Weekend Reads 011025


Wi-Fi 8 is coming, but it looks set to focus on greater reliability rather than on pushing the bandwidth ever higher, as the most recent updates to the venerable wireless local network technology have done.


Policymakers need to carefully guide the future consumption of electricity by AI datacenters, according to a report that considers four potential scenarios and suggests a number of guiding principles to prevent it from spiraling out of control.


In one of the quiet announcements that might eventually be a huge deal, the FCC voted to open the entire 6 GHz WiFi frequency band to very low-power devices (VLP – just in case you needed another new acronym to remember).


Gaining a clear view of the DDoS landscape is vital for developing effective countermeasures against this prolific form of attack. A new study, carried out through collaboration between researchers from several institutions, helps bring DDoS into perspective.


Salt Typhoon’s latest victims include Charter, Consolidated, and Windstream, underscoring the widening scope of China’s cyberespionage campaign against critical US infrastructure.

Weekend Reads 111524


Techno-futurists love to dream up visions of the future. Invariably, these are worlds where everything is under control—where every problem has a solution, and the future unfolds exactly as planned. We do seem to be moving toward some sort of centralized loss of agency.


The representational structures of the Internet governance institutions are highly varied (indicating once again that there is no “multistakeholder model”), but they all have one thing in common: decision-making power is vested in non-state actors.


The rapid expansion of AI and generative AI (GenAI) workloads could see 40% of data centers constrained by power shortages by 2027, according to Gartner.


Chiplets and 3D devices, long discussed in the future tense, are a growing sector of the market. Moore’s Law? It’s still alive, but manufacturers and designers are following it by different means than simply shrinking transistors.


Monitoring traffic at Internet Exchange Points (IXPs) is a long-standing operational practice. It is essential for several reasons related to the entire Internet infrastructure’s stability, security, and efficiency.


If you want to sell a lot of hardware to support AI workloads, then the best way to do that is to convince every country on Earth that AI is so important that they must have a lot of it within their borders. Just in case some political or economic crisis makes AI technology unavailable through the world-spanning cloud builders.


The number of online-accessibility lawsuits has grown rapidly of late. In 2023, about 2,800 such suits clogged federal courts, near the all-time high, recorded the previous year, and up from just 814 in 2017.


During the meeting, I was asked to simplify the concept of power budget calculations for new hires, and I was happy to oblige. I decided to share my brief discussion on power budget calculations and related parameters with APNIC blog readers as well.


While it doesn’t look like there was any malicious intent in this case, the big takeaway for companies of any size should be that it doesn’t change the outcome. Online businesses that release customer data without the express permission of users will still be in breach of data privacy regulations like GDPR and the regulator may see fit to sanction them.


Increasingly, datacenter operators are putting their faith in the promise of miniaturized nuclear power plants – better known as small modular reactors (SMRs) – to fuel their ever-growing energy demands.

Weekend Reads 110924


Toward the end of August 2024, a customized malware dubbed “Voldemort” based on strings found in its code was used in a cyber espionage campaign targeting various countries.


Until 2019, it was a Google partner running full Android. Then it forked its own version of Android, called it HarmonyOS, stopped including Google proprietary apps, and set up its own Android app store.


As previously discussed in this post, Xiong’an New Area (Xiong’an), a pilot city established in 2017 about 100 kilometres west of Beijing, aims to be a model for future digital cities, built with IPv6-only infrastructure from the start.


A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code execution and information theft.


Today, we’re excited to announce the launch of Kentik’s Cloud Latency Map, a public service that uses Kentik Synthetics to continuously measure latency between the regions of the biggest cloud providers.


Data can undergo a similar transformation—two pieces of data, linked, such that changing one has an impact on the other. Think of this as “spooky data at a distance.”


In this work, we aim to address the limitations in the recent poisoning (backdoor) attacks on the code completion

models [5, 68], and introduce a stronger and easy-to-trigger backdoor attack (“CODEBREAKER”), which can mislead the

backdoored model to generate codes with disguised vulnerabilities, even against strong detection.


Many fiber businesses clearly have the goal of growing large enough to flip to somebody larger. The investors in these businesses are largely venture capitalists who hope to sell companies at a premium multiple of what they paid to build the business.


It’s a vast domain ecosystem that needs to be protected from online threats. Often, to better understand this need for domain security, we need to understand how critical and interconnected domains are within a business.


Both due to workload creep and the proliferation of third-party solutions, having a document automation framework in place is a downright necessity that saves time and large sums of money for organizations at all growth stages.


Microsoft is experimenting with datacenters made out of wood in a bid to cut the growing greenhouse gas (GHG) emissions that result from constructing its expanding network of bit barns.


On the other side are investment analysts who believe that big productivity improvements and profits are right around the corner.


Meta’s plan to build a nuclear-powered datacenter for AI workloads has been undone by bugs, specifically bees.

Weekend Reads 110124


Do you want to analyse decrypted TLS traffic in Wireshark or let an Intrusion Detection System (IDS), like Suricata, Snort or Zeek, inspect the application layer data of potentially malicious TLS encrypted traffic?


Thousands of machines running Linux have been infected by a malware strain that’s notable for its stealth, the number of misconfigurations it can exploit, and the breadth of malicious activities it can perform, researchers reported Thursday.


More evidence has emerged that AI-driven demand for energy to power datacenters is prolonging the life of coal-fired plants in the US.


The Regional Internet Registries (RIRs) together ensure the stability of the Internet Numbers Registry System. In order to strengthen their accountability, efforts are under way to revise the criteria for the accreditation of RIRs, and the obligations they must continuously meet.


What happens on the network if you’re joining a Microsoft Active Directory domain? Which protocols are used? As I suspected, it’s a bit more complex than just seeing a single known protocol like HTTPS.


The demand for optical interconnects is so high, given the immense bandwidth bottlenecks for accelerator-to-accelerator and accelerator to memory needs, that raising venture funding is not a problem.


The basic approach to resolving the problems of data destruction is to keep historic values of data around even after some operation updates or deletes a record.


Recent headlines have proclaimed that Chinese scientists have hacked “military-grade encryption” using quantum computers, sparking concern and speculation about the future of cybersecurity.


Early on, mathematics was of great importance for astronomy, navigation, time measurement, and surveying.


Analysis Shortly after the launch of AMD’s first-gen Epyc processors codenamed Naples in 2017, Intel quipped that its competitor had been reduced to gluing a bunch of desktop dies together in order to stay relevant.


The Irish data protection watchdog on Thursday fined LinkedIn €310 million ($335 million) for violating the privacy of its users by conducting behavioral analyses of personal data for targeted advertising.


A government report’s criticism of the 100x metric often used to justify fixing software earlier in development fuels a growing debate over pushing responsibility for secure code onto developers.


As AI systems become more advanced and integrated into our lives, there has been a corresponding urgency to ensure they align with social values and norms, and that their benefits significantly outweigh any potential harms.


During its time out of the spotlight AI became more pluralistic as loss of faith in formerly dominant approaches created space for new ideas.


In a joint statement to the European Commission’s new tech appointee, Henna Virkkunen, a coalition of internet advocacy groups has firmly opposed recent proposals aimed at imposing network fees on content providers.

Weekend Reads 101324


A study by the US General Services Administration (GSA) has revealed that five remote identity verification (RiDV) technologies are unreliable, inconsistent, and marred by bias across different demographic groups.


This time, he included a PoC that caused the ChatGPT app for macOS to send a verbatim copy of all user input and ChatGPT output to a server of his choice.


In the quest to revolutionize medicine, our bodies are becoming living laboratories. By 2030, itメs estimated that bioprinting could address up to 20% of the organ transplant waiting list globally.


Consider this: For every 1,000 human users in your organization, you likely have 10,000 non-human connections or credentials. Some estimates suggest the ratio could be as high as 45-to-1.


The U.S. Department of Justice (DOJ) is considering recommending a federal judge to force Google to sell parts of its business in a bid to eliminate its alleged monopoly on online search, according to a court filing Tuesday.


A US jury has found that employment practices at Cognizant constitute discriminatory conduct toward non-Indian workers in a case that originated in 2013 and claimed the tech giant favored H-1B visa holders from India over local workers.


Consumers are victims of online scams and have their data stolen, but they are lagging on adopting security tools to protect themselves.


At the end of its 2024 term, the Supreme Court decided two cases with a significant, if not historic, impact on the ability of federal agencies to regulate areas of the national economy within their jurisdiction, including the FCC’s ability to regulate telecommunications and Internet service providers.


He criticized the reliance on just two or three ultra-high capacity cables driven by over-the-top (OTT) providers such as major tech companies, which have different network requirements from traditional telecom providers.


The Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests.


The specification for UUIDs was written in 2005 and is defined in RFC 4122. This specification has served the industry fairly well. Even so there have been many other mechanisms for generating unique identifiers to try to make up for the shortcomings of the original specification.


Because Kerberoasting enables cyberthreat actors to steal credentials and quickly navigate through devices and networks, it’s essential for administrators to take steps to reduce potential cyberattack surfaces.

Weekend Reads 100624


Thanks to the popularity and widespread success of ChatGPT, most IT users are familiar with the concept of a large language model (LLM). But how does an LLM apply to network operations?


If you don’t know what you’re operating on, or what the expected output range might be, then maybe you ought not to be operating on that data in the first place. But now these languages have gotten into the wild and we’ll never be able to hunt them down and kill them soon enough for my liking, or for the greater good.


We then analyze ten data sets spanning industry and academic sources, across four years (2019-2023), to find and explain discrepancies based on data sources, vantage points, methods, and parameters.


Phishing attacks, which trick users into sharing private data, have been a major security threat for years. According to a 2023 FBI report, it is the top digital crime type.


A test account that’s shared among many can be used by anyone who happens to have the password. This leaves a trail of poorly managed or unmanaged accounts that only increases your attack surface.


As radio host Mark Davis put it recently, “ultimately everything AI does is go in search of something that some human being said or wrote sometime.”


One of the most exciting recent developments in web performance is Zstandard (zstd) — a new compression algorithm that we have found compresses data 42% faster than Brotli while maintaining almost the same compression levels.


In this paper, we introduce a generic security model for Web services based on three dimensions of resolution, transaction, and identification.


For generative artificial intelligence (GenAI) models, the concept of the Promethean dilemma has so far been discussed, starting with whether general access to GenAI systems should be permitted for public use, given their black box nature and tendency to confabulate.


All crypto assets in 2024 amounted to only 0.5% of the world’s money supply. But they have enabled a lot of troublesome speculative behavior as well as illicit activities such as money laundering and tax evasion, financial scandals, illegal gambling, and financing of terrorism and the drug trade. Some governments would like to provide alternatives.


Threat actors can often find targeting certain organizations too much of a challenge. So they need to go through what we can consider back channels—suppliers, vendors, or service providers.


Most exploitable GPU vulnerabilities are in the implementation of the GPU kernel mode modules. These modules are pieces of code that load/unload during runtime, extending functionality without the need to reboot the device.


Memory safety vulnerabilities remain a pervasive threat to software security. At Google, we believe the path to eliminating this class of vulnerabilities at scale and building high-assurance software lies in Safe Coding, a secure-by-design approach that prioritizes transitioning to memory-safe languages.


Session hijacking looks quite different these days. No longer network-based, modern session hijacking is an identity-based attack performed over the public internet targeting cloud-based apps and services.

Weekend Reads 092824


Instead, Broadcom is now experimenting with co-packaging the optics directly into the GPUs themselves.


With K-12 schools back in session across the nation, millions of students are adjusting to a new learning environment — a cellphone-free classroom or, in some cases, a phone-free school day.


Being at the core of the Internet places the DNS under a lot of pressure. New forms of DNS abuse emerge each year, disputes over domain names persist, and all the while, the Internet just keeps getting bigger.


The censorship war has hit a flashpoint. Late last month, Brazil banned Elon Musk’s social media site, X, after Musk refused a government order to suppress seven dissident accounts.


This raises a question. If someone is situated in South America and wants to access youtu.be, is their performance going to be impacted (assuming he has to do the entire recursive lookup with no cache)?


ODA focuses on identifying macroscopic Internet outages, such as outages that affect a significant portion of the population within either a geographic region or an Autonomous System (AS).


For practitioners, this study provides a rich set of criteria that can be used for evaluating their projects, as well as strong evidence of the importance of considering not only project execution, but also post-project outcomes and impacts in the evaluation.


As if we didn’t have a long enough list of problems to worry about, Lumen researchers at its Black Lotus Labs recently released a blog that said that it knows of three U.S. ISPs and one in India was hacked this summer.


While the usage of internationalized domain names (IDNs) has allowed organizations the world over to enter the global market using their native-language domain names, it can also enable cyber attackers to craft look-alikes of legitimate domains they wish to spoof.


In Texas, for example, the chatbot only consumes an estimated 235 milliliters needed to generate one 100-word email. That same email drafted in Washington, on the other hand, would require 1,408 milliliters (nearly a liter and a half) per email.


Fiber splicing is joining two optical fibers to create a continuous, low-loss, and highly efficient optical path.


Efforts to curb illegal online content through domain shutdowns are proving ineffective and carry significant risks, according to a new report by eco and its topDNS initiative.


The majority of open source project maintainers are not being paid for their work, spend three times as much time on security than they did three years ago, and have become less trusting of contributors following the xz backdoor, according to open source package security firm Tidelift.