[Newsclips] IETF SYN-ACK Newspack 2020-10-12

[David Goldstein <david@goldsteinreport.com>]

**********************

IETF IN THE NEWS

**********************

Governance Reform Working Group Charter

... Scope & Task: The Board hopes the Working Group will foster a broad, open community discussion on the general topic of governance changes. This is the draft charter for the Working Group (WG). In order to ensure a broad community consensus on the goals this charter reflects, this charter will be reviewed by the ChAC, the OMAC, and the IETF prior to its consideration by the Board as a potential ongoing work plan for the WG.

< <https://www.internetsociety.org/board-of-trustees/governance-reform-working-group-charter/> https://www.internetsociety.org/board-of-trustees/governance-reform-working-group-charter/>

 

We Fight For the Users

Here at the Electronic Frontier Foundation, we have a guiding motto: "I Fight For the Users." (We even put it on t-shirts from time to time!) We didn't pick that one by accident (nor merely because we dig the 1982 classic film "Tron"), but because it provides such a clear moral compass when we sit down to work every day. ... This summer, the Internet Engineering Task Force's Internet Architecture Board began circulating RFC 8890: The Internet is for End Users, and we think it's just terrific (RFC stands for "Request for Comment"; it's what the IETF calls its internal documents, including its standards).

< <https://www.eff.org/deeplinks/2020/10/we-fight-users> https://www.eff.org/deeplinks/2020/10/we-fight-users>

 

How to use the ProblemDetails middleware in ASP.NET Core

For an API to be maintainable and usable there should be consistency in the way responses are sent to the clients. This article talks about ProblemDetails, open source ASP.NET Core middleware from Kristian Hellang that can be used to generate detailed results for the exceptions that occur in your application. ... The Internet Engineering Task Force (IETF) published a document in March 2016, called Problem Details For HTTP APIs, that defines a format that can be used to send out machine-readable details about the errors that occur in an application. You can take advantage of this format in the ProblemDetails middleware to define errors and error messages in HTTP API responses. Plus, all of your exceptions can be handled in one place: You can always return an instance of ProblemDetails to the consuming client irrespective of the type of error that has occurred.

< <https://www.infoworld.com/article/3584786/how-to-use-the-problemdetails-middleware-in-aspnet-core.html> https://www.infoworld.com/article/3584786/how-to-use-the-problemdetails-middleware-in-aspnet-core.html>

 

What Huawei and China's New IP proposal is all about

... Aren’t there other ways to fix these problems? The proposal doesn’t deny this, but argues that there’s more to be done. It cites IPv6 over Low Power Wireless Personal Area Networks (6LoWPAN), an internet standard working group in the Internet Engineering Task Force (IETF).

< <https://www.medianama.com/2020/10/223-new-ip-huawei-china/> https://www.medianama.com/2020/10/223-new-ip-huawei-china/>

 

SVG Tech Insight: Telephony in the Modern Video Production Facility

... However, not only do telecom costs drop dramatically when switching to VoIP, reliability skyrockets. Telecom companies are actively maintaining and growing their IP backbone. What’s more, providers can offer divergent paths and redundant circuits with automatic failover in ways that were just not possible with POTS. Another excellent feature of VoIP is the granular troubleshooting it affords. The widely accepted SIP protocol, standardized by the Internet Engineering Task Force (IETF), includes more than 40 different error messages that can tell you why a call was not completed.

< <https://www.sportsvideo.org/2020/10/08/svg-tech-insight-telephony-in-the-modern-video-production-facility/> https://www.sportsvideo.org/2020/10/08/svg-tech-insight-telephony-in-the-modern-video-production-facility/>

 

Nokia Intros New Network Slicing Management Solution

... Nokia’s new automation capabilities, which comply with the 3GPP and IETF slicing specifications, are an extension of its 4G/5G end-to-end network slicing solution announced in February1 and the slice orchestrator announced in June2. First deliveries are planned by the end of 2020.

< <https://www.thefastmode.com/technology-solutions/18137-nokia-intros-new-network-slicing-management-solution> https://www.thefastmode.com/technology-solutions/18137-nokia-intros-new-network-slicing-management-solution>

 

How The Latest TRs Bolster The Core IBM i OS

... IBM i 7.3 will also now be able to generate a Universal Unique Identifier that is compatible with the Internet Engineering Task Force (IETF)’s version 4 UUID specification. IBM had already shipped that capability in 7.4.

< <https://www.itjungle.com/2020/10/07/how-the-latest-trs-bolster-the-core-ibm-i-os/> https://www.itjungle.com/2020/10/07/how-the-latest-trs-bolster-the-core-ibm-i-os/>

 

Identificación y exploración de tendencias en el incremento, tipos de impactos y efectos del malware [Identification and exploration of trends in the increase, types of impacts and effects of malware]

Estos ciber-ataques del tipo DDoS son difíciles de detectar sin trazabilidad debido a que las botnets se sitúan en diferentes localizaciones geográficas detrás de redes de proxies. Las botnets se mitigan utilizando contramedidas como: (a) Filtrado RFC3704/IETF que denegarán el tráfico de direcciones falsificadas y ayudarán a que el tráfico pueda tener trazabilidad a su red origen correcta. Por ejemplo, el filtrado RFC3704/IETF eliminará los paquetes de direcciones IP falsas (filtrado de bogons).

< <https://www.interempresas.net/Electronica/Articulos/315748-Identificacion-exploracion-tendencias-incremento-tipos-impactos-efectos-del-malware.html> https://www.interempresas.net/Electronica/Articulos/315748-Identificacion-exploracion-tendencias-incremento-tipos-impactos-efectos-del-malware.html>

 

汪文勇：IP怎么了？ [Wang Wenyong: What happened to IP?]

目前，转向IPv6是一个非常明确的方向和目标。回顾IPv6的发展史，上世纪90年代初期IETF提出名为IPng的计划，IPv6是其中的方案之一，经过几年的发展成为标准。IPv6在本世纪初已在我国受到关注和重视，将近20年之后，成为了不可逆转的趋势。这20年其实IPv6走得非常艰辛。为什么会出现这种情况？

< <http://www.edu.cn/xxh/tpxw/202010/t20201009_2020241.shtml> http://www.edu.cn/xxh/tpxw/202010/t20201009_2020241.shtml>

 

运营商百兆宽带用户近九成 网络提速带来产业链多方利好 [Nearly 90% of operators' 100M broadband users, network speed increases, bring benefits to the industry chain]

... 另外，宽带网络的建设拉动产业链发展壮大，使关键技术不断取得突破。尤其是在新一代移动通信、5G、光通信、智能终端等领域取得了重要进展。同时，中国设备厂商在IETF、ITU-T、3GPP等标准组织中的贡献和话语权稳步提升。

< <https://finance.sina.com.cn/tech/2020-10-08/doc-iivhuipp8516475.shtml> https://finance.sina.com.cn/tech/2020-10-08/doc-iivhuipp8516475.shtml>

< <http://www.inpai.com.cn/news/tx/20201009/62841.html> http://www.inpai.com.cn/news/tx/20201009/62841.html>

 

**********************

IETF AND QUIC

**********************

Google begins adding HTTP/3 and IETF QUIC support in Chrome

Google is beginning to implement support for HTTP/3 in its Chrome browser, the company announced in a blog post. The update will bring some additional performance improvements, mostly thanks to the implementation of QUIC as the transport protocol.

< <https://www.neowin.net/news/google-begins-adding-http3-and-ietf-quic-support-in-chrome/> https://www.neowin.net/news/google-begins-adding-http3-and-ietf-quic-support-in-chrome/>

 

Google Chrome browser is rolling out HTTP/3 via IETF QUIC

Forward-looking: HTTP/3 over QUIC is the replacement for the only thing that hasn’t changed on the web in the last thirty years; TCP (transmission control protocol). QUIC uses UDP (user datagram protocol) instead of TCP and is thus simpler and faster.

< <https://www.techspot.com/news/87058-google-chrome-browser-rolling-out-http3-ietf-quic.html> https://www.techspot.com/news/87058-google-chrome-browser-rolling-out-http3-ietf-quic.html>

 

Google Chrome deploying QUIC, HTTP/3 protocols to reduce YouTube buffer time and more

Google Chrome now broadly supports QUIC, a new networking transport protocol that consolidates the features of TCP, TLS, among others. Meanwhile, Chrome is rolling out support for HTTP/3, which is the latest version of the HTTP communication protocol. HTTP is responsible for the majority of web traffic and communication between clients (web browsers) and websites. HTTP/3 runs over QUIC. As a result, both these protocols are related.

< <https://news.thewindowsclub.com/google-chrome-deploying-quic-http-3-protocols-103585/> https://news.thewindowsclub.com/google-chrome-deploying-quic-http-3-protocols-103585/>

 

Google Chrome and YouTube will speed up!

Competition in the internet browser market is quite high. Although each browser has different features, the most important criterion is the ability to search quickly. The debate over browser preference does not seem to end either. In this area, browsers such as Safari, Edge, Chrome, Mozilla and Opera are improving themselves day by day. Now Google Chrome and YouTube will speed up with the QUIC feature.

< <https://www.somagnews.com/google-chrome-and-youtube-will-speed-up/> https://www.somagnews.com/google-chrome-and-youtube-will-speed-up/>

 

Chrome : Google commence le déploiement de HTTP/3 et du QUIC de l’IETF [Chrome: Google begins deployment of HTTP/3 and IETF QUIC]

QUIC (Quick UDP Internet Connections) est à la base un protocole créé par Google en 2013, avec l’objectif de proposer une couche de transport performante pour les applications web – en communiquant par UDP plutôt que par TCP – et de réduire la latence.

< <https://www.nextinpact.com/lebrief/44072/chrome-google-commence-deploiement-http3-et-quic-lietf> https://www.nextinpact.com/lebrief/44072/chrome-google-commence-deploiement-http3-et-quic-lietf>

 

Google commence l'implémentation de HTTP/3, la dernière version de HTTP, et IETF QUIC, un nouveau protocole de transport en réseau, dans Chrome [Google begins implementation of HTTP/3, the latest version of HTTP, and IETF QUIC, a new network transport protocol, in Chrome]

Google a annoncé mercredi qu’il commence le déploiement de HTTP/3 et IETF QUIC dans Chrome. Cette mise à jour devrait apporter quelques améliorations supplémentaires en matière de performances, surtout grâce à la prise en charge de QUIC.

< <https://web.developpez.com/actu/309507/Google-commence-l-implementation-de-HTTP-3-la-derniere-version-de-HTTP-et-IETF-QUIC-un-nouveau-protocole-de-transport-en-reseau-dans-Chrome-pour-plus-performances/> https://web.developpez.com/actu/309507/Google-commence-l-implementation-de-HTTP-3-la-derniere-version-de-HTTP-et-IETF-QUIC-un-nouveau-protocole-de-transport-en-reseau-dans-Chrome-pour-plus-performances/>

 

Con HTTP/3 navegarás por la web más rápido y más seguro [With HTTP/3 you'll browse the web faster and more securely]

El nuevo protocolo HTTP/3 para la navegación web supone un antes y un después, no es una simple evolución del protocolo actual, sino que con HTTP/3 mejoramos enormemente la eficiencia a la hora de navegar por las webs, lo que se traduce en que cargarán mucho más rápido, además de disponer de las últimas medidas de seguridad proporcionadas por TLS. Hoy en RedesZone os vamos a explicar en detalle qué es HTTP/3, cuáles son sus principales características, novedades, ventajas y mucho más. ... HTTP/3 es la próxima generación del Protocolo de Transferencia de Hipertexto que usamos para intercambiar información en la World Wide Web. Antes de tener una denominación, se le conocía con el Protocolo de Transferencia de Hipertexto sobre QUIC.

< <https://www.redeszone.net/tutoriales/internet/protocolo-http-3-internet-que-es-rapido-seguro/> https://www.redeszone.net/tutoriales/internet/protocolo-http-3-internet-que-es-rapido-seguro/>

 

C#-Innovationen machen die Sprache fit für Serverless in der Cloud [C-Innovations Make the Language Fit for Serverless in the Cloud]

... Das .NET-Team hat in den letzten Jahren viel in dieser Hinsicht investiert. Mit Project Bedrock [10] wurden Abstraktionen und Cross-Cutting Concerns entwickelt, die es Bibliotheken wie zum Beispiel SignalR erlauben, auf unterschiedlichen Basisprotokollen (z. B. TCP, Websockets) aufzusetzen. Kestrel, der Webserver von .NET Core, nutzt ebenfalls die Ergebnisse von Bedrock, um nicht nur HTTP zu unterstützen, sondern auch beispielsweise TCP Sockets (System.Net.Sockets) oder libuv. Kommende Protokollinnovationen wie QUIC werden mit Hilfe von Bedrock einfacher und schneller in .NET genutzt werden können.

< <https://entwickler.de/online/cloud/c-serverless-cloud-579946451.html> https://entwickler.de/online/cloud/c-serverless-cloud-579946451.html>

 

Google ya inicio con la activación de IETF QUIC y HTTP/3 en Chrome [Google already started with the activation of IETF QUIC and HTTP / 3 in Chrome]

Google anunció hace pocos días que ya ha comenzado con el despliegue de HTTP/3 e IETF QUIC en Chrome y en el anuncio da a conocer que espera que esta actualización traiga algunas mejoras de rendimiento adicionales, especialmente con soporte para QUIC.

< <https://blog.desdelinux.net/google-ya-inicio-con-la-activacion-de-ietf-quic-y-http-3-en-chrome/> https://blog.desdelinux.net/google-ya-inicio-con-la-activacion-de-ietf-quic-y-http-3-en-chrome/>

 

Google começa a adicionar suporte HTTP / 3 e IETF QUIC no Chrome [Google begins to add support HTTP / 3 and Quic IETF in Chrome]

O Google está começando a implementar suporte para HTTP / 3 em seu navegador Chrome, a empresa anunciou em um blog. A atualização trará algumas melhorias de desempenho adicionais, principalmente graças a a implementação do QUIC como o protocolo de transporte.

< <https://www.tekimobile.com/noticia/google-comeca-a-adicionar-suporte-http-3-e-ietf-quic-no-chrome/> https://www.tekimobile.com/noticia/google-comeca-a-adicionar-suporte-http-3-e-ietf-quic-no-chrome/>

 

Google nativně zapíná v Chrome podporu HTTP/3 [Google natively turns on HTTP/3 support in Chrome]

Americká společnost Google aktivně zapíná uživatelům Chrome podporu zatím stále ještě nehotového webového standardu HTTP/3, spolu s ním bude zapnutý také protokol QUIC od IETF. Protokol HTTP/3 bude v prohlížeči ve výchozím stavu zapnutý pro všechny uživatele.

< <https://www.lupa.cz/aktuality/google-nativne-zapina-v-chrome-podporu-http-3/> https://www.lupa.cz/aktuality/google-nativne-zapina-v-chrome-podporu-http-3/>

 

Bezpečnostní novinky v prohlížečích: ochrana CSRF a důvěryhodná metadata [Security news in browsers: CSRF protection and trusted metadata]

... HTTP/2 a dál: Prohlížeč v sobě zahrnuje celou řadu různých vrstev, které musí fungovat, abychom načetli webovou stránku. Na nejnižších vrstvách najdeme protokoly TCP, TLS 1.2 a vyšší a HTTP/2. I v této oblasti probíhá neustálý vývoj a Google už před lety přišel s dalším protokolem s názvem QUIC, ze kterého se později vyvinul HTTP/3. "Protokol používá pro přenos UDP, u kterého není zaručeno, kdy data přijdou a jestli vůbec přijdou. Proto QUIC nad UDP vlastně vytvořil vlastní řízení provozu podobné TCP."

< <https://www.root.cz/clanky/bezpecnostni-novinky-v-prohlizecich-ochrana-csrf-a-duveryhodna-metadata/> https://www.root.cz/clanky/bezpecnostni-novinky-v-prohlizecich-ochrana-csrf-a-duveryhodna-metadata/>

 

A Internet vai ficar mais rápida! Abram alas ao HTTP/3 por QUIC! [The Internet will get faster! Make way to HTTP/3 by QUIC!]

Caso não saiba, o HTTP/3 por QUIC é o substituto da única coisa que ainda não mudou na Web nos últimos 30 anos, o TCP (Transmission Control Protocol). Ou seja, muito resumidamente, o QUIC usa UDP (User Datagram Protocol) em vez de TCP para ser mais simples, e por isso mesmo, mais rápido.

< <https://www.leak.pt/a-internet-vai-ficar-mais-rapida-abram-alas-ao-http-3-por-quic/> https://www.leak.pt/a-internet-vai-ficar-mais-rapida-abram-alas-ao-http-3-por-quic/>

 

... Google Chrome IETF QUIC ve HTTP / 3 desteğine kavuşuyor [Google Chrome gets IETF QUIC and HTTP/3 support]

Google, blog gönderisinde yaptığı duyuruda Chrome tarayıcı için IETF QUIC ve HTTP / 3 teknolojisini desteklemeye başladığını duyurdu. Bunlar sayesinde Google’ın arama motoru ve YouTube, olduğundan çok daha hızlı tepki verecek.

< <https://hwp.com.tr/google-chrome-ietf-quic-http-3-destegi-154966> https://hwp.com.tr/google-chrome-ietf-quic-http-3-destegi-154966>

 

Chrome'a Önemli Yenilik: HTTP/3 ve IETF QUIC Desteği Geldi! [Important Innovation for Chrome: HTTP/3 and IETF QUIC Support!]

Google, blog gönderisinde yaptığı duyuruda Chrome web tarayıcısına HTTP/3 desteğini eklemeye başladığını söyledi. HTTP3, aktarım protokolü olarak QUIC'i kullandığından bir dizi performans geliştirmesi sunacak.

< <https://www.chip.com.tr/haber/chrome-onemli-yenilik-http3-ve-ietf-quic-destegi-geldi_90908.html> https://www.chip.com.tr/haber/chrome-onemli-yenilik-http3-ve-ietf-quic-destegi-geldi_90908.html>

 

Ο Google Chrome θα τρέχει σε HTTP/3 μέσω IETF QUIC [Google Chrome will run on HTTP/3 via IETF QUIC]

Το HTTP/3 μεσω QUIC είναι το μόνο πραγματικά απαραίτητο στοιχείο που δεν έχει αλλάξει στον διαδίκτυο τα τελευταία τριάντα χρόνια, αφού γενικά όλα τα προγράμματα περιήγησης, οι υποδομές δικτύων πληροφορικής, και οι διακομιστές (web servers) χρησιμοποιούσαν το παρωχημένο σύστημα TCP (Πρωτόκολλο Ελέγχου Μεταφοράς).

< <https://texnologia.net/o-google-chrome-tha-trechei-se-http-3-meso-ietf-quic/2020/10> https://texnologia.net/o-google-chrome-tha-trechei-se-http-3-meso-ietf-quic/2020/10>

 

Google Chrome - YouTube: Θα «τρέχουν» σε HTTP/3 μέσω IETF QUIC [Google Chrome - YouTube: Will "run" in HTTP / 3 via IETF QUIC]

Google Chrome - YouTube: Το IETF QUIC μειώνει τον λανθάνοντα χρόνο αναζήτησης κατά περισσότερο από 2% και τον χρόνο rebuffer time του YouTube κατά περισσότερο από 9%

< <https://www.protothema.gr/technology/article/1054017/google-chrome-youtube-tha-trehoun-se-http3-meso-ietf-quic/> https://www.protothema.gr/technology/article/1054017/google-chrome-youtube-tha-trehoun-se-http3-meso-ietf-quic/>

 

Az új webes protokollra, a HTTP/3-ra gyúr rá a Chrome legújabb kiadása [The new web protocol HTTP/3 is working out with the latest release of Chrome]

A Google a múlt hét végén közölte, hogy a napokban elkezdte felhasználóihoz terjeszteni böngészője egy olyan új verzióját, ami teljes értékűre bővített HTTP/3-támogatással érkezik. A Chrome ugyanis egy ideje már támogatta az új átviteli protokoll egy, a Google által kifejlesztett verzióját, de most a hivatalos, IETF-féle változat támogatását is megkapta.

< <https://pcforum.hu/hirek/22760/az-uj-webes-protokollra-a-http-3-ra-gyur-ra-a-chrome-legujabb-kiadasa> https://pcforum.hu/hirek/22760/az-uj-webes-protokollra-a-http-3-ra-gyur-ra-a-chrome-legujabb-kiadasa>

 

Apple продолжает развивать Safari: разбираем экспериментальные функции браузера в iOS 14 [Apple continues to develop Safari: disassemble experimental browser features in iOS 14]

... 27. HTTP/3 — третья версия транспортного протокола HTTP. Вместо TCP использует QUIC, так что даже потеря части пакетов не приводит к задержке передачи данных. К тому же обновления протокола больше не привязаны к ОС (то есть не будет такого, что на Windows 7 условно через 5 лет перестанут открываться сайты).

< <https://www.iguides.ru/main/other/apple_prodolzhaet_razvivat_safari_razbiraem_eksperimentalnye_funktsii_brauzera_v_ios_14/> https://www.iguides.ru/main/other/apple_prodolzhaet_razvivat_safari_razbiraem_eksperimentalnye_funktsii_brauzera_v_ios_14/>

 

Chrome เริ่มปลด QUIC ของตัวเอง หันไปใช้ HTTP/3 และ IETF QUIC [Chrome starts disconnecting its own QUIC, turning to HTTP/3 and IETF QUIC]

กูเกิลนับเป็นบริษัทที่สนับสนุนแนวทางการสร้างโปรโตคอลใหม่มาทดแทน HTTP บน TCP มายาวนาน นับแต่ SPDY ตั้งแต่ปี 2009 และ QUIC ในปี 2012 แม้ที่ผ่านมา IETF จะมีแนวทางยอมรับ QUIC ให้เป็นส่วนหนึ่งของ HTTP/3 แต่ตัวโปรโตคอลก็มีการแก้ไขหลายส่วน ทำให้ไม่สามารถใช้งานร่วมกับ Google QUIC ที่กูเกิลพัฒนาและใช้งานเองระหว่างเซิร์ฟเวอร์ของกูเกิลและ Chrome ล่าสุดกูเกิลก็ประกาศจะย้ายผู้ใช้ Chrome จำนวน 25% ของทั้งหมด หันมาใช้ IETF QUIC แล้ว

< <https://www.blognone.com/node/118893> https://www.blognone.com/node/118893>

 

「Google Chrome」に「HTTP/3」「IETF QUIC」が段階的に導入 ～さらなるパフォーマンスアップに期待 ["HTTP / 3" and "IETF QUIC" are gradually introduced to "Google Chrome" -Expected to further improve performance]

米Googleは10月7日（現地時間）、「Google Chrome」における「IETF QUIC」（ドラフトバージョン h3-29）サポートの展開を発表した。現在、安定版「Chrome」ユーザーの25％で“h3-29”が利用されているが、今後数週間をかけて増やしていくとのこと。 

< <https://forest.watch.impress.co.jp/docs/news/1281840.html> https://forest.watch.impress.co.jp/docs/news/1281840.html>

 

Google Chromeが「HTTP/3」と「IETF QUIC」をサポートへ [Google Chrome to support HTTP/3 and IETF QUIC]

Google Chromeチームは10月7日(米国時間)、「Chromium Blog: Chrome is deploying HTTP/3 and IETF QUIC」において、Google Chromeが「Google QUIC」に加えて「IETF QUIC」を積極的にサポートしていく方針だと伝えた。QUIC（Quick UDP Internet Connections）は、Googleが開発したUDP（User Datagram Protocol）やTLS（Transport Layer Security）をベースとした新しい通信プロトコルである。

< <https://news.mynavi.jp/article/20201012-1402837/> https://news.mynavi.jp/article/20201012-1402837/>

 

Windows 10ミニTips 第546回 Edgeの試験機能でパフォーマンス向上を狙う [Windows 10 Mini Tips To Improve Performance with the 546th Edge Exam]

... QUICプロトコルをサポートする。Googleやコミュニティが中心になって開発したQUICプロトコルは、次期バージョンとなるHTTP/3のベースとなり、対応するWebサーバーではデータ転送の高速化を見込める。

< <https://www.excite.co.jp/news/article/Cobs_2136966/> https://www.excite.co.jp/news/article/Cobs_2136966/>

 

谷歌开始在 Google Chrome 中加入 HTTP/3 和 IETF QUIC 支持 [Google began adding HTTP/3 and IETF QUIC support to Google Chrome]

IT之家 10 月 8 日消息 据 smalltechnews 报道，谷歌宣布开始在其 Chrome 浏览器中实现对 HTTP / 3 的支持。

< <https://finance.sina.com.cn/tech/2020-10-08/doc-iivhvpwz0823244.shtml> https://finance.sina.com.cn/tech/2020-10-08/doc-iivhvpwz0823244.shtml>

 

Chrome將啟用IETF QUIC協定支援 [Chrome will enable IETF QUIC protocol support]

Chrome在去年，都還是使用自家QUIC協定，但是隨著IETF QUIC的發展，Google決定轉向積極支援IETF QUIC

< <https://www.ithome.com.tw/news/140430> https://www.ithome.com.tw/news/140430>

 

... 【Chrome 准备支持 IETF QUIC】[Chrome is ready to support IETF QUIC]

Chromium 官方博客宣布，Chrome 准备支持 IETF QUIC。Google 开发者称，QUIC 是新的网络传输协议，结合了 TCP 和 TLS 等协议的特性，最新版本的 HTTP 协议 HTTP/3 就是运行在 QUIC 之上（即 HTTP-over-QUIC）。

< <https://www.donews.com/news/detail/1/3116087.html> https://www.donews.com/news/detail/1/3116087.html>

 

谷歌开始在Google Chrome中加入HTTP/3和IETF QUIC支持 [Google started adding HTTP/3 and IETF QUIC support to Google Chrome]

谷歌开始在其Chrome浏览器中实现对HTTP/3的支持，该公司在一篇博客中宣布。此次更新将带来一些额外的性能改进，主要得益于实现了QUIC作为传输协议。互联网工程任务组（或IETF）早在2015年就推出了HTTP/2，它带来的一大改进就是支持复用。

< <https://finance.sina.com.cn/tech/2020-10-08/doc-iivhvpwz0813476.shtml> https://finance.sina.com.cn/tech/2020-10-08/doc-iivhvpwz0813476.shtml>

 

深度算法优化 金山云低延迟直播码率再节省12%~17% [In-depth algorithm optimization Kingsoft Cloud's low-latency live broadcast bit rate saves another 12%~17%]

... 当然，对于带宽受限、弱网等环境，金山云也提供QUIC、CMAF等技术支撑。金山云拥有遍布全球多个国家的CDN分布节点，是业内较早在CDN节点实现RTMP、 HTTP+FLV、 HLS支持H.265的云服务企业，并全面实现over QUIC推流和拉流的CDN厂商。同时，金山云CDN还支持直播多流择优方案，提供稳定的性能、透明的数据服务体制。

< <https://www.csdn.net/article/a/2020-10-09/15996079> https://www.csdn.net/article/a/2020-10-09/15996079>

 

**********************

SECURITY & PRIVACY

**********************

INTERPOL-Europol 8th Cybercrime Conference: “Half of humanity at risk”

Taking place online for the first time, the 8th INTERPOL-Europol Cybercrime Conference (6 October 2020) saw more than 400 cyber experts from law enforcement, private industry, international organizations, CERTs and academia tune in to discussions on emerging cyber threats, trends and strategies.

< <https://www.interpol.int/News-and-Events/News/2020/INTERPOL-Europol-8th-Cybercrime-Conference-Half-of-humanity-at-risk> https://www.interpol.int/News-and-Events/News/2020/INTERPOL-Europol-8th-Cybercrime-Conference-Half-of-humanity-at-risk>

 

IoT Cybersecurity: Webinar Series to Tackle Security Challenges of IoT

Tomorrow, the European Union Agency for Cybersecurity (ENISA), Europol’s European Cybercrime Centre (EC3) and the Computer Emergency Response Team for the EU Institutions, Bodies and Agencies (CERT-EU) will launch the 4th annual IoT Security Conference series to raise awareness on the security challenges facing the Internet of Things (IoT) ecosystem across the European Union.

< <https://www.europol.europa.eu/newsroom/news/iot-cybersecurity-webinar-series-to-tackle-security-challenges-of-iot> https://www.europol.europa.eu/newsroom/news/iot-cybersecurity-webinar-series-to-tackle-security-challenges-of-iot>

 

IoT Cybersecurity: Webinar Series to Tackle Security Challenges of IoT

Tomorrow, the European Union Agency for Cybersecurity (ENISA), Europol’s Cybercrime Centre (EC3) and the Computer Emergency Response Team for the EU Institutions, Bodies and Agencies (CERT-EU) will launch the 4thannual IoT Security Conference series to raise awareness on the security challenges facing the Internet of Things (IoT) ecosystem across the European Union.

< <https://www.enisa.europa.eu/news/enisa-news/iot-cybersecurity-webinar-series-to-tackle-security-challenges-of-iot> https://www.enisa.europa.eu/news/enisa-news/iot-cybersecurity-webinar-series-to-tackle-security-challenges-of-iot>

 

Highlights on the National Cybersecurity Strategies

On the 6th of 0ctober 2020, the EU Agency for Cybersecurity hosted a virtual workshop to validate the results of the study for the creation of a national capabilities assessment framework together with the EU Member States and related stakeholders.

< <https://www.enisa.europa.eu/news/enisa-news/Highlights-on-the-National-Cybersecurity-Strategies> https://www.enisa.europa.eu/news/enisa-news/Highlights-on-the-National-Cybersecurity-Strategies>

 

Cyber Command has sought to disrupt the world’s largest botnet, hoping to reduce its potential impact on the election

In recent weeks, the U.S. military has mounted an operation to temporarily disrupt what is described as the world’s largest botnet — one used also to drop ransomware, which officials say is one of the top threats to the 2020 election.

< <https://www.washingtonpost.com/national-security/cyber-command-trickbot-disrupt/2020/10/09/19587aae-0a32-11eb-a166-dc429b380d10_story.html> https://www.washingtonpost.com/national-security/cyber-command-trickbot-disrupt/2020/10/09/19587aae-0a32-11eb-a166-dc429b380d10_story.html>

 

Report: U.S. Cyber Command Behind Trickbot Tricks

A week ago, KrebsOnSecurity broke the news that someone was attempting to disrupt the Trickbot botnet, a malware crime machine that has infected millions of computers and is often used to spread ransomware. A new report Friday says the coordinated attack was part of an operation carried out by the U.S. military’s Cyber Command.

< <https://krebsonsecurity.com/2020/10/report-u-s-cyber-command-behind-trickbot-tricks/> https://krebsonsecurity.com/2020/10/report-u-s-cyber-command-behind-trickbot-tricks/>

 

Report highlights concern heading into election: Ransomware attacks on the rise in the US

Cyberattacks that seize control of computers and hold them for ransom are on the rise, with the United States seeing a doubling of so-called "ransomware" attacks over the last three months compared to the previous quarter, according to Check Point Research, a cybersecurity firm.

< <https://edition.cnn.com/2020/10/06/tech/ransomware-election/index.html> https://edition.cnn.com/2020/10/06/tech/ransomware-election/index.html>

 

Global Surges in Ransomware Attacks

Organizations worldwide are in the midst of a massive wave of ransomware attacks. In the last 3 months alone, the daily average of ransomware attacks has increased by 50%. As these attacks continue to mature both in frequency and intensity, their impact on business has grown exponentially. In the past month, there has been reports about ransomware attacks targeting a shipping giant, a US-based broker and one of the largest watch-makers in the world.

< <https://blog.checkpoint.com/2020/10/06/study-global-rise-in-ransomware-attacks/> https://blog.checkpoint.com/2020/10/06/study-global-rise-in-ransomware-attacks/>

 

Ransomware attacks skyrocketed in past three months - Check Point

Global ransomware attacks skyrocketed in past three months, according to new research from Check Point.

< <https://futurefive.co.nz/story/ransomware-attacks-skyrocketed-in-past-three-months-check-point> https://futurefive.co.nz/story/ransomware-attacks-skyrocketed-in-past-three-months-check-point>

 

CISA Warns of Renewed Emotet Activity: The Emotet malware dropper is seeing an upsurge in new activity in the second half of 2020.

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have released a warning about an upsurge in malware campaigns using Emotet, a Trojan "dropper" that carries other malware to its victims.

< <https://www.darkreading.com/attacks-breaches/cisa-warns-of-renewed-emotet-activity/d/d-id/1339107> https://www.darkreading.com/attacks-breaches/cisa-warns-of-renewed-emotet-activity/d/d-id/1339107>

 

Emotet 101: How the Ransomware Works -- and Why It's So Darn Effective

In recent weeks, Emotet has emerged as the most common form of ransomware. Managing the risk involves starts with understanding the way it works.

< <https://www.darkreading.com/edge/theedge/emotet-101-how-the-ransomware-works----and-why-its-so-darn-effective/b/d-id/1339124> https://www.darkreading.com/edge/theedge/emotet-101-how-the-ransomware-works----and-why-its-so-darn-effective/b/d-id/1339124>

 

Activity Alert: Emotet Malware

Emotet—a sophisticated Trojan commonly functioning as a downloader or dropper of other malware—resurged in July 2020, after a dormant period that began in February. Since August, CISA and MS-ISAC have seen a significant increase in malicious cyber actors targeting state and local governments with Emotet phishing emails. This increase has rendered Emotet one of the most prevalent ongoing threats.

< <https://www.cisecurity.org/white-papers/activity-alert-emotet-malware/> https://www.cisecurity.org/white-papers/activity-alert-emotet-malware/>

 

Cybersecurity for Critical Infrastructure: How CISA Programs, New Legislation Can Help

Recent efforts by the U.S. Cybersecurity and Infrastructure Agency, combined with significant bills coming out of the House and Senate, are putting critical infrastructure operators on a path towards achieving cross-sector visibility and strong operational technology security.

< <https://www.tenable.com/blog/cybersecurity-for-critical-infrastructure-how-cisa-programs-new-legislation-can-help> https://www.tenable.com/blog/cybersecurity-for-critical-infrastructure-how-cisa-programs-new-legislation-can-help>

 

us: House Passes Internet of Things Cybersecurity Improvement Act

The House of Representatives recently passed the Internet of Things (IoT) Cybersecurity Improvement Act of 2020 (the Act). The Act has been moved to the Senate for consideration. The legislation sets minimum security standards for all IoT devices purchased by government agencies.

< <https://www.natlawreview.com/article/house-passes-internet-things-cybersecurity-improvement-act> https://www.natlawreview.com/article/house-passes-internet-things-cybersecurity-improvement-act>

 

Why developing cybersecurity education is key for a more secure future

Cybersecurity threats are growing every day, be they are aimed at consumers, businesses or governments. The pandemic has shown us just how critical cybersecurity is to the successful operation of our respective economies and our individual lifestyles.

< <https://www.helpnetsecurity.com/2020/10/05/why-developing-cybersecurity-education-is-key-for-a-more-secure-future/> https://www.helpnetsecurity.com/2020/10/05/why-developing-cybersecurity-education-is-key-for-a-more-secure-future/>

 

Cloud Exposure Report (NICER) 2020

Rapid7’s National / Industry / Cloud Exposure Report (NICER) for 2020 is the most comprehensive census of the modern internet. In a time of global pandemic and recession, the Rapid7 research team offers this data-backed analysis of the changing internet risk landscape, measuring the prevalence and geographic distribution of commonly known exposures in the interconnected technologies that shape our world.

< <https://www.rapid7.com/research/report/nicer-2020/> https://www.rapid7.com/research/report/nicer-2020/>

 

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in. But judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today’s attackers have exactly zero trouble gaining that initial intrusion: The real challenge seems to be hiring enough people to help everyone profit from the access already gained.

< <https://krebsonsecurity.com/2020/10/amid-an-embarrassment-of-riches-ransom-gangs-increasingly-outsource-their-work/> https://krebsonsecurity.com/2020/10/amid-an-embarrassment-of-riches-ransom-gangs-increasingly-outsource-their-work/>

 

Tenable and the Center for Internet Security Enter Partnership to Bolster Cyber Hygiene Across Public and Private Sectors

Tenable ... announced a strategic partnership with the Center for Internet Security, Inc. (CIS®) that will bolster cyber hygiene for both public and private sector organizations, making foundational cybersecurity more affordable, accessible and actionable.

< <https://www.cisecurity.org/press-release/tenable-and-the-center-for-internet-security-enter-partnership-to-bolster-cyber-hygiene-across-public-and-private-sectors/> https://www.cisecurity.org/press-release/tenable-and-the-center-for-internet-security-enter-partnership-to-bolster-cyber-hygiene-across-public-and-private-sectors/>

 

Growing support for open security standards in Switzerland

Open security standards are essential for a secure and resilient Internet in Switzerland and protect the privacy of Swiss Internet users. The adoption rate for Internet security standards like DNSSEC, DANE and DMARC in Switzerland is still low compared to the leading countries in Europe, but there is more and more support from the Internet industry, authorities and not for profit organizations in Switzerland.

< <https://securityblog.switch.ch/2020/10/06/growing-support-for-open-security-standards-in-switzerland/> https://securityblog.switch.ch/2020/10/06/growing-support-for-open-security-standards-in-switzerland/>

 

eu: 10 years of Internet security and DNSSEC: what, how and most importantly, why?

For many people, Internet security is about anti-virus software, firewalls and regularly. changing passwords. However, at .eu we have a wider view on how to protect our 3.6 million .eu domain names.

< <https://eurid.eu/en/news/10-years-dnssec/> https://eurid.eu/en/news/10-years-dnssec/>

 

Fourth Annual Cybersecurity Report Card: Breaches at Standstill for First Time as COVID-19 Related Attacks Increase

DomainTools, released today its annual Cybersecurity Report Card in which security analysts, threat hunters, and other cyber professionals on the front lines self-grade the security posture of their organizations. ... The report finds that confidence in cybersecurity programs continues to remain steadfast despite the challenges brought on by COVID-19. Twenty-four percent of respondents gave their program an “A” rating, a decrease from the 30 percent rating in 2019. However, this was offset by increases to both grade “B” and “C” categories. The “D” grades stayed the same and grade “F” was reduced to zero.

< <https://www.domaintools.com/company/press/fourth-annual-cybersecurity-report-card-breaches-at-standstill> https://www.domaintools.com/company/press/fourth-annual-cybersecurity-report-card-breaches-at-standstill>

 

DomainTools 2020 Cybersecurity Report Card: Some 2020 News That Doesn’t Suck!

... As you’ll see if you read the full report, which we recommend doing, many organizations have risen admirably to the challenges of COVID—particularly in the areas of the sudden and large-scale shift to remote work, and the COVID-related attacks that spiked along with the virus itself.

< <https://www.domaintools.com/resources/blog/domaintools-2020-cybersecurity-report-card-some-2020-news-that-doesnt-suck> https://www.domaintools.com/resources/blog/domaintools-2020-cybersecurity-report-card-some-2020-news-that-doesnt-suck>

 

**********************

INTERNET OF THINGS

**********************

Here Comes the Internet of Plastic Things, No Batteries or Electronics Required

When technologists talk about the “Internet of Things” (IoT), they often gloss over the fact that all these interconnected things need batteries and electronics to carry out the job of collecting and processing data while they’re communicating to one another. This job is made even more challenging when you consider that many of the objects we would like to connect are made from plastic and do not have electronics embedded into them.

< <https://spectrum.ieee.org/tech-talk/consumer-electronics/gadgets/plastic-internet-of-things-without-batteries-or-electronics> https://spectrum.ieee.org/tech-talk/consumer-electronics/gadgets/plastic-internet-of-things-without-batteries-or-electronics>

 

**********************

OTHERWISE NOTEWORTHY

**********************

IEEE Experts Weigh Social Implications of Emerging Technologies in Future Pandemics: technologies include big data, blockchain, 5G, and drones

There is little doubt that emerging technologies will help societies anticipate, manage, and mitigate the negative impacts of future global pandemics. But the use of such technologies must be guided with regard for citizens’ privacy, security, and well-being, and concern for its deployment and implementation.

< <https://spectrum.ieee.org/news-from-around-ieee/the-institute/ieee-member-news/ieee-experts-weigh-social-implications-of-emerging-technologies-in-future-pandemics> https://spectrum.ieee.org/news-from-around-ieee/the-institute/ieee-member-news/ieee-experts-weigh-social-implications-of-emerging-technologies-in-future-pandemics>

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home