• Human Infrastructure
  • Posts
  • Human Infrastructure 346: AI Assistants, IP Geolocation, User Discomfort for Security

Human Infrastructure 346: AI Assistants, IP Geolocation, User Discomfort for Security

Author

Drew Conry-Murray
March 21, 2024

THIS WEEK’S MUST-READ BLOGS 🤓

Russ White raises good points about potential negative impacts of AI assistants, especially the kinds based around general-purpose Large Language Models (LLMs). As Russ notes, an AI assistant for writing might help you crank out more words, but are they better words than a person could’ve done alone? Are they the right words? And are the sources used by the LLM to generate those words accurate? He also cites research in which two groups of programmers were asked to write code. One group used an AI assistant and the other didn’t. The group using the AI assistant generated less secure code vs. the human-only group. He also raises a broader problem with AI in particular, and computers in general: people tend to regard computers and AI as authoritative. That’s not a good assumption. - Drew

Tom Hollingsworth makes a case for designing IT security that forces a user out of their comfort zone as a way to get them to notice that something they are doing requires their attention to security. He notes that these kinds of controls are already used outside of IT: airport screening, for example, or missile launch control systems that require two separate keys to be turned by two people simultaneously. While most of us aren’t doing work that results in missile launches, I get his point.

He also offers this caveat: “You want them to notice they’re doing something that needs their attention to security but not so much that they’re unable to do their job or use the service.”[emphasis added]. And that’s the problem. The kinds of controls we already have in place to do this: multi-factor authentication, being signed out of apps or services after a certain period, password expiration, and so on. And users hate them. And when users hate something, they find ways around it. What’s more, measures or controls that feel performative (taking off shoes at the airport, for example), don’t make people think about risk and how to mitigate it. They just make people resent security for wasting their time

I get that end users have to bear some responsibility for security (whether this is fair or not is up for debate). But if we’re going to expend energy on improving security, I’d rather we aim it at the makers of the applications, equipment, and services we use. It’s time to stop allowing these companies to use their customers as bug finders, or force all of the costs of securely integrating apps and services onto IT shops and end users that already have enough to do. - Drew

Sanjay tells the story of his company Digital Envoy. What was the problem he was trying to solve by creating an IP geolocation database? What uses did the tech ultimately get used for? Who were the competitors, and what happened to them. A short and interesting story from the early days of the Internet. - Ethan

Bruce Davie takes a look back at a technology we’ve all stopped talking about--blockchains. The tech certainly still exists, but as Bruce notes, we haven’t really found a “non-speculative” use case that blockchains solve well. In Bruce’s experience, enterprises can solve issues that seem like good blockchain uses with other technologies just as effectively. - Ethan

TECH NEWS 📣

The SEC has fined two financial services companies for “making false and misleading statements about their purported use of artificial intelligence (AI).” I wonder if this news might be relevant to other publicly-traded companies… - Drew.

Analyst Scott Raynovich writing for Forbes summarizes the big announcements from NVIDIA coming out of the recent GTC keynote. You might especially enjoy his “InfiniBand vs. Ethernet: Grab the Popcorn!” section near the bottom of the piece. InfiniBand is often used for AI workloads, but Ethernet is making a strong play. Will Ethernet, for AI workloads, ultimately become reliable enough to displace IB? That’s where the popcorn comes in. Expect a lot of noise on this topic in the coming months. - Ethan

This “first light” shot was sent between the Psyche spacecraft and the Hale Telescope in California using a near-infrared laser.  To talk at such distances, we’ve traditionally used radio waves. Laser has the ability to carry more data, however, so it’s desirable to figure out as a data transport for space exploration. Oh…the latency at 10 million miles? About 50 seconds, the article reports. - Ethan

FOR THE LULZ 🤣

RESEARCH & RESOURCES 📒

For Kubernetes shops, “the Otterize network mapper is a zero-config tool that aims to be lightweight and doesn't require you to adapt anything in your cluster. Its goal is to give you insights about traffic in your cluster without a complete overhaul or the need to adapt anything to it, unlike other solutions, which may require deploying a new CNI, a service mesh, and so on.” You can get output at the CLI, or generate graphical visualizations. - Ethan

From the README.md. “Retina is a cloud-agnostic, open-source Kubernetes network observability platform that provides a centralized hub for monitoring application health, network health, and security. It provides actionable insights to cluster network administrators, cluster security administrators, and DevOps engineers navigating DevOps, SecOps, and compliance use cases. Why Retina? Retina lets you investigate network issues on-demand and continuously monitor your clusters. For scenarios where Retina shines, see the intro docs here. - Ethan

Clabernetes (c9s for short) is containerlab running on a Kubernetes cluster. If you have containerlab deployments that would benefit from a scale-out architecture (GREAT BIG LABS, NEED MORE POWER), here you go. C9s is in beta right now, but it’s doing well. In a comment on the LinkedIn thread, Roman said c9s is working on GKE. All the power you possibly need is just a public cloud away. Check out https://c9s.run for more details. - Ethan

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

Itential has released version 23.2 of their Itential Automation Platform (IAP), and this is not just a minor product release. Itential has been talking to many in the network automation community, and is working to more cleanly separate automation and orchestration functions within their product set as a result of those discussions. To that end, you can now purchase the Itential Automation Gateway (IAG) as a standalone product. IAG is the tool for engineering teams who are doing high-code automation. You’re writing the scripts & the playbooks, you’re doing your own integrations, and you’re deep in the weeds with network automation. IAG is the product you’re looking for to help you with that.

IAP will still come bundled with IAG, but IAP is the tool you want for low-code automation. Full orchestration of your automated tasks. A fancy UI. A drag ‘n’ drop canvas. Lifecycle management of network services. IAP 23.2 has several new features & enhancements including a now dynamically populated ServiceNow app, stateful orchestration, compliance checking for ordered lists (such as access lists), compliance plan creation from your golden config repo, and an automation marketplace--an IAP ecosystem of automation widgets built by partners and the community.

Lots and lots going on at Itential, and even more we can’t talk about yet. But…there’s a big announcement coming from Itential at the Network Automation Forum’s AutoCon1 event in Amsterdam in May 2024. I’ll be there! - Ethan

1.6 Terabit Ethernet is steadily moving forward. I consider it a few years out but Keysight announces that it has worked with an ASIC company on demonstrating a testing platform. This is key in product development since switch makers must have the testing equipment for the design and validation process. In that sense this is a canary in the 1.6Terabit  coal mine. - Greg

What’s clear to me is that the Internet Society is doing nothing to hold registrars to account. Freenom was the domain registrar for .tk, .cf and .gq almost exclusively used by spam and scammers because it was free. After Meta and other companies started actively pursuing the lack of responses to abuse complaints, Freenom abandoned its registry. Also notable is the use of Cloudflare to host those abusive domains (23.1% of total domains hosted there) and that they sell services to protect ‘customers’ from those same scammers. - Greg

RIPE is the oversight body for Internet numbers in Europe, and does quite a bit of community work outside that scope. This article is a solid intro to NTP and the infrastructure behind public sources. - Greg

It's been a couple of years since Juniper announced the Express 5 ASIC for DC Fabrics, but this post dives into the details of the ASIC and capabilities. To some extent I find learning about ASICs similar to car engines: interesting and related to performance. That said, if I’m only using it for driving kids to school well, it doesn’t make any difference. If you have career plans for the sort of networks that would use this, then definitely read up. - Greg

Hock Tan released a post about the progress in the VMware acquisition re-iterating that Broadcom has chosen VMware Cloud Foundation as the future direction. Implicit in this statement is that previous product bundling of, say, just buying a few vSphere hypervisor licenses or small bundles is not the product vision. I read this as “you are building a private cloud with Broadcom with compute, storage and self-service cloud features as standard.” You don’t get a choice here. I’m not rejecting the amount of pain organizations will experience as they move away from legacy ITIL model to a modern, software-operated infrastructure approach, but Broadcom has done a poor job of communicating this outside of the Top2000 customers that are now dealing directly with VMware. I think it is not a priority for VMware to allocate resources to customers that don’t generate target profits and/or don’t want to align with the product vision. In one way, I appreciate a company standing firm on  technology direction and leading the customer into a future. Let me say this - you don’t need choices, you need solutions. It’s my view that companies need to move on from micro-managing their infrastructure and start thinking bigger. VMware isn’t interested in manually operated data centres, they want to move the conversation to Tanzu, SDWAN, and Application Security instead of hassling over a few hypervisor licenses - Greg

This post explains more about the ‘VMware by Broadcom’ product vision but, again, doesn’t do it well in my view.  - Greg

The US FCC now defines Broadband as 100/20 replacing the previous 25/3 definition. This is important for government subsidies (free money) and programs to build out broadband in rural areas. This brings the US closer to most advanced economies. While this is important for providers in the consumer markets it also impacts enterprise IT. When broadband is 100M down then business grade service will increase to justify the extra costs which will drive more bandwidth in backbones and thus improved public WAN performance of course. Upgrades to edge equipment mean business can expect improved online transactions and services. - Greg

Portnox offers cloud-based RADIUS and NAC solutions for access to cloud and on-prem networks and applications. The company recently announced a new “passwordless” authentication capability that relies on digital certificates and cloud-based PKI instead of passwords. - Drew

There’s no action item for you unless you’re pinning certificates, but Let’s Encrypt covers several changes they are making to their intermediate certs. They explain what those changes are (including smaller resulting chains) and why they are making them. - Ethan

We knew it was coming, and now it is done. Cisco has acquired Splunk. From the comments in the press release, Cisco intends to roll Splunk technology into Cisco’s other product offerings to improve them. To get an idea of where Splunk might be showing up, Cisco talks up better security, observability, AI, networking, and economics. If you did a spit-take at “ecomonics”, well…you probably have the right idea. I’m sure Cisco will want a return on their $28B investment as soon as you and the rest of the Cisco customer base can sign the purchase orders. I find it unlikely that, even if you’re both a Cisco and Splunk customer today, that any of your IT budget will be freed up. Hopefully, your budget won’t be hit as hard as VMware by Broadcom renewals are reported to be hitting. - Ethan

LAST LAUGH 😆