Cisco

xrayspx's picture

My Life Is Going To Suck Without Net Neutrality

Music: 

There are so many things I do which are likely to suffer with Net Neutrality's loss.

I run my own mail, web and cloud sharing services on a VPS that I maintain. Owncloud syncs all my devices, I use IMAP and webmail. I also run lots of "consumer" stuff for myself. I own 2500 CDs which I've ripped and share for my own personal use. I have playlists. I can connect with DAAP from my phone, and listen to my own CD collection, music I have paid for, Spotify style. I know people are saying "Spotify will work just fine", but what if I don't want to use Spotify?

This is all encrypted, personal connections. Nothing illegal is happening here. I'm not filesharing or streaming Torrents or any other grey-area services. It's just all my personal stuff, owned and manually copied myself, sharing to myself. No one gets ripped off here.

I can plug my Amazon Fire stick or Raspberry Pi into any TV and use Kodi to stream my own MP3s or movies, etc. I can use it to watch Amazon Prime or Netflix as well. Kodi also has a wealth of plugins to watch content from sources such as the PBS website. We all can watch Nova, or Julia Child, or even Antiques Roadshow over the Internet, for free, legally. This may all suffer when backbone providers and local ISPs can both decide which packets have priority over other traffic. PBS could be QOS'd out of the budgets of millions.

(Note *)I don't own a Nest or any other IOT garbage, but I have toyed with the idea of building my own, running on infrastructure I build. I don't want Google to know what temperature my house is right now. And I don't want some mass hack of 500 Million Nest users or idiot IOT Lightbulbs to let some Romanian turn my furnace off in the middle of February either.

So yeah, losing Net Neutrality could effectively disable all of this. Small hosts like me could be QoS'd off of the Internet entirely, unless we pay extra /at both ends/. Pay my hosting provider to pay their backbone providers to QoS my address at a decent speed. Then pay my consumer ISP to QoS my traffic so I can reach "The Good Internet", like they have do in Portugal.

This is going to cut my lifeline to my own data, hosted by me on my own machines. Am I going to have to pay an additional "Get Decent Internet Access Beyond Google, Spotify, Facebook and Twitter" fee to the Hampton Inn just so we don't get QoS'd away from our own stuff? It's bad enough that the individual hotel can effectively do this already today, but the hotels are at least limited by the fact that they're in competition with each other and if they have ridiculously shitty Internet that you can't check your mail over, well people would notice that. Backbone providers pretty much have no such direct consumer accountability. No one's going to say "well, fuck that I'm not going to route over AT&T anymore", they might say "Hilton has shitty Internet, I'm going to Marriott".

Some of the most demoralizing part of this is that the rule-makers just don't get it. I already know they don't care, but former FCC Chair Michael Powell's statement, which boils down to "You can still use Facebook, (Amazon) Alexa, Google and Instagram, just like you can now" is missing the point either deliberately or purposefully. That most "consumers" will be fine isn't the point. The point is that everyone be equal, and all traffic be routed equally.

* The risk to my information is proportional to the value an attacker places on the information. Could a state actor target my email server and read my mail? Yeah, the Equation Group or Fancy Bear or some Eastern European ID theft ring could probably exploit some flaw in whatever software serves my VPS, or flat out order the ISP to give them access to my stuff, but why? What does the NSA gain by ransacking my mail server? Not much. How about criminal attackers? However they /would/ expose 1.5 Billion Yahoo accounts all at once, and have that entire corpus of mail to search against, plus passwords they could use to try and attack everyone's bank account all at once.

Opening Message

Hello and Welcome!

Over the course of my time as an Admin I've done a lot of Google searches and writeen a lot of code that has been very helpful to me in my work. I will be posting things here that hopefully will help you in your quest to master some of these technologies (Or simply stand on the shoulders of midgets).

I by no means consider myself a Perl or LDAP expert. It has been a "Learn as you go" ordeal. No formal training, just get things done on an as-needed basis.

I assume that you have a basic knowledge of PERL and LDAP.

Enjoy!

-Sean

Tags:
xrayspx's picture

OUCH!

[music | The Pixies - Break My Body]

If you'll remember back a few months, I lost a toenail after catching a drunken pit guy at Rev. Horton Heat. In today's installment, it's a fingernail.

Today I was putting some switches in a rack, and was putting in cage nuts the un-safe way. With a screwdriver instead of a cage nut tool. Here's what the aftermath of that can look like unless you're more careful than I am.

I'm putting pictures behind here for people who are queasy:

xrayspx's picture

CSSManager

The CSSManager is meant to allow access to certain functions of the Cisco CSS series load-balancers to less trusted (non network-engineer) staff without opening the CSS up to too much risk of misconfiguration. Currently it allows web users to suspend and activate Services in bulk quickly and safely. There are also value-added features such as "locking" servers so someone can't accidently activate a server that was suspended for a reason, comments are also useful, especially when used in conjunction with CSSPump to give context to a suspended or down server.

xrayspx's picture

Tools and Hacky Stuff

Here are some tools I've written which could be of use to other folks. It's going to be mostly Cisco related, some of which is still being formatted before I upload it, more to come.

CSSManager is a tool to simplify suspending and activating services in a Cisco CSS load balancer. It adds a couple of features like the ability to "lock out" a server and to add comments to a suspended machine to give context for its suspension. More features to come.

xrayspx's picture

Cisco CSS Toy

[music | Bauhaus - Dark Entries (Live)]

This is the first of a few tools I have to release in the coming couple of weeks, mainly involving Cisco's CSS product. The purpose of me writing them is that Cisco's web interface to the CSS is both a terrible user experience and has shown itself to be vulnerable to trivial attacks in the past (in a security sense). I don't want to run the web gui on my CSS's, and most of our admins were terrified of the command line. So I wrote a bunch of tools to help do their jobs, without the possibility of screwing up the load balancers.

Subscribe to RSS - Cisco