• Human Infrastructure
  • Posts
  • Human Infrastructure 380: Going a Month Without NAT, Free Network Tools, and More

Human Infrastructure 380: Going a Month Without NAT, Free Network Tools, and More

Author

Drew Conry-Murray
December 05, 2024

THIS WEEK’S MUST-READ BLOGS 🤓

If you’re only clicking this link to enjoy some bashing of Bay Area startup types, you might miss a couple of more interesting points. First, Forrest describes why SaaS may not be the best business model for a startup: VCs push startups into a SaaS model because a tiny handful of them pay off handsomely–great for a VC, but maybe not so good for the startup. And if you want to sell to the enterprise, you can’t ignore sales, support, and customization. Sometimes startups building a SaaS offering forget those things.

The other point of note is Forrest’s personal realization that software developers aren’t the be-all and end-all of tech startups. He writes “It turns out that sales and marketing and customer support actually do matter to the success of the business. They matter a lot. And their jobs are not easy.”

He also writes “The things that bring developers a sense of fulfillment (mostly, building more and more software tools for themselves and each other) do not bear any direct relationship to things that people with budgets are willing to pay for.”

The Bay Area–both the location and the culture–exerts a significant gravitational pull on the tech industry, not always for the best. If you ever feel “less-than” as a technology professional because you are outside the San Francisco-Palo Alto orbit, this piece gives you reasons to feel better. - Drew

Angie uses the airport security line to illustrate the notion of the Betterment metric: once your stuff is through the scanner, do you just take it out of the bin and walk away? Do you stack your bin? Do you stack other bins piling up on the conveyor belt? The same idea can be applied to tech work—are you just watching out for your own stuff, or looking for ways to improve the system where and how you can? - Drew 

Women in tech often have to deal with harassment at conferences and other events. This post provides some useful guidelines for how to make these events safer and more hospitable, such as codes of conduct and safe reporting mechanisms.

It also has tips for attendees, including this: “Be an active bystander: Intervene or report if you witness inappropriate behaviour.” In other words, not being a creep is a good start, but calling out creepy behavior and intervening if needed is even better. As we move from conference season to holiday office party season, the guidelines and tips described here are also relevant. - Drew 

Alex took on a challenge from the folks at nixCraft, “daring people to take the No NAT November challenge and disable IPv4 for the month, relying only on IPv6.” He did this in his home network and chronicled the journey in this post. How did it go? Okay…mostly. Kinda. Depended a lot on the host in question. And what 6to4 translation tools he had access to. And…okay. This was all sorta ugly. We’re really, really far as an industry from residential networks being able to turn on IPv6 and it just works. Phones are one thing, but smart homes are something else entirely. - Ethan

Sloonz walks through not only a basic Wireguard VPN configuration, but also tackles how to handle a NAT setup (including UPnP, not a native Wireguard feature) and IPv6. - Ethan

Rather than look at long-term BGP table trends, Greg Foletta wanted to look at global BGP for a 24 hour period and see what could be gleaned. Greg focused on three areas: General behavior, the path attributes of outliers, and flappy paths. I found the data fascinating—both more and less activity than I might have guessed. You also gotta read his section on AS prepends. Some people are crazy. Greg found an IPv6 path with 599 ASes. Just…why? Greg has a theory. - Ethan

MORE BLOGS

TECH NEWS 📣

Come to Bluesky! The tech community is here and the water’s nice. - Drew 

China is banning the export of rare-earth materials to the US in response to US restrictions on China’s access to US-made chips. These rare-earth materials, including gallium, germanium, and antimony, are necessary to manufacture high-tech products. Ars Technica reports that trade experts are concerned about the economic impact of these tit-for-tat bans. What’s more, the incoming Trump administration has promised to set high tariffs on Chinese imports, which are likely to drive up the costs of tech products. If it’s not too late, you might want to stock up on critical gear to have a few spares on hand. - Drew

This is a good thing, no? I mean, it might hit Microsoft’s sales, but I have no problem with Microsoft putting its foot down about insisting on this hardware security feature. The company has been forecasting this requirement since June 2021, according to Bleeping Computer, so you can’t say it’s a surprise. That said, Microsoft is also working hard to try to force upgrades to Windows 11 whether you or your users want it. That part I’m not thrilled about. - Drew 

A Chinese hacking group known as Salt Typhoon has reportedly embedded itself into several telecom networks. Although the firm details of what is and is not at risk, the concern was raised that Salt Typhoon and/or “Chinese government hackers” might have access to the backdoor taps telecoms can provide to government agencies. The advice the US CISA, NSA, and FBI agencies is to use encrypted communications. BTW, if you aren’t familiar with end-to-end encrypted (E2EE) communications, take a little time to read up. Then make an informed decision about the platforms you use to chat with folks. Not all chat platforms are E2EE. - Ethan

We talk about personal privacy tools, including E2EE messaging apps, in this episode of Packet Protector. - Drew

The key to this story is that the devices are end of life. Since they’re EoL, D-Link is walking away from them, despite fresh vulnerabilities being discovered. I’m torn on this one. On the one hand, it’s not reasonable for companies to support every device they’ve ever made forever. At some point, a business can’t devote money to patching a device beyond a reasonable service life. On the other hand…wow. 60K devices with 3 new exploitable vulnerabilities. Not all high scoring. It’s not the end of the world. But where do you make an exception to the EoS/EoL support policy and patch something for the betterment of the global Internet at large? I don’t have a strong opinion, but I’m thinking about it. - Ethan

Proof News is launching a series on the climate footprint of AI. TL;DR - it’s huge. Even as giants such as Google and Microsoft have increased their purchases of green energy from renewable solar and wind, Proof News notes “The AI-driven demand for energy is so high that the companies’ clean energy purchases simply can’t keep up.” For example: “Despite its massive investments in green energy, a smaller share of Google’s data center electricity is powered by clean energy now than it was in 2020.”

What kind of demand are we talking about? Proof reports “Google’s electricity consumption has increased 186 percent since 2017. Microsoft’s has increased 186 percent as well. Meta’s has increased 367 percent during the same time period.” That’s the wrong kind of growth. - Drew

MORE NEWS

FOR THE LULZ 🤣

RESEARCH & RESOURCES 📒

Dmitry Figol presented at AWS reInvent this year on how to put together a well-architected network in AWS’s public cloud. The video covers multi-AZ and multi-Region architectures and their tradeoffs, how to set up a VPC, design challenges of connecting VPCs to on-prem data centers, common network architecture patterns, and more.  - Drew 

This report describes the device and employee tracking capabilities offered by vendors including Cisco Networks and Juniper Networks. Typically using some combination of Wi-Fi and Bluetooth, these systems are promoted as providing organizations with aggregate data on building occupancy and/or providing the ability to track medical devices and other equipment. However, they can also be used as rough measures for performance and productivity by, for example, measuring how long a worker is at their desk. The link above goes to the summary of the report. The PDF of the full report is available here. - Drew 

PyNetWeaver is a network discovery tool created by Scott Peterman. In a LinkedIn post describing the impetus for the tool, Scott notes that a source of truth or system of record, which often underpins broader network automation efforts, can be hard to assemble. PyNetWeaver aims to help.

Scott writes “This tool applies simple SSH and SNMP concepts, and an algorithmic approach call BFS (Breadth First Search). There are many articles on the topic. I wrote a simple utility that takes in basic host and connection information as a csv file, graphs it for you, and lets you step through the algorithm and see it "discover".” The LinkedIn post above has more details about the tool and some screenshots. You can find the GitHub repo for PyNetWeaver here. - Drew 

I saw a demo of Gather from the stage at AutoCon2 by creator Rajiv Gupta. Gather is a Python tool that will run a series of commands you request against a list of network devices you define, storing the output in a delimited database. From there, you can use common *NIX tools like grep and awk to extract knowledge about your network. Check here for demos of how to use Gather. A tool like this has almost no barrier to entry—immediately useful. - Ethan

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

Nokia has partnered with IT infrastructure services provider Kyndryl “to offer advanced data center networking solutions and services to global enterprises.” More specifically, Kyndryl will incorporate Nokia’s Event-Driven Automation platform with its own Kyndryl Bridge, an observability and orchestration platform to manage and automate data center networks. And if you want more details on Event-Driven Automation, Ethan Banks hosted a video conversation with Nokia about it. - Drew

Broadcom is announcing the availability of a new packaging technology that lets interested parties (for example, hyperscalers or very large enterprises) develop custom accelerators. Broadcom calls these custom chips XPUs, but it’s taking aim at the AI market, specifically GPUs. From the press release: “Traditional methods like Moore's Law and process scaling are struggling to keep up with these demands. Therefore, advanced system-in-package (SiP) integration is becoming crucial for next-generation XPUs.” There are more technical details in the release if you’re curious. - Drew

Cloudflare analyzes the impact of the recent cuts to two cables crossing the Baltic Sea. Their findings? Not much practical impact to the Internet connectivity in the area. Why not? Fantastic European redundancy and Internet capacity. Several interesting graphs from Cloudflare notate what was going on before and after the cuts—interesting data. - Ethan

Washington DC-based security firm Volexity analyzes an incident kicked off by an alert from a signature they’d deployed a customer site. The breach was fascinating, as it happened via Wi-Fi, but the attacker known as GruesomeLarch was not nearby. Check this out…

“GruesomeLarch was able to ultimately breach Organization A’s network by connecting to their enterprise Wi-Fi network. The threat actor accomplished this by daisy-chaining their approach to compromise multiple organizations in close proximity to their intended target, Organization A. This was done by a threat actor who was thousands of miles away and an ocean apart from the victim. Volexity is unaware of any terminology describing this style of attack and has dubbed it the Nearest Neighbor Attack.”

“Their strategy was to breach another organization, and then move laterally within that organization to find systems they could access that were dual-homed, (i.e., having both a wired and wireless network connection). Once successful in this endeavor, having found a system that was connected to the network via a wired Ethernet connection, the threat actor would access the system and use its Wi-Fi adapter. At this point they would connect to the SSID of Organization A’s Enterprise Wi-Fi and authenticate to it, thus granting them access to Organization A’s network.”

The post goes on in detail if you want to understand more about the exploit. - Ethan

DYSTOPIA IRL 🐙

TOO MANY LINKS WOULD NEVER BE ENOUGH 🐳

LAST LAUGH 😆

Do not mess with the arts-and-crafts types.