Weekend Reads 122019: Last Call for the Year

I probably won’t be posting much after this edition of the weekend reads until after the turn of the new year. I have a few projects I need to go “heads down” on in order to be set for the beginning of next year, and it’s time to spend time with family and friends. I’ve “supersized” this list of stuff worth reading so you won’t get too bored over the break, however.

This was an entertaining and interesting live stream, full of really good questions and answers.

On December 18, 2019, the Packet Pushers hosted a livestream gathering on YouTube where the Packet Pushers and special guests answered audience questions.

Anyone that has attended a meeting of the Internet Engineering Task Force (IETF) will know that the somewhat dry topic of internet protocols is often the source of passionate disagreement. But rarely does that debate extend beyond the confines of internet engineers. —Kieren McCarthy

The trade war between China and the US has centered largely on escalating tariffs. But in many rural communities, the focus has shifted to the security of networks for which Chinese giants Huawei and ZTE have long provided equipment. As the 5G future approaches, the US is pushing small carriers to rip out and replace whatever parts of their infrastructure come from China, no matter the cost. —Lily Hay Newman

“RISC” was an important architecture from the 1980s when CPUs had fewer than 100,000 transistors. By simplifying the instruction set, they free up transistors for more registers and better pipelining. It meant executing more instructions, but more than making up for this by executing them faster. —Robert Graham

Chances are, you’re reading this in Google’s Chrome browser. As of October 2019, Chrome owned 67% of the market, and there are several good reasons. Chrome is fast, it has tons of extensions, and it runs on every platform. —Mark Coppock

AT&T doesn’t want its home Internet speeds to be measured by the Federal Communications Commission anymore, and it already convinced the FCC to exclude its worst speed-test results from an annual government report. —Jon Brodkin

The question of just how fast your home internet service is seems pretty straightforward. Unfortunately, how the broadband industry gets at the answer is messy and complicated, and over the last few weeks, that’s caused controversy. —Marguerite Reardon

Data privacy hardliners are pretty jazzed about the California Consumer Protection Act (CCPA), which is slated to take effect on the first of the next year. While many outside of the Golden State may not have heard of this bold foray into computing regulation, activists hope that it will soon effectively control how much of the country is allowed to process data. —Andrea O’Sullivan

CES last January marked the first time the Consumer Tech Association recognized cybersecurity and personal privacy as a product category, highlighting antivirus and smart home security systems at the annual trade show. —Alfred Ng

Security professionals recommend against clicking links in emails like this. Instead, go to your bank account’s website directly and sign in. Similarly, if someone claiming to be from your bank calls you on the phone, it’s a good idea to hang up and call your bank’s customer service number directly to see if the call is legitimate. —Chris Hoffman

ICANN is reviewing the pending sale of the .org domain manager from a nonprofit to a private equity firm and says it could try to block the transfer. The .org domain is managed by the Public Internet Registry (PIR), which is a subsidiary of the Internet Society, a nonprofit. The Internet Society is trying to sell PIR to private equity firm Ethos Capital. —Jon Brodkin

In November, President Donald Trump called Ajit Pai, chairman of the Federal Communications Commission, to talk about spectrum. At the time, the FCC was considering a proposal to allow four satellite operators to privately sell a massively valuable swath of public airwaves directly to the U.S. wireless carriers. The carriers said they needed it to “win the race” to deploy 5G mobile networks. —Michael Calbrese and Amir Nasr

Crowdsourcing is fast emerging as a mainstream innovation channel for companies. It seems like the crowd has an answer to all sorts of innovation problems – they can come up with ideas for new toys and generate solutions to pressing scientific challenges. In theory, the crowd holds tremendous potential: A large, diverse group of people, consisting of experts and others from all over the world, should have fresh perspectives to bring about breakthrough insights on a given problem. —Ogux A. Acar

IIJ (AS2497) is a Japanese ISP that also provides CDN services, including live video streaming. Among the live-streaming events hosted at IIJ, by far the biggest is ‘Summer Koshien‘, the National High School Baseball Championship held at Koshien Stadium. The biannual championships started more than 100 years ago, and have become a symbolic amateur sporting event in Japan. —Kenjiro Cho

As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up. To make matters worse, one ransomware gang has now created a public Web site identifying recent victim companies that have chosen to rebuild their operations instead of quietly acquiescing to their tormentors. —Krebs

The conduct that reverse domain name hijacking (RDNH) was crafted to punish is “using the [Uniform Domain Name Dispute Resolution Policy] in bad faith to attempt to deprive a registered domain-name holder of a domain name.” —Gerald M. Levine

In March 2019, in a move described in one news report as a “government-imposed Internet shutdown,” the president of Sri Lanka temporarily blocked Facebook, WhatsApp, Instagram, Viber, and other services. In this case, limited access to a class of applications was inaccurately painted as a full-scale Internet shutdown. Unfortunately, this isn’t unusual. Media coverage and general discussion of Internet disruptions often misclassify what happened. The confusion is likely unintentional. Many journalists, as well as the general public, are not well-versed in the various ways Internet access and access to content can be disrupted. —David Belson

Major European legislation, the General Data Protection Regulation, evoked substantial change in the way we deal with the visibility of domain name registration information, and understandably those that use that data to solve problems are concerned about these changes, and some have even called for a U.S. legislative fix. —Christian Dawson

Just a week after hackers broke into a Ring camera in a child’s bedroom, taunting the child and sparking serious concerns about the company’s security practices, Buzzfeed News is reporting that over 3,600 Ring owners’ email addresses, passwords, camera locations, and camera names were dumped online. This includes cameras recording private spaces inside homes. —Cooper Quintin and Bill Budington

Weekend Reads 121319

Based on “winner-take-most” network economies, the innovation sector has generated significant technology gains and wealth but has also helped spawn a growing gap between the nation’s dynamic “superstar” metropolitan areas and most everywhere else. Neither market forces nor bottom-up economic development efforts have closed this gap, nor are they likely to. Instead, these deeply seated dynamics appear ready to exacerbate the current divides.

As we’ve discussed ad nauseam over the years, most of the missives you read about this-or-that super-scary malware/virus/brain-eating-boogie-monster are overly sensationalized accounts tied to theoretical threats with practically zero chance of actually affecting you in the real world. If you look closely, in fact, you’ll start to notice that the vast majority of those stories stem from companies that — gasp! — make their money selling malware protection programs for Android phones. (Pure coincidence, right?) —JR Raphael

As the Internet has grown, so too have the abuses that go along with one of the world’s most transformative technologies. For all of the positives the Internet brings, negatives like phishing, malware and child exploitation are a reality online. —Matt Serlin

If you are reading this, you are doing the right type of security digging. You are looking for ways to get started in the security industry. You have a desire to dive deep in the security world. Welcome to the world of chaos, excitement, long hours, uncertain rewards, and overwhelming intensity. The community of professionals who are pushing back against the badness need your help. We need people from all walks of life who love to learn. Today’s security world interconnects with everything and everyone. —Barry Greene

If you’re young or unfamiliar with the history of computing from its earliest days in the 1940s and 1950s, you’ll find it a worthwhile history lesson. This talk also includes the thesis of another talk of his — The Scribe’s Oath — in which he talks about the extreme care that ancient scribes used to put into their work, and how programmers are effectively today’s scribes. —Joey Devilla

Encryption is fundamental to our daily life. Practically everything we do online makes use of encryption is some form. Access to our financial transactions, health records, government services, and exchanged private messages are all protected by strong encryption. —Mohamed EL Bashir

In the not-too-distant future, I can clearly see how ISO 27001, SOC 2 and HITRUST certifications could become a diminished, legacy activity, viewed as a rarity left over from marketing efforts to distinguish an organization’s security posture from its competition. Absurd? Unrealistic? Actually, it is a very pragmatic understanding of what is coming with the Cybersecurity Maturity Model Certification (CMMC) that the US Department of Defense (DoD) is rolling out just a few short weeks away (January 2020). —Tom Cornelius

As we begin our new decade of the 2020s, we can look back at the last 30 odd years and examine the collaboration between technology and our daily lives. If you think of your day-to-day, it’s easy to see how much our society relies on technology. Consider our smart devices such as mobile phones, watches, even homes. However, what about the technology that we don’t see, that gives us clean drinking water, removes wastewater, and keeps our homes warm? Industrial Control Systems (ICS) are often considered a part of the Critical National Infrastructure (CNI). CNI is generally classified as assets needed to keep our society and economy running as we expect, our normal. —Zoë Rose

Learning to Trust

The state of automation among enterprise operators has been a matter of some interest this year, with several firms undertaking studies of the space. Juniper, for instance, recently released the first yearly edition of the SONAR report, which surveyed many network operators to set a baseline for a better future understanding of how automation is being used. Another recent report in this area is Enterprise Network Automation for 2020 and Beyond, conducted by Enterprise Management Associates.

While these reports are, themselves, interesting for understanding the state of automation in the networking world, one correlation noted on page 13 of the EMA report caught my attention: “Individuals who primarily engage with automation as users are less likely to fully trust automation.” This observation is set in parallel with two others on that same page: “Enterprises that consider network automation a high priority initiative trust automation more,” and “Individuals who fully trust automation report significant improvement in change management capacity.” It seems somewhat obvious these three are related in some way, but how? The answer to this, I think, lies in the relationship between the person and the tool.

We often think of tools as “abstract objects,” a “thing” that is “out there in the world.” It’s something we use to get a particular result, but which does not, in turn, impact “me as a person” in any way. This view of tools is not born out in the real world. To illustrate, consider a simple situation: you are peacefully driving down the road when another driver runs a traffic signal, causing your two cars to collide. When you jump out of your car, do you say… “you caused your vehicle to hit mine?” Nope. You say: “you hit me.”

This kind of identification between the user and the tool is widely recognized and remarked. Going back to 1904, Thorstein Veblen writes that the “machine throws out anthropomorphic habits of thought,” forcing the worker to adapt to the work, rather than the work to the worker. Marshall McLuhan says Students of computer programming have had to learn how to approach all knowledge structurally,” shaping the way they information so the computer can store and process it.

What does any of this have to do with network automation and trust? Two things. First, the more “involved” you are with a tool, the more you will trust it. People trust hammers more than they do cars (in general) because the use of hammers is narrow, and the design and operation of the tool is fairly obvious. Cars, on the other hand, are complex; many people simply drive them, rather than learning how they work. If you go to a high speed or off-road driving course, the first thing you will be taught is how a car works. This is not an accident—in learning how a car works, you are learning to trust the tool. Second, the more you work with a tool, the more you will understand its limits, and hence the more you will know when you can, and cannot, trust it.

If you want to trust your network automation, don’t just be a user. Be an active participant in the tools you use. This explains the correlation between the level of trust, level of engagement, and level of improvement. The more you participate in the development of the tooling itself, and the more you work with the tools, the more you will be able to trust them. Increased trust will, in turn, result in increased productivity and effectiveness. To some degree, your way of thinking will be shaped to the tool—this is just a side effect of the way our minds work.

You can extend this lesson to all other areas of network engineering—for instance, if you want to trust your network, then you need to go beyond just configuring routing, and really learn how it works. This does not mean you need in depth knowledge of that particular implementation, nor does it mean knowing how every possible configuration option works in detail, but it does mean knowing how the protocol converges, what the limits to the protocol are, etc. Rinse and repeat for routers, storage systems, quality of service, etc.—and eventually you will not only be able to trust your tools, but also be very productive and effective with them.

Weekend Reads 120619

Vulnerability assessments are useful for detecting security issues within your environment. By identifying potential security weaknesses, these assessments help us to reduce the risk of a digital criminal infiltrating its systems. These assessments also help us learn more about their assets in a meaningful way that allows them to improve our overall security posture. —Ben Layer

Older information-technology professionals are being passed over by employers, even as IT job openings soar to record highs and employers say recruiting tech talent is a challenge. —Angus Loten

Security researchers at SRLabs have found a number of vulnerabilities with the way carriers around the world are implementing RCS, the new messaging standard designed to replace SMS, Motherboard reports. In some cases, these issues could compromise a user’s location data, they could allow their text messages or calls to be intercepted, or they might allow their phone number to be spoofed. —Jon Porter

A newly discovered vulnerability in the Android operating system could let attackers abuse legitimate apps to deliver malware. In doing so, they could track users without their knowledge. —/Kelly Sheridan

On 1 October, APNIC introduced a special type of inet[6]num (that is, either an inetnum or an inet6num) record, called a whois stub record, into the APNIC Whois Database. It aims to fill in a few gaps in the data and improve query results, as will be demonstrated later in this article. —Rafael Cintra

Today, we’re happy to announce that 80% of Android apps are encrypting traffic by default. The percentage is even greater for apps targeting Android 9 and higher, with 90% of them encrypting traffic by default. —Bram Bonné

However, there are customers who prefer to have the compute and the rest of the infrastructure hosted within their own data centers. Their reasons include security, data governance and low latency. The AWS Outposts solution is designed to bring AWS Cloud services to customers’ on-premises data centers. An AWS Outposts Rack is delivered to a customer site as a preconfigured standalone rack, requiring only power and network connectivity to begin providing service in customers’ data centers. —Chris Spain

Let’s step back into the blockchain jungle and take a look at the current state of the ecosystem and the projects trying to solve some of the limitations of blockchain technology: speed and throughput, cross-blockchain information and value exchange, governance, and identity and account management. —Axel Smith

On the ‘Net: So many selfies, so little self

As the Industrial Revolution began to gain momentum, thinkers often decried technological progress as an “atomizing force” that split communities by emphasizing the individual over the group. Living alone in a crowd is documented in a number of books—including Bowling Alone, Alone Together, and Antisocial Media. Perhaps there is no more poignant expression of atomization than Moby & the Void Pacific Choir’s “Are You Lost in the World Like Me?