Weekend Reads 051724


The FCC lawfully fined U.S. facilities-based wireless carriers nearly $200 million for selling highly intrusive location data about subscribers without their “opt-in” consent.


Geoff Huston explores the performance of the BBR and Cubic flow control algorithms on the Starlink network through comprehensive measurements.


An instruction set is a lingua franca between compilers and microarchitecture. As such, it has a lot in common with compiler intermediate languages, a subject on which Fred Chow has written an excellent overview


A new malware called Cuttlefish is targeting small office and home office (SOHO) routers with the goal of stealthily monitoring all traffic through the devices and gather authentication data from HTTP GET and POST requests.


But one need not know anything about aeronautics to understand that things are not going well for Boeing, and that the company’s approach is clearly broken. That much was made clear in a new Ars Technica piece from Eric Berger, walking readers through the race between Boeing and SpaceX to develop an astronaut capsule for space travel.


“Legal basis” requirements for data processing, justifying data processing activities and transfers, and adhering to data minimization principles began hitting organizations’ radars with the EU General Data Protection Regulation.


Given the fast-paced nature of AI evolution, we decided to circle back and see if there have been developments worth sharing since then. Eight months might seem short, but in the fast-growing world of AI, this period is an eternity.


Ransomware hit an all-time high last year, with more than 60 criminal gangs listing at least 4,500 victims – and these infections don’t show any signs of slowing.


Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user.


But the insider history of Signal raises questions about the app’s origins and its relationship with government—in particular, with the American intelligence apparatus.


Distributed denial-of-service (DDoS) attacks continue to plague the Internet and pose a risk to the availability of critical digital systems that we increasingly depend on in our daily lives. Thijs van den Hout and his colleagues outline their contributions and lessons learned from 5 years of research on the topic of collaborative DDoS mitigation, as an improvement on the current strategies.


Cogent (CCOI) recently announced that it was offering secured notes for $206M. The unusual part is what it’s using as security: some of its IPv4 addresses and the leases on those IPv4 addresses.

Rule 11 Academy is (Somewhat) Live

The Academy does not replace this blog, the Hedge, etc. Instead, it’s a place for me to recreate all the training materials I’ve taught in the past, put them in one place, and adding new training material besides. It’s light right now, but I plan to post about once or twice a week.

Note this is a subscription site with paid content and two memberships–six months and yearly.

Get six months free using the coupon code BEAG2DRUP0TORNSKUT.

https://rule11.ac/

Hedge 225: The CCNA

The CCNA has a long history as an important certification for network engineers. While the CCST has been created by Cisco “below” the CCNA, or as a different starting point, many network engineers begin their career with the CCNA. Join Jason Gooley, Wendell Odom, Tom, and Russ as we discuss the most recent updates to the CCNA, the way updates to the program are changing, and Jason’s and Wendell’s updated book on the CCNA.

download

Weekend Reads 050424


Quantum sensing is poised to revolutionize virtually every aspect of our world. Quantum sensing’s distinctive ability to detect magnetic signatures is already aiding in navigation for countless fuel tankers worldwide, providing otherwise unachievable medical scans, and keeping all of our computer clocks in sync.


Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit edge-case vulnerabilities.


A growing number of data center operators and equipment vendors are anticipating the proliferation of direct liquid cooling systems (DLC) over the next few years. As far as projections go, Uptime Institute’s surveys agree: the industry consensus for the mainstream adoption of liquid-cooled IT converges on the latter half of the 2020s.


The recent discovery of a backdoor in XZ Utils (CVE-2024-3094), a data compression utility used by a wide array of various open-source, Linux-based computer applications, underscores the importance of open-source software security.


The IETF has had a long tradition of doing its technical work through a consensus process, taking into account the different views among IETF participants and coming to (at least rough) consensus on technical matters.


This is where Two-Factor Authentication (2FA) steps in as a powerful tool to bolster security. Let’s delve into the trends shaping the realm of 2FA and how they enhance digital security.


Global hybrid multi cloud applications (GHMAs) auto scale vertically and horizontally in response to spikes in request traffic and processing load. Auto scaling mechanisms for GHMAs are available on prem, in the public cloud, or in any combination globally.


IBM and Swiss startup LzLabs faced off in a London court on Monday in a dispute over the development of technology that allows the migration of mainframe applications to the cloud.


Zilog’s classic Z80 chip is soon to be dead, though it might not be gone forever if one open source project succeeds in its goal to clone the legendary processor.


The U.K. National Cyber Security Centre (NCSC) is calling on manufacturers of smart devices to comply with new legislation that prohibits them from using default passwords, effective April 29, 2024.

History of Networking: Updated Links

Someone told me some (or many?) of the links are broken to the History of Networking recordings. I went through the S3 bucket and renamed all the files so there are no spaces (because S3 buckets don’t always work right with spaces), and then checked them all to make certain they work. Along the way I found three or four episodes that were recorded and not on the HoN page, so I added them.

Check out the corrected listing here.

I think I have one more recording that was never edited and published; I will probably put it in the Hedge stream in the next month or two just so it’s out there.