IWL's Expert Insights on Network Emulation and Protocol Testing
On Network Product Liability and the Need for Testing
IWL CTO Karl Auerbach reflects on the software industry’s evasion of liability. The US government has indicated a requirement to shift liability for insecure software products and services in the newly released National Cybersecurity Strategy…
Keynote at NANOG 77 by CTO Karl Auerbach
IWL Chief Technical Officer Karl Auerbach delivered the Keynote speech at NANOG 77 in Austin, Texas on Tuesday, October 29, 2019
“Network Operations On A Public Utility Internet” ...
Deeper Implications of the Great PG&E Outage
It was 11:10pm on the night of October 9, 2019. Here along the Monterey Bay the weather was calm, cool, and a bit damp. The lights were on, the internet was working, the car was charging; everything was normal.
At 11:11pm things suddenly changed…
KMAX Changes Its Passwords
The state of California has enacted a new law that affects the way that initial passwords are established on network attached devices TITLE 1.81.26. Security of Connected Devices. It is a sensible law that will improve the security of devices on the internet. As a consequence of these new requirements IWL is making a few changes to KMAX …
Jeopardize Democracy Over a Few Lines of Code
The Los Angeles Times reported today that "More than 23,000 Californians were registered to vote incorrectly by state DMV." This error should have been caught in BETA testing when voter input was compared with data to be sent to the DMV. Was such a test designed and planned? Was this type of BETA test executed? …
Equal Pay is Not a Regulatory Burden
The Trump Administration proposes to "pause" and review an Obama-era program designed to improve wage transparency -- so women and minorities could learn how their compensation stacked up to white men. The Trump administration argues that the government's pay data collection process is "unnecessarily burdensome” …
Why Do Today’s Important News Stories Include Insufficient Technical Content?
Often when we read news stories, we find them lacking any technical substance. It would seem that the writer aborted the story before asking any interesting questions that would allow us, as technical professionals, to fully understand the story and draw our own conclusions …
Confide, a Favorite App of the White House, May Not Be Secure
A New York City based start-up company, Confide, offers a text messaging system “with encrypted messages that self-destruct.” You can download the app at getconfide.com. Confide lets its users “discuss sensitive topics, brainstorm ideas or give unfiltered opinions without fear of the Internet’s permanent, digital record and with no copies left behind.” …
Our CTO, Karl Auerbach, on The Internet Of Things
NTIA has published a Notice for Public comment that is titled “The Benefits, Challenges, and Potential Roles for the Government in Fostering the Advancement of the Internet of Things”. This could become ICANN-2, bigger, longer, and uncut; and with a much greater impact on the future direction of the internet.
However, my thoughts on this go well beyond the possibility of another ICANN …
Network Congestion And Net Neutrality
The ground breaking FCC ruling on Net Neutrality has continued to stir the debate on whether corporations or the government should be in charge of regulating the use of the internet. Last week The Wall Street Journal published an article by Holman W. Jenkins: The Gigabit Distraction. This article makes some misleading and “distracting” claims about network neutrality …
The US Department Of Code: Vulnerability Disclosures
Microsoft and Google disagree about the mechanics, reporting, and resolution of bug disclosures. They are not the only ones with this disagreement. According to Ars Technica, the security community has two schools of thought on this issue …
Do We Need A U.S. Department Of Code?
Since the Heartbleed bug was exposed in April, one thing has become apparent: the underlying infrastructure of the Internet—and the applications and services that rely on open source projects like SSL and TLS to operate—are extremely vulnerable. And now, many network professionals believe that the only way to make it more secure is to provide oversight into the underlying infrastructure of the Web …