco is settled, so less uncertainty in the market

huge win for $ANET as is clear from market reaction not sure why would $CSCO prefer cash over locking an aggressive competitor in court

#business

11 August 2018

https://apenwarr.ca/log/?m=201808

a great intro to the problems of buffer management, QoS, and chockolate fountains

#tech #networking

https://githubengineering.com/glb-director-open-source-load-balancer/

How and Why GitHub does load balancing

  • troubles of consistent load balancing at scale
  • options considered
  • limitations and solutions #tech #networking

15 August 2018

https://security.googleblog.com/2018/08/google-public-dns-turns-8888-years-old.html

the most popular $GOOG service by far turns 8 year old!

#history

17 August 2018

https://www.youtube.com/watch?v=ajGX7odA87k

on improving #infosec in general and for #iot

James Mickens is the best, every single of his talk/paper is worth listening to/reading

27 August 2018

https://foreignpolicy.com/2018/08/15/botched-cia-communications-system-helped-blow-cover-chinese-agents-intelligence/amp/

a fascinating story of how a poorly-designed #internet communication architecture cost people lives

#infosec

13 September 2018

https://www.reddit.com/r/IAmA/comments/9dj8h7/i_am_bruce_schneier_cybersecurity_expert_author/

Bruce Schneier did an AMA session on Reddit recently

#infosec

https://twitter.com/portfast/status/1040254640493928448

Ever wondered what an Ethernet frame looks like on the wire? No? Well here it is anyway. 10mbit, probably ARP.

#tech

15 September 2018

https://standards.ieee.org/news/2018/ieee_standard_200gb_400gbs_ethernet.html

while some of us’re just getting to see 10Gbps as “normal”, the new and shiny 200GBASE-x and 400GBASE-x standards got specified

here’s the relevant excerpt if you are into such things (draft): http://www.ieee802.org/3/bs/public/17_03/gustlin_3bs_03_0317.pdf

#tech #networking

http://clnv.s3.amazonaws.com/2017/usa/pdf/BRKARC-3467.pdf

one of the few must-watch ciscolive presentations, covering everything from transistors to gates to ASIC capabilities to high-level features the nicest intro to how all of it works you can imagine

#cisco #tech #networking

18 September 2018

https://logicmag.io/05-how-to-kill-your-tech-industry/

on sexism of computer indistry in the UK

#history

20 September 2018

something to think about: engineers spend up to 50% of time supporting bad tehnical decisions

https://stripe.com/files/reports/the-developer-coefficient.pdf

#research #business

23 September 2018

https://www.youtube.com/watch?v=s1i-dnAH9Y4

how mechanical computers work from basics to advanced vector math

#history

26 September 2018

https://www.datacenterknowledge.com/networks/intent-based-networking-data-center-cisco-vs-juniper

a side-by-side comparison of current #juniper and #cisco offerings, from a #business perspective

28 September 2018

https://nlnetlabs.nl/downloads/presentations/HSB18-Alex-Band-RPKI-20180927.pdf

quick and easy read, kind of RPKI-101: who is who, what is what, quck start

#tech #networking #infosec

30 September 2018

https://blogs.microsoft.com/on-the-issues/2018/09/11/a-call-for-principle-based-international-agreements-to-govern-law-enforcement-access-to-data/

here, MSFT takes a very sensible position wrt law enforcement

perharps the history of litigation vs US govt taught them as much

yet one must still wonder how this proposal will hold up to the scrutiny of a court order coming from places like DPRK

#business #policy #infosec

3 October 2018

https://pc.nanog.org/static/published/meetings/NANOG74/1761/20181003_Barbieri_Transforming_Lab_Automation_v1.pdf

if you happen to have a sizable lab to manage, here’s a good idea how you could make use of SDN (i.e. OpenFlow) dataplane-hacking capabilities

also: circuit switching!

#networking #tech

4 October 2018

https://pc.nanog.org/static/published/meetings/NANOG74/1851/20181002_Plunkett_Lightning_Talk_Lean_v2.pdf

on practical feasibility of short-reach (metro) DWDM 100G optics

useful #tech !

#networking

https://www.globaltraceroute.com/

when you must verify global connectivity to your systems, here’s a tool you might consider using

very neat hack over RIPE Atlas

#tools #networking #internet

30 October 2018

https://phoronix.com/scan.php?page=news_item&px=Linus-Torvalds-New-Politeness

on the importance of communicating clearly on issues and problems

if Linus can abstain from profanity, so can we all

#business

https://webaim.org/blog/user-agent-string-history/

if you ever wondered why almost-but-not-quite every web browser on earth calls itself Mozilla in its User-Agent

#history

31 October 2018

https://blog.github.com/2018-10-30-oct21-post-incident-analysis/

TL;DR: loss of network connectivity between DB clusters for 43 seconds resulted in cluster deciding to fail-over cross-country, leading to loss of sync and a total of 24hrs of service degradation

#reliability

1 November 2018

https://blog.ecitele.com/technologies-that-didnt-part-2

some notes about the OSI Suite of protocols: what they were, the ups and downs, their legacy

#history #tech #networking

7 November 2018

https://www.aria-networks.com/blog/tier-1-operator-goes-live-with-automated-traffic-engineering-using-ai-and-a-digital-twin/

and so it begins: an AI replaced humans at CLI work, in production network

Routes designed by the Aria platform are flowed through as command-line interface (CLI) instructions to configuration management, for execution on the live network.

#networking #tools

https://www.bizjournals.com/sanjose/news/2018/11/06/cisco-layoffs-executive-departures-csco.html

#cisco lays off 500 people

The article is cowardly paywalled, so here are the key points:

Cisco Systems is cutting nearly 500 South Bay employees as a months-long internal shakeup ripples through its ranks.

“Today, we have made the difficult decision to move forward with a restructuring that will affect some of our CX [customer experience] colleagues,” Martinez wrote in Tuesday’s memo.

_Cisco employs more than 14,000 in Silicon Valley, according to the latest Business Journal research, and about 70,000 people worldwide.

The layoffs, which range from engineers to executives, have affected employees from product marketing, business operations, global architecture and technology services, according to state documents._

#business

8 November 2018

https://ict.moscow/static/2018-phenomena-report.pdf

some stats on trafic from eyeball networks

regional trends look wonderful, $NFLX FTW

#internet #networking #research

https://www.zdnet.com/article/us-cyber-command-starts-uploading-foreign-apt-malware-to-virustotal/

US Cyber Command decided to play nice and protect the innocent by sharing its findings

#infosec #policy

9 November 2018

https://www.golem.de/news/root-zertifikat-sennheiser-software-hebelt-https-sicherheit-aus-1811-137603.html

software for Sennheiser headphones installs a trusted root with the key

#infosec

https://arstechnica.com/information-technology/2018/11/strange-snafu-misroutes-domestic-us-internet-traffic-through-china-telecom/

on the importance of verifying your routing

I mean, nobody noticed it (i.e. huge RTT, or traceroute, or something) for two years!

#networking #infosec

13 November 2018

https://blog.thousandeyes.com/internet-vulnerability-takes-down-google/

https://status.cloud.google.com/incident/cloud-networking/18018

Nigerian ISP AS37282 ‘MainOne Cable Company’ and/or AS4809 ChinaTelecom leaked some $GOOG and Cloudflare prefixes to AS20485 TransTelecom causing some downtime last night

#networking #reliability

17 November 2018

https://ernw.de/download/AD_Summit_2018/01_AD_Summit_CoreSecPrinciples_fk_hw_v.1.2_signed.pdf

ActiveDirectory security landscape and some best practices

since AD has become de-facto industry standard for single-source of truth for all things authentication in enterprise environments, it might be worth our while to read into the subject of its security

#infosec

https://www.nccoe.nist.gov/sites/default/files/library/sp1800/fs-pam-nist-sp1800-18-draft.pdf

for those willing to dive deeper into the subject of administrator account security, NIST is preparing SP 1800-18, drafted here

#infosec

18 November 2018

https://twitter.com/TinkerSec/status/1063423110513418240

while we’re on that #infosec vibe, please enjoy this twitter thread about a pentest gone funny

27 November 2018

https://aws.amazon.com/blogs/aws/new-aws-global-accelerator-for-availability-and-performance/

new AWS service allows anyone to leverage anycast #networking to their advantage

  • you get static IP addresses announced from edge network
  • you can build address striping - AWS edge announces different addresses via different peers - same redundancy technique they use for Route53

#reliability

29 November 2018

https://itsecx.fhstp.ac.at/wp-content/uploads/2018/11/02_Rene_Freingruber_Flying_under_the_radar_freingruber_v1.00.pdf

what hacking into a “hardened” organization may look like, from information gathering to running code at a target, including some nice evasive maneuvers

#infosec

https://labs.ripe.net/Members/kevin_vermeulen/multilevel-mda-lite-paris-traceroute

on development of a Paris traceroute variant for discovering very complex topologies

try it with your friendly RIPE Atlas soon

#tools #networking

30 November 2018

https://arstechnica.com/information-technology/2018/11/did-sprint-throttle-skype-researcher-explains-evidence-behind-allegation/

here we have a pretty well-balanced description of throttling measurement process using simulated traffic, though methinks the assumption of widespread DPI (ISP-side) is a bit of a stretch

#networking #research

https://rule11.tech/bgpsec-and-reality/

a one-stop critique of BGPsec ideas

on-paper, BGPsec looks reasonable and the math checks out (if one cares to read it), but when faced with complex reality of the multitude BGP implementations, the real problems, and solutions, it all falls apart as Russ White demonstrates

#networking #infosec #internet

https://people.inf.ethz.ch/omutlu/pub/data-center-network-errors-at-facebook_imc18.pdf

A Large Scale Study of Data Center Network Reliability This paper fills the gap by presenting a large scale, longitudinal study of data center network reliability based on operational data collected from the production network infrastructure at Facebook, one of the largest web service providers in the world. Our study covers reliability characteristics of both intra and inter data center networks. For intra data center networks, we study seven years of operation data comprising thousands of network incidents across two different data center network designs, a cluster network de- sign and a state-of-the-art fabric network design. For inter data center networks, we study eighteen months of recent repair tick- ets from the field to understand reliability of Wide Area Network (WAN) backbones

notable findings:

  • 2 x more human errors than hardware errors
  • rack switch incidents comprise almost a third of all problems, though relatively low priority
  • fabrics in DC have less problems than clusters
  • MTBI / MTTR look exponential
  • SP-provided links fail as often as the edge routers that use them
  • most problems are repaired automatically by means of watchdog-like functionality (i.e. port shut/no shut, device restart, device reimage)

They also provide MTBF and MTTR models for leased fiber, though they omit to show if there is a correlation with distance or other factors, only noting that in metro areas, MTBF is higher

#networking #reliability #research

https://nlnog.net/static/nlnogday2018/5_BMP_Smit_Lucente_NLNOG_2018.pdf

what BGP monitoring protocol looks like, motivation behind it, future directions

#networking #tools

https://nlnog.net/static/nlnogday2018/7_RPKI_NLNOG_2018_Niels_Raijer.pdf

some Layer-9 perspectives on RPKI use this to pursuade your boss to enable it!

#networking #infosec

https://nlnog.net/static/nlnogday2018/9_routing_security_roadmap_nlnog_2018_snijders.pdf

what other things you can use RPKI for

#networking #infosec

5 December 2018

https://github.com/Microsoft/Ethr/blob/master/README.md

Ethr: network performance testing tool by $MSFT

#networking #tools

6 December 2018

https://cfeditions.com/cyberstructure/ressources/Cyberstructure-SPECIMEN.pdf

Preview of Stéphane Bortzmeyer’s upcoming book Cyberstructure, which tells how current #internet works on levels 8-10

How people use the network, what the new powers of this world are doing, how the states are spying, why privacy and neutrality are so important, etc. The full book covers that and much more, bringing together two aspects of the world noumerique: technical and political

available in full here: https://cfeditions.com/cyberstructure/

#policy

http://www.circleid.com/posts/20181127_in_a_networked_knowing_right_time_is_essential_but_how_accurate/

on time precision across the Internet

interesting things:

  • there are hosts with clocks running months ahead of UTC
  • most unprecise clocks ~38% are behind UTC, sometimes a whole year behind
  • there are a few interesting clusters of imprecision: exacly 1 hour behind, exactly 12 hours behind, exacly a multiple of 24 hours ahead The strong quantisation of the clock drift into units of hours tends to suggest that a major component of this clock slew is not the drift of the local oscillator or dropping of clock ticks in the time management subsystem, but some form of misconfiguration of the local date calculation. The second counter appears to be quite stable, but the local date calculation is off.

#research

https://www.cnbc.com/2018/11/29/amazon-outpost-brings-cloud-technology-to-traditional-data-centers.html

the only important point here is that the $cloud marketing puff of the last ten years although successful, is clearly slowing down, and $AMZN is now acknowledging that many companies want to stay on-premises.

#business

10 December 2018

https://www.netresec.com/?page=Blog&month=2018-11&post=Remote-Packet-Dumps-from-PacketCache

how to remotely dump some packets on a Windows machine with PacketCache

#tools #networking

12 December 2018

https://oversight.house.gov/wp-content/uploads/2018/12/Equifax-Report.pdf

the final public report on equifax $EFX breach - the biggest PII data leak in U.S. history (so far)

1. $EFX fails at #infosec due to bureocracy: they didn’t scratch to fix the Struts problem, even knowing about it 2. two months between Struts vuln. disclosure and attack 3. plaintext database passwords - for 48 different DBs 4. forgot to renew TLS certs on monitoring systems for 19 months 5. attack lasted 76 days

Executive Summary is worth reading

13 December 2018

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/727415/20180717_HCSEC_Oversight_Board_Report_2018_-_FINAL.pdf

Huawei has, according to this report, some problems: - software engineering process lacks and/or is outdated - long-term support of products with components that lack support - failure to provide consistent binaries

#business #infosec

18 December 2018

https://developers.redhat.com/blog/2016/10/14/macsec-a-different-solution-to-encrypt-network-traffic/

how MACsec works

#tech #networking #infosec

19 December 2018

https://www.ipv6.org.uk/2018/10/26/ipv6-transition-workshop-sep-2018/

#history, progress, practice, problems, #tech - everything you wanted to know about state of #ipv6 condensed in a few nice presentations

27 December 2018

https://play.google.com/store/apps/details?id=androdns.android.leetdreams.ch.androdns&hl=en

the app to rival dig / nslooup

#tools

1 January 2019

https://ripe77.ripe.net/presentations/32-vxlan-ripe77.pdf

some notes on VXLAN security as implemented

TL;DR: it’s like vlan hopping, but works over the internet, i.e. trivial to inject data one-way; but there’s more to it

#infosec #networking

3 January 2019

https://docs.google.com/file/d/0ByeFzvNZTBw4OVpPMTE2RHV6NnM/edit?usp=sharing

IPv6 for IPv4 Experts - a book by Yar Tikhiy, for those of us who might have heard already what a packet is before and thus has no need in repetition

#ipv6 #networking

https://www.ipv6.org.uk/wp-content/uploads/2018/11/IPv6-presentation-linkedin-The-Beginning-of-the-End.pdf

how linkedin implemented #ipv6 in their datacenters

basics: - mapping of old addressing scheme to ipv6 - [for every segment,] gateway is always fe80::1 - not all apps, languages, firmwares work as desired - measurement is important - removing ipv4 is hard but possible

https://vimeo.com/291585392

a short update on BBR version 2:

  • now is more TCP-fair (vs reno/CUBIC)
  • more experience in different theaters (India, Japan)

still an active research / work in progress, but might worth trying in prod given fairness just upgrade your kernel to 4.9+ and configure sysctl

#tech #research

9 January 2019

https://nymag.com/intelligencer/2018/12/how-much-of-the-internet-is-fake.html

the [eyeball] #internet is fake: fake eyeballs, fake content, fake businesses

17 January 2019

https://blog.apnic.net/2019/01/16/bgp-in-2018-the-bgp-table/

on BGP default-free zone growth 1. no single authoritative view of the table 2. table is huge and expected to grow more, closer to 10^6, should the trend continue

#research #internet

24 January 2019

https://blogs.dropbox.com/tech/2019/01/the-scalable-fabric-behind-our-growing-data-center-network/

how dropbox builds its network

#networking

25 January 2019

https://www.zdnet.com/article/internet-experiment-goes-wrong-takes-down-a-bunch-of-linux-routers/

RFC6811,8097,8481 testing went wrong when announced to default-free zone

“We’ve performed the first announcement in this experiment yesterday, and, despite the announcement being compliant with BGP standards, FRR routers reset their sessions upon receiving it. Upon notice of the problem, we halted the experiments,”

“Stopping the experiment is only treating symptoms, the root cause must be addressed: broken software,”

#research #internet #reliability

30 January 2019

https://www.t-mobile.com/news/600-mhz-5g-call

in the meantime, 5G network is coming online in the US

#tech

3 February 2019

https://www.reddit.com/r/networking/comments/aljp82/perspectives_on_sdwan/efer0pr

here’s one short-term success story for SD-WAN magic:

  • you can forklift L3VPN out and put best-effort class connectivity onto your sites
  • you’ll enjoy algorithmic optimisations
  • you’ll love centralized management pane for your deployent

#networking

5 February 2019

https://medium.com/@moondev/my-adventure-adding-10gbe-networking-to-an-intel-nuc-for-esxi-via-thunderbolt-3-pcie-expansion-1d6a627ffea4

oh! so you can upgrade the NUCs!

nice story about retrofitting a small PC with a 10GE card

#networking #tech #tools

2 March 2019

https://mailarchive.ietf.org/arch/msg/v6ops/uXqC-rOES7MfPPCsG8Fm–NGKJo

a summary of all things wrong with #ipv6

also showcases how weak consensus of IETF isn’t perfect at producing the best possible protocols

#networking

16 March 2019

https://code.fb.com/data-center-engineering/f16-minipack/

things to consider when your datacenter gets biggish

  • multiplanar topologies interconnected by more multiplanar topologies
  • using new ASICs for optimized in-chassis topology
  • designing hardware both yourself and partnering with vendors

#networking #tech

20 March 2019

https://www.theregister.co.uk/2019/03/19/putty_patched_rsa_key_exchange_vuln/

new version of PuTTy fixes several vulnerabilities

Among them:

  • A remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification
  • Potential recycling of random numbers used in cryptography
  • On Windows, hijacking by a malicious help file in the same directory as the executable
  • On Unix, remotely triggerable buffer overflow in any kind of server-to-client forwarding
  • multiple denial-of-service attacks that can be triggered by writing to the terminal

get your updates asap at https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

#tools #networking

24 March 2019

https://who.paris.inria.fr/Leo.Perrin/pi.html

everything you wanted to know about backdoor in Russian GOST crypto but were afraid to ask

TL;DR: the properties of substitutution table strongly suggest presence of exploitable flaw; for all practical purposes, we should consider it a backdoor

#infosec

25 March 2019

https://spectrum.ieee.org/view-from-the-valley/at-work/tech-careers/oracle-swings-the-layoff-axe-and-clearcuts-teams-of-engineers

massive layoffs from engineering and eng.management

thoughts and discussions here: https://www.thelayoff.com/oracle as of this Tging, nobody is sure even how the layoffs are decided, seem to be random

the lesson is: whatever you do with your career, don’t go Oracle

#business

27 March 2019

https://www.cisco.com/c/dam/m/digital/elq-cmcglobal/witb/1948933/CybersecuritySeries_THRT_01_0219_r2.pdf

#cisco Cybersecurity Threat Report Feb 2019

#infosec

6 April 2019

https://builddaylive.com/uncategorized/intel-announces-processors-optane-dc-ethernet-800-at-data-centric-innovation-day/

new CPU series, more Optane memory, new NICs

just an announcement, but it shows a bright future for compute

#tech #business

https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_01A-2_Yun_paper.pdf

Ginseng: Keeping Secrets in RegistersWhen You Distrust the Operating System

any mobile and embedded apps possess sensitivedata, or secrets. Trusting the operating system (OS), they oftenkeep their secrets in the memory. Recent incidents have shownthat the memory is not necessarily secure because the OS canbe compromised due to inevitable vulnerabilities resulting fromits sheer size and complexity. This work aims to support third-party apps without growingthe attack surface, significant development effort, or performanceoverhead. Our solution, calledGinseng, protects sensitive databy allocating them toregistersat compile time and encryptingthem at runtime before they enter the memory. For example, a Ginseng-enabled web server, Nginx, protects the TLS master key with no measurable overhead

Also notable:

  • by keeping secrets in registers, Ginseng naturally protects them from cold-boot attacks
  • Although OpenSSL, a TLS library used by Nginx, sanitizes session keys when a session ends, it saves thethe master key in the memory for five minutes for session resumption, which is vulnerable to a compromised OS.

#infosec #research

https://blogs.cisco.com/enterprise/catalyst-6500-switches-celebrate-20th-birthday

The famous 6k turns 20; next year it’ll be old enought to drink! 🤪🥳🎆

#cisco

https://www.microsoft.com/en-us/research/blog/evercrypt-cryptographic-provider-offers-developers-greater-security-assurances/

a formally verified cryptoprovider, guarantees with mathematical certainty your communications will be confidential and protected

notably, used by Firefox and MSFT’s QUIC implementation (which might be abandoned, in light of Edge surrender to Chromium, so…)

#infosec

13 April 2019

https://www.youtube.com/watch?v=NiqjL26zIXk

Kristian goes through the core things a modern SP network automation is composed of: - completeness - models - validation

Why? Robustness is important for critical systems

#tech #networking #automation

21 April 2019

https://www.youtube.com/watch?v=dqzy7wyi1M4

where as-code means idempotency, Version Control-ability, Predictability

experience from a PaaS vendor faced with scaling implementing #automation

  • source of truth is important
  • network design is important
  • homogeneity is a unicorn
  • idea: manage any resource as DHCP manages IPs

#networking

https://www.youtube.com/watch?v=xDuwrtwYHu8

a way for distributed long-lived processes to appear to have eventual transactional semantics without common clocks

i.e. how to transaction transactions

#thinkdistributed

5 May 2019

https://www.youtube.com/watch?v=zWgq6sd1Ols

a brief introduction to the Pet/Cattle nomenclature

  • why do we want to treat your systems as cattle, not like pets
  • how this methodology gets rid of the need to vMotion between sites or any permutations of that idea
  • some high-level designs

My take: this concept is important going forward, and we can apply it in a larger context, not limited to apps or virtual machines; #networking elements (routers and switches) are often treated as pets, but clearly that does not scale. It also creates a measure of technical debt with unique configurations diverging from the standard

#tech

https://www.youtube.com/watch?v=s45Uyz1hVsw

for those a little too busy to read the great Networking Problems and Solutions, Russ White provided a concise 23-minute summary

  • introduction to complexity
  • abstractions and connecting #tech to #business
  • how to make sense of it all through models

#research

10 May 2019

https://www.youtube.com/watch?v=EIh9udU2GXM

updates on routing security by Job Snijders

  • RPKI invalids and how they happen
  • argument for ‘invalid=reject’ policy - time to act - effectively collective coercion
  • false-positive RPKI reduced 50% in the last 6 months
  • validation #tools
  • IRR cleanup

#networking #internet #research

https://blogs.akamai.com/2019/02/protecting-your-domain-names-taking-the-first-steps.html

a thourough examination of DNS security from organizational perspective

#infosec #business

21 May 2019

https://alexwlchan.net/2019/05/falsehoods-programmers-believe-about-unix-time/

These three facts all seem eminently sensible and reasonable, right? 1. Unix time is the number of seconds since 1 January 1970 00:00:00 UTC 2. If I wait exactly one second, Unix time advances by exactly one second 3. Unix time can never go backwards

Not false as such, more like imprecise, because Time is straaaaaange.

These facts about time have implications for distributed clocks, necessary in some consistency models.

#justforfun #thinkdistributed

29 May 2019

https://www.youtube.com/watch?v=yJbqnOdD3cg

oldie but goldie

why using BGP in your datacenter is better than an IGP

design considerations, limitations for building a well-siloed network, working around them for scale

also showcases a multi-plane single-level spine design

#networking

30 May 2019

https://twitter.com/TubeTimeUS/status/1133904087097851904

the insides of an SFP DAC cable

#tech

8 June 2019

https://www.potaroo.net/ispcol/2019-06/bgp30.html

BGP turns 30 this month!

a great read on its history, progress, and future

#history #networking #internet

25 June 2019

https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today/

This should never have happened because Verizon should never have forwarded those routes to the rest of the Internet.

#internet #reliability #networking #bgp

27 June 2019

https://tools.ietf.org/html/draft-iab-protocol-maintenance-03

AKA robustness principle considered harmful

Jon Postel’s famous statement of “Be liberal in what you accept, and conservative in what you send” is a principle that has long guided the design and implementation of Internet protocols. The posture this statement advocates promotes interoperability in the short term, but can negatively affect the protocol ecosystem over time. For a protocol that is actively maintained, the robustness principle can, and should, be avoided.

#internet #research

https://medium.com/s/story/notes-to-myself-on-software-engineering-c890f16f4e4d

many of these principles are readily applicable to a wider range of engineering disciplines

#worthreading

28 June 2019

https://www.bondcap.com/report/itr19

fresh out of the press, the #internet trends:

  • 50% global coverage

  • coverage, market cap growth slowing down
  • most users in APAC, most coverage in Europe
  • advertizing is growing ~20% y/y
  • internet beats TV in time spent

If you are running any business, read in full!

#research

https://twitter.com/noledge/status/1144184850703888384

who-owns-who in the #wifi world

#business #research

29 June 2019

https://twitter.com/jgrahamc/status/1144272344803946496

Cloudflare supports telegram as DNS transport

#internet

30 June 2019

https://blog.cloudflare.com/the-deep-dive-into-how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-monday/

a deep[-er] dive on the same issue, now with more concrete data and methodology

#internet #research

11 July 2019

https://www.hbs.edu/faculty/Publication%20Files/3.26%20Evidence%20of%20Decreasing%20Internet%20Entropy%20updated%20version%2032118_11908ee1-3085-451d-9597-e64ccc10e242.pdf

Evidence of Decreasing #internet Entropy: ​The Lack of Redundancy in DNSResolution by Major Websites and Services

This paper analyzes the extent to which the Internet’s global domain name resolution (DNS) system haspreserved its distributed resilience given the rise of cloud-based hosting and infrastructure. We explore trendsin the concentration of the DNS space since at least 2011. In addition, we examine changes in domains’tendency to “diversify” their pool of nameservers – how frequently domains employ DNS managementservices from multiple providers rather than just one provider – a comparatively costless and thereforepuzzlingly rare decision that could supply redundancy and resilience in the event of an attack or serviceoutage affecting one provider.

The paper starts with providing a primer on DNS workings, then explores DNS #reliability and economics

select findings:

  • a number of DNS service providers managed to significantly increase their proportional share of the DNS space in that timeframe, beginning to consolidate control of DNS services. Thelinearity of the trend is striking – gains in concentration have been relatively consistent in the long run despiteyearly fluctuations.
  • percentage of share held by the top 8 providers more than doubled betweenNovember 2011 and May 2017, increasing from about ​24%​ to about ​59%.
  • expansion of AWS and Cloudflare (which collectively handle about a third of the entire space) is particularlystriking, signalling the increasing influence of multi-service cloud-based platforms in the DNS space
  • Entrant domains tended to use CloudFlare and AWS at muchhigher rates than original domains and used Akamai, Dyn, and Neustar relatively less than original domains.
  • external DNS hosting rapidly overtook self-hosted DNS in the periodbetween November 2011 and May 2017. The percentage of domains managed entirely by external DNS hosting providers grew from 32.9% to ​65.7% ​over that period
  • showed that the majority of domains are not taking advantage of this opportunity for resiliencethrough diversification
  • customers of some externally hosted DNS providers tended to diversify much morethan others
  • near-complete lack of diversification is a product of Cloudflare’s security model,which requires that DNS traffic is routed through the Cloudflare network … does not allow domains to register a secondary nameserver managed by a different DNS provider.

#research #business

https://xconomy.com/national/2019/07/08/future-of-the-internet-what-scares-networking-pioneer-radia-perlman/

An interview with Radia Perlman

Notable quotes, totally out of context:

  • English is a horrible language
  • for instance, Spanning Tree Protocol. It was a hack that I thought would live for, like, six months
  • in 1983, my manager said, “Hey, people want to have their applications work across networks, from one net to another.” The right way to do that was to have the computers at the end nodes put in Layer 3, but that was going to be a lot of work
  • People think Ethernet is a great success, but it has nothing to do with what was originally designed; it just has the same name. It has the same packet format. But the real cleverness was this contention protocol for sharing a link
  • Information-centric networking? I think that’s total garbage, honestly
  • we should just have an asteroid hit the Earth
  • people say, “Oh, blockchain will solve that,” and that’s total nonsense

there is also an argument against end-to-end principle if you read between the lines

#internet #history

30 July 2019

https://www.ernw.de/download/RIPE78_ERNW_Tutorial_IPv6_Security_EnterpriseOrgs.pdf

a fresh (RIPE78) tutorial on #ipv6 #infosec

tells you why RA Guard MUST be enabled by default, among other things

https://blog.apnic.net/2019/07/29/opinion-some-not-so-private-thoughts-from-ietf-105/

notes on the state of privacy as we have it today

#research #infosec #policy

https://arxiv.org/pdf/1906.07415.pdf

**A Performance Perspective on Web OptimizedProtocol Stacks: TCP+TLS+HTTP/2 vs. QUIC

**_#research In this paper, we seek to close this gap by parameteriz-ing TCP similar to QUIC to enable a fair comparison. Thisincludes increasing the initial congestion window, enablingpacing, setting no slow start after idle, and tuning the kernelbuffers to match QUIC’s defaults. We further enable BBRinstead of the CUBIC as the congestion control algorithm inone scenario. We show that this previously neglected tuningof TCP impacts its performance. We find that for broadbandaccess, QUIC’s RTT-optimized connection establishment in-deed increases the loading speed, but otherwise compares toTCP. If optimizations such as TLS 1.3 early-data or TCP FastOpen were deployed, QUIC and TCP would compare well.

**contributions: *** We provide the first study that performs an eye-level com-parison of TCP+TLS+HTTP/2 and QUIC. *Our study highlights that QUIC can indeed outperform TCP in a variety of settings but so does a tuned TCP. *Tuning TCP closes the gap to QUIC and shows that TCP is still very competitive to QUIC. *Our study further highlights the immense impact of choiceof congestion control, especially in lossy environments. *We add QUIC support to Mahimahi to enable reproducible QUIC research. It replays real-world websites in a testbed subject to different protocols and network settings.

takeaway: Basically, for many cases using a tuned TCP stack renders results just as good or rather _good_enough as QUICK; no need to rush a migration

1 August 2019

https://github.com/SystemsApproach/book/blob/v6.0/published/book.pdf

Сomputer Networks: A Systems Approach, now available under terms of the Creative Commons (CC BY 4.0) license.

#networking #study

20 August 2019

https://play.vidyard.com/YdcEdiPdds6CQntkeiZAeC.html?autoplay=0&custom_id=&embed_button=0&v=3.1.1&viral_sharing=0&autoplay=1&auto_play=true

The Theory and Practice, Practice, Practice of AWS Operations

  • how AWS thinks about operational risk
  • how AWS deploys
  • how SAFE works

slides: https://www.slideshare.net/AmazonWebServices/the-theory-and-practice-practice-practice-of-aws-operations-aws-summit-sydney

#reliability

21 August 2019

https://docs.fcc.gov/public/attachments/DOC-359134A1.pdf

what took down Centurylink network

#networking #design #reliability

17 October 2019

https://venturebeat-com.cdn.ampproject.org/c/s/venturebeat.com/2019/10/16/pensando-systems-raises-145-million-for-custom-hardware-that-processes-data-at-the-edge/amp/

ex-CSCO Mario-Luca (think of the teams who brought you Cat6k, UCS, Nexus, ACI) are back in #business after parting with Robbins

“The team behind Pensando has worked together for more than 25 years and have an unmatched track record of disruptive innovation,” said Chambers.

#networking

18 October 2019

https://github.com/network-node/ise-profiles

if you need some device profiles for your #cisco ISE

#infosec

08 January 2020

https://sha-mbles.github.io/

SHA-1 is now broken, the attack was made practical by this group, with cost below 100k$, prognosed to become ~10k$ in the near future Good short read on the problem and its implications for security.

Paper: https://eprint.iacr.org/2020/014.pdf

#research #infosec

https://www.reuters.com/article/us-internet-domain-sale/internet-nonprofit-leaders-fight-deal-to-sell-control-of-org-domain-idUSKBN1Z62MW

continuation of a story where a group of people found a “perfectly lawful” way to profit off non-profit

their scheme is:

  1. using their regulatory power remove price limits from .org
  2. sell management rights to a private firm owned by their friends
  3. PROFIT!

#internet #business #policy

29 January 2020

https://www.cs.utexas.edu/users/EWD/transcriptions/EWD08xx/EWD831.html

if you’ve ever wondered why /in sensible programming languages/ arrays start at 0 (besides the obvious memory addressing mechanics)

#research

08 February 2020

https://thespinoff.co.nz/partner/chorus/04-02-2020/ten-years-older-and-a-whole-lot-faster-a-short-history-of-ufb1/

there are two key parts to this story:

  1. the local economy benefits from fast internet access
  2. the local economy benefits from splitting regional telecom monopoly

#internet #business #policy