The RFC Process

I’ve just finished a seven-part series over at Packets Pushers about the process of writing and publishing an RFC. Even if you don’t ever plan to write a draft or participate in the IETF, this series will give you a better idea of the work that goes into creating new standards and IETF documents.

So … you have an idea you think would fit perfectly into the realm of the Internet Engineering Task Force (IETF)—but where do you start?

This, the second, post, will consider document formatting and two of the (sometimes) more difficult sections of an IETF draft to fill in.

There are other seemingly mystical concepts in the IETF process as well—for instance, what is a “document stream,” and what is a document’s “status?”

You’re almost ready to submit a shiny new document to the IETF for consideration, right? Not quite yet—we still need to deal with mandatory sections and language.

You cannot simply post a draft to the IETF repository and expect “someone, somewhere,” to take action.

The working group chairs asked if your draft should become a working group item, and the consensus was to accept! It might seem like your draft is home free at this point—but there is still a lot of work to do.

Once the draft is written, socialized, accepted by a working group, and passes through the IESG telechat and review, what is next?

Hedge 206: Taking Care of Yourself with Ethan Banks

As we reach the end of what has been a hard two-year stretch for what seems like the entire world, Ethan Banks joins Tom, Eyvonne, and Russ to talk about the importance of taking care of yourself. In the midst of radical changes, you can apply self-discipline to make your little part of the world a better place by keeping yourself sane, fit, and well-rested.




Thoughts on 2023

As we close out 2023, some random observations about engineering, culture, and life.

Network engineering needs help. I am hearing, from all over the place, that network engineering is “not cool.” There is a dearth of students entering the pipeline. College programs are struggling, and many organizations are struggling with a lack of engineering talent—in fact, I would guess the most common reason for companies to move to “the cloud” is because they cannot find anyone who knows how to build an operate a network any longer.

It probably didn’t help that for the last few years many “thought leaders” in the network engineering space have been saying there is no future in network engineering. It also doesn’t help that network engineering training has become stilted and … boring. Coders are off talking about how to solve problems. Robotics folks are working on cool projects that solve problems.

Network engineers are being taught how to spend less money and told to “find another career.”

I don’t know how we think we can sustain a healthy world of IT without network engineers.

And yes, I know there are folks who think networking problems are simple, easy enough to solve with some basic software knowhow. I think I have enough knowledge and experience of the wider world of information technology to say those folks are wrong.

I’d actually like to help solve this specific problem. I’ve been looking for a Christian college someplace in the US interested in starting or growing a strong engineering program. Someplace where I join with a team to help build and teach an entire program from the first class to the last. If anyone knows of such a place, get in touch. We need to make network engineering cool again.

How much did you read this year? I read just over 40 books this year, not many of which were technology related. If you don’t read regularly, why not?

How much did you create this year? I wrote one book—the CCST Official Study Guide. I’ve written two dozen articles or so and created a few new slide decks. I’m working on several new live webinars with Pearson through Safari Books Online, including interview skills, open-source labs, some work around coding skills, and a few other things.

It you aren’t creating new things, why not?

Big is, for the most part, bad. I’ve started thinking that one of the worst things about technology-driven culture is how deeply it has enabled and taught—even encouraged—us to be passive-aggressive.

For instance, I’ve been “lifetime banned” from eBay. Why? I’ve no idea—I barely even use eBay. I logged in, listed a few items for sale, and then couldn’t log back in again. I tried to reset my password—the service accepted my new password, but still refused to allow me to log in. No notifications, no email, no … anything. I called customer support and was told I have been “banned for life.” They will not discuss why, only that some “system flagged my account.”

It is just this kind of “the computer says you are a bad person, and we will not explain why” thing that makes people dislike technology companies so deeply.

As always, feel free to get in touch if you have thoughts, want to chat, or have an idea for an episode of the Hedge.

Weekend Reads 121523

NTT Data has opened a hotel at which it plans to watch people sleep, as part of a plan to gather – and of course sell – data about the snoozing habits of ten million people.

Business and technical leaders should prepare to focus on memory safety in software development, the US Cybersecurity and Infrastructure Agency (CISA) urged on Wednesday.

A proposed fork of the OpenPGP standard, called “LibrePGP” and initiated by GnuPG’s maintainer Werner Koch, has made a series of statements on its own website1 in order to justify its existence.

Cisco has quietly introduced changes to the licensing model for its Catalyst range, and will bring it to more products over time.

ICANN’s response to the European Union’s Network and Information Security Directive (NIS2) is a litmus test on whether its policy processes can address the needs of all stakeholders, instead of only satisfying the needs of the domain industry.

One of the joys of operational privacy professionals is getting that random, Friday afternoon Slack from someone on the product team asking, “Can we [insert questionable action] with our customer data?”

Lackluster security controls in one of Google’s cloud services for data scientists could allow hackers to create applications, execute operations, and access data in Internet-facing environments.

The incident response process can be a maze that security professionals must quickly learn to navigate—which is no easy task. Surprisingly, many organizations still lack a coordinated incident response plan, and even fewer consistently apply it.

The suitability of a data center environment is primarily judged by its effect on the long-term health of IT hardware.

Most of the tech gifted this holiday will end up in a landfill. But Keegan McNamara makes laptops you can pass on to your grandchildren.

This blog acts as a quick guide on network penetration testing, explaining what it is, debunking common myths and reimagining its role in today’s security landscape.

A years-old Bluetooth authentication bypass vulnerability allows miscreants to connect to Apple, Android and Linux devices and inject keystrokes to run arbitrary commands, according to a software engineer at drone technology firm SkySafe.

Weekend Reads 120923

Google has revealed a new multilingual text vectorizer called RETVec (short for Resilient and Efficient Text Vectorizer) to help detect potentially harmful content such as spam and malicious emails in Gmail.

Carding has been around since the 1980s but has evolved to the point that even less experienced cybercriminals can now launch campaigns.

Enter Cilium’s advanced Border Gateway Protocol (BGP) implementation, powered by the GoBGP control plane, a solution that not only addresses these challenges but also adds unprecedented flexibility to your network configurations.

The most curious part of this is how people working inside the macroculture are the only folks who don’t understand what’s going on.

Efforts to convince remote workers to return to corporate offices appear to have stalled, based on data from the government, academia, and private-sector organizations.

Once in your home, different individuals have differing authority based on who they are. Family members have access to your whole home.

HP is squeezing more margin out of print customers, the result of a multi-year strategy to convert unprofitable business into something more lucrative, and says its subscription model is “locking” in people.

Microsoft helped Chinese state-run media outlets disseminate propaganda as part of previously unreported partnership agreements, documents obtained by the Washington Free Beacon show.

Unfortunately, leadership training, education, and discussion tends to be reserved for people-managers. Of course, leadership skills are important for those directly responsible for teams of people.

Spying and surveillance are different but related things. If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said.

The European Union’s Network and Information Security Directive (NIS1), introduced in 2016, aimed to strengthen cybersecurity among Member States. However, market fragmentation and growing digital threats led to the enactment of the NIS2 Directive.

Attackers could soon begin using malicious instructions hidden in strategically placed images and audio clips online to manipulate responses to user prompts from large language models (LLMs) behind AI chatbots such as ChatGPT.

Hedge 205: OId Engineering Quotes

For this month’s roundtable, Eyvonne, Tom, and I return to Addresses to Engineering Students by Harrington and Waddell. This book, published in 1912, is a “product of its time,” and hence deserves some trigger warnings. But it is also interesting to see how advice given to engineering students over 100 years ago holds up for today. Have engineering challenges, and the engineering life, changed all that much? What kinds of advice stand the test of time, what kinds do not?



Upcoming Pearson Class: Modern Network Troubleshooting

On the 26th of January, I’ll be teaching a webinar over at Safari Books Online (subscription service) called Modern Network Troubleshooting. From the blurb:

The first section of this class considers the nature of resilience, and how design tradeoffs result in different levels of resilience. The class then moves into a theoretical understanding of failures, how network resilience is measured, and how the Mean Time to Repair (MTTR) relates to human and machine-driven factors. One of these factors is the unintended consequences arising from abstractions, covered in the next section of the class.
The class then moves into troubleshooting proper, examining the half-split formal troubleshooting method and how it can be combined with more intuitive methods. This section also examines how network models can be used to guide the troubleshooting process. The class then covers two examples of troubleshooting reachability problems in a small network, and considers using ChaptGPT and other LLMs in the troubleshooting process. A third, more complex example is then covered in a data center fabric.

Register here.