Weekend Reads 022318: Copyright, walls, and botnets

Rejecting years of settled precedent, a federal court in New York has ruled [PDF] that you could infringe copyright simply by embedding a tweet in a web page. Even worse, the logic of the ruling applies to all in-line linking, not just embedding tweets. If adopted by other courts, this legally and technically misguided decision would threaten millions of ordinary Internet users with infringement liability. —Daniel Nazer @EFF

Security advances throughout the centuries have been mostly technical adjustments in response to evolving weaponry. Fortification — the art and science of protecting a place by imposing a barrier between you and an enemy — is as ancient as humanity. From the standpoint of theory, however, there is very little about modern network or airport security that could not be learned from a 17th century artillery manual. That should trouble us more than it does. —Jack Anderson

Akamai’s Fourth Quarter, 2017 State of the Internet, was released today in which it states that the analysis of more than 7.3 trillion bot requests per month has found a sharp increase in the threat of credential abuse, with more than 40 percent of login attempts being malicious. Additionally, the report warns DDoS attacks remain a consistent threat and the Mirai botnet is still capable of strong bursts of activity. @CircleID

Section 1201 of the DMCA bans the bypassing of “access controls” for copyrighted works. Originally, this meant that even though you owned your DVD player, and even though it was legal to bring DVDs home with you from your European holidays, you weren’t allowed to change your DVD player so that it would play those out-of-region DVDs. —Cory Doctorow @EFF

Patrick Reames had no idea why Amazon.com sent him a 1099 form saying he’d made almost $24,000 selling books via Createspace, the company’s on-demand publishing arm. That is, until he searched the site for his name and discovered someone has been using it to peddle a $555 book that’s full of nothing but gibberish. —Krebs on Security

Citing the potential threat to law enforcement and the general public, correctional facility officials have pushed for the FCC to address the issue of contraband phone use in prisons. In a recent meeting hosted by the FCC, Department of Justice officials and local law enforcement argued for aggressive technological approaches to addressing contraband phones. —Ferras Vinh @CDT

While perhaps best known for funding academic research, the US National Science Foundation (NSF) conducts many other activities, including an annual survey of doctoral graduates called the Survey of Earned Doctorates (SED). While an important data source for understanding the societal impact of doctoral education, the way in which the NSF conducts its survey offers a case study in cybersecurity through obscurity, the importance of paying attention to the entire lifecycle of data and several useful lessons to other organizations managing sensitive data in 2018. —Kalev Leetaru @Forbes

Short Take: The Broadcom SDKLT Announcement

My first short take at The Network Collective is up discussing the Broadcom SDKLT announcement. Does this really mean the end of vendors or network engineering? You can guess my answer, or you can watch the video and hear it for yourself.

History of Networking: Policy with Joel Halpern

Policy at Internet scale is a little understood, and difficult (potentially impossible) to solve problem. Joel Halpern joins the History of Networking over at the Network Collective to talk about the history of policy in the Internet at large, and networked systems in general.

Enterprise versus Provider?

Two ideas that are widespread, and need to be addressed—

FANG (read this hyper/web/large scale network operators) have very specific needs; they run custom-built single-purpose software in a very big scale. So all the really want/need are dumb boxes and smart people. … Enterprise have another view, they want smart boxes run by dumb people.

First, there is no enterprise, there are no service providers. There are problems, and there are solutions.

When I was young (and even more foolish than I am now) I worked for a big vendor. When this big vendor split the enterprise and service provider teams, I thought this kindof made sense. After all, providers have completely different requirements, and should therefore run with completely different technologies, equipment, and software. When I thought of providers in those days, I thought of big transit network operators, like AT&T, and Verizon, and Orange, and Level3, and Worldcom, and… The world has changed since then, but our desire to split the world into two neat halves has not.

If you want to split the world into two halves, split it this way: There are companies who consider the network an asset, and companies that consider the network a necessary evil. There are companies who consciously depend on the network within their product lifecycle and value chain, and there are companies who see the network as a consumer of money which is best minimized. This has nothing to do with “service provider” and “enterprise,” and everything to do with the company’s attitude towards technology and their future.

Second, the smart boxes/dumb people smart people/dumb boxes pairings is a false dichotomy.

All networks rely on having smart people design and run them. There are two ways you can access the smart people your network needs. You can hire a small group of smart people and allow them to work in the open source/open standards communities. This way you build a community that supports a lot of businesses, including yours. Or you can rely on your vendor to hire the right smart engineers, call them in when you need them, and hope they show up. Both models have positive and negative aspects, but the assumption that there is no cost sharing model in the realm of directly hiring smart engineers distorts the tradeoffs; distroted tradeoffs always lead to poor decisions.

Sometimes smart engineers can design things so you do not need smart boxes. Rather than hiring someone to build the smarts you will be missing by not buying from a vendor, you ask, do I really need this complexity in the first place?

The bottom line.

In my experience, most companies that use the “smart boxes/dumb engineers” line do not understand their business, their operating environment, or network engineering. This response normally comes from either a misunderstanding of the value of the network, a misunderstanding of the value of simplicity, or a fear of smart network engineers (they might actually push back against the application developers and vendors!).

It is much easier to scream at a vendor than it is to change the way you do business to take advantage of the network as an asset.

Another great reaction to this article can be found here

On the ‘net: Rethinking Firewalls

In January of 1995, Network Translation’s PIX firewall received the “hot product of the year” award from Data Communications Magazine. While the PIX was originally designed to perform Network Address Translation (NAT), doing for the IP host market what the PBX market did for the telephone, the PIX itself quickly morphed into the original appliance-based firewall. In those heady days in the Cisco Technical Assistance Center (TAC), we spent hours thinking through how best to build a Demilitarized Zone (DMZ) using PIX’s and routers so the network simply could not be penetrated. We built walls around our networks to defend them against the hoards of horseback riding invaders. @ECI


On the ‘net: Fog computing architecture posing challenges for IT

As the processing power of individual, handheld, always on devices has overtaken the computing power of most mainframes of old, and network bandwidth has ramped up, a new trend is emerging towards fog computing. In fog computing as much of the processing as possible is pushed out of large scale data centers and into individual

History of Networking: Paul Vixie on the Origins of DNS

Paul Vixie joins us on the History of Networking to talk about the spread of the DNS system—like a virus through the body network. All those radios in the background at a bit of history; Paul is an Amateur Radio Operator of many years, though, like me, he is not as active as

Some Market Thoughts on the Broadcom SDKLT

Broadcom, to much fanfare, has announced a new open source API that can be used to program and manage their Tomahawk set of chips. As a general refresher, the Tomahawk chip series is the small buffer, moderate forwarding table size hardware network switching platform on which a wide array of 1RU (and some chassis) routers

Weekends Reads 020218: GDPR, taxes, and security

The regulatory environment for brands and retailers that do business online is getting stricter thanks to regulatory changes in Europe with the General Data Protection Regulation (GDPR), as well as existing regulations in th ompanies that adapt quickly can turn these changes into a competitive advantage. —Christopher Rence @CircleID Europe's General Data Protection Regulation (GDPR)

Rehashing Certifications

While at Cisco Live in Barcelona this week, I had a chat with someone—I don't remember who—about certifications. The main point that came out of the conversation was this: One of the big dangers with chasing a certification is you will end up chasing knowledge about using a particular vendor feature set, rather than chasing

Giving the Monkey a Smaller Club

Over at the ACM blog, there is a terrific article about software design that has direct application to network design and architecture. The problem is that once you give a monkey a club, he is going to hit you with it if you try to take it away from him. What do monkeys and clubs

Learning to Ask Questions

A lot of folks ask me about learning theory—they don't have the time for it, or they don't understand why they should. This video is in answer to that question.

Weekend Reads 012618: Mostly Security and Legal Stuff

Before we begin, its worth mentioning that yes, yesssssssssssssssssssss, I did not have enough protection around my Gmail account. I’ve used Google Authenticator before, for my personal account and for various work emails, but I stopped using it at a certain point out of convenience. —Cody Brow @Medium This report assesses the impact disclosure of

One Weird Trick

I'm often asked what the trick is to become a smarter person—there are many answers, of course, which I mention in this video. But there is "one weird trick" many people don't think about, which I focus on here.

Responding to Readers: How are these thing discovered?

A while back I posted on section 10 routing loops; Daniel responded to the post with this comment: I am curious how these things are discovered. You said that this is a contrived example, but I assume researchers have some sort of methodology to discover issues like this. I am sure some things have been