Hedge 309: DNS Persist

19 June 2026


 
As DNS is more widely used to distribute certificate information, proving ownership of a resource becomes more critical. The constant challenges required to prove resource ownership, however, increase delay in connecting or using a resource. DNS persists–as the name implies–creates a persistent connection between a resource and a certificate authority. Henry Birge-Lee, Michael Slaughter, and Shiloh Heurich join Russ and Tom to explain how this new record type works and it’s importance to DNS.

Worth Reading 061926

19 June 2026


 


In this post, I discuss our recent work that models and analyses the resilience of authoritative DNS infrastructure that supports individual domain names on the Internet.

 


The RIPE NCC made its all-powerful single sign-on tokens available to over 1000 third parties. From a single link click, any logged-in RIPE NCC user would leak their session token.

 


Identifying active IPv6 addresses is a challenging task, but it’s also an important one. As researchers and network operators, it helps us understand the current deployment, identify weak spots that need strengthening, and detect vulnerable devices for disclosure.

 


The fundamental bubble barometer is that speculators buy an asset because they expect the price to keep rising, not because they want the income generated by the asset. Indeed, most speculators don’t plan on holding the asset long enough receive any income.

 


Recently, there has been a surge in progress in quantum computing that has shortened the hypothetical timeline on which quantum computers can ‘break’ traditional public-key cryptography that uses the RSA scheme.

Hedge 308: Hidden Competence

11 June 2026


 
We all talk about how engineers deal with imposter syndrome–but we don’t often talk about the experience of making things work “in the background.” What is competence, and what do we do when competence isn’t recognized? Justin Wilson (j2sw) joins Russ and Tom to discuss.
 
https://media.blubrry.com/hedge/media.blubrry.com/hedge/content.blubrry.com/hedge/hedge-308.mp3
 
download

Worth Reading 061026

10 June 2026


 


When business volume and market capitalization cross a critical threshold, vertically integrating infrastructure ceases to be merely a cost-cutting financial tactic; it becomes an existential imperative for computational resilience and commercial survival.

 


It looks like industry mergers and acquisition activity is in high gear lately.

 


Building multi-agent systems right now feels painfully identical to the early, chaotic days of the micro services gold rush.

 


The standard is called DNS-AID (Domain Name System for AI Discovery). Its premise is that the internet already solved the problem of finding things at scale forty years ago with DNS — and that the same infrastructure should handle AI agents.

 


Mythos is real. I know a big chunk of the industry thinks it’s a marketing stunt, and I get why. I get it. But I’ve seen the findings, and they’re bad.

Worth Reading 060826

8 June 2026


 


In a paper published late in 2025, Østergaard and colleagues reported on their examination of almost 40 psychiatric referrals across Denmark that implicated AI chatbots in harmful interactions, including suicidal thoughts, eating disorders, and fostering delusions

 


Since its deployment in 2011, the adoption of RPKI by Internet Service Providers has shown continuous growth, a trend that persists to this day. As this growth continues it is important to measure its effect on BGP stability.

 


AI companies, AI influencers and famous professors have been making extraordinary claims for years about AI.

 


A robotic system that can produce a rubbery pancake is a true technical and logistic achievement, but why all this work to automate the production of mediocrity?

 


The greatest risk we face today isn’t that AI is becoming “too smart”; it’s that we are beginning to treat this technology as an infallible “oracle” rather than a capable, yet fundamentally fallible, “intern.”

Best of the Hedge: Episode 15, Supporting Open Source

5 June 2026


 
Many companies rely on open source, regardless of whether or not they realize it. In this best of the Hedge episode, Alistair Woodman joins Russ White and Tom Ammon to talk about not only why you should support the open source projects you use, but how you can.
 
https://media.blubrry.com/hedge/content.blubrry.com/hedge/hedge-015.mp3
@nbsp;
download
$nbsp;
Reposting a classic episode this week because I was out of town and didn’t get around to editing an episode.

Worth Reading 060526

5 June 2026


 


A BBC journalist recently performed a silly experiment to prove a very serious point. In just 20 minutes, he manipulated ChatGPT and Google into telling the public he was a world-champion competitive hot dog eater.

 


Many (perhaps most) of the BGP route leaks reported on Cloudflare Radar (as with its predecessors) are what I term ‘ephemeral leaks‘, brief routing anomalies that exist only momentarily during convergence and have little to no operational impact.

 


In this episode of PING, APNIC Chief Scientist Geoff Huston and I discuss the Network Time Protocol (NTP). NTP is one of the oldest systems we rely on today.

 


The Gentlemen ransomware is a ransomware-as-a-service (RaaS) threat that is distinguished by its ability to pair its strong per-file encryption with an aggressive self-propagation capability designed to enable broad network compromise.

 


LLMs can help tame the complexity at the root of many of today’s software security challenges.

Hedge 307: bgproutes.io

29 May 2026


 
If you advertise routes into the default free zone (or global Internet), you might struggle with seeing and understanding what they look like “on the other side.” While there are many manual tools to help operators with this process, bgproutes.io gives you visibility in the global routing table through interfaces like BMP. Listen to this episode of the Hedge to learn more.

Worth Reading 052926

29 May 2026


 


The rising power demand of the data center industry almost appears like an industry running within the integrated grid but outside the usual paradigm of the traditional electric utility sector. Indeed, it should be treated as such.

 


Much has been said about the use of the DNS as a means both of tracking the online behaviour of individual users and as a means of online censorship and control. Almost every online transaction starts with a DNS query, and if one were able to assemble the complete set of DNS queries generated by an individual user it would be possible to assemble a relatively complete profile of their online activity.

 


Let’s say you wanted to make sure that your AI is secure. Can you just maximize the security and privacy benchmark and call it a day? Nope.

 


The internet is fragmenting. Not in the future. Now. At three different layers simultaneously.

 


In June, Microsoft Secure Boot certificates are set to expire for the first time ever.

Hedge 306: RPKI Transport

22 May 2026


 
Synchronizing information across the Internet, at an initial glance, looks like a fairly simple problem to solve. Just copy a file to a host and create a magic protocol, right? Not really. Each kind of data has a fairly unique set of requirements–and RPKI data, used to provide security information for BGP, is no different. Job Snijders joins Tom and Russ to talk about ERIK, a protocol developed to synchronize RPKI records.