Posts by rjed

QUIC can do what TCP cant

Usually I hear folks debating the performance (throughput, latency) aspects of things when QUIC is introduced. I don't think QUIC can improve throughput since that is primarily handled by congestion control and flow control algorithms which are mostly same on both TCP and QUIC. QUIC had some advantages when it comes latency improvement just because it has deeper integrations with TLS 1.3 and supports features such as session resumption and 0-RTT handshake.

But I would say those would not be my primary reasons to move to QUIC. QUIC can do some things which TCP can never do (and TCP cannot do it because of its ossification in existing systems). Things such as:

1. handling partial reliability: TCP is a fully reliable transport protocol. Lot of times we need partial reliability for scenarios such as gaming, live streaming. For e.g., within a video stream, you might want full/better reliability for I-frames but lower reliability for P/B frames. Infact P/B frames towards the end of GOP (group of pictures) could have much lower reliability. Today if an app uses a tcp-send, you cannot then drop it. TCP will try to resend it till it manages to get it delivered. This counterproductive in the scenarios I mentioned. In a live-stream, if you cannot deliver the P/B frame within a second (for instance), then it is best to drop it since video decoder will anyways extrapolate and manage to get it recovered. Retrying even after few seconds will result in traffic clogging impacting subsequent traffic. QUIC can support such modes.

2. improved multipath transports: MPTCP (multipath) suffers from lot of design constraints because of TCP ossification. QUIC can do much better with multipath. As an example, once a segment is transmitted on a TCP path within a connection, that segment cannot be rescheduled to be transmitted on another path within the same TCP connection since middleboxes expect all the TCP segments to arrive (because of full reliability). QUIC doesn't suffer from such limitation.

3. notion of streams: TCP does not support notion of streams and thus an application has to initiate multiple TCP connections for each stream. QUIC's design is much closer to app.

4. future extension: QUIC can be extended without having to worry about ossification. QUIC is smartly designed so that intermeditate routers/switches cannot read the packet and cannot make a decision based on a specific bit within the packet. This means we will see innovation at transport layer. Today the innovation with TCP is stalled because TCP has to work within the constraints of middleboxes which have ossified implementation. QUIC has ensured that this ossification wont happen with its design.

Using QUIC in kernel space or user space is a systems issue. Today one can use TCP in userspace as well but most apps prefer to use existing kernel space implementation. The same will be true for QUIC since app devs will want to use existing implementation in favor of deploying their own.

Insecure gear

“will help to ensure that insecure gear from companies like Huawei and ZTE can no longer be inserted into America’s communications networks,”

The notion, fully-secure, doesn't exists in software/hardware world. In security world what matters most is:

Transparency: Is the code open for investigation? I will ensure that my deployed binaries are generated from the code that I have seen. Many orgs lack that capability but I don't think that is true in telecom world. BT (British Telecom) and UK CSEC had ready access to Huawei code and sure they found vulnerabilities, but at-least there was transparency. Such transparency is not exhibited by Cisco and Ericsson.

I guess I am trying to make a point which is so obvious and as bright as the Sun. This act is politically motivated. And just the way that no one wants to look into Sun with their direct eyes, the same is true in this case.

take a page out of GDPR for enforcing fines

Facebook's revenue for 12 months ending June 2021 was $105bn (up ~40% YoY).

Fines of $5.5m + $22K ... I don't think Zuck's team will even bat an eye. In fact, if anything, this would embolden them to even care less about carrying out such malpractices in your country in the future.

Take a page out of the GDPR framework where the fines are decided based on the proportion of yearly revenues. Doing facial recognition without consent.. shame on you Facebook.

F squared

Infosys is fucking up it's already fucked up image.

These tweets, headlines will be paraded for years to come, if at all they survive till then.

At least, the government is not holding back and treating them like any other vendor. Good to see that and better would be to see some actions taken.

MasterCard babbling with response

Seems MasterCard just didn't care. The mandate given by govt was to comply in 6 months and were given 3 years. If this is not good enough for MasterCard, I don't know what is. MasterCard needs to gets its house in order.

bravo

This move reflects the change in the ideological stance of MS. Earlier, anything coming out of Linux used to be frowned upon by MS and there was an inclination to build something in parallel.

By adopting eBPF, MS is proving that it is maturing in terms of thought process. It doesn't simply reject anything coming out of Linux and is keen on working out the model that has worked out on Linux. eBPF has proved immensely successful for observability, monitoring, and lately for security enforcement and performance tuning on Linux. By adopting eBPF, MS will reduce the efforts required by security developers having to rebuild the same security engines again for MS windows. This certainly helps MS.

However, it remains to be seen as to how much of Linux eBPF hooks, primitives can actually percolate in MS Win. The power of eBPF lies in the hooks, helper functions, and maturity of the kernel verifier. Linux recently coupled eBPF with LSM hooks (called KRSI). How would MS Win handle this?

Anyways, a great start nonetheless, and looking forward.

And that is why GDPR is needed ...

With GDPR you will have to shell out 4% of your annual revenue as fines and thus an organization would be extra diligent before scrapping such charges.

Some companies are extra careful (which means they devote more resources) towards security and privacy. If other companies want to compete in the same space and do not ensure the same rigor towards security and privacy might end up saving on these resources that will add up to their bottom line. All this is possible because of the lack of regulations and of-course CXOs who care more about the bottom line than their users.

Clear win for GDPR and EU in general

It is discriminatory for Facebook to have different rules for Europe vs India/US/Rest. But the world (India/US/Rest) should understand, only they are to blame.

This simply goes on to show how effective legislation can protect Citizen's right.

Kudos to GDPR which is not only protecting Europe but also is indirectly instrumental in protecting other parts of the world.

Why am I not surprised?

... PR/Marketing folks in AWS/Oracle/elsewhere making tall claims about their products which may not "entirely" be true. Is there any other way to play this game? The onus as always is on the customers/consumers to interpret/validate.

Make IT look easy!

.. is what SolarWinds tagline is. They sure lived up to it.

Data can either be anonymous or useful but not both

https://www.uclalawreview.org/pdf/57-6-3.pdf

Check out surprising failures of anonymization/reidentification procedures to protect privacy. Just read the initial two pages and am sure you will be taken aback.

Now you see me

I don't understand how is this a failed tech!

There were 8600 faces detected and 7 were flagged as probable matches (by matching against 7292 possible faces) and 1 turned on to be a true positive.

Meaning only 7 were sent for manual inspection. Can you imagine the fleet of people required to do this manually?

Also I am assuming 7 were flagged because the system could not afford to have false negatives and thus been liberal in flagging the matches.

I am no fan of surveillance, but this article seems trumpeting towards the wrong end.

Heads I win, Tails you lose

Fantastic strategy! Yeah, its not easy for folks below him.

Upcoming: Apple monitor setting buttons

Done with the stand.

Marketer: Now lets sell monitor settings buttons for $299 only.

Tim: Ohyeah, Bring it ohhn

Ironically the irony is not even ironic anymore..

Every actor is just playing its own scripted part now ...

politician talking to skeptic security expert

Politician: We need access to some communications between x and y ... give us the master key

SecExpert: There is no master key ... Let me tell you how it works ..

Politician (thinking in the mind) : Oh! She started again!!

Politician: Lets cut to the chase .. give me a way to access communication between x and y .. whatever it takes..

SecExpert: I do not own the keys for the communication ... the keys are owned by the users and its a breach of trust if i give it to you.

Politician: Do you know whom you speaking to? How come you do not trust us ?

SecExpert: Maybe I trust you but i do not know how can i trust the institution and its future staff from misusing this powers ...

Poitician: How can you not trust the constitution makers? We ll amend the constitution and we ll see you then.

Meanwhile, in the other part of world:

Terrorist1: Shall we use whatsapp to send messages?

TerroristSecExpert: What! Are you mad? We ll use this android app which i developed in past few days which uses our own generated public/private key pairs.

Terrorist1: I want those poo emojis in that app ... do you have it?

TerroristSecExpert (rolling her eyes)...