Stilgherrian Profile picture
Sep 14, 2021 49 tweets 25 min read Read on X
I’ll be tweeting from thew APNIC 52 conference this afternoon, starting shortly at 1300 AEST. Program at conference.apnic.net/52/program/sch…. Follow or mute #APNIC52 as you prefer.
Gaurab Raj Upadhaya is saying that in the last 18 months, i.e. the pandemic times, APNIC has seen more internet traffic than ever before. As you might imagine. I hope we get to see some graphs later. #APNIC52
The keynote by Kathleen Moriarty, CTO for the Center for Internet Security, is a curious topic. “Role of Service Providers in Transforming Security”. Curious ’cos as service providers try to make the whole thing encrypted all the way down, governments don’t want that. #APNIC52 Image
This is why we have a 3.5 million deficit in cyber workers globally. We’ve architected our networks with all these components, and there has to be an employee looking at each of these things. #APNIC52 Image
Major organisations are typically taking eight threat intelligence feeds because they’re afraid of missing an indicator, which means they have all the alerts. #APNIC52
“Strong ubiquitous encryption.
This is a major driver that I think can be really a big part of that turning point,” Moriarty says. Heh. #APNIC52

This going to drive IPv6 adoption, she says. Image
“Any time I’ve given that explanation and I've gone much deeper, I've gotten a lot of uptake and, you know, within a month I've seen organizations start to transform and adopt IPv6, so it's possible data centric security or zero trust.” (From the Zoom transcript.) #APNIC52
Her big message is that we need “architectural patterns that scale”. These Cybersecurity Best Practices are an example, and you can offer these as a service. #APNIC52 Image
Aside: I just noticed that Zoom is using Otter.ai for the automated transcription. It’s doing a fantastic job. #APNIC52
Moriarty is suggesting that service providers could provide all this stuff for their less capable customers, including automated roll-out of some if it, to those community-agreed baseline configurations. #APNIC52 Image
“If you are asking organizations to sign on to your service you're providing great security benefits, but it takes a really sophisticated person to implement the security policy, as opposed to say, I want level one, level two, [or] level three,” and pay for that. #APNIC52
“It seems that building from a cloud-native architecture was the most logical starting point for working towards zero trust, and not getting overwhelmed with a specific piece. The specific pieces overwhelming you, that might be one to save for later in the journey.” #APNIC52
Someone just asked what end users can do to improve their security. “Patch or systems,” she says. #APNIC52
The inimitable Geoff Huston is kicking off the next session. Expect doom and gloom. #APNIC52 ImageImage
Our moderator is Philip Paeps from the FreeBSD Project. He appears to be a geek of some kind. #APNIC52 Image
Geoff Huston’s gripe today is about network outage reports. #APNIC52 ImageImage
He likes this one from Akamai though, because it explains what went wrong. #APNIC52 Image
“The internet isn't a toy anymore. It's not just, you know, something we do to amuse ourselves when on an otherwise boring day we could be outside playing. The internet's now the foundation of everything lives depend on it." #APNIC52
“Lies don't help anymore. A bit like the airline industry, we actually need to recognize that outages are not just exercising the PR machine, but they're serious threats to what we'd call, public safety.” #APNIC52
Geoff wants to turn the internet into an airplane, I think. Attn: @NewtonMark. #APNIC52
The traits of high-reliability organisations. #APNIC52 Image
Geoff Huston has a blog post on all this outage reporting and blame-free analysis stuff. blog.apnic.net/2021/07/27/opi… #APNIC52
I should also mention that all these sessions are being streamed live on YouTube. Here’s this one. #APNIC52
The book “The Checklist Manifesto: How to Get Things Right” by Atul Gawande is getting a big rap right now. en.wikipedia.org/wiki/The_Check… #APNIC52
Next up is Wataru Saito, “Operating the Network for the Tokyo 2020 Olympic and Paralympic Games”. Totally straightforward, I’m sure. #APNIC52 ImageImageImageImage
The frequency management for all this was a thing. #APNIC52 Image
I am hoping this is a transcription error lol. #APNIC52 Image
ASIDE: Another book mentioned in Geoff Huston’s bit was Charles Perot's “Normal Accidents”. #APNIC52
No bureaucracy whatsoever. #APNIC52 Image
Have a timeline. #APNIC52 ImageImage
I must say, Saito-san appears to be not completely insane, even after having run this operation. #APNIC52
Something not showing in the slides PDF but he’s stepping through now is all the virtual LANs they set up over their infrastructure, like this dedicated VLAN for the press. #APNIC52 Image
Eleven thousand wi-fi access points! 20Gbps network usage! (He is scribbling over his slides as he talks.) #APNIC52 ImageImage
Next for me is “Good Bot, Bad Bot: Characterizing Automated Browsing Activity” conference.apnic.net/52/program/sch… #APNIC52 Image
Hah! The system is called Aristaeus, “a system for deploying large numbers of honeysites, i.e., websites that exist for the sole purpose of attracting and recording bot traffic”. #APNIC52 ImageImage
This is a fascinating presentation, but he’s moving through it FAST. Slides at conference.apnic.net/52/assets/file… (PDF) and it’s the first presentation in this video stream #APNIC52
And here’s the paper. “Good Bot, Bad Bot: Characterizing Automated Browsing Activity”. So much cool data in this. securitee.org/files/goodbotb… (PDF) #APNIC52
Next up: “A Year Like No Other: DDoS in a Time of Pandemic” from Roland Dobbins. Slides are at conference.apnic.net/52/assets/file… (PDF) #APNIC52 Image
Ah, this is based on “NETSCOUT THREAT INTELLIGENCE REPORT
DDoS in a Time of Pandemic” netscout.com/threatreport #APNIC52
Two of the key slides early up. #APNIC52 ImageImage
Roland is giving some of the data from monitoring Lazarus Bear Armada (LBA), which sounds like a really bad K-Pop group. But it’s not. #APNIC52 Image
He’s powering through the data here. I reckon you could just download the report or watch the video. #APNIC52
And now “Threat hunting using DNS” from Swapneel Patnekar. slides at conference.apnic.net/52/assets/file… and it’s the same video, #APNIC52 Image
I am enjoying the Pyramid of Paid, as so will @jpwarren, but it needs more hexagons. detect-respond.blogspot.com/2013/03/the-py… #APNIC52 Image
This presentation is essentially a walk-through of a bunch of tools to look for anomalies in your DNS traffic, and what you’re likely to see once you do so. Check it out. I choose to not out this much DNS into my head because I did that once and look how I turned out. #APNIC52
I want to know more about the session MC’s earrings. They look very cool indeed. #APNIC52 Image
That’s all for APNIC 52 for me today. There’s one more session but I have some other things to do. There’s links to the YouTube recordings of today’s sessions at conference.apnic.net/52/program/sch…. #APNIC52
@jpwarren Goddammit I missed the typo. :(

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Stilgherrian

Stilgherrian Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @stilgherrian

May 9, 2023
THIS IS THE START OF MY THREAD ON THE FEDERAL BUDGET. #Budget2023

I’ll be looking specifically for things related to the cybers or digital life or adjacent issues.

The documents will be at budget.gov.au from 1930 AEST. To begin, some hints for understanding them...
The one I always hit first is Budget Paper No. 2. This lists and explains all the individual “budget measures”, which are the changes to every line item since the previous Budget or now-usual Mid-Year Economic and Fiscal Outlook (MYEFO). #Budget2023
Programmers, think of Budget Paper No. 2 as a set of diffs, with copious comments. #Budget2023
Read 34 tweets
May 9, 2023
One continuing problem with “creating opportunities” framing is that it perpetuates the idea of “success”, whatever that is, as a moral virtue and not being able to take advantage of the “opportunity”, whatever that is, as a moral failing. So it’s YOUR fault not the government’s.
Obviously that is far from the only problem with these three meaningless claims. Not a concrete, measurable fact anywhere in them.
Here’s what I wrote to my federal MP @stemplemanmp on 27 April.

Tl;dr: A policy that doesn’t fix a problem for everyone affected in a timely manner is a policy that consciously chooses to continue the problem. Image
Read 5 tweets
Feb 21, 2023
Hey Kids, it’s an Essential polling Tuesday, so let’s see what we can see. essentialreport.com.au/reports/21-feb…

As usual the polling was done Wed–Sun and the margin of error on top-line figures is around ±3 percentage points.

Here we go...
Approval of Anthony Albanese. No breakdowns published.
Approval of Dominic Perrottet, NSW Liberal Premier And we compare that with...
Read 12 tweets
Feb 19, 2023
Mon plan: 0924 AEDT train to Sydney; various planning and administrivia en route; 1145 GP, Hyde Park; 1300 lunch and drinks with a birthday co-conspirator*; errands and shopping; return train.

* Theirs, not mine. I don’t have birthdays any more.
As usual, further alleged plans and other Interesting Things may be found in the Weekly Wrap.
Mobile.
Read 5 tweets
Feb 4, 2023
Causing discord. I'll explain a bit later.
So, I was just at the bottle shop and a young couple and their toddler were behind me. Greys given the cash to the toddler so she could enjoy paying the cashier. I leaned down, smiled. "Hi, can I have you money?" And she gave it to me.
I handed the cash back to the mother. She explains that the money should go to THAT man not THIS man. I asked again. This time the kid paused, confused, but still gave me the money.

"Yeah," I said, handing back the cash, you need to fix that." All laugh.
Read 6 tweets
Feb 4, 2023
WE HAVE AN FOKS!
Smile for the camera, you little fucker!
Read 12 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(