-
Auditor: Can you send a screenshot of the access VPN timeouts so we can demonstrate policy compliance?
Me: (Sends relevant portions of the configuration.)
Them: This is a text file. We need a screenshot.
Me: (Sends screenshot of my terminal session showing the relevant portions of the configuration.)
#InfoSec #NetEng #MaliciousCompliance -
We have dozens of relatively simple methods to secure Internet traffic, but we’re often reduced to “just open access through your firewalls from this huge list of source addresses” because too many folks can’t be arsed to do any of those. Keeping it simple is •not• about moving the complexity into the customer’s realm of responsibility. #NetEng #InfoSec
-
I think I’ve been in this industry for too long. I searched for a synopsis this morning and accidentally typed “synoptics” instead. Last week I was teaching the NATO phonetic alphabet and taught “unicorn” instead of “uniform.” #NetEng #SiliconValley
-
"SD-WAN" (over MPLS no less!) with IPSec tunnels (not transports!), hard static routes for link monitoring, and floating static routes for tunnel failover... because that's less complicated than using a routing protocol. #NetEng #BangHeadHere
-
Something to consider about all of the efforts to sustain #IPv4 so far beyond its original shelf life. #NAT and #IPv6 were thought out at roughly the same time. NAT was a tactical move to stave off IPv4 exhaustion (at the cost of limiting the peer-to-peer nature of the Internet) and IPv6 was the strategic answer for scalable growth. The obsession human beings have to find any excuse to avoid change was highly underestimated. IPv6 took 22 years to become an Internet Standard and NAT became so entrenched that peer-to-peer networking became mostly unnecessary as long as we could continue to laugh at cat memes on our favourite platforms.
This brings us to #platforms. It’s getting harder to host anything ourselves anymore without paying a (usually foreign) IaaS/SaaS platform to do it for us. We now live in an age where data sovereignty and privacy are at the forefront of our thinking and maybe, just maybe, we want other options.
Is our obsession with IPv4 tying us unhealthily to platforms and sacrificing our freedoms?
-
Listened to a presentation today from someone with an accent that made every instance of “configuration” sound like “conflagration” instead. Thinking about this further, sometimes there’s little difference between the two. #NetEng
-
At TORNOG 1 in a Nokia automation workshop. They're talking about gRIBI and I'm suddenly craving a steak. #NetEng
-
Taking a break from the day to day for an awesome event in Toronto. #NetEng https://tornog.ca/events/tornog-1/
-
-
The path of enlightenment deeply connects us with our fellows by discouraging the influence of ego-driven thinking and demanding we focus on compassion and service. We connect because we •want• to understand. Centralized social media, with its promotional influence, tries to offer a superficial substitute as a fringe benefit of allowing ourselves to be commoditized. It’s not a substitute. #WeAreTheProduct #SaturdayMorningThoughts
-
I’m wondering if @mikrotik has thought of adding “access point” on the back of these? Maybe taking the joke a little too far? https://merch.mikrotik.com/products/groove-boxer-briefs #WiFi #NetEng #Merch
-
For anyone interested in my “Scalable and Secure Self-Serve RouterOS Remote Management” presentation at the MikroTik Professionals Conference in Prague, the slide deck, #Docker, and #ContainerLab files can be found here. https://github.com/ghostinthenet/l2vpnLab #MTPC #NetEng
-
I just spent an hour #Labbing an #L2TPv3 pseudowire native fragmentation (#PWE3) problem. Turns out the platform doesn’t •do• native fragmentation, but it took forever for me to figure this out because my oversized #IPv6 pings were making it across the wire. This shouldn’t happen without native fragmentation.
Two coffees later it dawned on me that I was pinging from the device that was anchoring the pseudowire, so IPv6 was fragmenting at the source. A packet capture showed the fragmentation headers •and• the missing MRRU attribute in the L2TPv3 pseudowire setup. I should have started there.
-
...and the friendlier and more helpful it seems, the more likely we are to trust it. #ThisIsBad