Tech News of The Week 04-09-24 [MTG-33]

Welcome to Tech News of the Week with your host, James McAvoy, impersonating John McEnroe.

Welcome to Tetragon Gnomes on the water. I know gnome begins with g, but I don't care. This is our weekly tech news podcast where Chris and I dissect 10 stories that we 10. Good god. Four stories that we found interesting.

We should do 10 just to mess with people someday. It's supposed to be under 10 minutes. That's what I meant to say. And, I'm gonna kick it off since, you did the main article this week. We'll start with PCI 7 is coming along nicely.

For those not deeply immersed in the physical hardware of data centers and gaming PCs, you might have only a loose idea of what PCI Express is, let alone what version we're currently on. Allow me to bring you up to speed. Uh-huh. You get it? Speed anyway.

My desktop is about 2 years old and it's running PCI 3, which is pretty good. It runs at 2 gigabytes per second per lane with up to 16 lanes available running at full duplex. A current generation system from Dell or HPE is going to ship with PCI 5 which quadrupled the speed of PCI 3 running at 8 gigabytes per lane or a 128 gigabytes over 16 lanes for a total of 64 giga tera something per second. GTs is the nomenclature for it. It's a lot.

PCI 6 was formalized back in 2022, and the first system board capable of actually running it will hit the market in 2024, doubling the bandwidth of PCI 5 to a 128 gt per second of total bandwidth or 16 gigs per lane. PCI 6's big innovations were the introduction of PAM 4 signaling which allowed the standard to increase bandwidth without changing the clock speed of the bus. PCI 7 just reached version 0.5 with the PCI special interest group. And naturally, following the pattern, it doubles the bandwidth of PCI 6. That's a lot.

However, this time they actually do need to increase the clock speed of the bus to double things to a 128 GTs per second or 32 gigabytes per second per lane, Which means, essentially, PCI 7 will be able to do in one lane what it takes 16 lanes to deliver on my desktop. AI enthusiasts are drooling all over themselves to have this kind of bandwidth available inside and outside of servers using PCI switches and CXL. However, given the 2 years it takes for a ratified standard to actually hit the market, you can expect PCI 7 to be a real product sometime in 2027. Until then, enjoy your shitty PCI 6 suckers, which is well, I mean, it's probably fine. It it's fine.

It's fine. It's fine. More shitty, but only suspected Facebook behavior proven real, again. Sucks.

I need my fainting couch.

Man, I have to assume that Mark Zuckerberg thanks his lucky stars every single day that Elon Musk is around in 2024 to be the worst person in the world. Otherwise, the kind of revelation I'm going to share would really have been a bigger story. As such, it's still awful, but it's just like a blip on the scumbag news ticker. Not sure what I'm talking about? Allow me to elucidate you.

Tell the word's used. Shut up. Don't look it up. In the mid to early 2000 and tens, the worst person in the world at the time, Mark Zuckerberg, had a problem. Namely, people were using websites that weren't not Facebook.

And he didn't know why. Mhmm. So he tasked his underlings, minions wait, what is it? Shit. What is it you call lesser evil people who get ordered around to do evil things by the main evil person?

Oh, henchmen. Yes. Henchmen. That's it. Zuckerberg ordered his henchmen to find a way to spy on people's encrypted traffic.

And so they did, using the Onavi VPN product that Facebook, I think, bought and then put out there for a few years. Basically, what happened was you would use Onavi to go to sites like, say, oh, I don't know, Snapchat. Sure. And Facebook would would just kinda watch.

Disturbing.

They would decrypt your traffic. They would watch your traffic. They would record your traffic. And they, you know, they probably put something in the EULA so you agreed to it.

Yeah.

But, you know, still bad Yeah. And not legal. Nope. It has since come to light that while this was suspected at the time, yeah, it happened. Yeah, it was bad, and yeah, Zuckerberg told them to do it.

It was designed to be privacy invading and competition destroying. This came out in court documents, and the court case in question is about, you guessed it, Facebook's anti competitive behavior. Something tells me this particular revelation is not gonna help.

Why is he not in jail again?

Because he has money.

Oh, that's right.

You're so silly.

That's the money. People with money don't go to jail. S s 7 might finally get secure. We briefly mentioned signaling system number 7, also known as s s 7, in our episode about SMS and why it's a security nightmare.

Would you pronounce that as 7?

I would not, but you do you. Although Google and Apple had been pushing RTS and Imessage respectively to add security to text messaging, SS 7 still underpins large swaths of the telecommunications infrastructure. It's how telecom systems interact with each other to connect calls, direct traffic, identify callers, calculate billing, all that kind of stuff. However, s s 7 and the slightly newer diameter protocol are now both over 30 years old and have security flaws that have been known about for over a decade. The telecom companies have shown very little initiative in fixing those flaws.

So the FCC has stepped in to force their hand. The FCC has issued a public notice RFC regarding SS 7 and diameter and asked the telcos to respond about security incidents incurred involving SS7 or diameter since 2018 and the measures the telcos have put in place to prevent future attacks. The open comment period ends on April 26th, after which the FCC will have a month to respond. The response will likely take the form of new rules and regulations for telcos regarding s s 7 and diameter, something that is sorely needed. It is sad, although not really surprising, that telcos have been unwilling to make these changes voluntarily.

But given their track record with everything else, one cannot pretend to be shocked.

7. I hate you. Email security mandates becoming mandatier, thanks to Google and Yahoo. Many moons and an impossible to count number of episodes ago, we talked about email security, how stupid SMTP is, and why spam shouldn't be a problem. The problems with SMTP are mitigated by the holy grail of sender policy framework, domain keys identified, mail and domain based message authentication reporting and conformance protocols.

They are more popularly known as SPF, DKIM and DMARC because that's way easier to say. And also, I always call it SFP, and people look at me like I'm an idiot.

I don't think that's why.

Shut up. The point of these protocols is that they help receiving mailboxes confirm that sending mailboxes are genuine. Mhmm. The thing is, using them is optional. You don't have to.

They're there to help, but if you don't want help, Alice, you don't have to get it. Well, until this week. As of this week, if your company doesn't follow the proper protocols, and you send 5,000 emails per day, well, those emails are gonna get dropped. Ouch. This is based on a rule that Google and Yahoo are doing together.

They announced it in something like October of last year, maybe even further back. It is finally going into effect. Good. How successful has this been? Well, not very.

According to Easydmark, an email security specialty shop, from a survey of 1,000 respondents, quote, only 27% of respondents were aware of the changes to email authentication being implemented by Google and Yahoo. Unquote. Oh. And, quote, almost a quarter of respondents were not familiar with SPF, DKIM, or DMARC at all. Unquote.

Yikes. Now, this will likely not affect the world at large, as sending 5,000 emails to one place, like a Gmail or a Yahoo per day, is actually a lot. Yeah. Not a lot of companies are gonna hit that. That's, like, what?

What do we think? 5% of senders?

Something like that. Yeah.

If you're a person or a company or an organization or a robot who sends emails out, though, it's best to get this sorted sooner rather than later. Over time, what's going to happen is that these are going to become more and more restrictive, and every company is going to require every one of those security protocols for every email. You know, like we should have been doing all the time in the first place.

You know, it's almost like these protocols and programs that we came up with in the 19 seventies didn't really have security in mind. Almost. Alright. That's it. We're done.

Go away now. Bye.