This is the fastpath - quick notes only, minimum commentary, single page.

Askbow fastpath

1 November 2016

11:12

Google, Apple, Mozilla distrust WoSign & StartCom CA
https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html
https://support.apple.com/en-us/HT204132
https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/

11:13

https://www.youtube.com/watch?v=kb-m2fasdDY

11:16

https://gist.github.com/hellerbarde/2843375

12:17

https://www.theguardian.com/technology/2016/oct/11/crash-how-computers-are-setting-us-up-disaster

14:56

https://github.com/kdeldycke/awesome-falsehood

18:31

https://video.mtgsf.com/channel/vmware
Future: Net
#vmware #conference #networking

18:43

https://www.cisco.com/c/en/us/solutions/enterprise/design-zone-branch-wan/index.html#~designs

Updated October 2016

#cisco #design #IWAN #CVD

19:13

https://blog.kaspersky.com/fantom-ransomware/12891/

next comes a malware that pretends to be a BSOD 😉

#windows #infosec

19:49

http://blog.sonicwall.com/2016/11/sonicwall-becomes-independent-security-company/

SonicWall is now independent of Dell

#infosec #networking #business

2 November 2016

10:45

http://www.cisco.com/c/en/us/products/security/fireamp-endpoints/index.html

Anti-malware software by Cisco for computers - new Immunet Pro?

#infosec #cisco

10:48

http://www.cisco.com/c/en/us/products/collateral/servers-unified-computing/ucs-s-series-storage-servers/datasheet-c78-738059.html

Cisco UCS S-Series Storage Servers - update of the UCS C3000 series

#storage #servers #cisco

10:54

http://www.profitap.com/profishark-1g/

A dedicated network tap for easy packet capturing - USB3

#networking #tools

11:04

https://govolution.wordpress.com/2016/10/24/the-first-15-days-of-a-password-honeypot/

Interesting statistics and a dump of passwords used by attackers

Also, shows that mirai attacks start as soon as 6 minutes after the host becomes available.

#infosec #iot #research

19:29

http://longnow.org/essays/richard-feynman-connection-machine/

A story of Richard Feynman’s contribution to computer science

#history #person #cs

4 November 2016

13:49

https://zmap.io/download.html

Zmap - a very fast port scanner
Though it scans only one port per IP, you can quickly find every host with that port open - even in a very big network

#infosec #tools

17:06

https://www.youtube.com/watch?v=vvr9AMWEU-c

For those of us who remembers the good ol’days

#history #technology #networking

7 November 2016

09:24

https://blog.warcop.com/2016/11/03/cisco-expressway-exporting-certificates/

How one exports TLS certs from an expressway server

#uc #infosec #cisco

09:44

https://drive.google.com/file/d/0B5hBKwgSgYFad1YybERxTmpURms/view

An anatomy of security exploitation
This presentation is more theoretical CS than last yaer’s “how security flaws work” writeup on Ars

#infosec #cs

10:07

http://speedtestbeta.xfinity.com/

New speedtest entered beta stage - HTML5, mobile layout
By Comcast - so probably comes as one of the results of the recent hackathlon

#networking #troubleshouting #tools

14:57

http://arstechnica.com/information-technology/2016/11/private-microwave-networks-financial-hft/

a little glimpse into microwave radio networking

#technology #networking

21:18

http://www.investopedia.com/news/cisco-exec-gets-55m-termination-package-csco/

Not the first time I read about key people leaving Cisco recently

#cisco #business

8 November 2016

11:54

http://muratbuffalo.blogspot.ru/2016/11/why-does-cloud-stop-computing-lessons.html

Cloud services are not five-nines reliable, no matter how some people would like others to believe in magic

#cloud #reliability

12:06

http://faststorage.eu/public-cloud-iaas-is-it-really-that-cheap/

reiteration of the fact that IaaS isn’t cheaper (longterm) for many usecases compared to buying hardware

#cloud #business

9 November 2016

12:22

http://unix.stackexchange.com/questions/22615/how-can-i-get-my-external-ip-address-in-a-shell-script

one very useful StEx Q&A; notable mentions:

nslookup . ifcfg.me
dig +short myip.opendns.com @resolver1.opendns.com
curl wgetip.com
wget -qO- ident.me

#tools #networking

10 November 2016

17:13

https://blog.acolyer.org/2016/11/10/when-csi-meets-public-wifi-inferring-your-mobile-phone-password-via-wifi-signals/

password-stealing by way of monitoring your phone’s wifi signal

there are already a few methods to counteract it (shuffling the numbers on the keypad each time for one), so paranoia level remains at yellow

#infosec #wifi

12 November 2016

08:45

http://www.dialabc.com/sound/generate/index.html?pnum=42&auFormat=wavpcm44&toneLength=300&mtcontinue=Generate+DTMF+Tones

a DTMF tone sample generator

#uc #tools

17:20

https://www.cisco.com/c/en/us/products/collateral/routers/4000-series-integrated-services-routers-isr/datasheet-c78-732542.html

#cisco ISR 4k datasheet was updated recently with the new 4221 model
looks like it’s there to kill the 1900/800-series

#networking #devices

15 November 2016

06:42

https://www.openssl.org/news/secadv/20161110.txt
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl

fresh and already patched in upstream, so just wait for #cisco and other $vendor to update

#infosec

07:27

http://blacknurse.dk/

another DoS for many firewalls, problem in ICMP handling

#cisco ASA, sonicwall, palo alto, fortinet are vulnerable;
iptables, windows firewall, pfsense are not

#infosec

07:42

http://www.dimensiondata.com/Global/Downloadable%20Documents/Network%20Barometer%20Report%202016.pdf

- companies are starting to refresh network equipment earlier
- 76% of network devices have at least one known vulnerability and nobody is patching
- adoption of IPv6-ready devices has risen
- only 26% of incidents are mitigated by support contracts

#infosec #networking #business #reliability #research

16 November 2016

08:12

https://www.vmguru.com/2016/11/vsphere-6-5-general-available-today/

new release of ESXi

#virtualization #vmware

19 November 2016

08:22

https://twitter.com/USNavy/status/799057846373613568

Rear Admiral Grace Hopper was awarded POTUS Medal of Freedom

#cs #history

08:33

http://www.analysisgroup.com/uploadedfiles/content/insights/publishing/broadband_competition_report_november_2016.pdf

a recent study that shows that competition between ISPs and introduction of higher access speeds is good for the customers; no surprise, but now we have research data to back the claim

#research #isp #business

09:48

https://samy.pl/poisontap/

now 1. make this USB-key sized,
2. distribute a few around any office building

PROFIT!

#infosec #tools

11:03

https://duo.com/docs/cisco

discovered a neat 2FA system compatible with #cisco anyconnect
the downside is it’s a “cloud” offering, so not everybody will like it

#infosec #tools

21 November 2016

06:40

http://www.ietfjournal.org/multipath-tcp-deployments/

some practical applications and challenges in MP TCP delpoyment

#networking #technology

08:28

https://code.facebook.com/posts/1709127516080157/networking-scale-boston/

Networking @Scale Boston 2016 conference recordings

#networking #cloud #conference

22 November 2016

07:33

http://6lab.cisco.com/

discovered this collection of data on global IPv6 deployment;
looks like an aggregation from other sources

#ipv6 #networking #cisco #tools

12:17

https://about.gitlab.com/2016/11/10/why-choose-bare-metal/?

the story of GitLab leaving AWS for baremetal servers to support their growing storage performance needs
- once again demonstrates the limits of cloud computing

#cloud #business

13:58

https://www.microsoft.com/en-us/research/wp-content/uploads/2016/10/Cloud-Scale-Acceleration-Architecture.pdf

on the use of FPGAs between network and servers for service/network acceleration

#networking #cloud #research

24 November 2016

07:37

http://arstechnica.com/tech-policy/2016/11/trump-hires-two-net-neutrality-opponents-to-oversee-fcc-transition/

there’s a HUGE celebration at AT&T / Verizon HQ, this thanksgiving they are thankful to Trump

#networking #policy #isp

13:31

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd

while #cisco is investigating, those of us who run #linux are updating

#infosec

25 November 2016

06:56

http://motherboard.vice.com/read/a-loud-sound-just-shut-down-a-banks-data-center-for-10-hours

so yeah, you can put a datacenter down by being very loud

also, test your fire suppression system after installation, not during operation

#technology #business #reliability #storage

14:27

http://arstechnica.com/security/2016/11/us-navy-warns-134000-sailors-data-breach-hpe-laptop-compromised/

personal information of thousands of people was leaked due to a single laptop compromise
this is telling, security is often a matter of one weak link failing

#infosec

20:21

http://www.crn.com/slide-shows/networking/300082398/top-22-cisco-technology-innovators-who-have-headed-for-the-door.htm

maketh one contemplate much about #cisco internal politics at play in these occasions
who’s to say it’s good that so many veterans are leaving to pursue positions with competitors in such a short timeframe after new CEO comes to chair?

#business #people

26 November 2016

16:34

http://www.dailydot.com/layer8/bruce-schneier-internet-of-things/

Bruce Schneier testified in front of a HoR committee on the problems with IoT and Internet in general, recognizing the growing need for regulation

#infosec #policy #people

18:17

http://www.wsj.com/articles/avaya-weighing-bankruptcy-filing-sale-of-call-center-software-unit-1479941695

Avaya is indebted and on the brink of bankruptcy? huh…

#business #uc

29 November 2016

06:24

http://sprobe.cs.washington.edu/

use sprobe to measure bandwidth between hosts when installing a remote agent is not an option
PDF version of sprobe paper follows (thanks to Vadim Gabel for conversion)
#tools #networking #cs

06:25

[

sprobe.pdf

501.9 KB

](files/sprobe.pdf)

1 December 2016

09:27

http://www.nil.com/en/blog/so-you-want-to-become-a-cloud-provider/

a realistic look at the most common #cloud provider wannabe pitfalls

#business

09:47

https://aws.amazon.com/snowmobile/

never underestimate the bandwidth of a truck full of hard drives speeding on a highway, they said

#technology #cloud

09:58

https://twitter.com/YusufBhaiji/status/804203566508347393

#CCIE infrastructure datacenter video tour
- quite interesting to have a peek at how they do the #wireless racks

#cisco #networking #technology #servers

12:51

https://www.suse.com/communities/blog/acquisition-news-suse-acquiring-iaas-and-paas-technology-and-talent-from-hpe/

ok, this was unexpected:
SUSE buys OpenStack and CloudFoundry from HPE, engineering force included

#business #cloud #linux

3 December 2016

06:10

https://blogs.cisco.com/cin/cisco-apple

it’s no secret #cisco and apple were working together a lot to make wifi on the iphones better for years
so here’s another glimpse at what was gong on in that area recently

#networking #wifi

09:05

https://amazonlightsail.com/

a new #cloud service by amazon targeted at the market currently served by digital ocean and a plenthora of VPS providers
at the moment, the pricing model is almost exacly like that of DO, but the service is provided from us-east-1 region only (probably subject to change)

#business #servers #virtualization

09:27

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc33783

interesting severe bug in #cisco nexus 9k
- when dst MAC address starts with 4 or 6, the packet is dropped
- something with VPLS: does not affect normal processing
- happens because software sets a flag wrong wen programming the ASIC (from a follow-up in nanog mailing list)
- as Pete Lumbis puts it, it’s the classic “look at the nibble to determine if ethernet or IP under label” problem

#networking #technology #reliability #troubleshouting

12:15

http://arstechnica.com/gadgets/2016/12/the-nokia-licensing-deal-gets-finalized-android-phones-coming-in-2017/

what can I say?

MAKE 3310 GREAT AGAIN

Upd: http://www.nokia.com/en_int/phones/all-phones

#business #sswa

6 December 2016

09:21

http://www.infoworld.com/article/3143062/cloud-computing/memo-to-cloud-providers-stop-selling-pipe-dreams.html

a concise opinion on what #cloud providers should do:
>Enterprises want cloud computing providers to provide the basics,
> provide those basics without outages or security issues, and meet
> their SLAs. The rest is fluff.

#business

11:59

http://blog.kraken.com/post/153209105847/security-advisory-mobile-phones

on the security of phone-based two-factor authentication
TL;DR: ditch it, use other means or at least setup a Google Voice

#infosec

7 December 2016

15:01

http://arstechnica.com/security/2016/12/millions-exposed-to-malvertising-that-hid-attack-code-in-banner-pixels/

sneaky, attacks Flash in IE;

#infosec

8 December 2016

08:27

https://www.nngroup.com/articles/computer-skill-levels/

a survey of computer skills among people of OECD countries

#business #technology #policy #cs

09:02

https://gchq.github.io/CyberChef/

interesting tool to learn encryption

#infosec #tools

9 December 2016

19:29

http://rackstuds.com/

#tools #hardware

12 December 2016

12:57

[

](files/nrusso_ccie_ccde_evolving_tech_10dec2016.pdf)

[

nrusso_ccie_ccde_evolving_tech_10dec2016.pdf

](files/nrusso_ccie_ccde_evolving_tech_10dec2016.pdf)

[1.6 MB

12:57

](files/nrusso_ccie_ccde_evolving_tech_10dec2016.pdf)

https://learningnetwork.cisco.com/docs/DOC-31004

#cisco certification blueprint “Evolving Technologies” study guide

#CCIE #networking #cloud #sdn #iot

13 December 2016

09:31

http://www.theregister.co.uk/2016/12/13/cisco_to_kill_its_intercloud_public_cloud_on_march_31st_2017/

intercloud eol
well, let’s still wait for an official announcement

#cisco #cloud #business

09:41

http://www.itnews.com.au/news/hpe-storage-crash-killed-ato-online-services-444490

i hope we’ll see a technical postmortem on this made available to public
but what’s clear is that an “enterprise-grade” storage system with redundancies, failsafes, and backups, is still a single failure domain

#storage #hardware #reliability

09:55

https://aws.amazon.com/ru/blogs/aws/aws-managed-services-infrastructure-operations-management-for-the-enterprise/

while some are closing public #cloud #business
others open doors to a wider range of enterprise customers
go figure

10:23

http://www.seattletimes.com/business/boeing-aerospace/faa-orders-787-safety-fix-reboot-power-once-in-a-while/

so yeah, there are bugs in that industry’s computers too
reminds of an old joke “if operating systems were airlines”: you have a chace to hang midflight

#reliability

28 December 2016

09:09

http://iepg.org/2016-11-13-ietf97/2016-11-13-ddos.pdf

a discussion of recent attacks on DNS and possible mitigations
Personally, I’m inclined towards option 4 (IP filtering)

#infosec #networking #technology #research

09:58

https://tools.ietf.org/html/draft-ietf-ntp-bcp-02

for those interested in keeping up with time, an updated NTP BCP #rfc
includes such important information as:
- leap second handling (we’ll have one quite soon)
- ntp security
- pool.ntp.org usage guidelines

#infosec #technology

10:42

https://www.technologyreview.com/s/602981/social-media-is-killing-discourse-because-its-too-much-like-tv/

“…we should write and read more, link more often, and watch less television and fewer videos—and spend less time on Facebook, Instagram, and YouTube”

#it #society

10:53

http://etherealmind.com/aws-shield-managed-ddos-protection/

a concise analysis of AWS newest feature - the DDoS protection
$AMZN continues to disrupt incumbent services / devices
I see that they are targetting a rather narrow band of consumers though, so there’s always room for others under the sun

#cloud #business #infosec

11:03

http://arstechnica.com/security/2016/12/thieves-can-guess-your-secret-visa-card-details-in-just-seconds/

a practical and already automated attack on the payment system that allows for card data to be obtained
I bet some bank’s antifraud would stop this early, but then not every bank round the globe is that good

#infosec

11:24

https://www.theatlantic.com/technology/archive/2016/12/cuban-telephone-fraud/509006/

some light reading: fascinating phone fraud stories

#infosec #isp

6 January 2017

04:47

http://arstechnica.com/tech-policy/2017/01/unsecure-routers-webcams-prompt-feds-to-sue-d-link/

I hope there’s more to come, as this seems to be the only way the situation can ever be set right

#business #networking #infosec #iot #policy

8 January 2017

14:44

http://www.wsj.com/articles/ai-program-vanquishes-human-players-of-go-in-china-1483601561

hate the paywall, but this article on AlphaGo is rather interesting
chief takeout is, we don’t readily understand its way of decisionmaking, but it’s very good at one of our games

#business #iot #people #history #Accomplishments

17:03

http://www.theregister.co.uk/2017/01/07/tv_anchor_says_alexa_buy_me_a_dollhouse_and_she_does/

this wasn’t the first time something like this happened and many have been predicting this outcome for years, so no surprise that voice-activated tech is vulnerable to such attacks

#iot #infosec

12 January 2017

04:11

http://www.hiddenvoicecommands.com/demo

and here’s an attack which can’t be normally heard by humans; works great for exploiting voice command vulnerabilities mentionned above

#iot #infosec

21 January 2017

14:37

http://arstechnica.com/security/2017/01/already-on-probation-symantec-issues-more-illegit-https-certificates/

I said it before and I say it again: Symantec & co. should be distrusted
web as we have it is fragile enough in this respect

#infosec #business

14:57

http://www.avaya.com/en/about-avaya/newsroom/news-releases/2017/pr-us-170119a/

Avaya filed for bankrupcy

#business #uc

15:19

https://www.schneier.com/blog/files/Privacy_in_Our_Digital_Lives.pdf

privacy is a right
or at least it was considered as such during Obama’s time
well, at least in speaches

Bruce Schneier mentions that the document was deleted from whitehouse.gov during Trump transition
so much for preserving freedoms for future generations

#policy #infosec

1 February 2017

09:38

https://www.ietf.org/blog/2017/01/barriers-to-entry/
https://www.usenix.org/blog/usenix-reaction-presidential-executive-order-%E2%80%9Cprotecting-nation-foreign-terrorist-entry-united

at least two major organizations in computing have publicly reacted to Trump’s ban
IETF apparently will move the next meeting out of the USA

#policy #cs

4 February 2017

05:37

https://arxiv.org/pdf/1701.05789.pdf
Consequences of Unhappiness While Developing Software

I daresay this applies to other engineering jobs as well

#research #people

05:45

https://www.cisco.com/c/dam/m/digital/1198689/Cisco_2017_ACR_PDF.pdf
Cisco Annual Cybersecurity report 2017 (i.e. it covers 2016)

#research #infosec

8 February 2017

11:10

https://system76.com/cart/configure/lemu7

I really wish all laptop vendors allowed configure-to-order in this simple and comprehensible no-nonsense way

#tools

11:30

https://www.cisco.com/c/en/us/support/web/clock-signal.html

networkers on twitter/reddit already found that despite the trigger being the quartz, the real problem lies in faulty Intel Atom C2000 SoC

see also:
https://www-ssl.intel.com/content/dam/www/public/us/en/documents/specification-updates/atom-c2000-family-spec-update.pdf
http://www.tomshardware.com/news/intel-cpu-failure-atom-processor,33538.html

at the moment, we know that #cisco is the only vendor to come forward about the problem; but the same SoC is used also in Synology NAS appliances, HPE 6921/6941 switches and in many other devices

#tech #business #reliabilty

11 February 2017

06:16

https://www.us-cert.gov/sites/default/files/publications/AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity.pdf

finally there’s some meat to that empty shell released earlier this year

#policy #infosec

06:18

https://www.theregister.co.uk/2017/02/10/windows_mirai_bot/

Windows version of Mirai
fascinating

#infosec

13 February 2017

21:40

https://jhalderm.com/pub/papers/interception-ndss17.pdf

The security impact of HTTPS interception

i.e. MITM of TLS considered harmful

#research #infosec

21:52

https://www.linkedin.com/pulse/adi-shamir-makes-15-predictions-next-years-andreas-sfakianakis

Adi Shamir’s predictions for #infosec

22:00

https://www.google.com/maps/d/viewer?mid=1Z1dI8hoBZSJNWFx2xr_MMxSxSxY&hl&ll=16.914334595056022%2C39.739915100000076&z=2

a great collection, useful for travellers

#tools

14 February 2017

04:01

https://arstechnica.com/information-technology/2017/02/munichs-linux-deployment-once-again-in-doubt-may-switch-to-windows-10-by-2020/

#policy #windows #linux

04:14

https://arstechnica.com/science/2017/02/as-us-russia-eye-stagnant-space-budgets-india-ramps-up-investment/

well, somebody must be investing in space exploration at all times - it was fruitful before, and all of humanity will reap the benefits of continuing these endeavours

#policy #research

04:19

https://arstechnica.com/gadgets/2017/02/intel-coffee-lake-14nm-release-date/

the sunset of the Moore’s law?
apparently Intel hit a roadblock and won’t go beyond 14nm (and as such won’t be packing much more transistors on the same die)

#hardware #research #business

16 February 2017

20:05

https://arstechnica.com/information-technology/2017/02/microsoft-cancels-february-patch-tuesday-despite-0-day-in-wild/

Intel breaks tick/tock, $MSFT breaks patch Tuesdays
the end in nie, mark my words!

#infosec

20:09

https://arstechnica.com/gadgets/2017/02/all-new-smartphones-run-ios-android/

#business

17 February 2017

03:49

http://www.zdnet.com/article/google-sorry-for-wide-scope-outage-but-canary-testing-brought-our-cloud-down/

last month’s Google cloud downtime explained.
sort of.

#business #reliability

03:59

https://arstechnica.com/information-technology/2017/02/verizon-offers-unlimited-data-and-wont-throttle-video-unlike-t-mobile/

unlimited internet access plans return to US ISPs offering after 6 years of absence
what’s still bothering me is the tethering restriction; if I pay for my bandwidth, what do they care how I use it?
It’s like an electricity company saying I can’t use an extension cord

#business

19:52

http://www.bbc.com/news/world-europe-39002142

that’s actually rather disturbing

#iot #infosec #policy

18 February 2017

04:02

http://www.slideshare.net/diogomonica/from-0-to-0xdeadbeef-security-mistakes-that-will-haunt-your-startup

some points are questionable, but overall - a good security advice

#infosec

04:18

https://tinyletter.com/b0rk/letters/how-do-you-become-an-excellent-programmer

as usual, many points are applicable to any engineer

#business

07:23

https://twitter.com/Cisco/status/831982020351832064

so, #cisco now is definitely a security vendor

#business #infosec

19:44

http://www.reed.com/blog-dpr/?page_id=6

brief history of how UDP was introduced

that actually goes a bit au contraire to what I’ve read in “Where wizards stay up late” and “OSI: the Internet that wasn’t”
so cool to get another perspective on these events that led to networking as we know it today

#history #research

19 February 2017

07:52

http://notcp.io/

continuing on UDP goodness

TCP might be nice (not for long links though), but UDP gives you (the app developer) more raw control over communication

#research

20 February 2017

19:48

https://www.ietf.org/blog/2017/01/a-new-rfc-archive/

the IETF is patnering with the National Library of Sweden to archive RFCs

#policy #history

21 February 2017

04:20

http://www.slideshare.net/mrembetsy/devops-picc12-management-talk/

how to manage a network engineering team
not only for devops

#networking #management

06:37

https://www.zyantific.com/blog/bypassing-telekom-fon-hotspot-authentication/

or why it is important to be well versed in regex if you use them for whitelisting

#tools #infosec

16:16

http://superuser.com/a/1152960

18./8 was assigned to MIT so long ago…

#history

16:19

https://arstechnica.com/gadgets/2016/12/802-11ad-wifi-guide-review/

a short bit about 60GHz wifi

#tech

23 February 2017

12:55

https://research.trust.salesforce.com/Meraki-RCE-When-Red-Team-and-Vulnerability-Research-fell-in-love.-Part-1/

the most interesting thing I learned from this post is that Salesforce has several dedicated security research teams

otherwise, the post documents the discovery process of a few vulnerabilities in a Meraki-branded #cisco product
oh, and there’s part two!

#infosec #research

24 February 2017

03:38

https://www.bussink.ch/?p=1810

where the author describes good reasons for moving from 10GBASE-T to SFP+ ports

#networking

05:19

https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

SHA1 collision found, and it’s cheap (compared to bruteforce)
$GOGL plans to release the code in 90 days

they did it on GPUs, but I expect someone to make an ASIC farm within a year

#infosec

09:08

https://www.sdxcentral.com/articles/news/cisco-makes-tetration-analytics-available-wider-audience/2017/02/

just 700k$ + 80k$/year for 1000VMs monitored
that’s just the platform (i.e. the tool),
add the (rare) expertise to run it and more to actually make use of it;
I wonder what the bottom line is estimated to be over 5y.

As I don’t have relevant experience, I also have little but wonder about how a cost like this is recovered. Note that it’s a tool used to monitor other tools, which are used to run other tools…

#tools #cloud #business

12:32

https://www.nanog.org/sites/default/files/Aben_Lost_Stars_-_v1.pdf

some answers as to why ipv6 is still underdeployed

#tech #policy #networking

12:46

https://tools.ietf.org/html/draft-palet-v6ops-rfc7084-bis-00

an RFC draft that outlines the basic requirements an ipv6 CE router should meet

#rfc #policy #networking

13:08

https://tools.ietf.org/html/draft-farrel-soon-04

from the tone of this one (with fat attempts at sarcasm) it will eigher become April 1st ‘17 RFC or will break some egos in IETF

also, notice that it’s in the 4th edition, so must be quite mature already and will be ratified SOON

#rfc #policy

25 February 2017

04:51

https://arxiv.org/pdf/1605.05606.pdf

a very comprehensive study of Carrier-Grade NAT deployments

#networking #isp #research

05:39

https://www.cisco.com/c/en/us/products/collateral/security/asa-5500-x-series-next-generation-firewalls/eos-eol-notice-c51-738643.html

oh my
so #cisco are really killing the “classical” ASA series…

#networking

06:01

http://www.chiark.greenend.org.uk/~sgtatham/putty/

the most popular terminal emulator for windows gets a new release

PuTTY 0.68 released, containing ECC, a 64-bit build, and security fixes

#tools

26 February 2017

06:13

https://istlsfastyet.com/

some motivation for those still slacking

#infosec

11:14

https://www.cisco.com/c/dam/en/us/products/collateral/security/firepower-4100-series/datasheet-c78-736661.pdf

the devices to replace recently EOS #cisco ASA

#networking #tools #infosec #hardware

1 March 2017

03:25

http://www.theregister.co.uk/2017/02/28/aws_is_awol_as_s3_goes_haywire/

it’s the second internet-scale problem (since #cloudbleed ) the world experiences just in one month

my guess is, they tried to do something about SHA-1 collision and it started killing back-end nodes like wildfire

#cloud #reliability #awsdown

18:27

https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-666.pdf

an evil-minded virus that spreds through temptation and blackmailing
fascinating

#infosec #research

18:37

https://arxiv.org/pdf/1702.07800.pdf

a great summary of everything deep learning

#research

18:49

https://drive.google.com/file/d/0B5gNT4RRJ0xPcC1mT3Y2T2hJUVk/view

how DNS works in TOR networks

#infosec #tech #networking

19:37

https://eprint.iacr.org/2017/190.pdf

the paper describes some technical details of how the recent SHA-1 collision was found, the computational cost of the procedure and the limitations

#research #infosec

2 March 2017

04:09

https://zakird.com/papers/https_interception.pdf

The Security Impact of HTTPS Interception

both commercial middleboxes and antivirus products are found to degrade security for the end-user

#infosec #research

07:15

https://twitter.com/askbow/status/837184402375471104

#tools

6 March 2017

06:08

http://virtualization.info/en/news/2009/06/vmware-asks-veeam-to-remove-support-for.html

the real reason behind Veeam not working on free ESXi
what a shame

#business #tools

7 March 2017

11:57

http://www.csoonline.com/article/3176433/security/spammers-expose-their-entire-operation-through-bad-backups.html

details of a spamming operation uncovered due to them being sloppy with backups

#business #infosec

15:01

https://arstechnica.com/tech-policy/2017/03/us-will-suspend-fast-processing-for-h-1b-visas/

https://arstechnica.com/tech-policy/2017/02/trump-may-soon-sign-executive-order-re-vamping-h-1b-visa-program/

so, lots of tech talent will be affected

#policy #business

8 March 2017

10:04

https://blogs.dropbox.com/tech/2017/02/meet-securitybot-open-sourcing-automated-security-at-scale/

dropbox are opensourcing their interactive security alert helper

#tools #infosec

14:46

http://www.crn.com/news/networking/300084092/extreme-networks-to-buy-avayas-networking-business-for-100m.htm

so, that’s how avaya is handling their financial problems
twitterpeople say it’s a good move for extreme

#business

20:28

https://blogs.cisco.com/security/the-wikileaks-vault-7-leak-what-we-know-so-far

#cisco is being cisco, i.e. being honest in talking about #infosec problems their equipment has
they admit the problem and saying they’re working on it

#policy

9 March 2017

12:15

https://forum.mikrotik.com/viewtopic.php?f=21&t=119308&p=587512#p587512

interstingly, mikrotik is another #networking vendor that is mentionned in the leaked docs a lot

so here’s their official response
quite good, honest, consise and to the point

#infosec #business #policy

13:03

https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/q4-2016-state-of-the-internet-connectivity-report.pdf

akamai’s state of the internet
Q4 2016 report

#tech #business #research #internet

12 March 2017

04:56

http://www.esharp.net/cisco-meraki-adds-beta-bgp-support-to-mx-appliances/

BGP support coming to #cisco meraki devices

#networking

13 March 2017

08:03

https://tools.ietf.org/html/rfc8117
Current Hostname Practice Considered Harmful

fresh RFC to inform us on privacy problems arising from common ways to use hostnames

#rfc #infosec

18 March 2017

05:47

https://arstechnica.com/security/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/

a reminder that nothing is ever fully secure:
given enought motivation, some people are capable to remotely get around some of the most effective security measures: sandboxing under a VM

#infosec

20 March 2017

19:51

https://arstechnica.com/security/2017/03/a-simple-command-allows-the-cia-to-commandeer-318-models-of-cisco-switches/

-6500, are you connected to the CIA?
-…

#cisco #infosec #policy

24 March 2017

09:10

https://cumulusnetworks.com/blog/vrf-for-linux/

VRF support in-kernel
not another namespace, just a thin layer

#tech #networking

14:53

https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/eUAKwjihhBs

motivation to de-trust Symantec certificates

#infosec #policy

18:37

https://communities.vmware.com/community/vmtn/vvd/vmware-validated-design-for-sddc-4x/content?filterID=contentstatus[published]~objecttype~objecttype[document]

newest edition of vmware’s SD DC validated design

#tech

27 March 2017

09:27

http://www.citylab.com/crime/2017/02/cellphone-spy-tools-have-flooded-local-police-departments/512543/

on proliferation of cellphone tracking systems in use by law enforcement agents

#tech #policy #infosec

30 March 2017

12:45

https://learningnetwork.cisco.com/community/expert-level-certifications-agile-blueprints

#cisco has decided (at last) on a strictierish schedule of #CCIE revisions
seems reasonable

13:56

https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-2960-l-series-switches/datasheet-c78-737665.html

just discovered new #cisco 2960L switches

#networking

14:08

https://www.dropbox.com/s/hzy47qf24mewhea/2017-EU.pdf?dl=0

Mikrotik User Meeting - new products announced

#networking

31 March 2017

15:38

https://cmaurice.fr/pdf/ndss17_maurice.pdf

VM isolation is a myth

#infosec

1 April 2017

04:14

https://twitter.com/SwiftOnSecurity/status/773234893203451904

wonderful thread about how to use printers to hack networks

#infosec

08:23

https://twitter.com/leyrer/status/847816162557689857
nuff’said

#reliability

08:54

http://www.reuters.com/article/us-usa-cyber-defense-idUSKBN17013U

“…Across the federal government, about 90 percent of all spending on cyber programs is dedicated to offensive efforts, including … developing the means to disable or degrade infrastructure”

I’ve come across a report recently (you can easily google it, so it’s sorta public) internal to a specific Russian infrastructure org;
there they claim that “they haven’t been breached ever” and don’t understand the monetary gain from hacking them, thus they conclude they don’t need to improve #infosec [anymore].
#naïveté <-new tag, yay!

#policy

22:31

https://arstechnica.com/security/2017/03/smart-tv-hack-embeds-attack-code-into-broadcast-signal-no-access-required/

who’ve ever believed that “smart tv” was a good idea ever
- they spy on you
- they are yet another channet to influence you
- they can be hacked over the net
- [with this news] they can be hacked over the air en masse by anybody

#infosec #iot

2 April 2017

16:04

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/16-3/configuration_guide/b_163_consolidated_3850_cg/b_163_consolidated_3850_cg_chapter_010101001.html

#cisco 3850 switches now support VSS aka remote stacking

#tech #networking

3 April 2017

12:34

https://www.rfc-editor.org/rfc/rfc8140.txt

new April1st RFC, enjoy!

#networking

4 April 2017

15:43

https://spqr.eecs.umich.edu/papers/trippel-IEEE-oaklawn-walnut-2017.pdf

new cool way to breach airgap: accelerometer spoofing

#iot #infosec

15:50

https://www.quora.com/What-made-Xerox-PARC-special-Who-else-today-is-like-them/answer/Alan-Kay-11

what was special about Xerox PARC - where maybe half of today’s networking and computing originated

#research #networking #history

15:56

https://www.sparkfun.com/news/2231

the story behind 9600 bps modems, 300 bod

#history #networking #tech

13 April 2017

13:16

https://mjg59.dreamwidth.org/47803.html

IKEA’s Trådfri is an example of #iot security
not perfect but as close as it gets

#infosec

14:34

https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-antennas-accessories/prod_white_paper0900aecd806a1a3e.pdf

a very good technical publication about common #wifi antennas, their radiation patterns and other parameters

#tech #networking #mustread

16 April 2017

09:48

http://dinosaurspen.tumblr.com/

old computer photoblog - just for fun

#history #tech

24 April 2017

10:03

https://github.com/inverse-inc/packetfence/

an open source network access control system

#networking #infosec

26 April 2017

10:21

https://tools.ietf.org/html/draft-lvelvindron-curdle-dh-group-exchange-00

this RFC draft proposes to update the minimum recommended modulus length for DH groups to 2048
quite a reasonable proposition, given the developments of the last few years

#infosec

2 May 2017

15:47

http://investor.cisco.com/investor-relations/news-and-events/news/news-details/2017/Cisco-Announces-Intent-to-Acquire-Viptela/default.aspx

#cisco is buying an SD-WAN vendor Viptela

#business

3 May 2017

12:12

https://www.autodeskresearch.com/publications/samestats

where the authors show why pure statistics without data are useless

#research

11 May 2017

12:45

https://blog.webernetz.net/2013/07/30/password-strengthentropy-characters-vs-words/

oldie-but-goldie: about password complexity

#infosec #research

12 May 2017

13:49

http://packetpushers.net/ccde-integrity-transparency-trust/

this May’s CCDE exam was cancelled
here’s some good thoughts on the event by one of the candidates

#cisco

13:55

https://blog.webernetz.net/2017/05/09/basic-cisco-configuration/

a very nice basic config for #cisco #tech

14:18

http://silvertonconsulting.com/blog/2016/08/13/facebook-moving-to-jbof-just-a-bunch-of-flash/#sthash.SAljmZFT.dpbs

just a bucnh of flash, by Facebook
the “why” section has one intersting point: they are going away from [hyper]converged servers (compute/storage) to be able to scale them cheaply and independently
also, this config slightly reminds me of (now EOS) #cisco UCS M-series

#servers #storage #tech

13 May 2017

03:58

https://labs.ripe.net/Members/becha/results-dns-measurements-hackathon

there are some [generally] interesting results there; for example, stale NS records are sometimes still propagated for days after an update

#research

06:14

https://www.spinellis.gr/blog/20170510/

a bit about Unix archtecture evolution

#tech #history

15 May 2017

08:29

http://www.networkworld.com/article/3195838/cloud-computing/you-really-should-know-what-the-andrew-file-system-is.html

AFS is an early example of a secure (by its time standards) networked system worth studying

#tech #history #infosec

12:54

http://ethancbanks.com/2017/04/12/managing-your-time-when-you-have-too-many-things-you-want-to-do/

<— so much this
a little sad, but true story of a networking engineer managing their time

#nontech #people

13:20

http://www.netcraftsmen.com/considering-sd-wan-make-best-decision-organization/

a well-measured opinion on where to go with SD-WAN if you’re a small / medium #cisco shop

#tech #networking

16 May 2017

13:06

https://www.cs.utexas.edu/users/EWD/transcriptions/EWD08xx/EWD896.html

“Simplicity is a great virtue but it requires hard work to achieve it and education to appreciate it. And to make matters worse: complexity sells better.”

some problems in computing are rather persistent;
even Dijkstra wrote about the complexity thing

#history #research

17 May 2017

04:11

https://www.youtube.com/mikrotik/playlists

networking isn’t limited to big $vendors
here’s a list of session recordings from Mikrotik User Meetings

#networking

04:37

http://www.wlanpros.com/wlpc-client-sensitivity-testing-results/

what makes #wifi testing unreliable is the spread of client sensitivity

10:41

https://www.schneier.com/blog/archives/2017/02/security_and_th.html

motivation for more gov.t control over information technology industry
and yes, #iot damned lack of security

#infosec #policy

11:49

http://doc.cat-v.org/bell_labs/utah2000/utah2000.html

how systems software #research was irrelevant in the early 2000, why, and proposed ways out

#history

18 May 2017

03:27

https://howdoesinternetwork.com/2016/6880-issu

a nice detailed step-by-step guide for #cisco VSS ISSU process; I believe the same process should hold for 6500 as well

#tech #networking

08:24

https://web.archive.org/web/20161020144256/http://danluu.com/why-ecc/

a case for using ECC memory in servers and other computers

#tech #reliability

19 May 2017

09:05

https://www.sunet.se/blogg/we-are-at-the-forefront/

Sweden’s scientific network SUNET is finished and with great results:
- current capacity 7.2Tbps, practially scalable to 107Tbps, theoretically - 688Tbps
- Juniper routers form the core
- 4.1 exabyte of data a month
- 100 Gbps core interfaces - 200/400 in the future
- 10/40/100 Gbps access interfaces
I think their blog is the best example of how to build public knowledge about what you’re doing and why

#networking #tech #research

22 May 2017

13:44

https://www.engadget.com/2017/05/17/us-senate-approves-signal-for-staff-use/

that sort-of settles it: Signal is good enough to use

#infosec #policy

24 May 2017

03:48

https://medium.com/@istumbler/the-sad-state-of-wi-fi-apis-in-apple-platforms-943893be17a2

the reason behind iphone’s lack of #wifi scan kind of apps - lack of public API

#tech

04:49

https://security.radware.com/ddos-threats-attacks/brickerbot-pdos-permanent-denial-of-service/

Radware’s description of an attack on #iot that doesn’t really spread, but instead targets to destroy the victim devices

#infosec

25 May 2017

13:22

https://simplesecurity.sensedeep.com/web-developer-security-checklist-f2e4f43c9c56

not only for web devs, this concise checklist will be useful to many people

#infosec

30 May 2017

11:46

https://askbow.com/2017/05/30/happens-start-cisco-6500-switch-without-fan-module/

it overheats, obviously

#lab #tech #research #blog

1 June 2017

11:27

http://seclists.org/oss-sec/2017/q2/366

several CVEs in linux kernel networking functions
can be used for DoS

#infosec #networking

2 June 2017

03:46

https://insinuator.net/2015/06/is-ipv6-more-secure-than-ipv4-or-less/

the state of #IPv6 security in 2015
now I wonder if anything has changed for the better since then

#infosec #networking

03:56

http://www.prnewswire.com/news-releases/uptime-institute-annual-survey-results-enterprise-owned-data-centers-still-primary-compute-venue-300448367.html

the study shows that not everybody has moved to the cloud, nor do they plan to do it in the near future

#cloud #research

04:24

https://vimeo.com/177768909

a nice way to #IPv6
no “transition” or retention of rather dated ipv4 mentality, but a clean purposeful design of addressing

#networking

5 June 2017

05:47

https://www.theregister.co.uk/2017/06/02/british_airways_data_centre_configuration/

some light on the british aiways’ recent datacentre meltdow
this might be the second [publicly known] instance in the recent history when the failure on one site was automatically propagated to the remote ones

#reliability

15:19

http://datacenterfrontier.com/amazon-building-custom-asic-chips-to-accelerate-cloud-networking/

amazon AWS: custom silicon, custom servers

#cloud #business #tech

6 June 2017

20:02

http://lostintransit.se/2017/06/06/certification-major-news-expert-level-recertification/

big news: continuing education as a recertification option for ccie/ccde

#cisco

9 June 2017

04:19

https://www.internetsociety.org/sites/default/files/IPv6_report_2017-0606.pdf

state of #ipv6 in the global Internet
- deployment is growing both across content sources and eyeballs

#networking

04:45

https://dq756f9pzlyr3.cloudfront.net/file/Internet+Trends+2017+Report.pdf

what’s happening in the Internet

#business #research

13 June 2017

14:11

https://www.itnews.com.au/news/public-cloud-costs-push-cba-to-openstack-464239

a case study showing a move from “public” AWS #cloud to private bare-metal openStack in a bank

#business #tech

14 June 2017

04:04

https://arstechnica.com/business/2017/06/charles-thacker-key-designer-of-the-xerox-alto-dies-at-74/

#history #tech

16 June 2017

15:54

https://www.theverge.com/2017/6/13/15782200/one-device-secret-history-iphone-brian-merchant-book-excerpt

the story of how the iphone as a product was born

#history

18 June 2017

18:03

http://www.tomshardware.com/news/european-parliament-end-to-end-encryption-communications,34809.html

end-to-end encryption FTW!

#infosec #policy

18:16

https://blog.cloudflare.com/the-relative-cost-of-bandwidth-around-the-world/

some light on the peering and transit costs in different parts of the world

#business #networking

18:55

http://www.lightreading.com/mobile/5g/how-much-will-5g-cost-no-one-has-a-clue/a/d-id/733753

some details on what 5G mobile network economics might look like

#business

21 June 2017

12:59

https://standards.ieee.org/findstds/standard/802.11-2016.html

freshest dot11 version is available for download

#wifi #tech #networking

14:12

https://arxiv.org/pdf/1607.01639.pdf

wanna know how new #cisco IPS finds malware in encrypted traffic?
here’s their research paper going into the gory details:
- no decryption / DPI
- machine learning FTW

#infosec #research #tech #networking

14:13

https://github.com/cisco/joy

and for those so inclined, the open source version of said #cisco IPS
(see above)

#tech #infosec #networking

23 June 2017

13:24

https://www.ieee-security.org/TC/SP2017/papers/207.pdf

The Password Reset MitM Attack

discusses ways towards designing a secure password reset process and limitations of popular methods

#infosec #research

24 June 2017

04:59

https://www.amazon.com/XG-C100C-Network-Adapter-PCI-E-Single/dp/B072N84DG6/

I had my reservations about NBASE-T hype, mostly because its applications were limited (some #cisco dot11ac access points only)

now you can get a NIC for 1-2-5-10G over UTP for $100
and I think it’s pretty cool

#networking

10 July 2017

10:37

https://tools.ietf.org/html/rfc8212

another new BGP RFC, proscribing default routing policy for eBGP sessions
the default is a safe one - deny any in and out, so the ops need to explicitly configure policy to allow routes to flow

#networking

14 July 2017

09:37

http://www.cisco.com/c/en/us/td/docs/wireless/technology/mesh/8-4/b_Dorm_deployment_guide.pdf

#cisco wireless dorm deployment guide

#networking

10:16

https://vincent.bernat.im/en/blog/2017-ipv4-route-lookup-linux#lookup-with-a-level-compressed-trie

how route lookup is done in today’s #linux

#networking #tech

21:17

http://up2v.nl/2017/05/29/what-went-wrong-in-british-airways-datacenter/

on how one of the biggest recent IT catastrophies progressed

#reliability #tech

16 July 2017

09:06

https://tools.ietf.org/rfc/rfc8200.txt

suddenly, ietf published a renewed #ipv6 standard

#networking

18 July 2017

13:21

https://www.nextplatform.com/2017/07/17/google-wants-rewire-internet/

google is modernizing its connection to the Internet

#networking #tech

13:37

https://blogs.technet.microsoft.com/networking/2017/07/13/core-network-stack-features-in-the-creators-update-for-windows-10/

TCP CUBIC support will be added to Windows (in linux since circa kernel 2.6, i.e. >10 years)

and many other cool enchancements

#tech #networking

21 July 2017

09:08

https://insinuator.net/2017/06/testing-rfc-6980-implementations-of-freebsd/

most of this paper is on end-host security in the face of some #ipv6 attacks, but it also shows that important protections should be turned on on the network equipment, namely the RA guard which limits the attack surface a lot

#networking #infosec

18:55

https://security.googleblog.com/2017/07/final-removal-of-trust-in-wosign-and.html

google chrome finally completes distrust of WoSign and StartCom CAs;
who’s next?

#infosec

24 July 2017

07:37

https://cryptosense.com/the-end-of-triple-des/

3des isn’t recommended for anything practical (#networking wise), and outside of that domain you should change keys every 8MB of data

#infosec

25 July 2017

15:09

https://www.reddit.com/r/talesfromtechsupport/comments/6ovy0h/how_the_coffeemachine_took_down_a_factories/

#nocomment #infosec #networking

15:21

http://www.cisco.com/c/dam/m/digital/elq-cmcglobal/witb/1456403/Cisco_2017_Midyear_Cybersecurity_Report.pdf

#cisco 2017 midyear cybersecurity report

business as usual: increase in spam, more cool malware hitting companies everywhere, flash still a dumpsterfire,

#infosec

26 July 2017

13:48

https://blogs.adobe.com/conversations/2017/07/adobe-flash-update.html

“Adobe is planning to end-of-life Flash. Specifically, we will stop updating and distributing the Flash Player at the end of 2020”
enfin!

#infosec

27 July 2017

03:22

https://www.thingiverse.com/thing:705857

for those of us who are masterful in the art of 3D printing - a mount for AP useful during wireless site surveys

#networking #wifi

08:06

https://ripe74.ripe.net/archives/video/48/

for the #iot night is dark and full of terrors

#networking #infosec

08:54

https://tools.ietf.org/html/rfc8203

BGP Administrative Shutdown Communication
new internet standard

#networking

21 August 2017

18:18

https://napalm-automation.net/yang-for-dummies/

YANG basics - one of the clearest explanations of what’s going on in this area

#sdn #networking

23 August 2017

12:55

https://blog.ycombinator.com/jeff-deans-lecture-for-yc-ai/

a nice lecture about what’s going on at google in ML division
(plan for at least 45 minutes of listening)

#tech

29 August 2017

04:17

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/product/vmware-product-guide.pdf

some notes on vmware licensing

#business #tools

1 September 2017

11:49

https://hal.inria.fr/hal-01575519/document

Does disabling Wi-Fi prevent my Android phone from sending Wi-Fi frames?
Abstract: No.

#infosec #tech #wifi

6 September 2017

08:31

https://www.youtube.com/watch?v=Z-Bt3ylCMIU

RIP Solaris

oracle be damned

#business

12 September 2017

07:35

https://www.telenor.com/innovation/telektronikk/archive/

archives of Telenor’s Telektronikk magazine, which discusses various issues of #networking and SP #business

#worthreading #tech #history

13 September 2017

05:15

https://blog.apnic.net/2017/09/06/opinion-defence-nats/

on the #history and importance of NAT, also how #ipv6 effectively failed

#networking

18 September 2017

13:00

https://www.ernw.de/download/Enno_Rey_RIPE74_Structural_Deficits_IPv6.pdf

what the real problems with #ipv6 are and what to do with them security-wise

#networking #infosec #policy

15:47

https://www.nextplatform.com/2017/09/14/rare-peek-inside-400g-cisco-network-chip/

some dirty details on how some #cisco ASIC is constructed

  • it’s more like a GPU, if you ask me, but I’m not proficient enough to be trusted😉
  • run-to-completion in hardware
  • 800Gbps forwarding;
  • they don’t disclose what devices run on it; my guess is ASR

#tech #networking

20 September 2017

08:39

https://www.eff.org/deeplinks/2017/09/open-letter-w3c-director-ceo-team-and-membership

#wow
EFF leaves W3C over DRM (an abominable tech that shouldn’t exist in a civilized world)

#policy #infosec

21 September 2017

04:29

https://github-debug.com/

a tool every major site has to have
blog: https://githubengineering.com/github-debug/

#tools #networking

30 September 2017

15:44

https://medium.com/netflix-techblog/serving-100-gbps-from-an-open-connect-appliance-cdb51dda3b99

this is what you can do with your network performance if you take control of your application

#tech #networking

18:42

https://www.theregister.co.uk/2017/09/22/cisco_intersight_infrastructure_management_cloud/

rumor is, #cisco is going to kill UCSD

#business #cloud

18:52

https://github.com/apple/darwin-xnu

#wow
apple published to open source its XNU kernel

are they trying o one-up microsoft?

#tech #business

2 October 2017

16:15

http://www.38north.org/2017/10/mwilliams100117/

so, NK was basically single-homed all that time?

#networking

3 October 2017

15:44

http://noxxi.de/research/breaking-dkim-on-purpose-and-by-chance.html

how to break DKIM signature validation in email sender verification

#research #infosec

4 October 2017

04:35

https://azure.microsoft.com/en-gb/status/history/
29/9 - RCA - Storage Related Incident - North Europe

fire suppression false alarm (during scheduled maintenance) resulted in Azure storage backend shutdown, affecting services in North Europe region

note that fire supression system worked correctly, the same way it would anywhere, so $MSFT was just unlucky to trigger it

#reliability

5 October 2017

07:46

https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html

quite a good explanation of why no security-minded person would do SSL inspection by decryption in production

#infosec #tech

7 October 2017

06:19

https://arstechnica.com/information-technology/2017/09/attackers-can-use-surveillance-cameras-to-grab-data-from-air-gapped-networks/

yet another air-gap breach, now via infrared capabilities of common security CCTV

#infosec

10 October 2017

08:29

https://www.forbrukerradet.no/siste-nytt/connected-health-devices-violate-users-privacy

Norwegian Consumer Council tested a bunch of #iot enabled health trackers and concludes that these are bad for privacy

#policy

14 October 2017

12:55

https://www.fastcompany.com/40437402/the-internets-future-is-more-fragile-than-ever-says-one-of-its-inventors

Vint Cerf’s perspective on some of today’s Internet problems;
as often with his interviews, it’s a tad cloudy, but provides food for thought nevertheless

#tech #networking #policy

15 October 2017

11:56

https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/q1-2017-state-of-the-internet-security-report.pdf

akamai’s state of the internet
Q1 2017 report

#tech #business #research #internet

17 October 2017

08:37

https://papers.mathyvanhoef.com/ccs2017.pdf

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2
Abstract: We introduce the key reinstallation attack. This attack abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use key. This resets the key’s associated parameters such as transmit nonces and receive replay counters. Several types of cryptographic Wi-Fi handshakes are affected by the attack.

#infosec #wifi #research

19 October 2017

04:59

https://rule11.tech/reaction-networks-not-cars-cell-phones/

Russ White on disaggregating how we think about networks’ “future proofness” by separating hardware from software and applying separate requirements

#networking

20 October 2017

09:35

http://www.doyleassociates.net/blog/files/84a40d0e405b8d51020e764698631838-4.php

on the importance of failures in network operation

#networking #reliability

23 October 2017

03:27

https://plajjan.github.io/interoperable-100G/

the way to 100G DWDM interoperability between four major networking vendors
(they did it!)

#networking #tech

24 October 2017

08:47

https://www.enog.org/wp-content/uploads/presentations/enog-14/8-Peering-Survey-2016-ENOG14.pdf

internet peering survey 5y update:

  • 99+% of peerings are informal, symmetric, IX-based
  • “paid peering” and “private peering” is rare
  • strong preference for countries with prevailing rule-of-law

#networking #research

28 October 2017

05:26

https://twitter.com/RoKhanna/status/923701871092441088

the old joke about net neutrality made real?

#networking

31 October 2017

05:56

https://www.cisco-freeware.com/

links to all of #cisco “free” stuff:
- trial software
- “apps” (i.e. software and tools packaged)
- services
- (some of the) CCO tools
- training

#business

2 November 2017

06:09

https://www.gartner.com/doc/reprints?id=1-4HTU8NX&ct=171013&st=sb

Gartner MQ for wired & wireless LANs as of October 2017

#networking #business #research

07:11

https://www.slideshare.net/PacSecJP/georgi-geshev-warranty-void-if-label-removed

#infosec considerations for MPLS #networking

#research

07:43

https://www.cs.princeton.edu/~wlloyd/papers/rr-imc17.pdf

on feasibility and practicality of using IPv4 RR option for Internet-wide measurements and #research

#networking

08:18

https://learningnetwork.cisco.com/blogs/community_cafe/2017/10/17/the-magic-of-super-spines-and-rfc7938-with-overlays-guest-post

a detailed overview of BGP EVPN multi-tier Clos network construction considerations for scaling datacenter networks

#networking #tech

7 November 2017

03:04

https://staltz.com/the-web-began-dying-in-2014-heres-how.html

thought this article starts with light things like market and traffic dominance of $GOOG $FB and $AMZN, it goes on to paint a picture of a grim future for the web and the #internet as we know it

#business

13:56

https://www.wired.com/story/how-a-tiny-error-shut-off-the-internet-for-parts-of-the-us/

a brief note on how Level3 for a brief moment brought down internet service in the US

#reliability #business

14 November 2017

03:16

https://kernelnewbies.org/Linux_4.14

New Linux released!

some of the new kernel’s #networking features:
+Generic Routing Encapsulation: Add ERSPAN type II tunnel support. One of the purposes is for Linux box to be able to receive ERSPAN monitoring traffic sent from the #cisco switch, by creating a ERSPAN tunnel device. In addition, the patch also adds ERSPAN TX, so Linux virtual switch can redirect monitored traffic to the ERSPAN tunnel device
+IPv6 Segment Routing
+lots of performance improvements

#tech

18:54

https://investor.cisco.com/investor-relations/news-and-events/news/news-details/2017/Cisco-Survey-Indicates-Adding-a-Virtual-Assistant-May-Be-the-Key-to-Happiness-at-Work/default.aspx

the AI future of UC: humans are ready to be conquered

I for one welcome our software-defined cloud-native overlords

#research #business #cisco

15 November 2017

03:14

https://www.microsoft.com/en-us/research/wp-content/uploads/2017/10/p599-liu.pdf

network verification is the future

$MSFT and Cumulus and others are already doing it

#networking #tech #research

16 November 2017

08:03

https://code.facebook.com/posts/291641674683314/open-r-open-routing-for-modern-networks/

FB open-sourcing thier backbone routing control plane (i.e. they made an IGP)

#networking #research

17 November 2017

04:15

http://www.datacenterknowledge.com/uptime/ovh-disassemble-container-data-centers-after-epic-outage-europe

how a double outage (power feed and software bug in equipment) partially brought down the biggest native-European infrastructure and cloud provider

#reliability #business

23 November 2017

02:40

https://xrdocs.github.io/design/blogs/2017-08-01-internet-edge-peering-current-practice/

here’s a concise overview of current peering edge architectures, problems, and #tech
It’s a little #cisco XR-centric, so not all cool tech is available on every box

#networking

03:19

https://blog.apnic.net/2017/06/26/bgp-specifics-routing-vandalism-useful/

on current use cases, practice, and characteristics of more-specific prefix announcements in BGP default-free zone
- in ipv4, 50% of all NRI are more-specifics, ipv6 seems to be growing in the same direction
- ipv6 more-specifics observed to be less stable
- not considered harmful, though some optimization is possible

#networking #research

24 November 2017

07:42

https://blogs.dropbox.com/tech/2017/11/deploying-ipv6-in-dropbox-edge-network/

Dropbox’ experience in deploying ipv6 in user-facing POPs
also gives insight into multi-layer load balancing strategy

#tech #networking #ipv6

28 November 2017

13:29

https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf

OWASP group published quadrennial update to their Top10 guide to Web security

#infosec #research

30 November 2017

03:06

https://aws.amazon.com/blogs/aws/new-amazon-ec2-bare-metal-instances-with-direct-access-to-hardware/

I guess, AWS now finally competes with Hetzner😉
the offer at launch is 36 HT cores / 512G / 15T NVMe SSD / 25 Gbps

from networking PoV, 25Gbps looks a bit odd: are these machines single-homed? If dual-homed, why can’t use 2x25Gbps capacity? The requirement to support ENA in AMI points to some hidden virtualization (SR-IOV?)

#business #networking

14:38

https://boingboing.net/2017/11/27/piracy-is-always-a-smokescreen.html

Cory Doctorow’s writeup disclosing the way EFF outed DRM proponent’s true intentions: it’s not about IP rights

#infosec #policy

2 December 2017

17:21

https://arstechnica.com/science/2017/12/after-37-years-voyager-has-fired-up-its-trajectory-thrusters/

- current RTT is 39 hours, something to think about space Internet wise
- the systems still work, after 37 Y in flight through radiation and all
- JPL people found a way to prolong useful life for 1-2 Y more than prev. estimate

when we all go up in smoke, V’ger will be humanity’s last testament, still flying in the vast emptiness

#tech #reliability

5 December 2017

04:29

https://www.cnbc.com/2017/12/01/nokia-halts-ma-talks-with-juniper-for-now.html

the important part here is that at some point, nokia realy was considering aquisition of juniper but there was some dealbreaker

does that mean problems at juniper?

#business

8 December 2017

04:02

https://learningnetwork.cisco.com/blogs/vip-perspectives/2017/11/08/ospf-graphs-lsas-and-the-lsdb

what a neat description of principal LSDB artifacts!
worth reading

#networking #tech

16 December 2017

11:31

https://www.youtube.com/watch?v=zGIKT1yw27A

why the internet matters, how dumb pipes #business works

#ntworking

19 December 2017

03:56

https://www.google.com/patents/US6377577

how #cisco processes ACLs in (T)CAM - a patent worth being a part of #networking #tech textbook

in the current state of their 3-year litigation, this patent is used by CSCO to prevent arista from importing (and thus selling) their products in the US; notice the patent’s authors - both are arista founders who previously worked for CSCO

21 December 2017

17:51

https://www.youtube.com/embed/P7JWnosdlr8?rel=0&controls=1&autoplay=1

#ipv6 xmas tree🎄 is up again!

instructions: http://ipv6tree.bitnet.be/

23 December 2017

10:09

http://www.computerhistory.org/atchm/born-in-a-van-happy-40th-birthday-to-the-internet/

some moments of early tcp/ip #history

#tech #networking

19 January 2018

01:59

https://arxiv.org/pdf/1801.05168.pdf

for those who are curious about QUIC ongoing deployment on the Internet
- still mostly $GOOG turf
- still work-in-progress
- lack of client-side support
- large body of broken servers
- near 6% of traffic
- maybe ~1% of domains

#tech #research

20 January 2018

16:53

https://www.youtube.com/watch?v=BO0QhaxBRr0

one way to improve delays in networks
- instead of full packet discard on congestion, throw away just the payload but forward the header through PQ, thus allowing endhost to issue a NACK, hence improving sender’s reaction to packet loss

there are other interesting things going on in this NDP system

full SIGCOMM presentation:
https://www.youtube.com/watch?v=OI3mh1Vx8xI
original paper:
http://nets.cs.pub.ro/~costin/files/ndp.pdf

#networking #tech #research

23 January 2018

10:02

https://forums.xilinx.com/t5/Xcell-Daily-Blog/Netcope-breaks-100GbE-record-148-8M-packets-sec-the-theoretical/ba-p/783676

We live in wonderful times: now there are 2x100Gbps NICs you can buy for money and plug into your machine

And I remember being asked “who will ever need 1Gbps - that’s too fast” more than once in my career

#networking #tech

24 January 2018

09:24

https://tools.ietf.org/html/draft-hildebrand-middlebox-erosion-01

to put it into less mild terms, “middleboxes considered harmful”

#networking #infosec

26 January 2018

07:26

http://packetpussies.net/generator/

just for the sake of friday, here’s a #networking marketing buzzword generator

“Our product is an agile operational dashboard including an integrated flow-wrangling integrator which will realize a new network paradigm.”

9 February 2018

03:04

https://blog.theitrebel.com/2017/08/28/tip-aiming-external-antennas/

a very efficient DIY tool for directional antenna aiming

#networking #tools #wifi

18 February 2018

11:08

http://www.sgdsn.gouv.fr/uploads/2018/02/20180206-np-revue-cyber-public-v3.3-publication.pdf

New French cyberdefense policy
the most novell and interesting point is arguably that of cyberliability: the makers of products are to be hold liable for product’s #infosec until end-of-life, and strongly suggested to opensource the code after EOL

19 February 2018

12:42

https://ripe69.ripe.net/wp-content/uploads/presentations/11-RIPE69.pdf

a story of a real-life small-scale SDN (service provider)
white-box, custom built, openflow

#tech #networking

21 February 2018

12:34

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Campus/CVD-Software-Defined-Access-Design-Guide-2018JAN.pdf

#cisco DNA CVD, freshly minted

#networking

22 February 2018

03:37

https://www3.cs.stonybrook.edu/~mikepo/papers/proxyscan.ndss18.pdf

A Large-scale Analysis of Content Modification by
Open HTTP Proxies

- 38% perform some form of content modification.
- 5.15% perform modification considered malicious, of these:
- 47% injected ads,
- 39% injected code for collecting user information
-12% attempted to redirect the user to pages that contain malware.

#research #infosec

03:46

https://arxiv.org/pdf/1802.05030.pdf

Facebook Use of Sensitive Data for Advertising in Europe

Facebook labels 73% EU users with sensitive interests. This corresponds to 40% of the overall EU population. We also estimate that a malicious third-party could unveil the identity of Facebook users that have been assigned a sensitive interest at a cost as low as 0.015 EUR per user.

#research #infosec

14:53

https://www.bahnhof.se/brf/

Swedish ISP Bahnhof offers broadband connection to the home featuring 10Gbps for ~30 EUR/month

That’s what I call progress

#networking

14:58

https://tools.ietf.org/html/rfc8312

after ~11 years in production (Linux), CUBIC is finally an RFC
read that to learn how modern TCP works

#networking #tech #research

26 February 2018

13:01

https://2018.apricot.net/assets/files/APNT806/Submarine-Cable-and-Capacity-Pricing-Trends-in-Asia-Pacific.pdf
10G intercontinental fiber price has dropped in the last 3Y
#networking #business

13:28

https://2018.apricot.net/assets/files/APNT806/TCP-and-BBR.pdf

BBR considered harmful, or a tale of what happens when some Evil Corp develops an unfair TCP

#networking #research

13:40

https://blog.packet-foo.com/2014/09/how-millisecond-delays-may-kill-database-performance/

also, that’s why you might want that WAN optimization thing
(when phisically moving that server closer to clients is not feasible)

#networking

14:03

https://arxiv.org/ftp/arxiv/papers/1703/1703.06967.pdf

Markov chain-based machine learning employed to optimize load placement (both compute and network)

results of the study show this algorithm was able to
place workloads to make more efficient use of network and data centre resources and placed ~5-8% more workloads than other heuristic placement algorithms considered

#networking #research

2 March 2018

06:21

https://arstechnica.com/information-technology/2018/03/23000-https-certificates-axed-after-ceo-e-mails-private-keys/

basically, the CA industry is broken and needs be dismantled

this week’s fuckup: a reseller had customer’s private keys stored in such a way they were attached to a plaintext email

#infosec #business

13:52

https://tools.ietf.org/html/draft-ietf-mboned-dc-deploy-02.html

This document provides a quick survey of uses of multicast in the data center and should serve as an aid to further discussion of issues related to large amounts of multicast in the data center.
(work in progress)

#networking

14:54

http://www.broadbandtechreport.com/articles/2018/01/verizon-juniper-ciena-trial-400g-optics.html

IEEE P802.3bs 400 Gbps Ethernet is now considered practical

not sure why the article mentions that they did it on a single labmda: .3bs requires at least 8 lambdas over two fibers, as far as I can tell

#networking #tech

5 March 2018

14:09

https://www.youtube.com/watch?v=VpRFo7yEJwY

talk to your #cisco servers via Alexa / AWS Lambda

#tech #justforfun

7 March 2018

04:12

https://cyber.dhs.gov/assets/report/bod-16-02.pdf

US Department of Homeland Security published a previously “official use only” directive yesterday

they order federal agencies to patch their vulnerable #cisco machines and periodically report on security status

the interesting part everybody is chewing on is, vulns in cisco asa and routers appaently were successfully used to hack into US agencies networks

#infosec #policy

04:14

https://cyber.dhs.gov/assets/report/ar-16-20173.pdf

Report AR-16-20173 mentionned in the BOD-16-02 by the US DHS

#infosec #policy

13 March 2018

04:12

https://citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria/

a very thorough investigation of internet censorship in Turkey and Egypt
+includes analysys of DPI #tech used
+includes a filter to detect packets injected with such a DPI

#policy #infosec

04:25

https://panic.com/blog/mystery-of-the-slow-downloads/

I think we all can agree with the author here, it is rather strange that Comcast went out of their way to fix the problem on their side without at least trying to extort money

#networking #business

14 March 2018

04:10

https://scotthelme.co.uk/why-we-need-to-do-more-to-reduce-certificate-lifetimes/

why we need to shorten effective validity periods, the history of validity periods in CA industry, what’s more to come

in short: buying 3y certs is a waste and goes against your best interests
especially right now

#infosec

15 March 2018

03:33

https://www.itnog.it/itnog3/files/ITNOG3-Juniper_RIFT.pdf

this looks like the latest (Nov’17) public info on work-in-progress RIFT, a routing protocol for Clos networks

#networking #research

16 March 2018

03:53

https://www.snellman.net/blog/archive/2015-08-25-tcp-optimization-in-mobile-networks/

on TCP optimization #tech for mobile packet networks
some nice details on how with relatively simple means (i.e. no caching, gzipping, inventing new congestion control, or going into application inspection) we can hugely optimize TCP for long-RTT networks

#networking

22 March 2018

02:15

https://www.farsightsecurity.com/2016/04/28/vixie-magicalthinking/

critique of ‘killchain’ approach to #infosec in real life, blackboxes considered harmful

We are, today, trying to secure technology we do not understand, against attackers who understand our technology better than we do. Worse still, we’re trying to secure technology that our technology vendors do not understand.
What’s missing from the models inspired by military doctrine is that this isn’t a war or a battle, it’s a way of life — it’s forever. And our strategic options don’t include whether to fight, or when, or on what ground. All of those options are in the hands of our adversaries.

28 March 2018

03:13

https://blogs.cisco.com/datacenter/new-portability-options-for-ciscos-data-center-networking

now you can run an OS of your choice on a #cisco nexus switch
looks like a #business move to sell more of them to $MSFT for azure who recently published work on Sonic
the ability to run NX-OS on any hardware clearly comes secondary

7 April 2018

07:11

https://blog.webernetz.net/using-a-fortigate-for-bitcoin-mining/

FortiGate firewalls support $BTC mining as a standard, though hidden, feature

#infosec #business

12 April 2018

03:29

http://www.circleid.com/posts/20180402_oblivious_dns_plugging_the_internets_biggest_privacy_hole/

nice idea: basically, TOR principles applied to DNS

there are caveats in this paper that still need resolving, for example step 5 of the algorithm as constructed is nothing but handwaving, and it differs from the sequence diagram; moreover, the process on the sequence diagram leaks information to the Recursive server

#networking #research #infosec

16 April 2018

08:23

https://www.icann.org/en/system/files/correspondence/jelinek-to-marby-11apr18-en.pdf

in compliance with EU’s GDPR, WHOIS service as constructed will soon be illegal

#networking #policy

17 April 2018

20:27

https://twitter.com/RIPENCC_IPRAs/status/986164235993526272

RIPE is down to refurbished addresses in IPv4 space

#ipv6

20:56

https://amp.businessinsider.com/microsoft-azure-sphere-is-powered-by-linux-2018-4

“After 43 years, this is the first day that we are announcing - and will be distributing - a custom Linux kernel,” Microsoft’s president, Brad Smith, said onstage at an event in San Francisco.

Microsoft(R) Linux(tm) FTW!

#business

23 April 2018

07:00

http://uk.businessinsider.com/hackers-stole-a-casinos-database-through-a-thermometer-in-the-lobby-fish-tank-2018-4

“a casino was hacked via a thermometer in an aquarium in the lobby.”

S in #iot stands for Security

#infosec

30 April 2018

11:46

https://arxiv.org/pdf/1804.07706.pdf

Securing Email arXiv:1804.07706v1

everything you wanted to know about email security in one concise study
TLS-SMTP, DKIM, SPF, DMARC, S/MIME, PGP, etc.

#infosec #tech

4 May 2018

11:43

https://www.tummy.com/articles/famous-dns-server/

#history behind the 4.2.2.2 DNS service

  • they were the first to realize that there is value in memorable addresses
  • filtering it would’ve been harder than letting it be public
  • anycast for reliability and easy customer migration

#netwoking

15:34

https://www.comodoca.com/en-us/about/blog/on-comodo-ca%E2%80%99s-recent-revocation-of-an-ssl-certifi/

interesting handling of a complex situation by comodo CA:

  • here’s what happened
  • here’s how a wrong decision was made
  • here’s how we are proposing to right it
  • here are our steps to prevent it in the future

#infosec #policy

5 May 2018

05:18

https://www.usenix.org/system/files/conference/foci12/foci12-final2.pdf

a 2012 paper on how to block services such as TOR intelligently, and a few simple ways to work around this method

#infosec #networking #tech

8 May 2018

11:52

https://www.youtube.com/watch?v=BnhCHOo2Zss

the author describes the political landscape surrounding nation-state APTs and calls for a more fleshed-out #policy

#infosec

9 May 2018

05:10

https://ai.googleblog.com/2018/05/duplex-ai-system-for-natural-conversation.html

>The Google Duplex system is capable of carrying out sophisticated conversations and it completes the majority of its tasks fully autonomously, without human involvement.

So that’s why Google voice and Fi projects exist: to train a novell AI how to talk to humans naturally

#tech

10 May 2018

10:19

https://www.youtube.com/watch?v=BRUvbiWLwFI

if you only have ~15 mins to spare to learn about the future today, I suggest watching this barebones version of goggle’s keynote (3+ hrs all in all)
basically, “AI all the things!”

#futureishere #tech

11 May 2018

10:00

https://www.theregister.co.uk/2018/05/10/ibm_bans_all_removable_storage_for_all_staff_everywhere/

IBM moves from sneakernet to something more cloudy

#infosec

17 May 2018

03:10

https://arstechnica.com/tech-policy/2018/05/senate-votes-to-overturn-ajit-pais-net-neutrality-repeal/

They did it, with just a 5 vote margin
Now though this has to pass through the House, and the POTUS

#policy

28 May 2018

09:29

https://status.cloud.google.com/incident/cloud-networking/18009#18009005

google’s GCP most recent incident analysis
- that’s the way to write postmortems:

  • impact, root cause (when possible), remediation, prevention

TL;DR: fluke in BGP code caused regional prefixes withdrawal from BGP advertisements, leading to unreachability; mitigated by software rollback

#reliability #networking

10:34

https://spectrum.ieee.org/computing/hardware/how-to-kill-a-supercomputer-dirty-power-cosmic-rays-and-bad-solder

if you ever wondered whence comes the majority of parity errors - not only in supercomputers, but in networking equipment as well

#tech #reliability

3 June 2018

12:11

https://blog.benjojo.co.uk/post/bgp-battleships

as I mentionned elsewhere, BGP will soon surpass HTTP(S) as preferred transport for everything:
first we had a chat, now there’s a game of Battleships

#tech #networking

5 June 2018

07:38

https://www.youtube.com/watch?v=iMAThVcqzuk

how the intercontinent fiber cables are terminated on the shore
the video also dispels my previous assumption that the undersea cables are at least as thick as my leg due to all the protection required - the deeper they go, the less protection they need, as most of the danger comes from near-shore fishing and anchoring activities

#networking #tech

12 June 2018

07:31

https://ripe76.ripe.net/presentations/30-180514.ripe-clos.pdf

how to do SPF routing in BGP for mid-sized Clos fabrics and why would you do that

a fascinating read in protocol design, though I am disturbed by yet another load on top of BGP - the author is right, clearly now only HTTP and SMTP are missing

#networking #tech #research

07:55

https://jvns.ca/tcpdump-zine.pdf

for anyone wanting to know and use tcpdump, here’s a zine by Julia Evans
it’s a quick and easy read and gets you right into practical stuff

#networking #tools

08:34

https://xrdocs.io/cloud-scale-networking/tutorials/2018-02-19-netflow-sampling-interval-and-the-mythical-internet-packet-size/

how NetFlow works under the hood in #cisco IOS-XR systems
also contains some fresh data on average packet sizes from a real internet router

#networking #tech #research

09:37

https://stratechery.com/2018/the-end-of-windows/

timeline and reflection on recent #business strategy evolutions at $MSFT

09:56

https://github.com/alex/what-happens-when

an in-depth (for some definition of depth) exploration of the process under the hood of showing us a webpage

#tech

14 June 2018

05:00

https://www.akamai.com/de/de/multimedia/documents/technical-publication/detecting-peering-infrastructure-outages-in-the-wild.pdf

Outages at colocation facilities and IXPs affect the operation of hundreds of networks. In this paper, the authors show that control-plane messages provide an excellent, yet unexplored source of information that can be utilized to detect peering infrastructure outages in the wild. We develop a methodology to analyze the values of the BGP Communities attribute to accurately detect the location of a peering outage at the level of a building.

other notable findings:

  • We find that 53% of the outages are in Europe,
    31% in the US, and the remaining ones in the other regions.
  • The median outage duration is 17 minutes and 40% of the outages exceed 1hour
  • 5% of the monitored 403 facilities fail to meet the 99.99% uptime mark and 18% the 99.999% uptime mark.
  • [after an outage] BGP path re-convergence took about 4 hours until 95% of the paths returned

short presentation on the chief contribution of this paper: https://www.youtube.com/watch?v=U_qOSWRe3pQ

#networking #reliability #research

05:36

https://sheharbano.com/assets/publications/ccr18-scan-liveness.pdf

Liveness—whether or not a target IP address responds to a probe packet—is a nuanced concept without a simple yes/no answer. Responsiveness directly depends on the probe type, the configuration
of the targeted host, as well as on firewalling and filtering behaviors at the edge or within networks.

key findings include:
(i) TCP and UDP probes increase the population responsive over ICMP by 18%,
(ii) comprehensively capturing reply traffic (i.e., taking into account negative reply packets) increases the responsive population by more than 13%,
(iii) TCP stacks do not consistently respond with a TCP Rst for non-available services—in our measurements only 24% of hosts with an active TCP stack respond to all the probes,
(iv) our concurrent scans allow us to identify nearly 2M tarpits that would bias measurements that do not take them into account, and
(v) we report on the correlation of responsiveness across protocols uncovering potential filtering practices.

other notable findings:

  • probe redundancy [sending deferred repeated probes] increases the population of active IP addresses by 2.2%
  • our scans recorded 487M network alive IPs (IPall) out
    of 3.6B probed.
  • we see that ICMP Echo probes are most effective in discovering network active IPs, revealing 79% of IPall, followed by TCP probes.
  • we find that 16% of IPall can only exclusively be discovered via TCP, and a small but significant ≈2% can only be discovered via UDP probes.

#networking #research

19 June 2018

04:24

https://ripe74.ripe.net/archives/video/58/
https://ripe74.ripe.net/wp-content/uploads/presentations/67-Enno_Rey_RIPE74_Structural_Deficits_IPv6.pdf

Enno Rey, Why IPv6 Security Is So Hard

a quick and lighthearted rant about #ipv6 complexity, with the loveliest questions section ever

#networking #infosec

25 June 2018

09:05

http://www.lightreading.com/nfv/nfv-tests-and-trials/validating-ciscos-nfv-infrastructure-pt-1/d/d-id/718684?page_number=8

an overview of #cisco VPP performance

VPP - new-ish software dataplane mechanism, now part of fd.io Linux Foundation project developed in collaboration between multiple vendors and #research groups

#tech #networking

09:18

https://fd.io/wp-content/uploads/sites/34/2018/02/performance_analysis_sw_data_planes_dec21_2017-1.pdf

an in-depth discussion of software dataplane performance characteristics and detailed test results for VPP/fd.io and other modern sw dataplanes

#tech #networking #research

5 July 2018

04:15

https://conferences.sigcomm.org/sigcomm/2016/files/program/netpl/netpl16-nikolaj.pdf

a short intro presentation showcasing current state of network verification #research

includes some general info on solvers and mapping of research to applications, plus SecGuru, Network optimized Datalog, and a way to scale verification to 10^6-node networks

04:20

https://learningnetwork.cisco.com/servlet/JiveServlet/previewBody/31004-102-7-149734/nrusso_ccie_ccde_evolving_tech_1july2018.pdf

Nick Russo has updated his evolving tech guide to now include v.1.1 topics:
- Minimal working Viptela example
- Minimal working SVN example
- Minimal working AWS CodeCommit + AWS CodeBuild example
- Minimal working local NFVIS management example
- Minimal working DNA-C + NFVIS example
- Minimal working IOS-XR gRPC example
- Minimal working Docker example
- Minimal working Kubernetes example (with AWS EKS discussion)
- Inclusion of production Ansible playbook references
- SDA discussion
- NFVI, VIM, and VTS discussion
- Cloud Center discussion
- IoT PHY protocol discussion and comparison (LEACH, PEGASIS, MTE, TEEN, DEEC, etc)
- Cisco DMo discussion
- IoT Threat Defense solution (security)

#study #cisco

04:33

http://www.calient.net/wp-content/uploads/downloads/2013/04/CALIENT-S-Series-Photonic-Switch-Hardware-User-Manual-Rev-A-460xxx-00-v10.pdf

everything you wanted to know about photonic #networking in one handy guide

tl;dr: fancy programmable FO patch panels based on electronically-controlled rotating mirrors

#tech

7 July 2018

05:16

https://blog.cloudflare.com/how-to-drop-10-million-packets/

a dive into the modern Linux networking stack - same methods apply to any packet handling, not just dropping

#tech

9 July 2018

12:04

https://www.usenix.org/node/189019

network verification using Network optimized Datalog
includes some nice usecases

#research

13:24

P-FatTree: A Multi-channel Datacenter Network Topology

In this work we propose P-FatTree, which is a FatTree topology

basically, their idea is to disbundle sub-channels and connect them do disparate fabrics inside the switch

i.e. apply multiplane topology idea to switch internal design, shifting the ECMP (between channels) burden to the host

#research #tech

15:48

Clusters in the Expanse:
Understanding and Unbiasing IPv6 Hitlists

In this paper, the authors show that addresses in IPv6 hitlists are heavily clustered. We present novel techniques that allow to push IPv6 hitlists from quantity to quality. We perform a longitudinal active measurement study over 6 months, targeting more than 50 M addresses. We develop a rigorous method to detect aliased prefixes, which identifies 1.5 % of our prefixes as aliased, pertaining to about half of our target addresses. Using entropy clustering, we group the entire hitlist into just 6 distinct addressing schemes. Furthermore, we perform client measurements by leveraging crowdsourcing.

an attempt to map #ipv6 address space and produce viable hitlists for reproducible #research into the new shiny #internet

#networking

11 July 2018

15:28

http://www.gazettabyte.com/home/2018/6/5/400zr-will-signal-coherents-entry-into-the-datacom-world.html

Future is here: 400Gbps optics are coming to datacom applications

400ZR will have a reach of 80km over a single wavelength and a target power consumption of 15W, products are expected by the first half of 2020.

IEEE is also considering a proposal to adopt the 400ZR specification, initially for the data-centre interconnect market

#tech #networking

16 July 2018

10:39

https://www.cs.jhu.edu/~huang/paper/grayfailure-hotos17.pdf

Peng Huang et al., Gray Failure: The Achilles’ Heel of Cloud-Scale Systems //Microsoft Research

Cloud scale provides the vast resources necessary to replace failed components, but this is useful only if those failures can be detected. For this reason, the major availability breakdowns and performance anomalies we see in cloud environments tend to be caused by subtle underlying faults, i.e., gray failure rather than fail-stop failure. In this paper, we discuss our experiences with gray failure in production cloud-scale systems to show its broad scope and consequences. We
also argue that a key feature of gray failure is differential observability: that the system’s failure detectors may not notice problems even when applications are afflicted by them. This realization leads us to believe that, to best deal with them, we should focus on bridging the gap between different components’ perceptions of what constitutes failure.

  • The ambiguous nature and temporal idiosyncrasy of gray failure make it distinctly different from what is assumed in typical failure models. This defeats traditional fault-tolerance solutions and thus poses significant challenges to cloud practitioners.
  • A natural solution to gray failure is to close the observation gaps between the system and the
    apps that it services. … This is analogous to making assessments of a human body’s condition: we need to monitor not only his heartbeat, but also other vital signs including temperature and blood pressure.
  • One feasible approach is for a system to measure metrics that approximate the observations of its apps. For example, to tackle the network gray failure example (§2.1), the cloud system can send
    probes to measure server-to-server latency and reachability to emulate observations of the network by common applications

i.e. PfR is the right approach!

#networking #research #reliability

17 July 2018

03:53

https://vimeo.com/267639718

a short introduction into modern HTTP capabilities

#tech

18 July 2018

05:02

https://www.microsoft.com/en-us/research/uploads/prod/2018/03/causal-papoc18.pdf

Towards Causal Datacenter Networks

work in progress #research in support of casual delivery in datacenter networks

they propose to perform sequencing in networking hardware

#networking #tech

19 July 2018

15:47

https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/46181.pdf

Thinking about Availability in Large Service Infrastructures

some general thoughts on distributed systems availability:

  • tactical service-level objectives
  • adversarial thinking applied to availability - a very interesting approach which I’d like to take further sometime
  • a list of good operational practices: reviews, testing, gradual rollout, partitionning, improve MTTR, fail-static

#research #reliability #networking

20 July 2018

11:11

http://yuba.stanford.edu/~casado/fabric.pdf

Fabric: A Retrospective on Evolving SDN

A discussion paper in which the authors are trying to introduce ideas from some interpretation of vanilla MPLS into some interpretation of OpenFlow-like SDN

  • good idea of pushing compexity to the edge! have they read #RFC1925 ?
  • the whole paper is probably “nothing new” from traditional #networking perspective, but is really big for OpenFlow, I guess
  • section 3.5 is rather weird, as the problems stated there stand solved for MPLS with MP-BGP ( though it is my understanding that BGP is considered a swearword in OF community )

#research

21 July 2018

03:55

https://tools.ietf.org/html/draft-elders-social-media-apology-00

the fact that this rather humorous internet draft was not published on April 1st is telling

also, the authors are not wrong

#random

23 July 2018

09:58

https://arxiv.org/pdf/1806.08420.pdf

Oh, What a Fragile Web We Weave: Third-party Service Dependencies In
Modern Webservices and Implications

key findings are:
(1) 73.14% of the top 100,000 popular services are vulnerable to reduction in availability due to potential attacks on third-party DNS, CDN, CA services that they exclusively rely on;
(2) the use of third-party services is concentrated, so that if the top-10 providers of CDN, DNS and OCSP services go down, they can potentially impact 25%-46% of the top 100K most popular web services;
(3) transitive dependencies significantly increase the set of webservices that exclusively depend on popular CDN and DNS service providers, in some cases by ten times
(4) targeting even less popular webservices can potentially cause significant collateral damage, affecting upto 20% of the top-100K webservices due to their shared dependencies.

#research #reliability

13:30

https://cilium.io/blog/2018/04/17/why-is-the-kernel-community-replacing-iptables/

tl;dr: beacause it’s faster

#tech

25 July 2018

13:21

https://www.youtube.com/watch?v=_wRvNINnSQg

some good operational advice on BGP policy for safer #internet

#networking

2 August 2018

04:33

https://cloudplatform.googleblog.com/2018/08/repairing-network-hardware-at-scale-with-sre-principles.html

should be “replacing hardware” though

a nice case of automation done right: retrace manual operations, pick those easy to automate first, then build on sucess and extend as much as possible

notable things:

  • $GOOG buys from the big-three vendors, like the rest of us
  • $GOOG keeps spares onsite
  • $GOOG has issues with RMA from vendors just like anybody, multiplied by scale

#networking #reliability

15:12

http://www.ecrypt.eu.org/csa/documents/D5.4-FinalAlgKeySizeProt.pdf

Algorithms, Key Size and Protocols Report

a fresh survey of generally usable crypto algorithms and protocols

#infosec

7 August 2018

09:28

https://ams-ix.net/technical/specifications-descriptions/controlling-arp-traffic-on-ams-ix-platform

on one of the dangers of excessively large L2 domains and a coping mechanism - ARP Sponge - to bandaid it

#networking #tech

14:36

https://support.samsungknox.com/hc/en-us/articles/115013403768-Enhanced-Roaming-Algorithm

how Samsung does #wifi roaming

#networking #tech

14:40

https://www.rfc-editor.org/rfc/rfc8422.txt

new standards track #RFC 8422

Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier

#networking #infosec

15:59

http://www.futuriom.com/articles/news/cisco-arista-settlement-surprises/2018/08

the Arista v. #cisco is settled, so less uncertainty in the market

huge win for $ANET as is clear from market reaction
not sure why would $CSCO prefer cash over locking an aggressive competitor in court

#business

11 August 2018

13:52

https://apenwarr.ca/log/?m=201808

a great intro to the problems of buffer management, QoS, and chockolate fountains

#tech #networking

14:36

https://githubengineering.com/glb-director-open-source-load-balancer/

How and Why GitHub does load balancing

  • troubles of consistent load balancing at scale
  • options considered
  • limitations and solutions
    #tech #networking

15 August 2018

07:27

https://security.googleblog.com/2018/08/google-public-dns-turns-8888-years-old.html

the most popular $GOOG service by far turns 8 year old!

#history

17 August 2018

15:37

https://www.youtube.com/watch?v=ajGX7odA87k

on improving #infosec in general and for #iot

James Mickens is the best, every single of his talk/paper is worth listening to/reading

27 August 2018

09:47

https://foreignpolicy.com/2018/08/15/botched-cia-communications-system-helped-blow-cover-chinese-agents-intelligence/amp/

a fascinating story of how a poorly-designed #internet communication architecture cost people lives

#infosec

13 September 2018

08:39

https://www.reddit.com/r/IAmA/comments/9dj8h7/i_am_bruce_schneier_cybersecurity_expert_author/

Bruce Schneier did an AMA session on Reddit recently

#infosec

17:56

#tech

Ever wondered what an Ethernet frame looks like on the wire? No? Well here it is anyway. 10mbit, probably ARP.
https://twitter.com/portfast/status/1040254640493928448

15 September 2018

05:25

https://standards.ieee.org/news/2018/ieee_standard_200gb_400gbs_ethernet.html

while some of us’re just getting to see 10Gbps as “normal”, the new and shiny 200GBASE-x and 400GBASE-x standards got specified

here’s the relevant excerpt if you are into such things (draft): http://www.ieee802.org/3/bs/public/17_03/gustlin_3bs_03_0317.pdf

#tech #networking

05:41

http://clnv.s3.amazonaws.com/2017/usa/pdf/BRKARC-3467.pdf

one of the few must-watch ciscolive presentations, covering everything from transistors to gates to ASIC capabilities to high-level features
the nicest intro to how all of it works you can imagine

#cisco #tech #networking

18 September 2018

15:16

https://logicmag.io/05-how-to-kill-your-tech-industry/

on sexism of computer indistry in the UK

#history

20 September 2018

13:20

something to think about: engineers spend up to 50% of time supporting bad tehnical decisions
https://stripe.com/files/reports/the-developer-coefficient.pdf

#research #business

23 September 2018

06:37

https://www.youtube.com/watch?v=s1i-dnAH9Y4

how mechanical computers work
from basics to advanced vector math

#history

26 September 2018

04:46

https://www.datacenterknowledge.com/networks/intent-based-networking-data-center-cisco-vs-juniper

a side-by-side comparison of current #juniper and #cisco offerings, from a #business perspective

28 September 2018

15:21

https://nlnetlabs.nl/downloads/presentations/HSB18-Alex-Band-RPKI-20180927.pdf

quick and easy read, kind of RPKI-101: who is who, what is what, quck start

#tech #networking #infosec

30 September 2018

17:49

https://blogs.microsoft.com/on-the-issues/2018/09/11/a-call-for-principle-based-international-agreements-to-govern-law-enforcement-access-to-data/

here, MSFT takes a very sensible position wrt law enforcement

perharps the history of litigation vs US govt taught them as much

yet one must still wonder how this proposal will hold up to the scrutiny of a court order coming from places like DPRK

#business #policy #infosec

3 October 2018

13:24

https://pc.nanog.org/static/published/meetings/NANOG74/1761/20181003_Barbieri_Transforming_Lab_Automation_v1.pdf

if you happen to have a sizable lab to manage, here’s a good idea how you could make use of SDN (i.e. OpenFlow) dataplane-hacking capabilities

also: circuit switching!

#networking #tech

4 October 2018

08:01

https://pc.nanog.org/static/published/meetings/NANOG74/1851/20181002_Plunkett_Lightning_Talk_Lean_v2.pdf

on practical feasibility of short-reach (metro) DWDM 100G optics

useful #tech !

#networking

08:17

https://www.globaltraceroute.com/

when you must verify global connectivity to your systems, here’s a tool you might consider using

very neat hack over RIPE Atlas

#tools #networking #internet

30 October 2018

06:53

https://phoronix.com/scan.php?page=news_item&px=Linus-Torvalds-New-Politeness

on the importance of communicating clearly on issues and problems

if Linus can abstain from profanity, so can we all

#business

20:46

https://webaim.org/blog/user-agent-string-history/

if you ever wondered why almost-but-not-quite every web browser on earth calls itself Mozilla in its User-Agent

#history

31 October 2018

07:48

https://blog.github.com/2018-10-30-oct21-post-incident-analysis/

TL;DR: loss of network connectivity between DB clusters for 43 seconds resulted in cluster deciding to fail-over cross-country, leading to loss of sync and a total of 24hrs of service degradation

#reliability

1 November 2018

03:45

https://blog.ecitele.com/technologies-that-didnt-part-2

some notes about the OSI Suite of protocols: what they were, the ups and downs, their legacy

#history #tech #networking

7 November 2018

10:20

https://www.aria-networks.com/blog/tier-1-operator-goes-live-with-automated-traffic-engineering-using-ai-and-a-digital-twin/

and so it begins:
an AI replaced humans at CLI work, in production network

Routes designed by the Aria platform are flowed through as command-line interface (CLI) instructions to configuration management, for execution on the live network.

#networking #tools

19:36

https://www.bizjournals.com/sanjose/news/2018/11/06/cisco-layoffs-executive-departures-csco.html

#cisco lays off 500 people

The article is cowardly paywalled, so here are the key points:

Cisco Systems is cutting nearly 500 South Bay employees as a months-long internal shakeup ripples through its ranks.

“Today, we have made the difficult decision to move forward with a restructuring that will affect some of our CX [customer experience] colleagues,” Martinez wrote in Tuesday’s memo.

_Cisco employs more than 14,000 in Silicon Valley, according to the latest Business Journal research, and about 70,000 people worldwide.

The layoffs, which range from engineers to executives, have affected employees from product marketing, business operations, global architecture and technology services, according to state documents._

#business

8 November 2018

09:46

https://ict.moscow/static/2018-phenomena-report.pdf

some stats on trafic from eyeball networks

regional trends look wonderful, $NFLX FTW

#internet #networking #research

14:40

https://www.zdnet.com/article/us-cyber-command-starts-uploading-foreign-apt-malware-to-virustotal/

US Cyber Command decided to play nice and protect the innocent by sharing its findings

#infosec #policy

9 November 2018

14:38

https://www.golem.de/news/root-zertifikat-sennheiser-software-hebelt-https-sicherheit-aus-1811-137603.html

software for Sennheiser headphones installs a trusted root with the key

#infosec

14:53

https://arstechnica.com/information-technology/2018/11/strange-snafu-misroutes-domestic-us-internet-traffic-through-china-telecom/

on the importance of verifying your routing

I mean, nobody noticed it (i.e. huge RTT, or traceroute, or something) for two years!

#networking #infosec

13 November 2018

08:09

https://blog.thousandeyes.com/internet-vulnerability-takes-down-google/
https://status.cloud.google.com/incident/cloud-networking/18018

Nigerian ISP AS37282 ‘MainOne Cable Company’ and/or AS4809 ChinaTelecom leaked some $GOOG and Cloudflare prefixes to AS20485 TransTelecom causing some downtime last night

#networking #reliability

17 November 2018

09:14

https://ernw.de/download/AD_Summit_2018/01_AD_Summit_CoreSecPrinciples_fk_hw_v.1.2_signed.pdf

ActiveDirectory security landscape and some best practices

since AD has become de-facto industry standard for single-source of truth for all things authentication in enterprise environments, it might be worth our while to read into the subject of its security

#infosec

09:41

https://www.nccoe.nist.gov/sites/default/files/library/sp1800/fs-pam-nist-sp1800-18-draft.pdf

for those willing to dive deeper into the subject of administrator account security, NIST is preparing SP 1800-18, drafted here

#infosec

18 November 2018

14:34

https://twitter.com/TinkerSec/status/1063423110513418240

while we’re on that #infosec vibe, please enjoy this twitter thread about a pentest gone funny

27 November 2018

07:11

https://aws.amazon.com/blogs/aws/new-aws-global-accelerator-for-availability-and-performance/

new AWS service allows anyone to leverage anycast #networking to their advantage

  • you get static IP addresses announced from edge network
  • you can build address striping - AWS edge announces different addresses via different peers - same redundancy technique they use for Route53

#reliability

29 November 2018

10:15

https://itsecx.fhstp.ac.at/wp-content/uploads/2018/11/02_Rene_Freingruber_Flying_under_the_radar_freingruber_v1.00.pdf

what hacking into a “hardened” organization may look like, from information gathering to running code at a target, including some nice evasive maneuvers

#infosec

13:48

https://labs.ripe.net/Members/kevin_vermeulen/multilevel-mda-lite-paris-traceroute

on development of a Paris traceroute variant for discovering very complex topologies

try it with your friendly RIPE Atlas soon

#tools #networking

30 November 2018

11:44

https://arstechnica.com/information-technology/2018/11/did-sprint-throttle-skype-researcher-explains-evidence-behind-allegation/

here we have a pretty well-balanced description of throttling measurement process using simulated traffic, though methinks the assumption of widespread DPI (ISP-side) is a bit of a stretch

#networking #research

12:53

https://rule11.tech/bgpsec-and-reality/

a one-stop critique of BGPsec ideas

on-paper, BGPsec looks reasonable and the math checks out (if one cares to read it), but when faced with complex reality of the multitude BGP implementations, the real problems, and solutions, it all falls apart as Russ White demonstrates

#networking #infosec #internet

14:00

https://people.inf.ethz.ch/omutlu/pub/data-center-network-errors-at-facebook_imc18.pdf

A Large Scale Study of Data Center Network Reliability
This paper fills the gap by presenting a large scale, longitudinal
study of data center network reliability based on operational data
collected from the production network infrastructure at Facebook,
one of the largest web service providers in the world. Our study
covers reliability characteristics of both intra and inter data center
networks. For intra data center networks, we study seven years of
operation data comprising thousands of network incidents across
two different data center network designs, a cluster network de-
sign and a state-of-the-art fabric network design. For inter data
center networks, we study eighteen months of recent repair tick-
ets from the field to understand reliability of Wide Area Network
(WAN) backbones

notable findings:

  • 2 x more human errors than hardware errors
  • rack switch incidents comprise almost a third of all problems, though relatively low priority
  • fabrics in DC have less problems than clusters
  • MTBI / MTTR look exponential
  • SP-provided links fail as often as the edge routers that use them
  • most problems are repaired automatically by means of watchdog-like functionality (i.e. port shut/no shut, device restart, device reimage)

They also provide MTBF and MTTR models for leased fiber, though they omit to show if there is a correlation with distance or other factors, only noting that in metro areas, MTBF is higher

#networking #reliability #research

14:37

https://nlnog.net/static/nlnogday2018/5_BMP_Smit_Lucente_NLNOG_2018.pdf

what BGP monitoring protocol looks like, motivation behind it, future directions

#networking #tools

14:46

https://nlnog.net/static/nlnogday2018/7_RPKI_NLNOG_2018_Niels_Raijer.pdf

some Layer-9 perspectives on RPKI
use this to pursuade your boss to enable it!

#networking #infosec

14:54

https://nlnog.net/static/nlnogday2018/9_routing_security_roadmap_nlnog_2018_snijders.pdf

what other things you can use RPKI for

#networking #infosec

5 December 2018

13:14

https://github.com/Microsoft/Ethr/blob/master/README.md

Ethr: network performance testing tool by $MSFT

#networking #tools

6 December 2018

02:56

https://cfeditions.com/cyberstructure/ressources/Cyberstructure-SPECIMEN.pdf

Preview of Stéphane Bortzmeyer’s upcoming book Cyberstructure, which tells how current #internet works on levels 8-10

How people use the network, what the new powers of this world are doing, how the states are spying, why privacy and neutrality are so important, etc.
The full book covers that and much more, bringing together two aspects of the world noumerique: technical and political

available in full here: https://cfeditions.com/cyberstructure/

#policy

03:26

http://www.circleid.com/posts/20181127_in_a_networked_knowing_right_time_is_essential_but_how_accurate/

on time precision across the Internet

interesting things:

  • there are hosts with clocks running months ahead of UTC
  • most unprecise clocks ~38% are behind UTC, sometimes a whole year behind
  • there are a few interesting clusters of imprecision: exacly 1 hour behind, exactly 12 hours behind, exacly a multiple of 24 hours ahead
    The strong quantisation of the clock drift into units of hours tends to suggest that a major component of this clock slew is not the drift of the local oscillator or dropping of clock ticks in the time management subsystem, but some form of misconfiguration of the local date calculation. The second counter appears to be quite stable, but the local date calculation is off.

#research

03:38

https://www.cnbc.com/2018/11/29/amazon-outpost-brings-cloud-technology-to-traditional-data-centers.html

the only important point here is that the $cloud marketing puff of the last ten years although successful, is clearly slowing down, and $AMZN is now acknowledging that many companies want to stay on-premises.

#business

10 December 2018

10:32

https://www.netresec.com/?page=Blog&month=2018-11&post=Remote-Packet-Dumps-from-PacketCache

how to remotely dump some packets on a Windows machine with PacketCache

#tools #networking

12 December 2018

13:05

https://oversight.house.gov/wp-content/uploads/2018/12/Equifax-Report.pdf

the final public report on equifax $EFX breach - the biggest PII data leak in U.S. history (so far)

1. $EFX fails at #infosec due to bureocracy: they didn’t scratch to fix the Struts problem, even knowing about it
2. two months between Struts vuln. disclosure and attack
3. plaintext database passwords - for 48 different DBs
4. forgot to renew TLS certs on monitoring systems for 19 months
5. attack lasted 76 days

Executive Summary is worth reading

13 December 2018

07:41

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/727415/20180717_HCSEC_Oversight_Board_Report_2018_-_FINAL.pdf

Huawei has, according to this report, some problems:
- software engineering process lacks and/or is outdated
- long-term support of products with components that lack support
- failure to provide consistent binaries

#business #infosec

18 December 2018

14:14

https://developers.redhat.com/blog/2016/10/14/macsec-a-different-solution-to-encrypt-network-traffic/

how MACsec works

#tech #networking #infosec

19 December 2018

07:50

https://www.ipv6.org.uk/2018/10/26/ipv6-transition-workshop-sep-2018/

#history, progress, practice, problems, #tech - everything you wanted to know about state of #ipv6 condensed in a few nice presentations

27 December 2018

14:30

https://play.google.com/store/apps/details?id=androdns.android.leetdreams.ch.androdns&hl=en

the app to rival dig / nslooup

#tools

1 January 2019

13:38

https://ripe77.ripe.net/presentations/32-vxlan-ripe77.pdf

some notes on VXLAN security as implemented

TL;DR: it’s like vlan hopping, but works over the internet, i.e. trivial to inject data one-way; but there’s more to it

#infosec #networking

3 January 2019

04:00

https://docs.google.com/file/d/0ByeFzvNZTBw4OVpPMTE2RHV6NnM/edit?usp=sharing

IPv6 for IPv4 Experts - a book by Yar Tikhiy, for those of us who might have heard already what a packet is before and thus has no need in repetition

#ipv6 #networking

04:16

https://www.ipv6.org.uk/wp-content/uploads/2018/11/IPv6-presentation-linkedin-The-Beginning-of-the-End.pdf

how linkedin implemented #ipv6 in their datacenters

basics:
- mapping of old addressing scheme to ipv6
- [for every segment,] gateway is always fe80::1
- not all apps, languages, firmwares work as desired
- measurement is important
- removing ipv4 is hard but possible

12:06

https://vimeo.com/291585392

a short update on BBR version 2:

  • now is more TCP-fair (vs reno/CUBIC)
  • more experience in different theaters (India, Japan)

still an active research / work in progress, but might worth trying in prod given fairness
just upgrade your kernel to 4.9+ and configure sysctl

#tech #research

9 January 2019

14:59

https://nymag.com/intelligencer/2018/12/how-much-of-the-internet-is-fake.html

the [eyeball] #internet is fake: fake eyeballs, fake content, fake businesses

17 January 2019

10:15

https://blog.apnic.net/2019/01/16/bgp-in-2018-the-bgp-table/

on BGP default-free zone growth
1. no single authoritative view of the table
2. table is huge and expected to grow more, closer to 10^6, should the trend continue

#research #internet

24 January 2019

04:10

https://blogs.dropbox.com/tech/2019/01/the-scalable-fabric-behind-our-growing-data-center-network/

how dropbox builds its network

#networking

25 January 2019

10:13

https://www.zdnet.com/article/internet-experiment-goes-wrong-takes-down-a-bunch-of-linux-routers/

RFC6811,8097,8481 testing went wrong when announced to default-free zone

“We’ve performed the first announcement in this experiment yesterday, and, despite the announcement being compliant with BGP standards, FRR routers reset their sessions upon receiving it. Upon notice of the problem, we halted the experiments,”

“Stopping the experiment is only treating symptoms, the root cause must be addressed: broken software,”

#research #internet #reliability

30 January 2019

04:26

https://www.t-mobile.com/news/600-mhz-5g-call

in the meantime, 5G network is coming online in the US

#tech

3 February 2019

11:02

https://www.reddit.com/r/networking/comments/aljp82/perspectives_on_sdwan/efer0pr

here’s one short-term success story for SD-WAN magic:

  • you can forklift L3VPN out and put best-effort class connectivity onto your sites
  • you’ll enjoy algorithmic optimisations
  • you’ll love centralized management pane for your deployent

#networking

5 February 2019

04:41

https://medium.com/@moondev/my-adventure-adding-10gbe-networking-to-an-intel-nuc-for-esxi-via-thunderbolt-3-pcie-expansion-1d6a627ffea4

oh! so you can upgrade the NUCs!

nice story about retrofitting a small PC with a 10GE card

#networking #tech #tools

2 March 2019

06:59

https://mailarchive.ietf.org/arch/msg/v6ops/uXqC-rOES7MfPPCsG8Fm–NGKJo

a summary of all things wrong with #ipv6

also showcases how weak consensus of IETF isn’t perfect at producing the best possible protocols

#networking

16 March 2019

12:25

https://code.fb.com/data-center-engineering/f16-minipack/

things to consider when your datacenter gets biggish

  • multiplanar topologies interconnected by more multiplanar topologies
  • using new ASICs for optimized in-chassis topology
  • designing hardware both yourself and partnering with vendors

#networking #tech

20 March 2019

18:51

https://www.theregister.co.uk/2019/03/19/putty_patched_rsa_key_exchange_vuln/

new version of PuTTy fixes several vulnerabilities

Among them:

  • A remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification
  • Potential recycling of random numbers used in cryptography
  • On Windows, hijacking by a malicious help file in the same directory as the executable
  • On Unix, remotely triggerable buffer overflow in any kind of server-to-client forwarding
  • multiple denial-of-service attacks that can be triggered by writing to the terminal

get your updates asap at
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

#tools #networking

24 March 2019

20:32

https://who.paris.inria.fr/Leo.Perrin/pi.html

everything you wanted to know about backdoor in Russian GOST crypto but were afraid to ask

TL;DR: the properties of substitutution table strongly suggest presence of exploitable flaw; for all practical purposes, we should consider it a backdoor

#infosec

25 March 2019

05:19

https://spectrum.ieee.org/view-from-the-valley/at-work/tech-careers/oracle-swings-the-layoff-axe-and-clearcuts-teams-of-engineers

massive layoffs from engineering and eng.management

thoughts and discussions here:
https://www.thelayoff.com/oracle
as of this Tging, nobody is sure even how the layoffs are decided, seem to be random

the lesson is: whatever you do with your career, don’t go Oracle

#business

27 March 2019

07:47

https://www.cisco.com/c/dam/m/digital/elq-cmcglobal/witb/1948933/CybersecuritySeries_THRT_01_0219_r2.pdf

#cisco Cybersecurity Threat Report Feb 2019

#infosec

6 April 2019

08:13

https://builddaylive.com/uncategorized/intel-announces-processors-optane-dc-ethernet-800-at-data-centric-innovation-day/

new CPU series, more Optane memory, new NICs

just an announcement, but it shows a bright future for compute

#tech #business

08:46

https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_01A-2_Yun_paper.pdf

Ginseng: Keeping Secrets in RegistersWhen You Distrust the Operating System

any mobile and embedded apps possess sensitivedata, or secrets. Trusting the operating system (OS), they oftenkeep their secrets in the memory. Recent incidents have shownthat the memory is not necessarily secure because the OS canbe compromised due to inevitable vulnerabilities resulting fromits sheer size and complexity. This work aims to support third-party apps without growingthe attack surface, significant development effort, or performanceoverhead. Our solution, calledGinseng, protects sensitive databy allocating them toregistersat compile time and encryptingthem at runtime before they enter the memory. For example, a Ginseng-enabled web server, Nginx, protects the TLS master key with no measurable overhead

Also notable:

  • by keeping secrets in registers, Ginseng naturally protects them from cold-boot attacks
  • Although OpenSSL, a TLS library used by Nginx, sanitizes session keys when a session ends, it saves thethe master key in the memory for five minutes for session resumption, which is vulnerable to a compromised OS.

#infosec #research

11:45

https://blogs.cisco.com/enterprise/catalyst-6500-switches-celebrate-20th-birthday

The famous 6k turns 20; next year it’ll be old enought to drink!
🤪🥳🎆

#cisco

21:29

https://www.microsoft.com/en-us/research/blog/evercrypt-cryptographic-provider-offers-developers-greater-security-assurances/

a formally verified cryptoprovider, guarantees with mathematical certainty your communications will be confidential and protected

notably, used by Firefox and MSFT’s QUIC implementation (which might be abandoned, in light of Edge surrender to Chromium, so…)

#infosec

13 April 2019

12:05

https://www.youtube.com/watch?v=NiqjL26zIXk

Kristian goes through the core things a modern SP network automation is composed of:
- completeness
- models
- validation

Why? Robustness is important for critical systems

#tech #networking #automation

21 April 2019

16:23

https://www.youtube.com/watch?v=dqzy7wyi1M4

where as-code means idempotency, Version Control-ability, Predictability

experience from a PaaS vendor faced with scaling implementing #automation

  • source of truth is important
  • network design is important
  • homogeneity is a unicorn
  • idea: manage any resource as DHCP manages IPs

#networking

17:07

https://www.youtube.com/watch?v=xDuwrtwYHu8

a way for distributed long-lived processes to appear to have eventual transactional semantics without common clocks

i.e. how to transaction transactions

#thinkdistributed

5 May 2019

11:39

https://www.youtube.com/watch?v=zWgq6sd1Ols

a brief introduction to the Pet/Cattle nomenclature

  • why do we want to treat your systems as cattle, not like pets
  • how this methodology gets rid of the need to vMotion between sites or any permutations of that idea
  • some high-level designs

My take:
this concept is important going forward, and we can apply it in a larger context, not limited to apps or virtual machines; #networking elements (routers and switches) are often treated as pets, but clearly that does not scale. It also creates a measure of technical debt with unique configurations diverging from the standard

#tech

18:28

https://www.youtube.com/watch?v=s45Uyz1hVsw

for those a little too busy to read the great Networking Problems and Solutions, Russ White provided a concise 23-minute summary

  • introduction to complexity
  • abstractions and connecting #tech to #business
  • how to make sense of it all through models

#research

10 May 2019

06:42

https://www.youtube.com/watch?v=EIh9udU2GXM

updates on routing security by Job Snijders

  • RPKI invalids and how they happen
  • argument for ‘invalid=reject’ policy - time to act - effectively collective coercion
  • false-positive RPKI reduced 50% in the last 6 months
  • validation #tools
  • IRR cleanup

#networking #internet #research

07:26

https://blogs.akamai.com/2019/02/protecting-your-domain-names-taking-the-first-steps.html

a thourough examination of DNS security from organizational perspective

#infosec #business

21 May 2019

06:28

https://alexwlchan.net/2019/05/falsehoods-programmers-believe-about-unix-time/

These three facts all seem eminently sensible and reasonable, right?
1. Unix time is the number of seconds since 1 January 1970 00:00:00 UTC
2. If I wait exactly one second, Unix time advances by exactly one second
3. Unix time can never go backwards

Not false as such, more like imprecise, because Time is straaaaaange.

These facts about time have implications for distributed clocks, necessary in some consistency models.

#justforfun #thinkdistributed

29 May 2019

09:00

https://www.youtube.com/watch?v=yJbqnOdD3cg

oldie but goldie

why using BGP in your datacenter is better than an IGP

design considerations, limitations for building a well-siloed network, working around them for scale

also showcases a multi-plane single-level spine design

#networking

30 May 2019

08:43

https://twitter.com/TubeTimeUS/status/1133904087097851904

the insides of an SFP DAC cable

#tech

8 June 2019

21:24

https://www.potaroo.net/ispcol/2019-06/bgp30.html

BGP turns 30 this month!

a great read on its history, progress, and future

#history #networking #internet

25 June 2019

07:36

https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today/

This should never have happened because Verizon should never have forwarded those routes to the rest of the Internet.

#internet #reliability #networking #bgp

27 June 2019

06:58

https://tools.ietf.org/html/draft-iab-protocol-maintenance-03

AKA robustness principle considered harmful

Jon Postel’s famous statement of “Be liberal in what you accept, and conservative in what you send” is a principle that has long guided the design and implementation of Internet protocols. The posture this statement advocates promotes interoperability in the short term, but can negatively affect the protocol ecosystem over time. For a protocol that is actively maintained, the robustness principle can, and should, be avoided.

#internet #research

07:16

https://medium.com/s/story/notes-to-myself-on-software-engineering-c890f16f4e4d

many of these principles are readily applicable to a wider range of engineering disciplines

#worthreading

28 June 2019

06:37

https://www.bondcap.com/report/itr19

fresh out of the press, the #internet trends:

  • 50% global coverage

  • coverage, market cap growth slowing down
  • most users in APAC, most coverage in Europe
  • advertizing is growing ~20% y/y
  • internet beats TV in time spent

If you are running any business, read in full!

#research

08:39

who-owns-who in the #wifi world

https://twitter.com/noledge/status/1144184850703888384

#business #research

29 June 2019

10:24

Cloudflare supports telegram as DNS transport

https://twitter.com/jgrahamc/status/1144272344803946496

#internet

30 June 2019

17:34

https://blog.cloudflare.com/the-deep-dive-into-how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-monday/

a deep[-er] dive on the same issue, now with more concrete data and methodology

#internet #research

11 July 2019

06:10

https://www.hbs.edu/faculty/Publication%20Files/3.26%20Evidence%20of%20Decreasing%20Internet%20Entropy%20updated%20version%2032118_11908ee1-3085-451d-9597-e64ccc10e242.pdf

Evidence of Decreasing #internet Entropy: ​The Lack of Redundancy in DNSResolution by Major Websites and Services

This paper analyzes the extent to which the Internet’s global domain name resolution (DNS) system haspreserved its distributed resilience given the rise of cloud-based hosting and infrastructure. We explore trendsin the concentration of the DNS space since at least 2011. In addition, we examine changes in domains’tendency to “diversify” their pool of nameservers – how frequently domains employ DNS managementservices from multiple providers rather than just one provider – a comparatively costless and thereforepuzzlingly rare decision that could supply redundancy and resilience in the event of an attack or serviceoutage affecting one provider.

The paper starts with providing a primer on DNS workings, then explores DNS #reliability and economics

select findings:

  • a number of DNS service providers managed to significantly increase their proportional share of the DNS space in that timeframe, beginning to consolidate control of DNS services. Thelinearity of the trend is striking – gains in concentration have been relatively consistent in the long run despiteyearly fluctuations.
  • percentage of share held by the top 8 providers more than doubled betweenNovember 2011 and May 2017, increasing from about ​24%​ to about ​59%.
  • expansion of AWS and Cloudflare (which collectively handle about a third of the entire space) is particularlystriking, signalling the increasing influence of multi-service cloud-based platforms in the DNS space
  • Entrant domains tended to use CloudFlare and AWS at muchhigher rates than original domains and used Akamai, Dyn, and Neustar relatively less than original domains.
  • external DNS hosting rapidly overtook self-hosted DNS in the periodbetween November 2011 and May 2017. The percentage of domains managed entirely by external DNS hosting providers grew from 32.9% to ​65.7% ​over that period
  • showed that the majority of domains are not taking advantage of this opportunity for resiliencethrough diversification
  • customers of some externally hosted DNS providers tended to diversify much morethan others
  • near-complete lack of diversification is a product of Cloudflare’s security model,which requires that DNS traffic is routed through the Cloudflare network … does not allow domains to register a secondary nameserver managed by a different DNS provider.

#research #business

08:23

how SSH came to be

#history #internet #tools #infosec

09:40

https://xconomy.com/national/2019/07/08/future-of-the-internet-what-scares-networking-pioneer-radia-perlman/

An interview with Radia Perlman

Notable quotes, totally out of context:

  • English is a horrible language
  • for instance, Spanning Tree Protocol. It was a hack that I thought would live for, like, six months
  • in 1983, my manager said, “Hey, people want to have their applications work across networks, from one net to another.” The right way to do that was to have the computers at the end nodes put in Layer 3, but that was going to be a lot of work
  • People think Ethernet is a great success, but it has nothing to do with what was originally designed; it just has the same name. It has the same packet format. But the real cleverness was this contention protocol for sharing a link
  • Information-centric networking? I think that’s total garbage, honestly
  • we should just have an asteroid hit the Earth
  • people say, “Oh, blockchain will solve that,” and that’s total nonsense

there is also an argument against end-to-end principle if you read between the lines

#internet #history

30 July 2019

06:41

https://www.ernw.de/download/RIPE78_ERNW_Tutorial_IPv6_Security_EnterpriseOrgs.pdf

a fresh (RIPE78) tutorial on #ipv6 #infosec

tells you why RA Guard MUST be enabled by default, among other things

08:05

https://blog.apnic.net/2019/07/29/opinion-some-not-so-private-thoughts-from-ietf-105/

notes on the state of privacy as we have it today

#research #infosec #policy

08:32

https://arxiv.org/pdf/1906.07415.pdf

**A Performance Perspective on Web OptimizedProtocol Stacks: TCP+TLS+HTTP/2 vs. QUIC

**_#research In this paper, we seek to close this gap by parameteriz-ing TCP similar to QUIC to enable a fair comparison. Thisincludes increasing the initial congestion window, enablingpacing, setting no slow start after idle, and tuning the kernelbuffers to match QUIC’s defaults. We further enable BBRinstead of the CUBIC as the congestion control algorithm inone scenario. We show that this previously neglected tuningof TCP impacts its performance. We find that for broadbandaccess, QUIC’s RTT-optimized connection establishment in-deed increases the loading speed, but otherwise compares toTCP. If optimizations such as TLS 1.3 early-data or TCP FastOpen were deployed, QUIC and TCP would compare well.

**contributions:
**
* We provide the first study that performs an eye-level com-parison of TCP+TLS+HTTP/2 and QUIC.
*Our study highlights that QUIC can indeed outperform TCP in a variety of settings but so does a tuned TCP.
*Tuning TCP closes the gap to QUIC and shows that TCP is still very competitive to QUIC.
*Our study further highlights the immense impact of choiceof congestion control, especially in lossy environments.
*We add QUIC support to Mahimahi to enable reproducible QUIC research. It replays real-world websites in a testbed subject to different protocols and network settings.

takeaway: Basically, for many cases using a tuned TCP stack renders results just as good or rather _good_enough as QUICK; no need to rush a migration

1 August 2019

20:30

https://github.com/SystemsApproach/book/blob/v6.0/published/book.pdf

Сomputer Networks: A Systems Approach, now available under terms of the Creative Commons (CC BY 4.0) license.

#networking #study

20 August 2019

07:31

https://play.vidyard.com/YdcEdiPdds6CQntkeiZAeC.html?autoplay=0&custom_id=&embed_button=0&v=3.1.1&viral_sharing=0&autoplay=1&auto_play=true

The Theory and Practice, Practice, Practice of AWS Operations

  • how AWS thinks about operational risk
  • how AWS deploys
  • how SAFE works

slides: https://www.slideshare.net/AmazonWebServices/the-theory-and-practice-practice-practice-of-aws-operations-aws-summit-sydney

#reliability

21 August 2019

06:40

https://docs.fcc.gov/public/attachments/DOC-359134A1.pdf

what took down Centurylink network

#networking #design #reliability

17 October 2019

06:48

https://venturebeat-com.cdn.ampproject.org/c/s/venturebeat.com/2019/10/16/pensando-systems-raises-145-million-for-custom-hardware-that-processes-data-at-the-edge/amp/

ex-CSCO Mario-Luca (think of the teams who brought you Cat6k, UCS, Nexus, ACI) are back in #business after parting with Robbins

“The team behind Pensando has worked together for more than 25 years and have an unmatched track record of disruptive innovation,” said Chambers.

#networking

18 October 2019

23:34

https://github.com/network-node/ise-profiles

if you need some device profiles for your #cisco ISE

#infosec

08 January 2020

08:40

https://sha-mbles.github.io/

SHA-1 is now broken, the attack was made practical by this group, with cost below 100k$, prognosed to become ~10k$ in the near future Good short read on the problem and its implications for security.

Paper: https://eprint.iacr.org/2020/014.pdf

#research #infosec

19.43

https://www.reuters.com/article/us-internet-domain-sale/internet-nonprofit-leaders-fight-deal-to-sell-control-of-org-domain-idUSKBN1Z62MW

continuation of a story where a group of people found a “perfectly lawful” way to profit off non-profit

their scheme is:

  1. using their regulatory power remove price limits from .org
  2. sell management rights to a private firm owned by their friends
  3. PROFIT!

#internet #business #policy