This is the fastpath - quick notes only, minimum commentary, single page.

Askbow fastpath

1 November 2016

Google, Apple, Mozilla distrust WoSign & StartCom CA

Future: Net #vmware #conference #networking

Updated October 2016

#cisco #design #IWAN #CVD

next comes a malware that pretends to be a BSOD 😉

#windows #infosec

SonicWall is now independent of Dell

#infosec #networking #business

2 November 2016

Anti-malware software by Cisco for computers - new Immunet Pro?

#infosec #cisco

Cisco UCS S-Series Storage Servers - update of the UCS C3000 series

#storage #servers #cisco

A dedicated network tap for easy packet capturing - USB3

#networking #tools

Interesting statistics and a dump of passwords used by attackers

Also, shows that mirai attacks start as soon as 6 minutes after the host becomes available.

#infosec #iot #research

A story of Richard Feynman’s contribution to computer science

#history #person #cs

4 November 2016

Zmap - a very fast port scanner Though it scans only one port per IP, you can quickly find every host with that port open - even in a very big network

#infosec #tools

For those of us who remembers the good ol’days

#history #technology #networking

7 November 2016

How one exports TLS certs from an expressway server

#uc #infosec #cisco

An anatomy of security exploitation This presentation is more theoretical CS than last yaer’s “how security flaws work” writeup on Ars

#infosec #cs

New speedtest entered beta stage - HTML5, mobile layout By Comcast - so probably comes as one of the results of the recent hackathlon

#networking #troubleshouting #tools

a little glimpse into microwave radio networking

#technology #networking

Not the first time I read about key people leaving Cisco recently

#cisco #business

8 November 2016

Cloud services are not five-nines reliable, no matter how some people would like others to believe in magic

#cloud #reliability

reiteration of the fact that IaaS isn’t cheaper (longterm) for many usecases compared to buying hardware

#cloud #business

9 November 2016

one very useful StEx Q&A; notable mentions:

nslookup . dig +short curl wget -qO-

#tools #networking

10 November 2016

password-stealing by way of monitoring your phone’s wifi signal

there are already a few methods to counteract it (shuffling the numbers on the keypad each time for one), so paranoia level remains at yellow

#infosec #wifi

12 November 2016

a DTMF tone sample generator

#uc #tools

#cisco ISR 4k datasheet was updated recently with the new 4221 model looks like it’s there to kill the 1900/800-series

#networking #devices

15 November 2016

fresh and already patched in upstream, so just wait for #cisco and other $vendor to update


another DoS for many firewalls, problem in ICMP handling

#cisco ASA, sonicwall, palo alto, fortinet are vulnerable; iptables, windows firewall, pfsense are not


- companies are starting to refresh network equipment earlier - 76% of network devices have at least one known vulnerability and nobody is patching - adoption of IPv6-ready devices has risen - only 26% of incidents are mitigated by support contracts

#infosec #networking #business #reliability #research

16 November 2016

new release of ESXi

#virtualization #vmware

19 November 2016

Rear Admiral Grace Hopper was awarded POTUS Medal of Freedom

#cs #history

a recent study that shows that competition between ISPs and introduction of higher access speeds is good for the customers; no surprise, but now we have research data to back the claim

#research #isp #business

now 1. make this USB-key sized, 2. distribute a few around any office building … PROFIT!

#infosec #tools

discovered a neat 2FA system compatible with #cisco anyconnect the downside is it’s a “cloud” offering, so not everybody will like it

#infosec #tools

21 November 2016

some practical applications and challenges in MP TCP delpoyment

#networking #technology

Networking @Scale Boston 2016 conference recordings

#networking #cloud #conference

22 November 2016

discovered this collection of data on global IPv6 deployment; looks like an aggregation from other sources

#ipv6 #networking #cisco #tools

the story of GitLab leaving AWS for baremetal servers to support their growing storage performance needs - once again demonstrates the limits of cloud computing

#cloud #business

on the use of FPGAs between network and servers for service/network acceleration

#networking #cloud #research

24 November 2016

there’s a HUGE celebration at AT&T / Verizon HQ, this thanksgiving they are thankful to Trump

#networking #policy #isp

while #cisco is investigating, those of us who run #linux are updating


25 November 2016

so yeah, you can put a datacenter down by being very loud

also, test your fire suppression system after installation, not during operation

#technology #business #reliability #storage

personal information of thousands of people was leaked due to a single laptop compromise this is telling, security is often a matter of one weak link failing


maketh one contemplate much about #cisco internal politics at play in these occasions who’s to say it’s good that so many veterans are leaving to pursue positions with competitors in such a short timeframe after new CEO comes to chair?

#business #people

26 November 2016

Bruce Schneier testified in front of a HoR committee on the problems with IoT and Internet in general, recognizing the growing need for regulation

#infosec #policy #people

Avaya is indebted and on the brink of bankruptcy? huh…

#business #uc

29 November 2016

use sprobe to measure bandwidth between hosts when installing a remote agent is not an option PDF version of sprobe paper follows (thanks to Vadim Gabel for conversion) #tools #networking #cs

1 December 2016

a realistic look at the most common #cloud provider wannabe pitfalls


never underestimate the bandwidth of a truck full of hard drives speeding on a highway, they said

#technology #cloud

#CCIE infrastructure datacenter video tour - quite interesting to have a peek at how they do the #wireless racks

#cisco #networking #technology #servers

ok, this was unexpected: SUSE buys OpenStack and CloudFoundry from HPE, engineering force included

#business #cloud #linux

3 December 2016

it’s no secret #cisco and apple were working together a lot to make wifi on the iphones better for years so here’s another glimpse at what was gong on in that area recently

#networking #wifi

a new #cloud service by amazon targeted at the market currently served by digital ocean and a plenthora of VPS providers at the moment, the pricing model is almost exacly like that of DO, but the service is provided from us-east-1 region only (probably subject to change)

#business #servers #virtualization

interesting severe bug in #cisco nexus 9k - when dst MAC address starts with 4 or 6, the packet is dropped - something with VPLS: does not affect normal processing - happens because software sets a flag wrong wen programming the ASIC (from a follow-up in nanog mailing list) - as Pete Lumbis puts it, it’s the classic “look at the nibble to determine if ethernet or IP under label” problem

#networking #technology #reliability #troubleshouting

what can I say?



#business #sswa

6 December 2016

a concise opinion on what #cloud providers should do: >Enterprises want cloud computing providers to provide the basics, > provide those basics without outages or security issues, and meet > their SLAs. The rest is fluff.


on the security of phone-based two-factor authentication TL;DR: ditch it, use other means or at least setup a Google Voice


7 December 2016

sneaky, attacks Flash in IE;


8 December 2016

a survey of computer skills among people of OECD countries

#business #technology #policy #cs

interesting tool to learn encryption

#infosec #tools

9 December 2016

#tools #hardware

13 December 2016

intercloud eol well, let’s still wait for an official announcement

#cisco #cloud #business

i hope we’ll see a technical postmortem on this made available to public but what’s clear is that an “enterprise-grade” storage system with redundancies, failsafes, and backups, is still a single failure domain

#storage #hardware #reliability

while some are closing public #cloud #business others open doors to a wider range of enterprise customers go figure

so yeah, there are bugs in that industry’s computers too reminds of an old joke “if operating systems were airlines”: you have a chace to hang midflight


28 December 2016

a discussion of recent attacks on DNS and possible mitigations Personally, I’m inclined towards option 4 (IP filtering)

#infosec #networking #technology #research

for those interested in keeping up with time, an updated NTP BCP #rfc includes such important information as: - leap second handling (we’ll have one quite soon) - ntp security - usage guidelines

#infosec #technology

“…we should write and read more, link more often, and watch less television and fewer videos—and spend less time on Facebook, Instagram, and YouTube”

#it #society

a concise analysis of AWS newest feature - the DDoS protection $AMZN continues to disrupt incumbent services / devices I see that they are targetting a rather narrow band of consumers though, so there’s always room for others under the sun

#cloud #business #infosec

a practical and already automated attack on the payment system that allows for card data to be obtained I bet some bank’s antifraud would stop this early, but then not every bank round the globe is that good


some light reading: fascinating phone fraud stories

#infosec #isp

6 January 2017

I hope there’s more to come, as this seems to be the only way the situation can ever be set right

#business #networking #infosec #iot #policy

8 January 2017

hate the paywall, but this article on AlphaGo is rather interesting chief takeout is, we don’t readily understand its way of decisionmaking, but it’s very good at one of our games

#business #iot #people #history #Accomplishments

this wasn’t the first time something like this happened and many have been predicting this outcome for years, so no surprise that voice-activated tech is vulnerable to such attacks

#iot #infosec

12 January 2017

and here’s an attack which can’t be normally heard by humans; works great for exploiting voice command vulnerabilities mentionned above

#iot #infosec

21 January 2017

I said it before and I say it again: Symantec & co. should be distrusted web as we have it is fragile enough in this respect

#infosec #business

Avaya filed for bankrupcy

#business #uc

privacy is a right or at least it was considered as such during Obama’s time well, at least in speaches

Bruce Schneier mentions that the document was deleted from during Trump transition so much for preserving freedoms for future generations

#policy #infosec

1 February 2017

at least two major organizations in computing have publicly reacted to Trump’s ban IETF apparently will move the next meeting out of the USA

#policy #cs

4 February 2017

Consequences of Unhappiness While Developing Software

I daresay this applies to other engineering jobs as well

#research #people

Cisco Annual Cybersecurity report 2017 (i.e. it covers 2016)

#research #infosec

8 February 2017

I really wish all laptop vendors allowed configure-to-order in this simple and comprehensible no-nonsense way


networkers on twitter/reddit already found that despite the trigger being the quartz, the real problem lies in faulty Intel Atom C2000 SoC

see also:,33538.html

at the moment, we know that #cisco is the only vendor to come forward about the problem; but the same SoC is used also in Synology NAS appliances, HPE 6921/6941 switches and in many other devices

#tech #business #reliabilty

11 February 2017

finally there’s some meat to that empty shell released earlier this year

#policy #infosec

Windows version of Mirai fascinating


13 February 2017

The security impact of HTTPS interception

i.e. MITM of TLS considered harmful

#research #infosec

Adi Shamir’s predictions for #infosec

a great collection, useful for travellers


14 February 2017

#policy #windows #linux

well, somebody must be investing in space exploration at all times - it was fruitful before, and all of humanity will reap the benefits of continuing these endeavours

#policy #research

the sunset of the Moore’s law? apparently Intel hit a roadblock and won’t go beyond 14nm (and as such won’t be packing much more transistors on the same die)

#hardware #research #business

16 February 2017

Intel breaks tick/tock, $MSFT breaks patch Tuesdays the end in nie, mark my words!



17 February 2017

last month’s Google cloud downtime explained. sort of.

#business #reliability

unlimited internet access plans return to US ISPs offering after 6 years of absence what’s still bothering me is the tethering restriction; if I pay for my bandwidth, what do they care how I use it? It’s like an electricity company saying I can’t use an extension cord


that’s actually rather disturbing

#iot #infosec #policy

18 February 2017

some points are questionable, but overall - a good security advice


as usual, many points are applicable to any engineer


so, #cisco now is definitely a security vendor

#business #infosec

brief history of how UDP was introduced

that actually goes a bit au contraire to what I’ve read in “Where wizards stay up late” and “OSI: the Internet that wasn’t” so cool to get another perspective on these events that led to networking as we know it today

#history #research

19 February 2017

continuing on UDP goodness

TCP might be nice (not for long links though), but UDP gives you (the app developer) more raw control over communication


20 February 2017

the IETF is patnering with the National Library of Sweden to archive RFCs

#policy #history

21 February 2017

how to manage a network engineering team not only for devops

#networking #management

or why it is important to be well versed in regex if you use them for whitelisting

#tools #infosec

18./8 was assigned to MIT so long ago…


a short bit about 60GHz wifi


23 February 2017

the most interesting thing I learned from this post is that Salesforce has several dedicated security research teams

otherwise, the post documents the discovery process of a few vulnerabilities in a Meraki-branded #cisco product oh, and there’s part two!

#infosec #research

24 February 2017

where the author describes good reasons for moving from 10GBASE-T to SFP+ ports


SHA1 collision found, and it’s cheap (compared to bruteforce) Google plans to release the code in 90 days

they did it on GPUs, but I expect someone to make an ASIC farm within a year


just 700k$ + 80k$/year for 1000VMs monitored that’s just the platform (i.e. the tool), add the (rare) expertise to run it and more to actually make use of it; I wonder what the bottom line is estimated to be over 5y.

As I don’t have relevant experience, I also have little but wonder about how a cost like this is recovered. Note that it’s a tool used to monitor other tools, which are used to run other tools…

#tools #cloud #business

some answers as to why ipv6 is still underdeployed

#tech #policy #networking

an RFC draft that outlines the basic requirements an ipv6 CE router should meet

#rfc #policy #networking

from the tone of this one (with fat attempts at sarcasm) it will eigher become April 1st ‘17 RFC or will break some egos in IETF

also, notice that it’s in the 4th edition, so must be quite mature already and will be ratified SOON

#rfc #policy

25 February 2017

a very comprehensive study of Carrier-Grade NAT deployments

#networking #isp #research

oh my so #cisco are really killing the “classical” ASA series…


the most popular terminal emulator for windows gets a new release

PuTTY 0.68 released, containing ECC, a 64-bit build, and security fixes


26 February 2017

some motivation for those still slacking


the devices to replace recently EOS #cisco ASA

#networking #tools #infosec #hardware

1 March 2017

it’s the second internet-scale problem (since #cloudbleed ) the world experiences just in one month

my guess is, they tried to do something about SHA-1 collision and it started killing back-end nodes like wildfire

#cloud #reliability #awsdown

an evil-minded virus that spreds through temptation and blackmailing fascinating

#infosec #research

a great summary of everything deep learning


how DNS works in TOR networks

#infosec #tech #networking

the paper describes some technical details of how the recent SHA-1 collision was found, the computational cost of the procedure and the limitations

#research #infosec

2 March 2017

The Security Impact of HTTPS Interception

both commercial middleboxes and antivirus products are found to degrade security for the end-user

#infosec #research


6 March 2017

the real reason behind Veeam not working on free ESXi what a shame

#business #tools

7 March 2017

details of a spamming operation uncovered due to them being sloppy with backups

#business #infosec

so, lots of tech talent will be affected

#policy #business

8 March 2017

dropbox are opensourcing their interactive security alert helper

#tools #infosec

so, that’s how avaya is handling their financial problems twitterpeople say it’s a good move for extreme


#cisco is being cisco, i.e. being honest in talking about #infosec problems their equipment has they admit the problem and saying they’re working on it


9 March 2017

interstingly, mikrotik is another #networking vendor that is mentionned in the leaked docs a lot

so here’s their official response quite good, honest, consise and to the point

#infosec #business #policy

akamai’s state of the internet Q4 2016 report

#tech #business #research #internet

12 March 2017

BGP support coming to #cisco meraki devices


13 March 2017

Current Hostname Practice Considered Harmful

fresh RFC to inform us on privacy problems arising from common ways to use hostnames

#rfc #infosec

18 March 2017

a reminder that nothing is ever fully secure: given enought motivation, some people are capable to remotely get around some of the most effective security measures: sandboxing under a VM


20 March 2017

-6500, are you connected to the CIA? -…

#cisco #infosec #policy

24 March 2017

VRF support in-kernel not another namespace, just a thin layer

#tech #networking

motivation to de-trust Symantec certificates

#infosec #policy[published]~objecttype~objecttype[document]

newest edition of vmware’s SD DC validated design


27 March 2017

on proliferation of cellphone tracking systems in use by law enforcement agents

#tech #policy #infosec

30 March 2017

#cisco has decided (at last) on a strictierish schedule of #CCIE revisions seems reasonable

just discovered new #cisco 2960L switches


Mikrotik User Meeting - new products announced


31 March 2017

VM isolation is a myth


1 April 2017

wonderful thread about how to use printers to hack networks




“…Across the federal government, about 90 percent of all spending on cyber programs is dedicated to offensive efforts, including … developing the means to disable or degrade infrastructure”

I’ve come across a report recently (you can easily google it, so it’s sorta public) internal to a specific Russian infrastructure org; there they claim that “they haven’t been breached ever” and don’t understand the monetary gain from hacking them, thus they conclude they don’t need to improve #infosec [anymore]. #naïveté <-new tag, yay!


who’ve ever believed that “smart tv” was a good idea ever - they spy on you - they are yet another channet to influence you - they can be hacked over the net - [with this news] they can be hacked over the air en masse by anybody

#infosec #iot

2 April 2017

#cisco 3850 switches now support VSS aka remote stacking

#tech #networking

3 April 2017

new April1st RFC, enjoy!


4 April 2017

new cool way to breach airgap: accelerometer spoofing

#iot #infosec

what was special about Xerox PARC - where maybe half of today’s networking and computing originated

#research #networking #history

the story behind 9600 bps modems, 300 bod

#history #networking #tech

13 April 2017

IKEA’s Trådfri is an example of #iot security not perfect but as close as it gets


a very good technical publication about common #wifi antennas, their radiation patterns and other parameters

#tech #networking #mustread

16 April 2017

old computer photoblog - just for fun

#history #tech

24 April 2017

an open source network access control system

#networking #infosec

26 April 2017

this RFC draft proposes to update the minimum recommended modulus length for DH groups to 2048 quite a reasonable proposition, given the developments of the last few years


2 May 2017

#cisco is buying an SD-WAN vendor Viptela


3 May 2017

where the authors show why pure statistics without data are useless


11 May 2017

oldie-but-goldie: about password complexity

#infosec #research

12 May 2017

this May’s CCDE exam was cancelled here’s some good thoughts on the event by one of the candidates


a very nice basic config for #cisco #tech

just a bucnh of flash, by Facebook the “why” section has one intersting point: they are going away from [hyper]converged servers (compute/storage) to be able to scale them cheaply and independently also, this config slightly reminds me of (now EOS) #cisco UCS M-series

#servers #storage #tech

13 May 2017

there are some [generally] interesting results there; for example, stale NS records are sometimes still propagated for days after an update


a bit about Unix archtecture evolution

#tech #history

15 May 2017

AFS is an early example of a secure (by its time standards) networked system worth studying

#tech #history #infosec

<— so much this a little sad, but true story of a networking engineer managing their time

#nontech #people

a well-measured opinion on where to go with SD-WAN if you’re a small / medium #cisco shop

#tech #networking

16 May 2017

“Simplicity is a great virtue but it requires hard work to achieve it and education to appreciate it. And to make matters worse: complexity sells better.”

some problems in computing are rather persistent; even Dijkstra wrote about the complexity thing

#history #research

17 May 2017

networking isn’t limited to big $vendors here’s a list of session recordings from Mikrotik User Meetings


what makes #wifi testing unreliable is the spread of client sensitivity

motivation for more gov.t control over information technology industry and yes, #iot damned lack of security

#infosec #policy

how systems software #research was irrelevant in the early 2000, why, and proposed ways out


18 May 2017

a nice detailed step-by-step guide for #cisco VSS ISSU process; I believe the same process should hold for 6500 as well

#tech #networking

a case for using ECC memory in servers and other computers

#tech #reliability

19 May 2017

Sweden’s scientific network SUNET is finished and with great results: - current capacity 7.2Tbps, practially scalable to 107Tbps, theoretically - 688Tbps - Juniper routers form the core - 4.1 exabyte of data a month - 100 Gbps core interfaces - 200/400 in the future - 10/40/100 Gbps access interfaces I think their blog is the best example of how to build public knowledge about what you’re doing and why

#networking #tech #research

22 May 2017

that sort-of settles it: Signal is good enough to use

#infosec #policy

24 May 2017

the reason behind iphone’s lack of #wifi scan kind of apps - lack of public API


Radware’s description of an attack on #iot that doesn’t really spread, but instead targets to destroy the victim devices


25 May 2017

not only for web devs, this concise checklist will be useful to many people


30 May 2017

it overheats, obviously

#lab #tech #research #blog

1 June 2017

several CVEs in linux kernel networking functions can be used for DoS

#infosec #networking

2 June 2017

the state of #IPv6 security in 2015 now I wonder if anything has changed for the better since then

#infosec #networking

the study shows that not everybody has moved to the cloud, nor do they plan to do it in the near future

#cloud #research

a nice way to #IPv6 no “transition” or retention of rather dated ipv4 mentality, but a clean purposeful design of addressing


5 June 2017

some light on the british aiways’ recent datacentre meltdow this might be the second [publicly known] instance in the recent history when the failure on one site was automatically propagated to the remote ones


amazon AWS: custom silicon, custom servers

#cloud #business #tech

6 June 2017

big news: continuing education as a recertification option for ccie/ccde


9 June 2017

state of #ipv6 in the global Internet - deployment is growing both across content sources and eyeballs


what’s happening in the Internet

#business #research

13 June 2017

a case study showing a move from “public” AWS #cloud to private bare-metal openStack in a bank

#business #tech

14 June 2017

#history #tech

16 June 2017

the story of how the iphone as a product was born


18 June 2017,34809.html

end-to-end encryption FTW!

#infosec #policy

some light on the peering and transit costs in different parts of the world

#business #networking

some details on what 5G mobile network economics might look like


21 June 2017

freshest dot11 version is available for download

#wifi #tech #networking

wanna know how new #cisco IPS finds malware in encrypted traffic? here’s their research paper going into the gory details: - no decryption / DPI - machine learning FTW

#infosec #research #tech #networking

and for those so inclined, the open source version of said #cisco IPS (see above)

#tech #infosec #networking

23 June 2017

The Password Reset MitM Attack

discusses ways towards designing a secure password reset process and limitations of popular methods

#infosec #research

24 June 2017

I had my reservations about NBASE-T hype, mostly because its applications were limited (some #cisco dot11ac access points only)

now you can get a NIC for 1-2-5-10G over UTP for $100 and I think it’s pretty cool


10 July 2017

another new BGP RFC, proscribing default routing policy for eBGP sessions the default is a safe one - deny any in and out, so the ops need to explicitly configure policy to allow routes to flow


14 July 2017

#cisco wireless dorm deployment guide


how route lookup is done in today’s #linux

#networking #tech

on how one of the biggest recent IT catastrophies progressed

#reliability #tech

16 July 2017

suddenly, ietf published a renewed #ipv6 standard


18 July 2017

google is modernizing its connection to the Internet

#networking #tech

TCP CUBIC support will be added to Windows (in linux since circa kernel 2.6, i.e. >10 years)

and many other cool enchancements

#tech #networking

21 July 2017

most of this paper is on end-host security in the face of some #ipv6 attacks, but it also shows that important protections should be turned on on the network equipment, namely the RA guard which limits the attack surface a lot

#networking #infosec

google chrome finally completes distrust of WoSign and StartCom CAs; who’s next?


24 July 2017

3des isn’t recommended for anything practical (#networking wise), and outside of that domain you should change keys every 8MB of data


25 July 2017

#nocomment #infosec #networking

#cisco 2017 midyear cybersecurity report

business as usual: increase in spam, more cool malware hitting companies everywhere, flash still a dumpsterfire,


26 July 2017

“Adobe is planning to end-of-life Flash. Specifically, we will stop updating and distributing the Flash Player at the end of 2020” enfin!


27 July 2017

for those of us who are masterful in the art of 3D printing - a mount for AP useful during wireless site surveys

#networking #wifi

for the #iot night is dark and full of terrors

#networking #infosec

BGP Administrative Shutdown Communication new internet standard


21 August 2017

YANG basics - one of the clearest explanations of what’s going on in this area

#sdn #networking

23 August 2017

a nice lecture about what’s going on at google in ML division (plan for at least 45 minutes of listening)


29 August 2017

some notes on vmware licensing

#business #tools

1 September 2017

Does disabling Wi-Fi prevent my Android phone from sending Wi-Fi frames? Abstract: No.

#infosec #tech #wifi

6 September 2017

RIP Solaris


12 September 2017

archives of Telenor’s Telektronikk magazine, which discusses various issues of #networking and SP #business

#worthreading #tech #history

13 September 2017

on the #history and importance of NAT, also how #ipv6 effectively failed


18 September 2017

what the real problems with #ipv6 are and what to do with them security-wise

#networking #infosec #policy

some dirty details on how some #cisco ASIC is constructed

  • it’s more like a GPU, if you ask me, but I’m not proficient enough to be trusted😉
  • run-to-completion in hardware
  • 800Gbps forwarding;
  • they don’t disclose what devices run on it; my guess is ASR

#tech #networking

20 September 2017

#wow EFF leaves W3C over DRM (an abominable tech that shouldn’t exist in a civilized world)

#policy #infosec

21 September 2017

a tool every major site has to have blog:

#tools #networking

30 September 2017

this is what you can do with your network performance if you take control of your application

#tech #networking

rumor is, #cisco is going to kill UCSD

#business #cloud

#wow apple published to open source its XNU kernel

are they trying o one-up microsoft?

#tech #business

2 October 2017

so, NK was basically single-homed all that time?


3 October 2017

how to break DKIM signature validation in email sender verification

#research #infosec

4 October 2017

29/9 - RCA - Storage Related Incident - North Europe

fire suppression false alarm (during scheduled maintenance) resulted in Azure storage backend shutdown, affecting services in North Europe region

note that fire supression system worked correctly, the same way it would anywhere, so $MSFT was just unlucky to trigger it


5 October 2017

quite a good explanation of why no security-minded person would do SSL inspection by decryption in production

#infosec #tech

7 October 2017

yet another air-gap breach, now via infrared capabilities of common security CCTV


10 October 2017

Norwegian Consumer Council tested a bunch of #iot enabled health trackers and concludes that these are bad for privacy


14 October 2017

Vint Cerf’s perspective on some of today’s Internet problems; as often with his interviews, it’s a tad cloudy, but provides food for thought nevertheless

#tech #networking #policy

15 October 2017

akamai’s state of the internet Q1 2017 report

#tech #business #research #internet

17 October 2017

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 Abstract: We introduce the key reinstallation attack. This attack abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use key. This resets the key’s associated parameters such as transmit nonces and receive replay counters. Several types of cryptographic Wi-Fi handshakes are affected by the attack.

#infosec #wifi #research

19 October 2017

Russ White on disaggregating how we think about networks’ “future proofness” by separating hardware from software and applying separate requirements


20 October 2017

on the importance of failures in network operation

#networking #reliability

23 October 2017

the way to 100G DWDM interoperability between four major networking vendors (they did it!)

#networking #tech

24 October 2017

internet peering survey 5y update:

  • 99+% of peerings are informal, symmetric, IX-based
  • “paid peering” and “private peering” is rare
  • strong preference for countries with prevailing rule-of-law

#networking #research

28 October 2017

the old joke about net neutrality made real?


31 October 2017

links to all of #cisco “free” stuff: - trial software - “apps” (i.e. software and tools packaged) - services - (some of the) CCO tools - training


2 November 2017

Gartner MQ for wired & wireless LANs as of October 2017

#networking #business #research

#infosec considerations for MPLS #networking


on feasibility and practicality of using IPv4 RR option for Internet-wide measurements and #research


a detailed overview of BGP EVPN multi-tier Clos network construction considerations for scaling datacenter networks

#networking #tech

7 November 2017

thought this article starts with light things like market and traffic dominance of $GOOG $FB and $AMZN, it goes on to paint a picture of a grim future for the web and the #internet as we know it


a brief note on how Level3 for a brief moment brought down internet service in the US

#reliability #business

14 November 2017

New Linux released!

some of the new kernel’s #networking features: +Generic Routing Encapsulation: Add ERSPAN type II tunnel support. One of the purposes is for Linux box to be able to receive ERSPAN monitoring traffic sent from the #cisco switch, by creating a ERSPAN tunnel device. In addition, the patch also adds ERSPAN TX, so Linux virtual switch can redirect monitored traffic to the ERSPAN tunnel device +IPv6 Segment Routing +lots of performance improvements


the AI future of UC: humans are ready to be conquered

I for one welcome our software-defined cloud-native overlords

#research #business #cisco

15 November 2017

network verification is the future

$MSFT and Cumulus and others are already doing it

#networking #tech #research

16 November 2017

FB open-sourcing thier backbone routing control plane (i.e. they made an IGP)

#networking #research

17 November 2017

how a double outage (power feed and software bug in equipment) partially brought down the biggest native-European infrastructure and cloud provider

#reliability #business

23 November 2017

here’s a concise overview of current peering edge architectures, problems, and #tech It’s a little #cisco XR-centric, so not all cool tech is available on every box


on current use cases, practice, and characteristics of more-specific prefix announcements in BGP default-free zone - in ipv4, 50% of all NRI are more-specifics, ipv6 seems to be growing in the same direction - ipv6 more-specifics observed to be less stable - not considered harmful, though some optimization is possible

#networking #research

24 November 2017

Dropbox’ experience in deploying ipv6 in user-facing POPs also gives insight into multi-layer load balancing strategy

#tech #networking #ipv6

28 November 2017

OWASP group published quadrennial update to their Top10 guide to Web security

#infosec #research

30 November 2017

I guess, AWS now finally competes with Hetzner😉 the offer at launch is 36 HT cores / 512G / 15T NVMe SSD / 25 Gbps

from networking PoV, 25Gbps looks a bit odd: are these machines single-homed? If dual-homed, why can’t use 2x25Gbps capacity? The requirement to support ENA in AMI points to some hidden virtualization (SR-IOV?)

#business #networking

Cory Doctorow’s writeup disclosing the way EFF outed DRM proponent’s true intentions: it’s not about IP rights

#infosec #policy

2 December 2017

- current RTT is 39 hours, something to think about space Internet wise - the systems still work, after 37 Y in flight through radiation and all - JPL people found a way to prolong useful life for 1-2 Y more than prev. estimate

when we all go up in smoke, V’ger will be humanity’s last testament, still flying in the vast emptiness

#tech #reliability

5 December 2017

the important part here is that at some point, nokia realy was considering aquisition of juniper but there was some dealbreaker

does that mean problems at juniper?


8 December 2017

what a neat description of principal LSDB artifacts! worth reading

#networking #tech

16 December 2017

why the internet matters, how dumb pipes #business works


19 December 2017

how #cisco processes ACLs in (T)CAM - a patent worth being a part of #networking #tech textbook

in the current state of their 3-year litigation, this patent is used by CSCO to prevent arista from importing (and thus selling) their products in the US; notice the patent’s authors - both are arista founders who previously worked for CSCO

21 December 2017

#ipv6 xmas tree🎄 is up again!


23 December 2017

some moments of early tcp/ip #history

#tech #networking

19 January 2018

for those who are curious about QUIC ongoing deployment on the Internet - still mostly $GOOG turf - still work-in-progress - lack of client-side support - large body of broken servers - near 6% of traffic - maybe ~1% of domains

#tech #research

20 January 2018

one way to improve delays in networks - instead of full packet discard on congestion, throw away just the payload but forward the header through PQ, thus allowing endhost to issue a NACK, hence improving sender’s reaction to packet loss

there are other interesting things going on in this NDP system

full SIGCOMM presentation: original paper:

#networking #tech #research

23 January 2018

We live in wonderful times: now there are 2x100Gbps NICs you can buy for money and plug into your machine

And I remember being asked “who will ever need 1Gbps - that’s too fast” more than once in my career

#networking #tech

24 January 2018

to put it into less mild terms, “middleboxes considered harmful”

#networking #infosec

26 January 2018

just for the sake of friday, here’s a #networking marketing buzzword generator

“Our product is an agile operational dashboard including an integrated flow-wrangling integrator which will realize a new network paradigm.”

9 February 2018

a very efficient DIY tool for directional antenna aiming

#networking #tools #wifi

18 February 2018

New French cyberdefense policy the most novell and interesting point is arguably that of cyberliability: the makers of products are to be hold liable for product’s #infosec until end-of-life, and strongly suggested to opensource the code after EOL

19 February 2018

a story of a real-life small-scale SDN (service provider) white-box, custom built, openflow

#tech #networking

21 February 2018

#cisco DNA CVD, freshly minted


22 February 2018

A Large-scale Analysis of Content Modification by Open HTTP Proxies

- 38% perform some form of content modification. - 5.15% perform modification considered malicious, of these: - 47% injected ads, - 39% injected code for collecting user information -12% attempted to redirect the user to pages that contain malware.

#research #infosec

Facebook Use of Sensitive Data for Advertising in Europe

Facebook labels 73% EU users with sensitive interests. This corresponds to 40% of the overall EU population. We also estimate that a malicious third-party could unveil the identity of Facebook users that have been assigned a sensitive interest at a cost as low as 0.015 EUR per user.

#research #infosec

Swedish ISP Bahnhof offers broadband connection to the home featuring 10Gbps for ~30 EUR/month

That’s what I call progress


after ~11 years in production (Linux), CUBIC is finally an RFC read that to learn how modern TCP works

#networking #tech #research

26 February 2018

10G intercontinental fiber price has dropped in the last 3Y #networking #business

BBR considered harmful, or a tale of what happens when some Evil Corp develops an unfair TCP

#networking #research

also, that’s why you might want that WAN optimization thing (when phisically moving that server closer to clients is not feasible)


Markov chain-based machine learning employed to optimize load placement (both compute and network)

results of the study show this algorithm was able to place workloads to make more efficient use of network and data centre resources and placed ~5-8% more workloads than other heuristic placement algorithms considered

#networking #research

2 March 2018

basically, the CA industry is broken and needs be dismantled

this week’s fuckup: a reseller had customer’s private keys stored in such a way they were attached to a plaintext email

#infosec #business

This document provides a quick survey of uses of multicast in the data center and should serve as an aid to further discussion of issues related to large amounts of multicast in the data center. (work in progress)


IEEE P802.3bs 400 Gbps Ethernet is now considered practical

not sure why the article mentions that they did it on a single labmda: .3bs requires at least 8 lambdas over two fibers, as far as I can tell

#networking #tech

5 March 2018

talk to your #cisco servers via Alexa / AWS Lambda

#tech #justforfun

7 March 2018

US Department of Homeland Security published a previously “official use only” directive yesterday

they order federal agencies to patch their vulnerable #cisco machines and periodically report on security status

the interesting part everybody is chewing on is, vulns in cisco asa and routers appaently were successfully used to hack into US agencies networks

#infosec #policy

Report AR-16-20173 mentionned in the BOD-16-02 by the US DHS

#infosec #policy

13 March 2018

a very thorough investigation of internet censorship in Turkey and Egypt +includes analysys of DPI #tech used +includes a filter to detect packets injected with such a DPI

#policy #infosec

I think we all can agree with the author here, it is rather strange that Comcast went out of their way to fix the problem on their side without at least trying to extort money

#networking #business

14 March 2018

why we need to shorten effective validity periods, the history of validity periods in CA industry, what’s more to come

in short: buying 3y certs is a waste and goes against your best interests especially right now


15 March 2018

this looks like the latest (Nov’17) public info on work-in-progress RIFT, a routing protocol for Clos networks

#networking #research

16 March 2018

on TCP optimization #tech for mobile packet networks some nice details on how with relatively simple means (i.e. no caching, gzipping, inventing new congestion control, or going into application inspection) we can hugely optimize TCP for long-RTT networks


22 March 2018

critique of ‘killchain’ approach to #infosec in real life, blackboxes considered harmful

We are, today, trying to secure technology we do not understand, against attackers who understand our technology better than we do. Worse still, we’re trying to secure technology that our technology vendors do not understand. What’s missing from the models inspired by military doctrine is that this isn’t a war or a battle, it’s a way of life — it’s forever. And our strategic options don’t include whether to fight, or when, or on what ground. All of those options are in the hands of our adversaries.

28 March 2018

now you can run an OS of your choice on a #cisco nexus switch looks like a #business move to sell more of them to $MSFT for azure who recently published work on Sonic the ability to run NX-OS on any hardware clearly comes secondary

7 April 2018

FortiGate firewalls support $BTC mining as a standard, though hidden, feature

#infosec #business

12 April 2018

nice idea: basically, TOR principles applied to DNS

there are caveats in this paper that still need resolving, for example step 5 of the algorithm as constructed is nothing but handwaving, and it differs from the sequence diagram; moreover, the process on the sequence diagram leaks information to the Recursive server

#networking #research #infosec

16 April 2018

in compliance with EU’s GDPR, WHOIS service as constructed will soon be illegal

#networking #policy

17 April 2018

RIPE is down to refurbished addresses in IPv4 space


“After 43 years, this is the first day that we are announcing - and will be distributing - a custom Linux kernel,” Microsoft’s president, Brad Smith, said onstage at an event in San Francisco.

Microsoft(R) Linux(tm) FTW!


23 April 2018

“a casino was hacked via a thermometer in an aquarium in the lobby.”

S in #iot stands for Security


30 April 2018

Securing Email arXiv:1804.07706v1

everything you wanted to know about email security in one concise study TLS-SMTP, DKIM, SPF, DMARC, S/MIME, PGP, etc.

#infosec #tech

4 May 2018

#history behind the DNS service

  • they were the first to realize that there is value in memorable addresses
  • filtering it would’ve been harder than letting it be public
  • anycast for reliability and easy customer migration


interesting handling of a complex situation by comodo CA:

  • here’s what happened
  • here’s how a wrong decision was made
  • here’s how we are proposing to right it
  • here are our steps to prevent it in the future

#infosec #policy

5 May 2018

a 2012 paper on how to block services such as TOR intelligently, and a few simple ways to work around this method

#infosec #networking #tech

8 May 2018

the author describes the political landscape surrounding nation-state APTs and calls for a more fleshed-out #policy


9 May 2018

>The Google Duplex system is capable of carrying out sophisticated conversations and it completes the majority of its tasks fully autonomously, without human involvement.

So that’s why Google voice and Fi projects exist: to train a novell AI how to talk to humans naturally


10 May 2018

if you only have ~15 mins to spare to learn about the future today, I suggest watching this barebones version of goggle’s keynote (3+ hrs all in all) basically, “AI all the things!”

#futureishere #tech

11 May 2018

IBM moves from sneakernet to something more cloudy


17 May 2018

They did it, with just a 5 vote margin Now though this has to pass through the House, and the POTUS


28 May 2018

google’s GCP most recent incident analysis - that’s the way to write postmortems:

  • impact, root cause (when possible), remediation, prevention

TL;DR: fluke in BGP code caused regional prefixes withdrawal from BGP advertisements, leading to unreachability; mitigated by software rollback

#reliability #networking

if you ever wondered whence comes the majority of parity errors - not only in supercomputers, but in networking equipment as well

#tech #reliability

3 June 2018

as I mentionned elsewhere, BGP will soon surpass HTTP(S) as preferred transport for everything: first we had a chat, now there’s a game of Battleships

#tech #networking

5 June 2018

how the intercontinent fiber cables are terminated on the shore the video also dispels my previous assumption that the undersea cables are at least as thick as my leg due to all the protection required - the deeper they go, the less protection they need, as most of the danger comes from near-shore fishing and anchoring activities

#networking #tech

12 June 2018

how to do SPF routing in BGP for mid-sized Clos fabrics and why would you do that

a fascinating read in protocol design, though I am disturbed by yet another load on top of BGP - the author is right, clearly now only HTTP and SMTP are missing

#networking #tech #research

for anyone wanting to know and use tcpdump, here’s a zine by Julia Evans it’s a quick and easy read and gets you right into practical stuff

#networking #tools

how NetFlow works under the hood in #cisco IOS-XR systems also contains some fresh data on average packet sizes from a real internet router

#networking #tech #research

timeline and reflection on recent #business strategy evolutions at $MSFT

an in-depth (for some definition of depth) exploration of the process under the hood of showing us a webpage


14 June 2018

Outages at colocation facilities and IXPs affect the operation of hundreds of networks. In this paper, the authors show that control-plane messages provide an excellent, yet unexplored source of information that can be utilized to detect peering infrastructure outages in the wild. We develop a methodology to analyze the values of the BGP Communities attribute to accurately detect the location of a peering outage at the level of a building.

other notable findings:

  • We find that 53% of the outages are in Europe, 31% in the US, and the remaining ones in the other regions.
  • The median outage duration is 17 minutes and 40% of the outages exceed 1hour
  • 5% of the monitored 403 facilities fail to meet the 99.99% uptime mark and 18% the 99.999% uptime mark.
  • [after an outage] BGP path re-convergence took about 4 hours until 95% of the paths returned

short presentation on the chief contribution of this paper:

#networking #reliability #research

Liveness—whether or not a target IP address responds to a probe packet—is a nuanced concept without a simple yes/no answer. Responsiveness directly depends on the probe type, the configuration of the targeted host, as well as on firewalling and filtering behaviors at the edge or within networks.

key findings include: (i) TCP and UDP probes increase the population responsive over ICMP by 18%, (ii) comprehensively capturing reply traffic (i.e., taking into account negative reply packets) increases the responsive population by more than 13%, (iii) TCP stacks do not consistently respond with a TCP Rst for non-available services—in our measurements only 24% of hosts with an active TCP stack respond to all the probes, (iv) our concurrent scans allow us to identify nearly 2M tarpits that would bias measurements that do not take them into account, and (v) we report on the correlation of responsiveness across protocols uncovering potential filtering practices.

other notable findings:

  • probe redundancy [sending deferred repeated probes] increases the population of active IP addresses by 2.2%
  • our scans recorded 487M network alive IPs (IPall) out of 3.6B probed.
  • we see that ICMP Echo probes are most effective in discovering network active IPs, revealing 79% of IPall, followed by TCP probes.
  • we find that 16% of IPall can only exclusively be discovered via TCP, and a small but significant ≈2% can only be discovered via UDP probes.

#networking #research

19 June 2018

Enno Rey, Why IPv6 Security Is So Hard

a quick and lighthearted rant about #ipv6 complexity, with the loveliest questions section ever

#networking #infosec

25 June 2018

an overview of #cisco VPP performance

VPP - new-ish software dataplane mechanism, now part of Linux Foundation project developed in collaboration between multiple vendors and #research groups

#tech #networking

an in-depth discussion of software dataplane performance characteristics and detailed test results for VPP/ and other modern sw dataplanes

#tech #networking #research

5 July 2018

a short intro presentation showcasing current state of network verification #research

includes some general info on solvers and mapping of research to applications, plus SecGuru, Network optimized Datalog, and a way to scale verification to 10^6-node networks

Nick Russo has updated his evolving tech guide to now include v.1.1 topics: - Minimal working Viptela example - Minimal working SVN example - Minimal working AWS CodeCommit + AWS CodeBuild example - Minimal working local NFVIS management example - Minimal working DNA-C + NFVIS example - Minimal working IOS-XR gRPC example - Minimal working Docker example - Minimal working Kubernetes example (with AWS EKS discussion) - Inclusion of production Ansible playbook references - SDA discussion - NFVI, VIM, and VTS discussion - Cloud Center discussion - IoT PHY protocol discussion and comparison (LEACH, PEGASIS, MTE, TEEN, DEEC, etc) - Cisco DMo discussion - IoT Threat Defense solution (security)

#study #cisco

everything you wanted to know about photonic #networking in one handy guide

tl;dr: fancy programmable FO patch panels based on electronically-controlled rotating mirrors


7 July 2018

a dive into the modern Linux networking stack - same methods apply to any packet handling, not just dropping


9 July 2018

network verification using Network optimized Datalog includes some nice usecases


P-FatTree: A Multi-channel Datacenter Network Topology

In this work we propose P-FatTree, which is a FatTree topology

basically, their idea is to disbundle sub-channels and connect them do disparate fabrics inside the switch

i.e. apply multiplane topology idea to switch internal design, shifting the ECMP (between channels) burden to the host

#research #tech

Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists

In this paper, the authors show that addresses in IPv6 hitlists are heavily clustered. We present novel techniques that allow to push IPv6 hitlists from quantity to quality. We perform a longitudinal active measurement study over 6 months, targeting more than 50 M addresses. We develop a rigorous method to detect aliased prefixes, which identifies 1.5 % of our prefixes as aliased, pertaining to about half of our target addresses. Using entropy clustering, we group the entire hitlist into just 6 distinct addressing schemes. Furthermore, we perform client measurements by leveraging crowdsourcing.

an attempt to map #ipv6 address space and produce viable hitlists for reproducible #research into the new shiny #internet


11 July 2018

Future is here: 400Gbps optics are coming to datacom applications

400ZR will have a reach of 80km over a single wavelength and a target power consumption of 15W, products are expected by the first half of 2020.

IEEE is also considering a proposal to adopt the 400ZR specification, initially for the data-centre interconnect market

#tech #networking

16 July 2018

Peng Huang et al., Gray Failure: The Achilles’ Heel of Cloud-Scale Systems //Microsoft Research

Cloud scale provides the vast resources necessary to replace failed components, but this is useful only if those failures can be detected. For this reason, the major availability breakdowns and performance anomalies we see in cloud environments tend to be caused by subtle underlying faults, i.e., gray failure rather than fail-stop failure. In this paper, we discuss our experiences with gray failure in production cloud-scale systems to show its broad scope and consequences. We also argue that a key feature of gray failure is differential observability: that the system’s failure detectors may not notice problems even when applications are afflicted by them. This realization leads us to believe that, to best deal with them, we should focus on bridging the gap between different components’ perceptions of what constitutes failure.

  • The ambiguous nature and temporal idiosyncrasy of gray failure make it distinctly different from what is assumed in typical failure models. This defeats traditional fault-tolerance solutions and thus poses significant challenges to cloud practitioners.
  • A natural solution to gray failure is to close the observation gaps between the system and the apps that it services. … This is analogous to making assessments of a human body’s condition: we need to monitor not only his heartbeat, but also other vital signs including temperature and blood pressure.
  • One feasible approach is for a system to measure metrics that approximate the observations of its apps. For example, to tackle the network gray failure example (§2.1), the cloud system can send probes to measure server-to-server latency and reachability to emulate observations of the network by common applications

i.e. PfR is the right approach!

#networking #research #reliability

17 July 2018

a short introduction into modern HTTP capabilities


18 July 2018

Towards Causal Datacenter Networks

work in progress #research in support of casual delivery in datacenter networks

they propose to perform sequencing in networking hardware

#networking #tech

19 July 2018

Thinking about Availability in Large Service Infrastructures

some general thoughts on distributed systems availability:

  • tactical service-level objectives
  • adversarial thinking applied to availability - a very interesting approach which I’d like to take further sometime
  • a list of good operational practices: reviews, testing, gradual rollout, partitionning, improve MTTR, fail-static

#research #reliability #networking

20 July 2018

Fabric: A Retrospective on Evolving SDN

A discussion paper in which the authors are trying to introduce ideas from some interpretation of vanilla MPLS into some interpretation of OpenFlow-like SDN

  • good idea of pushing compexity to the edge! have they read #RFC1925 ?
  • the whole paper is probably “nothing new” from traditional #networking perspective, but is really big for OpenFlow, I guess
  • section 3.5 is rather weird, as the problems stated there stand solved for MPLS with MP-BGP ( though it is my understanding that BGP is considered a swearword in OF community )


21 July 2018

the fact that this rather humorous internet draft was not published on April 1st is telling

also, the authors are not wrong


23 July 2018

Oh, What a Fragile Web We Weave: Third-party Service Dependencies In Modern Webservices and Implications

key findings are: (1) 73.14% of the top 100,000 popular services are vulnerable to reduction in availability due to potential attacks on third-party DNS, CDN, CA services that they exclusively rely on; (2) the use of third-party services is concentrated, so that if the top-10 providers of CDN, DNS and OCSP services go down, they can potentially impact 25%-46% of the top 100K most popular web services; (3) transitive dependencies significantly increase the set of webservices that exclusively depend on popular CDN and DNS service providers, in some cases by ten times (4) targeting even less popular webservices can potentially cause significant collateral damage, affecting upto 20% of the top-100K webservices due to their shared dependencies.

#research #reliability

tl;dr: beacause it’s faster


25 July 2018

some good operational advice on BGP policy for safer #internet


2 August 2018

should be “replacing hardware” though

a nice case of automation done right: retrace manual operations, pick those easy to automate first, then build on sucess and extend as much as possible

notable things:

  • $GOOG buys from the big-three vendors, like the rest of us
  • $GOOG keeps spares onsite
  • $GOOG has issues with RMA from vendors just like anybody, multiplied by scale

#networking #reliability

Algorithms, Key Size and Protocols Report

a fresh survey of generally usable crypto algorithms and protocols


7 August 2018

on one of the dangers of excessively large L2 domains and a coping mechanism - ARP Sponge - to bandaid it

#networking #tech

how Samsung does #wifi roaming

#networking #tech

new standards track #RFC 8422

Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier

#networking #infosec

the Arista v. #cisco is settled, so less uncertainty in the market

huge win for $ANET as is clear from market reaction not sure why would $CSCO prefer cash over locking an aggressive competitor in court


11 August 2018

a great intro to the problems of buffer management, QoS, and chockolate fountains

#tech #networking

How and Why GitHub does load balancing

  • troubles of consistent load balancing at scale
  • options considered
  • limitations and solutions #tech #networking

15 August 2018

the most popular $GOOG service by far turns 8 year old!


17 August 2018

on improving #infosec in general and for #iot

James Mickens is the best, every single of his talk/paper is worth listening to/reading

27 August 2018

a fascinating story of how a poorly-designed #internet communication architecture cost people lives


13 September 2018

Bruce Schneier did an AMA session on Reddit recently


Ever wondered what an Ethernet frame looks like on the wire? No? Well here it is anyway. 10mbit, probably ARP.


15 September 2018

while some of us’re just getting to see 10Gbps as “normal”, the new and shiny 200GBASE-x and 400GBASE-x standards got specified

here’s the relevant excerpt if you are into such things (draft):

#tech #networking

one of the few must-watch ciscolive presentations, covering everything from transistors to gates to ASIC capabilities to high-level features the nicest intro to how all of it works you can imagine

#cisco #tech #networking

18 September 2018

on sexism of computer indistry in the UK


20 September 2018

something to think about: engineers spend up to 50% of time supporting bad tehnical decisions

#research #business

23 September 2018

how mechanical computers work from basics to advanced vector math


26 September 2018

a side-by-side comparison of current #juniper and #cisco offerings, from a #business perspective

28 September 2018

quick and easy read, kind of RPKI-101: who is who, what is what, quck start

#tech #networking #infosec

30 September 2018

here, MSFT takes a very sensible position wrt law enforcement

perharps the history of litigation vs US govt taught them as much

yet one must still wonder how this proposal will hold up to the scrutiny of a court order coming from places like DPRK

#business #policy #infosec

3 October 2018

if you happen to have a sizable lab to manage, here’s a good idea how you could make use of SDN (i.e. OpenFlow) dataplane-hacking capabilities

also: circuit switching!

#networking #tech

4 October 2018

on practical feasibility of short-reach (metro) DWDM 100G optics

useful #tech !


when you must verify global connectivity to your systems, here’s a tool you might consider using

very neat hack over RIPE Atlas

#tools #networking #internet

30 October 2018

on the importance of communicating clearly on issues and problems

if Linus can abstain from profanity, so can we all


if you ever wondered why almost-but-not-quite every web browser on earth calls itself Mozilla in its User-Agent


31 October 2018

TL;DR: loss of network connectivity between DB clusters for 43 seconds resulted in cluster deciding to fail-over cross-country, leading to loss of sync and a total of 24hrs of service degradation


1 November 2018

some notes about the OSI Suite of protocols: what they were, the ups and downs, their legacy

#history #tech #networking

7 November 2018

and so it begins: an AI replaced humans at CLI work, in production network

Routes designed by the Aria platform are flowed through as command-line interface (CLI) instructions to configuration management, for execution on the live network.

#networking #tools

#cisco lays off 500 people

The article is cowardly paywalled, so here are the key points:

Cisco Systems is cutting nearly 500 South Bay employees as a months-long internal shakeup ripples through its ranks.

“Today, we have made the difficult decision to move forward with a restructuring that will affect some of our CX [customer experience] colleagues,” Martinez wrote in Tuesday’s memo.

_Cisco employs more than 14,000 in Silicon Valley, according to the latest Business Journal research, and about 70,000 people worldwide.

The layoffs, which range from engineers to executives, have affected employees from product marketing, business operations, global architecture and technology services, according to state documents._


8 November 2018

some stats on trafic from eyeball networks

regional trends look wonderful, $NFLX FTW

#internet #networking #research

US Cyber Command decided to play nice and protect the innocent by sharing its findings

#infosec #policy

9 November 2018

software for Sennheiser headphones installs a trusted root with the key


on the importance of verifying your routing

I mean, nobody noticed it (i.e. huge RTT, or traceroute, or something) for two years!

#networking #infosec

13 November 2018

Nigerian ISP AS37282 ‘MainOne Cable Company’ and/or AS4809 ChinaTelecom leaked some $GOOG and Cloudflare prefixes to AS20485 TransTelecom causing some downtime last night

#networking #reliability

17 November 2018

ActiveDirectory security landscape and some best practices

since AD has become de-facto industry standard for single-source of truth for all things authentication in enterprise environments, it might be worth our while to read into the subject of its security


for those willing to dive deeper into the subject of administrator account security, NIST is preparing SP 1800-18, drafted here


18 November 2018

while we’re on that #infosec vibe, please enjoy this twitter thread about a pentest gone funny

27 November 2018

new AWS service allows anyone to leverage anycast #networking to their advantage

  • you get static IP addresses announced from edge network
  • you can build address striping - AWS edge announces different addresses via different peers - same redundancy technique they use for Route53


29 November 2018

what hacking into a “hardened” organization may look like, from information gathering to running code at a target, including some nice evasive maneuvers


on development of a Paris traceroute variant for discovering very complex topologies

try it with your friendly RIPE Atlas soon

#tools #networking

30 November 2018

here we have a pretty well-balanced description of throttling measurement process using simulated traffic, though methinks the assumption of widespread DPI (ISP-side) is a bit of a stretch

#networking #research

a one-stop critique of BGPsec ideas

on-paper, BGPsec looks reasonable and the math checks out (if one cares to read it), but when faced with complex reality of the multitude BGP implementations, the real problems, and solutions, it all falls apart as Russ White demonstrates

#networking #infosec #internet

A Large Scale Study of Data Center Network Reliability This paper fills the gap by presenting a large scale, longitudinal study of data center network reliability based on operational data collected from the production network infrastructure at Facebook, one of the largest web service providers in the world. Our study covers reliability characteristics of both intra and inter data center networks. For intra data center networks, we study seven years of operation data comprising thousands of network incidents across two different data center network designs, a cluster network de- sign and a state-of-the-art fabric network design. For inter data center networks, we study eighteen months of recent repair tick- ets from the field to understand reliability of Wide Area Network (WAN) backbones

notable findings:

  • 2 x more human errors than hardware errors
  • rack switch incidents comprise almost a third of all problems, though relatively low priority
  • fabrics in DC have less problems than clusters
  • MTBI / MTTR look exponential
  • SP-provided links fail as often as the edge routers that use them
  • most problems are repaired automatically by means of watchdog-like functionality (i.e. port shut/no shut, device restart, device reimage)

They also provide MTBF and MTTR models for leased fiber, though they omit to show if there is a correlation with distance or other factors, only noting that in metro areas, MTBF is higher

#networking #reliability #research

what BGP monitoring protocol looks like, motivation behind it, future directions

#networking #tools

some Layer-9 perspectives on RPKI use this to pursuade your boss to enable it!

#networking #infosec

what other things you can use RPKI for

#networking #infosec

5 December 2018

Ethr: network performance testing tool by $MSFT

#networking #tools

6 December 2018

Preview of Stéphane Bortzmeyer’s upcoming book Cyberstructure, which tells how current #internet works on levels 8-10

How people use the network, what the new powers of this world are doing, how the states are spying, why privacy and neutrality are so important, etc. The full book covers that and much more, bringing together two aspects of the world noumerique: technical and political

available in full here:


on time precision across the Internet

interesting things:

  • there are hosts with clocks running months ahead of UTC
  • most unprecise clocks ~38% are behind UTC, sometimes a whole year behind
  • there are a few interesting clusters of imprecision: exacly 1 hour behind, exactly 12 hours behind, exacly a multiple of 24 hours ahead The strong quantisation of the clock drift into units of hours tends to suggest that a major component of this clock slew is not the drift of the local oscillator or dropping of clock ticks in the time management subsystem, but some form of misconfiguration of the local date calculation. The second counter appears to be quite stable, but the local date calculation is off.


the only important point here is that the $cloud marketing puff of the last ten years although successful, is clearly slowing down, and $AMZN is now acknowledging that many companies want to stay on-premises.


10 December 2018

how to remotely dump some packets on a Windows machine with PacketCache

#tools #networking

12 December 2018

the final public report on equifax $EFX breach - the biggest PII data leak in U.S. history (so far)

1. $EFX fails at #infosec due to bureocracy: they didn’t scratch to fix the Struts problem, even knowing about it 2. two months between Struts vuln. disclosure and attack 3. plaintext database passwords - for 48 different DBs 4. forgot to renew TLS certs on monitoring systems for 19 months 5. attack lasted 76 days

Executive Summary is worth reading

13 December 2018

Huawei has, according to this report, some problems: - software engineering process lacks and/or is outdated - long-term support of products with components that lack support - failure to provide consistent binaries

#business #infosec

18 December 2018

how MACsec works

#tech #networking #infosec

19 December 2018

#history, progress, practice, problems, #tech - everything you wanted to know about state of #ipv6 condensed in a few nice presentations

27 December 2018

the app to rival dig / nslooup


1 January 2019

some notes on VXLAN security as implemented

TL;DR: it’s like vlan hopping, but works over the internet, i.e. trivial to inject data one-way; but there’s more to it

#infosec #networking

3 January 2019

IPv6 for IPv4 Experts - a book by Yar Tikhiy, for those of us who might have heard already what a packet is before and thus has no need in repetition

#ipv6 #networking

how linkedin implemented #ipv6 in their datacenters

basics: - mapping of old addressing scheme to ipv6 - [for every segment,] gateway is always fe80::1 - not all apps, languages, firmwares work as desired - measurement is important - removing ipv4 is hard but possible

a short update on BBR version 2:

  • now is more TCP-fair (vs reno/CUBIC)
  • more experience in different theaters (India, Japan)

still an active research / work in progress, but might worth trying in prod given fairness just upgrade your kernel to 4.9+ and configure sysctl

#tech #research

9 January 2019

the [eyeball] #internet is fake: fake eyeballs, fake content, fake businesses

17 January 2019

on BGP default-free zone growth 1. no single authoritative view of the table 2. table is huge and expected to grow more, closer to 10^6, should the trend continue

#research #internet

24 January 2019

how dropbox builds its network


25 January 2019

RFC6811,8097,8481 testing went wrong when announced to default-free zone

“We’ve performed the first announcement in this experiment yesterday, and, despite the announcement being compliant with BGP standards, FRR routers reset their sessions upon receiving it. Upon notice of the problem, we halted the experiments,”

“Stopping the experiment is only treating symptoms, the root cause must be addressed: broken software,”

#research #internet #reliability

30 January 2019

in the meantime, 5G network is coming online in the US


3 February 2019

here’s one short-term success story for SD-WAN magic:

  • you can forklift L3VPN out and put best-effort class connectivity onto your sites
  • you’ll enjoy algorithmic optimisations
  • you’ll love centralized management pane for your deployent


5 February 2019

oh! so you can upgrade the NUCs!

nice story about retrofitting a small PC with a 10GE card

#networking #tech #tools

2 March 2019–NGKJo

a summary of all things wrong with #ipv6

also showcases how weak consensus of IETF isn’t perfect at producing the best possible protocols


16 March 2019

things to consider when your datacenter gets biggish

  • multiplanar topologies interconnected by more multiplanar topologies
  • using new ASICs for optimized in-chassis topology
  • designing hardware both yourself and partnering with vendors

#networking #tech

20 March 2019

new version of PuTTy fixes several vulnerabilities

Among them:

  • A remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification
  • Potential recycling of random numbers used in cryptography
  • On Windows, hijacking by a malicious help file in the same directory as the executable
  • On Unix, remotely triggerable buffer overflow in any kind of server-to-client forwarding
  • multiple denial-of-service attacks that can be triggered by writing to the terminal

get your updates asap at

#tools #networking

24 March 2019

everything you wanted to know about backdoor in Russian GOST crypto but were afraid to ask

TL;DR: the properties of substitutution table strongly suggest presence of exploitable flaw; for all practical purposes, we should consider it a backdoor


25 March 2019

massive layoffs from engineering and

thoughts and discussions here: as of this Tging, nobody is sure even how the layoffs are decided, seem to be random

the lesson is: whatever you do with your career, don’t go Oracle


27 March 2019

#cisco Cybersecurity Threat Report Feb 2019


6 April 2019

new CPU series, more Optane memory, new NICs

just an announcement, but it shows a bright future for compute

#tech #business

Ginseng: Keeping Secrets in RegistersWhen You Distrust the Operating System

any mobile and embedded apps possess sensitivedata, or secrets. Trusting the operating system (OS), they oftenkeep their secrets in the memory. Recent incidents have shownthat the memory is not necessarily secure because the OS canbe compromised due to inevitable vulnerabilities resulting fromits sheer size and complexity. This work aims to support third-party apps without growingthe attack surface, significant development effort, or performanceoverhead. Our solution, calledGinseng, protects sensitive databy allocating them toregistersat compile time and encryptingthem at runtime before they enter the memory. For example, a Ginseng-enabled web server, Nginx, protects the TLS master key with no measurable overhead

Also notable:

  • by keeping secrets in registers, Ginseng naturally protects them from cold-boot attacks
  • Although OpenSSL, a TLS library used by Nginx, sanitizes session keys when a session ends, it saves thethe master key in the memory for five minutes for session resumption, which is vulnerable to a compromised OS.

#infosec #research

The famous 6k turns 20; next year it’ll be old enought to drink! 🤪🥳🎆


a formally verified cryptoprovider, guarantees with mathematical certainty your communications will be confidential and protected

notably, used by Firefox and MSFT’s QUIC implementation (which might be abandoned, in light of Edge surrender to Chromium, so…)


13 April 2019

Kristian goes through the core things a modern SP network automation is composed of: - completeness - models - validation

Why? Robustness is important for critical systems

#tech #networking #automation

21 April 2019

where as-code means idempotency, Version Control-ability, Predictability

experience from a PaaS vendor faced with scaling implementing #automation

  • source of truth is important
  • network design is important
  • homogeneity is a unicorn
  • idea: manage any resource as DHCP manages IPs


a way for distributed long-lived processes to appear to have eventual transactional semantics without common clocks

i.e. how to transaction transactions


5 May 2019

a brief introduction to the Pet/Cattle nomenclature

  • why do we want to treat your systems as cattle, not like pets
  • how this methodology gets rid of the need to vMotion between sites or any permutations of that idea
  • some high-level designs

My take: this concept is important going forward, and we can apply it in a larger context, not limited to apps or virtual machines; #networking elements (routers and switches) are often treated as pets, but clearly that does not scale. It also creates a measure of technical debt with unique configurations diverging from the standard


for those a little too busy to read the great Networking Problems and Solutions, Russ White provided a concise 23-minute summary

  • introduction to complexity
  • abstractions and connecting #tech to #business
  • how to make sense of it all through models


10 May 2019

updates on routing security by Job Snijders

  • RPKI invalids and how they happen
  • argument for ‘invalid=reject’ policy - time to act - effectively collective coercion
  • false-positive RPKI reduced 50% in the last 6 months
  • validation #tools
  • IRR cleanup

#networking #internet #research

a thourough examination of DNS security from organizational perspective

#infosec #business

21 May 2019

These three facts all seem eminently sensible and reasonable, right? 1. Unix time is the number of seconds since 1 January 1970 00:00:00 UTC 2. If I wait exactly one second, Unix time advances by exactly one second 3. Unix time can never go backwards

Not false as such, more like imprecise, because Time is straaaaaange.

These facts about time have implications for distributed clocks, necessary in some consistency models.

#justforfun #thinkdistributed

29 May 2019

oldie but goldie

why using BGP in your datacenter is better than an IGP

design considerations, limitations for building a well-siloed network, working around them for scale

also showcases a multi-plane single-level spine design


30 May 2019

the insides of an SFP DAC cable


8 June 2019

BGP turns 30 this month!

a great read on its history, progress, and future

#history #networking #internet

25 June 2019

This should never have happened because Verizon should never have forwarded those routes to the rest of the Internet.

#internet #reliability #networking #bgp

27 June 2019

AKA robustness principle considered harmful

Jon Postel’s famous statement of “Be liberal in what you accept, and conservative in what you send” is a principle that has long guided the design and implementation of Internet protocols. The posture this statement advocates promotes interoperability in the short term, but can negatively affect the protocol ecosystem over time. For a protocol that is actively maintained, the robustness principle can, and should, be avoided.

#internet #research

many of these principles are readily applicable to a wider range of engineering disciplines


28 June 2019

fresh out of the press, the #internet trends:

  • 50% global coverage

  • coverage, market cap growth slowing down
  • most users in APAC, most coverage in Europe
  • advertizing is growing ~20% y/y
  • internet beats TV in time spent

If you are running any business, read in full!


who-owns-who in the #wifi world

#business #research

29 June 2019

Cloudflare supports telegram as DNS transport


30 June 2019

a deep[-er] dive on the same issue, now with more concrete data and methodology

#internet #research

11 July 2019

Evidence of Decreasing #internet Entropy: ​The Lack of Redundancy in DNSResolution by Major Websites and Services

This paper analyzes the extent to which the Internet’s global domain name resolution (DNS) system haspreserved its distributed resilience given the rise of cloud-based hosting and infrastructure. We explore trendsin the concentration of the DNS space since at least 2011. In addition, we examine changes in domains’tendency to “diversify” their pool of nameservers – how frequently domains employ DNS managementservices from multiple providers rather than just one provider – a comparatively costless and thereforepuzzlingly rare decision that could supply redundancy and resilience in the event of an attack or serviceoutage affecting one provider.

The paper starts with providing a primer on DNS workings, then explores DNS #reliability and economics

select findings:

  • a number of DNS service providers managed to significantly increase their proportional share of the DNS space in that timeframe, beginning to consolidate control of DNS services. Thelinearity of the trend is striking – gains in concentration have been relatively consistent in the long run despiteyearly fluctuations.
  • percentage of share held by the top 8 providers more than doubled betweenNovember 2011 and May 2017, increasing from about ​24%​ to about ​59%.
  • expansion of AWS and Cloudflare (which collectively handle about a third of the entire space) is particularlystriking, signalling the increasing influence of multi-service cloud-based platforms in the DNS space
  • Entrant domains tended to use CloudFlare and AWS at muchhigher rates than original domains and used Akamai, Dyn, and Neustar relatively less than original domains.
  • external DNS hosting rapidly overtook self-hosted DNS in the periodbetween November 2011 and May 2017. The percentage of domains managed entirely by external DNS hosting providers grew from 32.9% to ​65.7% ​over that period
  • showed that the majority of domains are not taking advantage of this opportunity for resiliencethrough diversification
  • customers of some externally hosted DNS providers tended to diversify much morethan others
  • near-complete lack of diversification is a product of Cloudflare’s security model,which requires that DNS traffic is routed through the Cloudflare network … does not allow domains to register a secondary nameserver managed by a different DNS provider.

#research #business

An interview with Radia Perlman

Notable quotes, totally out of context:

  • English is a horrible language
  • for instance, Spanning Tree Protocol. It was a hack that I thought would live for, like, six months
  • in 1983, my manager said, “Hey, people want to have their applications work across networks, from one net to another.” The right way to do that was to have the computers at the end nodes put in Layer 3, but that was going to be a lot of work
  • People think Ethernet is a great success, but it has nothing to do with what was originally designed; it just has the same name. It has the same packet format. But the real cleverness was this contention protocol for sharing a link
  • Information-centric networking? I think that’s total garbage, honestly
  • we should just have an asteroid hit the Earth
  • people say, “Oh, blockchain will solve that,” and that’s total nonsense

there is also an argument against end-to-end principle if you read between the lines

#internet #history

30 July 2019

a fresh (RIPE78) tutorial on #ipv6 #infosec

tells you why RA Guard MUST be enabled by default, among other things

notes on the state of privacy as we have it today

#research #infosec #policy

**A Performance Perspective on Web OptimizedProtocol Stacks: TCP+TLS+HTTP/2 vs. QUIC

**_#research In this paper, we seek to close this gap by parameteriz-ing TCP similar to QUIC to enable a fair comparison. Thisincludes increasing the initial congestion window, enablingpacing, setting no slow start after idle, and tuning the kernelbuffers to match QUIC’s defaults. We further enable BBRinstead of the CUBIC as the congestion control algorithm inone scenario. We show that this previously neglected tuningof TCP impacts its performance. We find that for broadbandaccess, QUIC’s RTT-optimized connection establishment in-deed increases the loading speed, but otherwise compares toTCP. If optimizations such as TLS 1.3 early-data or TCP FastOpen were deployed, QUIC and TCP would compare well.

**contributions: *** We provide the first study that performs an eye-level com-parison of TCP+TLS+HTTP/2 and QUIC. *Our study highlights that QUIC can indeed outperform TCP in a variety of settings but so does a tuned TCP. *Tuning TCP closes the gap to QUIC and shows that TCP is still very competitive to QUIC. *Our study further highlights the immense impact of choiceof congestion control, especially in lossy environments. *We add QUIC support to Mahimahi to enable reproducible QUIC research. It replays real-world websites in a testbed subject to different protocols and network settings.

takeaway: Basically, for many cases using a tuned TCP stack renders results just as good or rather _good_enough as QUICK; no need to rush a migration

1 August 2019

Сomputer Networks: A Systems Approach, now available under terms of the Creative Commons (CC BY 4.0) license.

#networking #study

20 August 2019

The Theory and Practice, Practice, Practice of AWS Operations

  • how AWS thinks about operational risk
  • how AWS deploys
  • how SAFE works



21 August 2019

what took down Centurylink network

#networking #design #reliability

17 October 2019

ex-CSCO Mario-Luca (think of the teams who brought you Cat6k, UCS, Nexus, ACI) are back in #business after parting with Robbins

“The team behind Pensando has worked together for more than 25 years and have an unmatched track record of disruptive innovation,” said Chambers.


18 October 2019

if you need some device profiles for your #cisco ISE


08 January 2020

SHA-1 is now broken, the attack was made practical by this group, with cost below 100k$, prognosed to become ~10k$ in the near future Good short read on the problem and its implications for security.


#research #infosec

continuation of a story where a group of people found a “perfectly lawful” way to profit off non-profit

their scheme is:

  1. using their regulatory power remove price limits from .org
  2. sell management rights to a private firm owned by their friends
  3. PROFIT!

#internet #business #policy

29 January 2020

if you’ve ever wondered why /in sensible programming languages/ arrays start at 0 (besides the obvious memory addressing mechanics)


08 February 2020

there are two key parts to this story:

  1. the local economy benefits from fast internet access
  2. the local economy benefits from splitting regional telecom monopoly

#internet #business #policy