Weekend Reads 021624

This year, I’ve had the opportunity to work alongside some of the highest- performing individuals in our profession. I’ve taken that opportunity to observe their work, look for patterns, and to try to identify the attributes that contribute to their success, not only as technologists but as humans.

OpenAI CEO Sam Altman’s dream of establishing a network of chip factories to fuel the growth of AI may be much, much wilder than feared.

Advanced persistent threat (APT) groups are more dangerous than your run-of-the-mill cybercriminals. They, after all, trail their sights not only on financial gain but loftier targets such as wreaking havoc on entire nations.

In this episode of PING, APNIC’s Chief Scientist Geoff Huston discusses the role of the Domain Name System (DNS) in directing where your applications connect to, and where content comes from.

As you awoke one morning from uneasy dreams you found yourself transformed in your bed into a software engineer. A calamity that I find all too familiar.

Whether you want to land a new job or make your contributions count, effective communication goes a long way.

At the beginning of the year, I wrote a bit about the resolution to “stay human” in 2024, in a world that is calling for artificial intelligence to be incorporated into more spheres of life, including law, automated driving, entertainment, and even relationships.

As with many other web3 evangelists, Andreessen Horowitz general partner Chris Dixon has identified some problems with the web.

In this article, we will conduct an in-depth exploration of an impactful vulnerability affecting various container runtimes.

In the February 13th edition of the Wall Street Journal, Professor Thomas W. Hazlett offers a breathless endorsement of market concentration with the T-Mobile acquisition of Sprint, his go-to example.

Weekend Reads 020924

Artificial intelligence and the chips that fuel its evolution have given rise to a new arms race between the US and China.

Alongside concerning recent security news, there has been a media-wide rise of references to ‘credential stuffing’. This is a term that doesn’t convey very much, but as it’s the accepted term inside the infosec community, it’s probably here to stay.

In October, the Consumer Financial Protection Bureau (CFPB) proposed a set of rules that if implemented would transform how financial institutions handle personal data about their customers.

In a far cry from the early 2000s, most U.S. adults today say they use the internet (95%), have a smartphone (90%) or subscribe to high-speed internet at home (80%), according to a Pew Research Center survey conducted May 19 to Sept. 5, 2023.

Cloudflare was a victim of the wide-ranging Okta supply-chain campaign last fall, with a data breach impacting its Atlassian Bitbucket, Confluence, and Jira platforms beginning on Thanksgiving Day.

Honeypots are usually used as an intrusion detection tool. Many security researchers, including Computer Security Incident Response Teams (CSIRTS), deploy honeypots, to learn about tools, tactics, and the attacker’s infrastructure.

AWS could rake in between $400 million and $1 billion a year from charging customers for public IPv4 addresses while migration to IPv6 remains slow.

Sustainability efforts and high-density AI-based applications are sparking new and revamped approaches to data center cooling.

In what is sure to have significant implications for millions of American workers, specifically gig economy workers and contractors, the Department of Labor (DOL) issued its long-awaited final worker classification rule in January.

This week the streets are filling up with futuristic flies. In the old days we killed them with pesticides, and now we pay over $3,500 to become one of them.

But cracking BitLocker? We doubt the company will be bragging too much about that particular application.

Apple has just released Vision Pro, a virtual-reality headset that ushers in a new era of spatial computing. It claims to blend the real and digital worlds, so users can interact in both simultaneously.

Weekend Reads 020224

Everybody likes good news, especially at the beginning of the corporate year, and we are happy to report that TSMC’s revenues in the fourth quarter ended in December 2023 were only down 1.5 percent year on year to $19.62 billion, and were up 13.6 sequentially from the third quarter

HP CEO Enrique Lores admitted this week that the company’s long-term objective is “to make printing a subscription” when he was questioned about the company’s approach to third-party replacement ink suppliers.

The Internet Corporation for Assigned Names and Numbers (ICANN) has proposed creating a new top-level domain (TLD) and never allowing it to be delegated in the global domain name system (DNS) root.

What is cool about DNS over HTTPS is that, well, it uses HTTPS. Because HTTP clients are plentiful and well understood by many developers, it should make for a pretty simple implementation.

However, VPN is no longer good enough to secure remote work. For instance, VPN gives remote employees full network access to corporate resources when they login.

Universally, every person that I put the question to dismissed FWA wireless as a temporary technology with no real long-term legs.

Apple launched the original 128 kB Macintosh around 40 years ago, and in so doing changed the computer industry, in ways that a lot of people still don’t fully understand.

Europe’s aviation safety body is working with the airline industry to counter a danger posed by interference with GPS signals – now seen as a growing threat to the safety of air travel.

And as the wheels come off Moore’s law, and generational process improvements become less impactful, several emerging technologies to boost performance and density are taking precedence.

As the fields of cryptography and cybersecurity advance, homomorphic encryption stands out as a groundbreaking technology.

Weekend Reads 012624

A study by Consumer Reports and non-profit The Markup concluded that for the average lone Facebook user, 2,230 companies, and in some cases more than 7,000, will hand over that person’s information to Facebook.

2023’s copious chatter about generative AI has not translated into surging semiconductor revenues across the industry, according to analyst firm Gartner.

According to a report by industry analyst Trendforce, the tech company will up the base memory requirement on Windows 12 to 16GB in accordance with its standard for running its AI assistant Copilot at minimum efficiency.

Imagine downloading an open weights AI language model, and all seems good at first, but it later turns malicious.

The supermassive leak contains data from numerous previous breaches, comprising an astounding 12 terabytes of information, spanning over a mind-boggling 26 billion records.

In order for CPU and AI Accelerators/GPUs to effectively work with each other for larger training models, the communication bandwidth of the PCIe-based interconnects between them needs to scale to keep up with the exponentially increasing size of parameters and data sets used in AI models.

It was one thing to support cell towers when they were used for rural cellphone coverage. But it’s a new equation to be asked to provide faster bandwidth to an ISP that will use the bandwidth to win over local customers.

Surveillance doorbell maker Amazon Ring on Wednesday announced it is discontinuing an option that allowed law enforcement agencies to request video footage without a warrant.

Jay Fink had an interesting little business. If you lived in California, you could give him access to your email account; he’d look through the spam folder for spam that appeared to violate the state anti-spam law and give you a spreadsheet and a file of PDFs.

It is not uncommon these days for threat actors to use malicious search ads to distribute malware. To do that, though, they would need to know how to bypass Google’s security measures by setting up decoy infrastructures.

DDoS attack trends for the second half of 2023 reveal alarming developments in the scale and sophistication of cyberthreats.

Quantum technologies promise all kinds of fascinating possibilities, but they also come with risks. In this episode, André Grilo, founder and CEO of QuantumNova, talks about why we need to start investing in post-quantum cryptography to protect ourselves against post-quantum threats.

Weekend Reads 011924

Pressure to resolve incidents quickly that often comes from peers, leadership, and members of affected teams only adds to the chaos of incident management, causing more human errors. Coordinating incidents such as this through the process of having an Incident Commander role has shown more controllable outcomes for organizations around the world.

The Kimsuky Group, believed to be a North Korea-based advanced persistent threat (APT) group active since 2013, struck again several times this year.

QUIC supports connection migration, allowing the client to migrate an established QUIC connection from one path to the other. QUIC’s path validation mechanism can be used to attack the peer and make it consume an unbounded amount of memory.

The NVM Express consortium has updated its specifications by adding a Computational Storage Feature, creating a standardized way for applications to talk to storage devices that include some processing capability.

Post Office chief exec Nick Read left British politicians shocked with his evidence before a Parliamentary committee yesterday after he admitted he could not say when the public body at the center of the historic miscarriage of justice knew when its system was at fault.

We’re only a few weeks into 2024, and violations of people’s privacy are already making some big headlines! First we had the continued drama with the 23andMe data breach; then a major financial software company was shut down for inappropriately using private information; and then this week, the FTC took an unprecedented step and banned a data broker from selling people’s location data.

The new domain name registration volume rose 10.24% from the third to the fourth quarter of 2023. WhoisXML API researchers uncovered this finding, along with other DNS trends, after analyzing more than 31 million newly registered domains (NRDs) added from 1 October to 31 December 2023 as seen in the Newly Registered Domains Data Feed.

Here is how you know that the way chiplets are linked together to create what might have otherwise been a monolithic device is now more important than the way that the chiplets themselves are designed.

Leichtman Research Group, Inc. (LRG) conducted its annual survey on household broadband usage and found that 90% of U.S. homes now have broadband.

Two weeks before Apple launched the Macintosh, Sir Clive Sinclair launched his unprecedentedly powerful yet affordable Motorola-powered SOHO computer – starting a line of hardware and software that, remarkably, is still going.

Even though it could take significantly longer for quantum computers to become sufficiently powerful to threaten current cryptography, we have to be prepared for a worst-case scenario. In the context of DNS, DNSSEC may no longer guarantee authentication and integrity when powerful quantum computers become available.

Verizon filed an SEC form 8K today, indicating that it would take a $5.8 billion impairment charge in its Verizon Business wireline group in the fourth quarter of 2023.

Weekend Reads 011224

Yes, the weekend has pretty much already passed, but still …

The WailingCrab malware has gained notoriety for its stealth. IBM X-Force security researchers recently published an in-depth analysis of the malware, which has been abusing Internet of Things (IoT) messaging protocol MQTT.

SpaceX successfully launched 21 satellites, including the first six Starlink satellites equipped with “Direct to Cell” capabilities.

MTL mode is a technique developed by Verisign researchers that can reduce the operational impact of a signature scheme when authenticating an evolving series of messages.

While Kubernetes adoption continues to soar, it has become a prime target for cyberattacks. Unfortunately, Kubernetes clusters are complex and can be difficult to secure. Safeguarding your Kubernetes environment requires a solid understanding of the common attack chains that pose a threat to your infrastructure.

Going into 2023, the big telcos had publicly announced plans to build 9.4 million fiber passings, but during the year, they collectively pared that back expectations to 6.5 million passings.

A new exploitation technique called Simple Mail Transfer Protocol (SMTP) smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures.

The Atomic Stealer, also known as “AMOS,” first emerged in September this year by spreading on Macs disguised as popular applications. This time around, it has been wreaking more havoc in the guise of a fake browser update dubbed “ClearFake.”

On December 27, The New York Times Company sued Microsoft and OpenAI for violations of their copyright. The Times contends that training chatbots on its content in order to create an information competitor is a violation of its copyright.

Since 2014, more than 800 new domain extensions have been added to the internet. In addition to the ubiquitous .com and country-code extensions such as the United Kingdom’s .uk and Japan’s .jp, unique spaces have been created for industry sectors, special interests, geographical regions and more.

Often the lifestyle entrepreneur builds his brand around projecting success; in fact, his real-life success rests partly on how well he can project it. As seen with founders such as Elizabeth Holmes of Theranos, the ability to attract investors rests on a cult of exclusivity and buzz around a brand’s value.

ChatGPT, the large language model developed by OpenAI, might seem like it generates novel content, but of course we know that it partakes in what’s generally called “scraping.” It takes pre-existing material on the Internet in response to the prompt a human user inserts.

This case had a bit of a weird result—even though the brand owner had a mark that was 20 years old, and the alleged cybersquatter, in the meantime, acquired a domain name on the open market identical to that mark, because the domain name was first registered (by an unrelated party) before the brand owner’s trademark rights arose, there was no relief under federal trademark law.

Weekend Reads 011524

Thanks to Mark Prosser for a few links to add to the pile this week.

There’s a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents.

Microsoft found that a popular form of video-based training reduces phish-clicking behavior by about 3%, at best. This number has been stable over the years, says Microsoft, while phishing attacks are increasing yearly.

The Internet Architecture Board (IAB) has warned that policy proposals requiring or enabling the automated scouring of people’s devices for illegal material – as floated by the European Union, the United Kingdom, and the United States – threaten the open internet.

Another update of the Ultimate PCAP is available. Again, there are some special new packets in there which I want to point out here. Feel free to download the newest version to examine those new protocols and packets by yourself. Featuring: SNMPv3, WoL, IPMI, HSRP, Zabbix, Pile of Poo, and Packet Comments.

The Genesis Market began operating in 2017, four years after Silk Road closed shop. Like its predecessor, though, the Federal Bureau of Investigation (FBI) and other law enforcement agencies took the Genesis Market down last April.

Miyake events are believed to be several orders of magnitude greater than the Carrington Event. It is not clear what causes the event.

The classical definition of a robot is something that senses, thinks, and actsラthatメs todayメs Internet. Weメve been building a world-sized robot without even realizing it.

The average cost of data breaches has been rising almost steadily since 2017. In 2017, the average cost was “merely” $3.62M. In 2023, it reached an all-time high of $4.45M in 2023. In the past three years, average breach costs increased by 15%.

Lars-Johan Liman, Netnod’s DNS nestor, makes a few personal reflections on the 20th anniversary of Netnod’s deployment of anycast – a technology that is a crucial part of the infrastructure of Netnod’s modern DNS services.

You know those little jokes that centre around a person with a PhD being on a plane, and someone asks for a doctor, and they say they aren’t that kind of doctor but the emergency involves their field of study?

The dark forest theory of the web points to the increasingly life-like but life-less state of being online.Dark Forest Theory of the Internet by Yancey Strickler Most open and publicly available spaces on the web are overrun with bots, advertisers, trolls, data scrapers, clickbait, keyword-stuffing “content creators,” and algorithmically manipulated junk.

After a decade or so of the general sentiment being in favor of the internet and social media as a way to enable more speech and improve the marketplace of ideas, in the last few years the view has shifted dramatically—now it seems that almost no one is happy.

When I first fell in love with the web, it was a radically different place. Aside from the many technical improvements that have been made, I feel like the general culture of the web has changed a lot as well.

And everyone is talking—correctly or not—in the language of therapy, peppering conversations with references to gaslighting, toxic people, and boundaries.