Internets of Interest for 8th December 2012


Collection of useful, relevant or just fun places on the Internets for 8th December 2012 and a bit commentary about what I’ve found interesting about them:

HSRP Default Authentication | PacketU – HSRP uses authentication by default. I’ve learned something today.

One thing that I find a bit strange is that, according to the documentation, authentication is enabled by default. If this is truly the case, I’m guessing that many people simply don’t realize it

Show 126 – Plexxi & Affinity Networking with Marten Terpstra – Sponsored – What I like about Plexxi is that they are doing something different – (using optical networking with 24 x 10GB channels per fibre) – that changes fundamental concepts DC network design. IN this sponsored podcast at Packet Pushers Podcast, we talk about what makes Plexi different and how you can make use of the product.

What I’ve Learned as an Academic Blogger – Tips on how to be a blogger when writing technically – I loved it. So much that I agree with.

The overall theme here is to be online. I cannot overstate how important it is to be engaged digitally, ideally on both blogs and Twitter where the humanities community is quite active. I credit my online presence with opening up some professional opportunities that have come my way recently (which I’m not going to reveal right now) as well as introducing me to a lot of people who I admire. The act of writing consistently helps you as a writer, but doing so publically adds to your online reputation as well. You are doing yourself a favor, in a job market that’s already extremely competitive, by writing for the web.

The defense blues » To Linux and beyond ! – Security disclosure is a huge problem largely caused by Tipping Point. People who locate cyber weapons in the form of 0-day can sell them into a market created by Tipping Point. This has become a tragedy of the commons since bugs are now worth even more on the black market and it’s become a pricing way between IPS companies, software vendors and criminal markets. HP/Tipping Point are destroying the security market by whoring for the lowest common denominator of fear, they are not “making it safer for customers”.

Yes, being a defensive guy is not fair. You build huge and complex structure and all the light (and sometime the money) is for the one who demonstrate how one of the thousand engines you’ve build can be abused. And this is the climax when the guy disrespects you by not letting you a chance to fix the issue before it goes public.

Staggering Beauty – Funny: Give your a mouse a good strong shake – and laugh.

HP Blogs – Ethernet Switching Market Share: Cisco continues t… – The HP Blog Hub – HP lifts the kimono on the some market share numbers and claims that they are making inroads in Ethernet switching. Heavy on gloating, but the numbers from Dell’Oro are clear.

Dell’Oro Group reported 3Q2012 market share results and I’m proud to share that HP Networking continues to be the #2 vendor globally, with double digit Ethernet Switch market share. Unfortunately, unlike HP Networking, Cisco would probably like to forget this quarter. Why?

Making it Easier for You to do Business with Us – Fixed Price Professional Services from Cisco – Cisco is filling the gaps for resellers who can’t sell professional services but still want to get easy money. Another sign that resellers are are on the skids.

Is there a catch? In a way – I’ll be honest – there is. These services are Fixed Price and Fixed Scope.

The catch? Fixed price and fixed scope! means that resellers can’t complain. They could always have a better price or a customised scope.

BYO10GPR: Build Your Own 10 Gbit Packet Recorder – Seriously exciting being able to capture packets at wire rate using commodity hardware.

In essence if you have a fast storage, 20 Gbit to disk with 60+4 bytes packets is no longer a dream on commodity hardware.

Enterprise+Cloud+Open – Aneel Lakhani gave a presentation at CloudStack Collaboration Conference on the definition of “open”. I think he nailed just about everything about open – I’m asking for a copy of this presentation for my own reference – (Apologies about Slideshare link).

IETF bakes Google’s SPDY protocol into HTTP 2.0 • The Register – The SPDY is slowly but steadily making progress into adoption in web servers. If you run a web farm you will need to know about it since it looks like it will be part of HTTP 2.0 protocol – if that ever gets ratified.

SPDY, by contrast, hurries things along nicely while also preserving current HTTP semantics, and “only replaces the way the data is written to the network.”

“SPDY introduces two layers of protocol,” the draft explains. “The lower layer is a general purpose framing layer which can be used atop a reliable transport (likely TCP) for multiplexed, prioritized, and compressed data communication of many concurrent streams.”

  • Chris young

    hey Greg,

    First, disclosure… I work for HP Networking. I dont get compensated in anyway for Tippingpoint though. On th HP Tippingpoint comments. I Can understand your grievance with the community. But I think the zero day initiative is actually a good thing. One of the problems with security research is the story in this blog.

    Researchers find a bug, release it at a conference and the a lot of the buggy software is hit with a brick in the head. No warning at all.

    Part of ZDI is responsible disclosure. The makers of the software are supposed to be contacted, the bug is described and the have a chance to fix the bug before it goes public.

    There is a clock though, and vendors are pushed to fix the bugs within a time frame. If they don’t react, Tippingpoint will eventually publish the exploit and bug details. this gives pressure to lazy vendors from not fixing their software.

    Personally, I think think this is a good thing as it gives legitimate security researchers an avenue to disclose responsibly. It supports them financially for their work, etc.. These are all good things that in the end result in more secure software.

    To some extent, I guess my argument comes down to “hate the game, not the player”. This market existed before Tippingpoint released the ZDI program, and it would exist without them. exploits are worth money.

    at least this gives mostly good people another option than the temptation of the darker option


    • Etherealmind

      I disagree with your perspective. Even worse, once the market has been created, it becomes a race condition as the price of 0-day exploits. Look at companies like Vupen who use the Tipping Point exchange price to set the floor price of the exploits – which they sell equally to Military Industrial, Foreign Governments etc. Tipping Point created this market (as a cheap, tawdry marketing excercise) and should be censured for doing so.

      • Chris young

        I can’t disagree that the situation sucks. But laying the blame at any one company, whether Tippingpoint or anyone else is an excercize in futility. It may make you feel better but it’s not going to change anything,

        Perhaps I’ve got rose colored glasses on, but I view it as more than marketing, although it is definitely that as well. It’s a way for honest researches to raise awareness on bugs they find and have a company take the ownership of disclosing this to the software vendor.

        How many exploits might have been discovered and squashed because the company paid off the researcher and never fixed anything? How does that do anything except continue this market without any benefit to us, the community.

        This market has existed, and will continue to exist as long as people exist. where market conditions create a need for information/advantage and people need money, there will always be someone willing to sell someone else’s secrets.

        Blaming Tippingpoint or anyone else isn’t going to change that. People are weasels.

        • Etherealmind

          When Tipping Point started offering money for vulnerabilities, this outcome was widely predicted. Once a floor price is set, the a market will form to exchange known security problems. Tipping Point single handedly created the market, in spite of the critical voices, for short term business gain.

          And the rest of the world is paying the price for Tipping Points’s greed. This is wrong and I’m opposed to it. Tipping Point is made of people, they made those choices that have caused the problem. They are the problem and it should be widely known that greed and stupidity of those people, and the company they represent, is the root of the security vulnerabilities marketplace.