For a free version of Powerpoint, which has shape art in it, there's LibreOffice suite.
- Welcome to Networking-Forums.com.
We're Here to Help!
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
Homework Help / Re: How to study network layer and understand?
December 22, 2025, 07:23:42 PMQuote from: networkloser on December 22, 2025, 04:57:16 AMi know ipv4 has 32 bits. ipv4 datagram format etc. only. not a lot i can recall.
Start with this information: http://www.tcpipguide.com/free/t_IPSubnetAddressingSubnettingConcepts.htm
Sections linked from the main page, and keep in mind that classless addressing is how we do things. A/B/C networks aren't used like that anymore, thanks to private IP spaces defined in RFC 1918.
#3
Forum Lobby / Stumbling into the API...
December 21, 2025, 08:34:25 AM
As a self-styled smartass, I am prone to bouts of tomfoolery and hijinks. This weekend, I texted the following to the family group chat:
"I will be leaving to get dinner and should be back by 6:30 pm. If you would like to continue to receive status updates, text YES to this number. Normal text and/or data rates will apply."
On one of the phones, there was a button to auto-send a YES response.
I had stumbled into the API!
Other family members tried to get that response with less, but it was clear that the full verbiage needed to be in there to make it work. I got a few more of those and we had a laugh.
Today, I went for two:
"Your appointment for 9:30 am is scheduled. Text CONFIRM to this number to confirm your appointment or CANCEL to cancel it. Normal text and/or data rates will apply."
The result? Both a CONFIRM and a CANCEL button appeared on the other phone for autoresponses.
This means, of course, that the API is invoked via scanning the text message itself. There are no back-end flags in my packets or anything like that, it's straight-up giving the system a prompt and getting a response out of it that leverages into the target system adding executable code as a result of reading the prompt.
As a security person, I find the upshot of this to be chilling. There are other functions that could be automated and if the API simply attaches code to a message based on its wording without any verification of authenticity or authority, then it is a massive hole in the system. To defend against possible abuses, I know that I have some autoresponders set up with professionals that I make appointments with. Those I already know. If I make a new appointment with a new person and get an autoresponse in the time frame of that appointment, then I'm OK with that. What's most dangerous is some kind of scam targeting people over 50 who are already at higher risk of implicitly trusting without verification. By using official-looking texts, it already increases the risk that they make an error. By having the system attach code for autoresponses, it makes them look that much more legitimate and, therefore, gives such attacks a higher conversion rate.
Which thought leads me to a larger zero-trust concept: cybersecurity also involves the concepts and philosophies surrounding our work. When we unequivocally accept any new paradigm without sufficient testing, verification, and cautious observation, then we place ourselves into a potentially unacceptably high level of risk. And when we let proven flaws remain in our systems because we choose not to disrupt production, then we know we are set up for a terrible tragedy.
"I will be leaving to get dinner and should be back by 6:30 pm. If you would like to continue to receive status updates, text YES to this number. Normal text and/or data rates will apply."
On one of the phones, there was a button to auto-send a YES response.
I had stumbled into the API!
Other family members tried to get that response with less, but it was clear that the full verbiage needed to be in there to make it work. I got a few more of those and we had a laugh.
Today, I went for two:
"Your appointment for 9:30 am is scheduled. Text CONFIRM to this number to confirm your appointment or CANCEL to cancel it. Normal text and/or data rates will apply."
The result? Both a CONFIRM and a CANCEL button appeared on the other phone for autoresponses.
This means, of course, that the API is invoked via scanning the text message itself. There are no back-end flags in my packets or anything like that, it's straight-up giving the system a prompt and getting a response out of it that leverages into the target system adding executable code as a result of reading the prompt.
As a security person, I find the upshot of this to be chilling. There are other functions that could be automated and if the API simply attaches code to a message based on its wording without any verification of authenticity or authority, then it is a massive hole in the system. To defend against possible abuses, I know that I have some autoresponders set up with professionals that I make appointments with. Those I already know. If I make a new appointment with a new person and get an autoresponse in the time frame of that appointment, then I'm OK with that. What's most dangerous is some kind of scam targeting people over 50 who are already at higher risk of implicitly trusting without verification. By using official-looking texts, it already increases the risk that they make an error. By having the system attach code for autoresponses, it makes them look that much more legitimate and, therefore, gives such attacks a higher conversion rate.
Which thought leads me to a larger zero-trust concept: cybersecurity also involves the concepts and philosophies surrounding our work. When we unequivocally accept any new paradigm without sufficient testing, verification, and cautious observation, then we place ourselves into a potentially unacceptably high level of risk. And when we let proven flaws remain in our systems because we choose not to disrupt production, then we know we are set up for a terrible tragedy.
#4
Homework Help / Re: How to study network layer and understand?
December 19, 2025, 08:22:51 AM
That's a very broad range. You need to start somewhere. I would pick first IP Addressing, as that is the number one area that everything starts with, and it's IPv4 that's out there for the most part. IPv6 exists, but v4 is still dominant. What you learn for v4 will be handy for v6, so there's that.
What do you already know about v4? From that, we can look at resources for getting that totally covered before going into the other topics.
What do you already know about v4? From that, we can look at resources for getting that totally covered before going into the other topics.
#5
Everything Else in the Data Center / Re: A Rant Thread About GUI Changes
November 27, 2025, 09:42:51 AM
Thing is, those features can also be added without changing the GUI interface, like adding another line in a drop-down menu. Simple as that. This is why I love OfficeLibre, it keeps the old school drop-down menus that just *work*.
And when usability is sacrificed for the sake of "clean, fresh design", then I truly howl in pain. We have to do stuff via screen shares, so please let us have bigger fonts and better contrast between elements! Faint text and colors that are too much like the other colors will reduce the usability and productivity with the tool.
And when usability is sacrificed for the sake of "clean, fresh design", then I truly howl in pain. We have to do stuff via screen shares, so please let us have bigger fonts and better contrast between elements! Faint text and colors that are too much like the other colors will reduce the usability and productivity with the tool.
#6
Everything Else in the Data Center / A Rant Thread About GUI Changes
November 23, 2025, 08:15:24 AM
Over the years, I've worked with a number of products. Some of them start out easy to use and stay easy to use. Some of them started out easy and then got harder because they added a bunch of features and didn't take time to clean up the GUI when integrating them or - worse - there's a totally different GUI for the add-on and it's way different from the one I got used to. And then there are the ones that didn't add features, but they did ruin the GUI and chose to double down on the crap instead of rolling back to what I was comfortable with.
A change in GUI is like inviting the competition in if the product doesn't have a "revert" button. I can see wanting to have a new look for marketing and sales purposes, but the daily users of the product likely have lots of memories attached to what they're doing and how they're doing it and changing everything makes them feel useless. Replaceable. Unimportant. Judged by the makers of the product and found wanting. And that makes it easier to burn a bridge and move on.
A change in GUI is like inviting the competition in if the product doesn't have a "revert" button. I can see wanting to have a new look for marketing and sales purposes, but the daily users of the product likely have lots of memories attached to what they're doing and how they're doing it and changing everything makes them feel useless. Replaceable. Unimportant. Judged by the makers of the product and found wanting. And that makes it easier to burn a bridge and move on.
#7
Certifications and Careers / Re: Current Certification Goals
October 08, 2025, 03:46:40 PM
Indeed. I just got my foundations of AI cert from ISC2.
#8
Everything Else in the Data Center / Re: Interesting article on AI connection protocol
September 26, 2025, 08:54:09 AM
That part about increasing denials for services stings, as AI has shown tendencies to amplify human biases evident in historical data. And if that's the training the AI model gets, it'll be aggressive in denying treatment not accidentally, but by design. Likeliest to be denied would be major procedures for people with poor health histories. Least likely denials would be minor procedures, prescriptions, things like that.
#9
Information/Announcements / Re: OUTAGE REPORTS
September 26, 2025, 08:48:09 AM
Heads up from the web host:
"The maintenance process will begin Thursday, October 2nd at 12:00 AM (midnight) PT and will run until 4:00 AM PT. You may experience approximately 30 minutes of intermittent connectivity within the above 4-hour window."
"The maintenance process will begin Thursday, October 2nd at 12:00 AM (midnight) PT and will run until 4:00 AM PT. You may experience approximately 30 minutes of intermittent connectivity within the above 4-hour window."
#10
Everything Else in the Data Center / Interesting article on AI connection protocol
September 25, 2025, 08:05:34 AM
https://thebulletin.org/2025/09/the-risks-in-the-protocol-connecting-ai-to-the-digital-world/#post-heading
model context protocol (MCP) is comin' to town, best get ready.
It runs on HTTP according to docs here: https://modelcontextprotocol.io/docs/getting-started/intro
So, I hope it can also run on HTTPS, but then there's the fun times about making sure all the encryption is done right and is made quantum-resistant when those ciphers are ready.
Communicates via JSON over HTTP.
I need to read the rest of the articles now...
model context protocol (MCP) is comin' to town, best get ready.
It runs on HTTP according to docs here: https://modelcontextprotocol.io/docs/getting-started/intro
So, I hope it can also run on HTTPS, but then there's the fun times about making sure all the encryption is done right and is made quantum-resistant when those ciphers are ready.
Communicates via JSON over HTTP.
I need to read the rest of the articles now...
#11
Certifications and Careers / Re: Current Certification Goals
September 24, 2025, 07:13:35 PMQuote from: Otanx on September 23, 2025, 05:16:54 PMCongrats. Was it one of the ISC2 certs? Those are pretty well recognized.This was a Qualys one. I'm next planning to do some AI Security courses with ISC2.
-Otanx
#12
Certifications and Careers / Re: Current Certification Goals
September 23, 2025, 04:43:46 PM
I picked up my first cloud security certification. Feels good. 
#13
Certifications and Careers / Current Certification Goals
September 18, 2025, 10:01:45 AM
Well, I signed on at ISC2 and I'm going to work on clearing the intro cert for cybersecurity and then going on to the cloud and AI certifications, whatever they got there. This is self-directed training on my own dime and time.
Internally, I'm going to work more on product training in Cloud / AI areas and getting up to speed in those venues. Traditional network stuff I got down very well, and finding out that AI security is basically an IPS/WAF for the AI inputs and outputs helps to put that security in context.
Internally, I'm going to work more on product training in Cloud / AI areas and getting up to speed in those venues. Traditional network stuff I got down very well, and finding out that AI security is basically an IPS/WAF for the AI inputs and outputs helps to put that security in context.
#14
Forum Lobby / Re: old Cisco hardware value
August 05, 2025, 11:21:04 AM
I recycled my old gear. Getting 50 bucks and postage wasn't worth lugging it around and trying to ram it into a box.
#15
Homework Help / Re: Computing CRC (used to feel simpler earlier)
July 22, 2025, 08:32:06 AM
Well, time for me to do a deeper dive into CRCs...
In networking, the CRC is typically calculated on the fly as the data goes out of the network interface and is added to the end of the transmission. There is a SHA checksum with the data that is actually used to check for data integrity, so the CRC in networking is for the datalink to determine if there are any bit errors. CRC itself is too lightweight to do a proper integrity check, which is why the SHA checksum is included with the data set proper.
In environments with low to non existent error rates, CRC can be seen as redundant, especially with TCP data being sent with a SHA checksum on it. In operational technology (OT) environments, however, where the gear is thinly provisioned and data transmission is a priority, the CRC is used on the OT protocols as a quick and easy way to determine if the data arrived completely or if a retransmission is required.
For your case, the maths are by the sending system. Honestly, it does not matter what algorithm is used, so long as it's the one for the protocol being transmitted. Humans do not calculate CRC.
The data, 1010, will be manipulated until the system gets 0 and a remainder. The remainder are the CRC bits.
https://en.wikipedia.org/wiki/Cyclic_redundancy_check#Computation shows a sample calculation.
But in the real world, we don't look at the CRCs. We *will* look at CRC error rates on a device and, when they get too high, will consider corrective action on the hardware or connecting media.
In networking, the CRC is typically calculated on the fly as the data goes out of the network interface and is added to the end of the transmission. There is a SHA checksum with the data that is actually used to check for data integrity, so the CRC in networking is for the datalink to determine if there are any bit errors. CRC itself is too lightweight to do a proper integrity check, which is why the SHA checksum is included with the data set proper.
In environments with low to non existent error rates, CRC can be seen as redundant, especially with TCP data being sent with a SHA checksum on it. In operational technology (OT) environments, however, where the gear is thinly provisioned and data transmission is a priority, the CRC is used on the OT protocols as a quick and easy way to determine if the data arrived completely or if a retransmission is required.
For your case, the maths are by the sending system. Honestly, it does not matter what algorithm is used, so long as it's the one for the protocol being transmitted. Humans do not calculate CRC.
The data, 1010, will be manipulated until the system gets 0 and a remainder. The remainder are the CRC bits.
https://en.wikipedia.org/wiki/Cyclic_redundancy_check#Computation shows a sample calculation.
But in the real world, we don't look at the CRCs. We *will* look at CRC error rates on a device and, when they get too high, will consider corrective action on the hardware or connecting media.