Weekend Reads 080422

Hackers are now ​​moving faster than ever when it comes to scanning vulnerability announcements from software vendors.

However, open source has an urgent security problem. Open source is more ubiquitous and susceptible to persistent threats than ever before.

You’ve done everything to secure your network, and you still face threats. That’s what most enterprises say about their network security, and they’re half right.

The largest datacenter market in the US is running into trouble: There isn’t enough power transmission capacity in the region to handle all the bit barn projects.

While Prometheus has been the current standard for monitoring your systems, OpenTelemetry is quickly gaining ground, especially in the cloud-native landscape, which was traditionally Prometheus’ stronghold.

A phishing campaign is underway that uses mirror images of target organizations’ landing pages to trick victims into entering login credentials.

It’s been about a decade since the hype for bug-bounty programs first started going supernova, but the jury is still out on the effectiveness of them.

There is an interesting new trend in fiber construction. Some relatively large cities are getting fiber networks using microtrenching.

Despite the area, cost, and power challenges designers face when integrating FPGAs into devices, they provide significant security and performance benefits. Many of these benefits can be realized in client compute hardware such as laptops, tablets, and smartphones.

Unless you happen to be running a cloud or hyperscale datacenter, Intel’s infrastructure processing units (IPU) probably aren’t for you, at least not yet.

The one-year anniversary of the Kaseya attack this month marks an appropriate time to look back at supply chain threats and what has — and has not — changed.

Contrary to what you may have read, machine learning (ML) isn’t magic pixie dust. In general, ML is good for narrowly scoped problems with huge datasets available, and where the patterns of interest are highly repeatable or predictable.

Network performance, however, is increasingly dependent on the complex internet topology that’s evolving from a network of networks to a network of data centers.

To understand intent — the “how” behind the “what” — we need to closely examine the behavior of the end user in the session. This additional behavioral insight is critical to an enterprise’s ability to separate legitimate traffic from fraud.

One of the main draws towards malware nested in such low levels of the operating system is that it is extremely difficult to detect and, in the case of firmware rootkits, will ensure a computer remains in an infected state even if the operating system is reinstalled or the user replaces the machine’s hard drive entirely.

Hedge 141: Improving WAN Router Performance

Wide area networks in large-scale cores tend to be performance choke-points—partially because of differentials between the traffic they’re receiving from data center fabrics, campuses, and other sources, and the availability of outbound bandwidth, and partially because these routers tend to be a focal point for policy implementation. Rachee Singh joins Tom Ammon, Jeff Tantsura, and Russ White to discuss “Shoofly, a tool for provisioning wide-area backbones that bypasses routers by keeping traffic in the optical domain for as long as possible.”


Learning to Ride

Have you ever taught a kid to ride a bike? Kids always begin the process by shifting their focus from the handlebars to the pedals, trying to feel out how to keep the right amount of pressure on each pedal, control the handlebars, and keep moving … so they can stay balanced. During this initial learning phase, the kid will keep their eyes down, looking at the pedals, the handlebars, and . . . the ground.

After some time of riding, though, managing the pedals and handlebars are embedded in “muscle memory,” allowing them to get their head up and focus on where they’re going rather than on the mechanical process of riding. After a lot of experience, bike riders can start doing wheelies, or jumps, or off-road riding that goes far beyond basic balance.
Network engineer—any kind of engineering, really—is the same way.

At first, you need to focus on what you are doing. How is this configured? What specific output am I looking for in this show command? What field do I need to use in this data structure to automate that? Where do I look to find out about these fields, defects, etc.?

The problem is—it is easy to get stuck at this level, focusing on configurations, automation, and the “what” of things.

You’re not going to be able to get your head up and think about the longer term—the trail ahead, the end-point you’re trying to reach—until you commit these things to muscle memory.
The point, with technology, is learning to stop focusing on the pedals, the handlebars, and the ground, and start focusing on the goal—whether its nailing this jump or conquering this trail or making it there.

Transitioning is often hard, of course, but its just like riding a bike. You won’t make the transition until you trust your muscle memory a bit at a time.

Learning the theory of how and why things work the way they are is a key point in this transition. Configuration is just the intersection of “how this works” with “what am I trying to do…” If you know how (and why) protocols work, and you know what you’re trying to do, configuration and automation will become a matter of asking the right questions.

Learn the theory, and riding the bike will become second nature—rather than something you must focus on constantly.

Controversial Reads 073022

This legislation dutifully provides trial lawyers with endless opportunities to sue Big Tech companies for something indefinable: childhood addiction to websites and phone apps. It puts the state government in charge of defining such addiction.

Recently Google employee Blake Lemoine caused a media storm over the LaMDA chatbot he was working on, that he claims is sentient (it feels things like a human being).

The problem with blockchain is that it’s not an improvement to any system—and often makes things worse.

We stand at a crossroads between a fragmented geopolitical world and a digital one that is more inclusive and sustainable. A common agenda with agreed priorities on public policy issues for the use of technology and connectivity will help take us in the right direction.

Earlier this month, I and others wrote a letter to Congress, basically saying that cryptocurrencies are an complete and total disaster, and urging them to regulate the space.

Of course, this bubble started to deflate when the Federal Reserve started talking about raising interest rates by half a percent. Terra Coin, a “stablecoin,” meaning a crypto that purports to maintain a value tied to an actual currency, collapsed in May.

At this point, they discovered a secret that Register readers have known throughout their careers: the best computer kit is your own.

However, the court has thankfully added clarity that the answers to these major questions must come from the halls of Congress as opposed to coming from a unilateral bureaucratic mandate made by a political appointee.

Beneath the ancient sands of the Arabian desert, the fuel of our modern world lay entombed: petroleum, life itself condensed by time, which upon plentiful discovery would usher in a new era of industrial progress.

Huawei Technologies Co.’s secretive chipmaking arm is hiring scores of highly trained engineers to help develop its own semiconductor-design software, a niche field now dominated by America’s Cadence Design Systems Inc. and Synopsys Inc.

The hopelessly vague language of Amy Klobuchar’s bill would export to China the most sensitive data of the U.S. government and military as well as that of innumerable consumers, banks, and businesses.

Putin has supercharged his plan to separate Russia from the global internet. The country’s sovereign internet law, which came into force that November, gives officials the power to block access to websites for millions of Russians.

Weekend Reads 072922

Chris Siebenmann has written a short blog piece that reflects on the trend to see Certificate Transparency (CT) as the answer to ‘the problem’; the problem being how to tell if a validly signed and current certificate has somehow had to be repudiated.

For US$2,500, threat actors can employ Matanbuchus, a malware-as-a-service (MaaS) package found delivering Cobalt Strike beacons through phishing and spam messages.

As global and societal events such as supply chain shortages occur, there’s a corresponding increase in fraud related to fake domain registrations (websites) that capitalize on the event—creating unsafe situations for consumers.

Aside from recovery costs and business interruptions — the latter of which can cost as much as USD 22,000 per minute — the most damaging effect of such attacks can be reputational, specifically the loss of customers.

This week, it came to light that gaming platform Roblox was breached via a phishing/social-engineering attack that led to the theft of internal documents and the leaking of them online in an extortion attempt.

Researchers have discovered malware that has been secretly infecting systems featuring Asus and Gigabyte motherboards for at least six years.

The most important point is to understand that there are two very different and separate categories of return you can expect from an OBP project—“hard” benefits (compensation, seized assets, substitute sales) and”soft” benefits (brand integrity, reputation, etc.).

As cloud computing grows faster than local utility grids, several of the world’s largest and most strategic data center markets are facing power constraints that pose a major challenge to the long-term growth of the Internet.

Aoqin Dragon, like the mythical character it’s named after, has recently been unearthed after nearly a decade of flying under the cybersecurity community’s radar.

Micron’s newly launched 232-layer TLC NAND modules could be a boon for data-intensive workloads like database operations and analytics.