About Russ

This author has not yet filled in any details.
So far Russ has created 771 blog entries.

Worth Reading: Joining together to fight spam

Last October, in the vibrant city of Bangkok, the Internet Society joined regulators for an in-depth conversation about how to eliminate spam and its harmful effects. Our kind hosts were the Canadian Radio-television and Telecommunications Commission (CRTC) and the International Institute of Communications (ICC). The CRTC has published a comprehensive and insightful report on the workshop, capturing the key issues, observations, and ways forward. We encourage you to read it carefully. First and foremost, take note of the answer to “why act now?” – it’s a shared responsibility. —The Internet Society

Worth Reading: Hijacking merchant accounts

Last month Yours Truly got snookered by a too-good-to-be-true online scam in which some dirtball hijacked an Amazon merchant’s account and used it to pimp steeply discounted electronics that he never intended to sell. Amazon refunded my money, and the legitimate seller never did figure out how his account was hacked. But such attacks are becoming more prevalent of late as crooks increasingly turn to online crimeware services that make it a cakewalk to cash out stolen passwords. —Krebs on Security

Worth Reading: The Telsa Bubble

Tesla has carved out a small niche by selling a $50,000 car for $100,000 to customers who are willing to pay a premium to be able to say that they’re on the cutting edge or that they’re saving the planet. It’s now trying to go to a larger market by selling a $20,000 car for $35,000. It’s not clear that this business model works without government subsidies. What the regulatory support for Tesla has actually managed to achieve is to inflate a massive bubble that sucked billions of dollars of private capital into a company that probably doesn’t have a sustainable long-term business model. At the very least, money and capital are being diverted from places they would otherwise have gone and instead are being used to support a politically favored innovation at a very high risk of failure. —The Federalist

Worth Reading: Tracing diet pill spam

Reading junk spam messages isn’t exactly my idea of a good time, but sometimes fun can be had when you take a moment to check who really sent the email. Here’s the simple story of how a recent spam email advertising celebrity “diet pills” was traced back to a Washington, D.C.-area defense contractor that builds tactical communications systems for the U.S. military and intelligence communities. Your average spam email can contain a great deal of information about the systems used to blast junk email. If you’re lucky, it may even offer insight into the organization that owns the networked resources (computers, mobile devices) which have been hacked for use in sending or relaying junk messages. —Krebs on Security

Worth Reading: Learning blockchains

A blockchain is a digital ledger of records that’s arranged in chunks of data called blocks. These blocks then link with one another through a cryptographic validation known as a hashing function. Linked together, these blocks form an unbroken chain — a blockchain.
The reason that this type of data structure is useful for things like cryptocurrencies is decentralization, meaning the records inside this chain aren’t stored in any single location, are accessible by everyone, and are immutable by any one party. —Free Code Camp

One the ‘net: The Network Collective and Choosing a Routing Protocol

The Network Collective is a new and very interesting video cast of various people sitting around a virtual table talking about topics of interest to network engineers. I was on the second episode last night, and the video is already (!) posted this morning. You should definitely watch this one!

In episode 2 our panel discusses some key differences between routing protocols and the details that should be considered before choosing to implement one over another. Is there any difference between IGP routing protocols at this point? When does it make sense to run BGP in an enterprise network? Is IS-IS an old and decaying protocol, or something you should viably consider? Russ White, Kevin Myers, and the co-hosts of Network Collective tackle these questions and more.

Worth Reading: Password and security recommendations

Rather than just regurgitate the usual unworkable advice (make each password 14 different random characters, change them every week, and never write them down) we tried to look at the real threats on the current Internet and offer advice that makes sense today. The password advice does recommend strong passwords or pass phrases, but then mostly talks about operational issues: do encrypt channels where passwords are sent via HTTPS or the like, do use multiple factors where possible, do use federated authentication to minimize the number of passwords people have to use, do make users change default passwords before using a new account, and don’t do hard account lockouts after password failures (an easy way to harass your enemies.) While it does say to make it easy for users to change passwords when they want, it doesn’t recommend required password changes, since that is counterproductive–people use a pattern like password1, password2, password3, write them down, or most likely both. —CircleID

MegaSwitch: an interesting new data center fabric

Data center fabrics are built today using spine and leaf fabrics, lots of fiber, and a lot of routers. There has been a lot of research in all-optical solutions to replace current designs with something different; MegaSwitch is a recent paper that illustrates the research, and potentially a future trend, in data center design. The basic idea is this: give every host its own fiber in a ring that reaches to every other host. Then use optical multiplexers to pull off the signal from each ring any particular host needs in order to provide a switchable set of connections in near real time. The figure below will be used to explain.

In the illustration, there are four hosts, each of which is connected to an electrical switch (EWS). The EWS, in turn, connects to an optical switch (OWS). The OWS channels the outbound (transmitted) traffic from each host onto a single ring, where it is carried to every other OWS in the network. The optical signal is terminated at the hop before the transmitter to prevent any loops from forming (so A’s optical signal is terminated at D, for instance, assuming the ring runs clockwise in the diagram).

The receive side is where things get interesting; there are four full fibers feeding a single fiber towards the server, so it is possible for four times as much information to be transmitted towards the server as the server can receive. The reality is, however, that not every server needs to talk to every other server all the time; some form of switching seems to be in order to only carry the traffic towards the server from the optical rings.

To support switching, the OWS is dynamically programmed to only pull traffic from rings the attached host is currently communicating with. The OWS takes the traffic for each server sending to the local host, multiplexes it onto an optical interface, and sends it to the electrical switch, when then sends the correct information to the attached host. The OWS can increase the bandwidth between two servers by assigning more wavelengths on the OWS to EWS link to traffic being pulled off a particular ring, and reduce available bandwidth by assigning fewer wavelengths.

There are a number of possible problems with such a scheme; for instance—

  • When a host sends its first packet to another host, or needs to send just a small stream, there is a massive amount of overhead in time and resources setting up a new wavelength allocation at the correct OWS. To resolve these problems, the researchers propose having a full mesh of connectivity at some small portion of the overall available bandwidth; they call this basemesh.
  • This arrangement allows for bandwidth allocation as a per pair of hosts level, but much of the modern data networking world operates on a per flow basis. The researchers suggest this can be resolved by using the physical connectivity as a base for building a set of virtual LANs, and packets can be routed between these various vLANs. This means that traditional routing must stay in place to actually direct traffic to the correct destination in the network, so the EWS devices must either be routers, or there must be some centralized virtual router through which all traffic passes.

Is something like MegaSwitch the future of data center networks? Right now it is hard to tell—all optical fabrics have been a recurring idea in network design, but do not ever seem to have “broken out” as a preferred solution. The idea is attractive, but the complexity of what essentially amounts to a variable speed optical underlay combined with a more traditional routed overlay seems to add a lot of complexity into the mix, and it is hard to say if the complexity is really worth the tradeoff, which primarily seems to be simpler and cheaper cabling.

You can read the full MegaSwitch paper here.

Worth Reading: AI driven networks

Few realize how little has changed in the way that carriers and operators build, utilize and manage their networks. Whether due to the fact that carrier-grade performance relies on stringent, rigid equipment, or because the industry is held captive by giants who enjoy the status quo, the sad fact is that the industry has stagnated over the years. With the advent of 5G, this ‘stability’ will likely soon to come to an end. The sheer amount of traffic, and the different types of traffic traversing the network, will require a different way of networking. Networking will need to evolve to a new level, one where more of today’s currently manual tasks will be handed off to automation. Networking will require the induction of artificial intelligence, machine learning and big data, leading to a more ‘cognitive, self-driven’ type of network. —ECI

Worth Reading: Will self driving cars be safe?

Analysts estimate that by 2030, self-driving cars and trucks (autonomous vehicles) could account for as much as 60 percent of US auto sales. That’s great! But autonomous vehicles are basically computers on wheels, and computers crash all the time. Besides that, computers get hacked every day. So you gotta ask, “Can self-driving cars ever really be safe?” No. Self-driving cars can never really be safe. They will be safer! So much safer that it’s worth a few minutes to understand why. —Shelly Palmer

Worth Reading: A usability approach to interdependent privacy in cloud apps

Given this state of affairs, the authors consider what practical steps can be taken to make users more aware of potential privacy loss, and perhaps change their decision making processes, when deciding which third-party apps should have access to files. Their elegant solution involves a privacy indicator (extra information shown to the user when deciding to grant a third-party app permissions) which a user study shows significantly increases the chances of a user making privacy-loss minimising decisions. Extrapolating the results of this study to simulations of larger Google Drive networks and an author collaboration network show that the indicator can help reduce privacy loss growth by 40% and 70% respectively. —the morning paper

Worth Reading: An opaque alternative to oblivious cloud analytics

Even as encryption methods and security procedures have improved, the data is still at risk of being attacked through such vulnerabilities as access pattern leakage through memory or the network. It’s the threat of an attack via access pattern leakage that a group of researchers from UC Berkeley wanted to address when they developed an “oblivious” distributed data analytics platform that leverages the hardware enclave technology available in Intel’s Software Guard Extensions (SGX). The sensitive nature of much of the data that is being collected and analyzed in the cloud – from medical and financial data to user information like emails and shopping histories – makes it an attractive target for cyber-criminals, so the need to protect the data in such cloud environments is growing. —The Next Platform

Worth Reading: Seven steps to successful IPv4 transfers

In the northern hemisphere, spring is arriving; the trees are blooming, the grass is greening, and the sun is shining. In the southern hemisphere, autumn is approaching and the long lazy summer is coming to an end. But in the IPv4 transfer market space, it is hot, steamy, and full of action! The transfer market is booming. Hundreds of millions of IPv4 addresses are being transferred between buyers and sellers. The market is a fast-moving place, and so it is important to square away a few key items before you start making enquiries.—APNIC

Worth Reading: TIIME to pay attention to identity

The global Research and Education (R&E) community has led the way in developing and fine-tuning the technologies and associated policies that enable Federated IAM to work well, and the technology has become core infrastructure for R&E worldwide. Industries and governments around the world have adopted various aspects of Federated IAM around the world, with more certain to follow. Federations tend to be set up around logical constituencies, such as a local or federal government offering services to its constituents, or vertical industries such as automotive or pharmaceuticals. In the R&E sector federations tend to be national or built around particular fields of study, and in many cases they are run by or at least closely associated with National Research and Education Networks (NRENs). —Internet Society

Administravia 20170420

A couple of minor items for this week. First, I’ve removed the series page, and started adding subcategories. I think the subcategories will be more helpful in finding the material you’re looking for among the 700’ish posts on this site. I need to work through the rest of the posts here to build more subcategoies, but what is there is a start. Second, I’ve changed the primary domain from rule11.us to rule11.tech, and started using the rule 11 reader name more than the ‘net Work name. rule11.tech will still work to reach this site, eventually ntwrk.guru will time out and die. Finally, I’ve put it on my todo list to get a chronological post page up at some point.

Happy Reading!