• Human Infrastructure
  • Posts
  • Human Infrastructure 381: Tech Support with Drink Pairings, Building an Automation Portfolio, and More

Human Infrastructure 381: Tech Support with Drink Pairings, Building an Automation Portfolio, and More

Author

Drew Conry-Murray
December 12, 2024

THIS WEEK’S MUST-READ BLOGS 🤓

Do you ever get roped into helping a relative “fix their computer” over the holidays? Karen Lopez has sound advice for making your extended family’s tech ecosystem a little healthier–with suggested drink pairings for each activity. If you go through all five options in one sitting, get someone to drive you home. - Drew

While this post is primarily aimed at developers, there’s good advice in here for network engineers looking to improve their automation chops—whether to build your own skills, help launch and support automation efforts within your team or org, or in preparation to land a new job.

A few projects jumped out at me that could translate well to networking: API automation, working with databases, and performance testing. Angie also suggests ways to store and present your project portfolio. - Drew

Each year at Reinvent, AWS vomits new products and services all over Las Vegas like frat bros on a stag weekend. But how many are good, and is vomiting really an effective product strategy? Forrest Brazeal opines that the last few years haven’t seen any meaningful announcements, which has knock-on effects for the AWS community. He writes “I’m convinced that this profusion of lame service announcements contributed to the noticeable stagnation of the AWS community in recent years. How do you expect to get developers excited about AWS when all the marketing dollars are going into hyping things nobody cares about?

This year, he noticed something different. AWS put out some modest releases, mostly focused on improving essential services. This left him more encouraged by AWS’s product direction. “Sure, we’re all going to have to sit through plenty of garbage AI announcements for the next few years. But … it really does seem like AWS is making some attempt to double down on making their good stuff better.” - Drew

Addy Osmani suggests that sure, AI can help generate working code. But that only gets developers 70% of the way there. The remaining 30% sucks. For instance, Addy points out that fixing bugs is harder, because AI wrote the code. You, the human, didn’t…and therefore you don’t really understand the codebase. So you ask AI to fix it, which Addy explains as “the two steps back pattern. What typically happens next follows a predictable pattern:

  • You try to fix a small bug

  • The AI suggests a change that seems reasonable

  • This fix breaks something else

  • You ask AI to fix the new issue

  • This creates two more problems

  • Rinse and repeat

This cycle is particularly painful for non-engineers because they lack the mental models to understand what's actually going wrong. When an experienced developer encounters a bug, they can reason about potential causes and solutions based on years of pattern recognition. Without this background, you're essentially playing whack-a-mole with code you don't fully understand.”

I fear this sort of problem with network automation—AI agents proposing solutions to engineers who don’t entirely understand what’s going on, resulting in tooling that only sort of works at best and is dangerous at worst. - Ethan

Q: What is Bufferbloat?
A: Wikipedia says, “Bufferbloat is the undesirable latency that comes from a router or other network equipment buffering too many data packets.”

The FAQ continues with a discussion of bufferbloat in real life (it’s annoyingly common) and how it can be (and not be) combated. - Ethan

You can tell from the title that Christian is excited. He reports…“THIS changes the whole Campus networking game! This little screenshot was taken from our Lab and it might look like any regular screenshot from a random network topology – buuuuuut it’s a full blown IP-CLOS Campus-Fabric with full IPv6 support (of course this was my first test) running purely on the new virtual EX Switches inside my EVE-NG Lab.”

Very cool. You can download vJunos from here. - Ethan

MORE BLOGS

TECH NEWS 📣

In part three of a three-part series on AI’s climate impact, Proof News looks into the claim that one ChatGPT query uses an equivalent of one 16 oz. bottle of water. The claim is based on research by professors at UC Riverside, and isn’t quite what the researchers found. Based on their calculations, 10 to 50 ChatGPT prompts require about 16 oz. of water, whether for on-site cooling, or via off-site electricity generation. Some of this water gets returned back to municipalities, where it can be cleaned and re-used. But not all of it. And one problem is that many data centers are being built, or currently operate, in areas of water scarcity, and water consumption by the tech sector is growing: for instance, Google data centers withdrew 25 billion liters of clean water in 2022, up 20% from the previous year. Microsoft reported an increase of 34% in the same period. The video’s worth watching to understand the tradeoffs we’re making as AI becomes embedded in our work and our lives. - Drew

I get the appeal of space exploration. I grew up on sci-fi novels of solar and interstellar exploration. Space exploration also spurs and supports the development of technology and science here on Earth.

But when Musk and Bezos talk about space as a way to ensure human flourishing, I have to wonder if it’s less an aspirational vision and more a magician’s attempt to distract our collective attention from dire problems—some of which they’ve had a hand in exacerbating. For instance, a conservation organization estimates that in 2022, Amazon packaging created 208 million pounds of plastic waste just in the United States. That plastic waste goes into landfills, watersheds, and the food chain. Of course, Amazon is not solely responsible for the world’s plastic problem; this material has been widely used at industrial scale for decades. 

But if these two are truly serious about human survival, there’s plenty of opportunity to apply their wealth and talents toward world-changing innovations right here on the ground. We need clean energy. We need climate change solutions, as well as more resilient infrastructure to deal with the negative outcomes that are already built in to climate systems. We need to address vast disparities in wealth that are used to fracture political and civil institutions. What we don’t need are space tycoons. - Drew

26 Starlink satellites have formed a constellation specifically aimed at cellular service. That is, your unmodified phone could use this constellation for cellular connectivity. The 10Mbps service isn’t trying to compete with terrestrial cell carriers, and in fact relies on partnership with ground-based carriers to make the solution work. Bandwidth will grow over time as will reliability as Starlink works out the ideal technical solution. So for now, Starlink is offering text only—voice and data will come sometime in 2025. But…it reportedly works anywhere on earth. - Ethan

FOR THE LULZ 🤣

Wishing you a chill SlackOps this holiday season. Shared on Bluesky by @mcbazza.com

RESEARCH & RESOURCES 📒

From the README. “IPsum is a threat intelligence feed based on 30+ different publicly available lists of suspicious and/or malicious IP addresses. All lists are automatically retrieved and parsed on a daily (24h) basis and the final result is pushed to this repository. List is made of IP addresses together with a total number of (black)list occurrence (for each). Greater the number, lesser the chance of false positive detection and/or dropping in (inbound) monitored traffic. Also, list is sorted from most (problematic) to least occurent IP addresses.”

A few examples of how to use the list are included. There’s also a “Wall of Shame”. I wonder if I could integrate IPsum with CloudFlare via a script. Probably. I need another project, you see. 😅 - Ethan

If you have to protect an Entra ID deployment, or know someone who does, this might be of interest. It’s a “ collection of various common attack scenarios on Microsoft Entra and how they can be mitigated or detected. All of the included scenarios, insights and comments are based on experiences from the contributors during their attack simulations, hands-on or real-world scenarios.” Comments and additions are also welcome. In a related note, Jennifer Minella and I recorded a Packet Protector episode about AD and Entra security from a pen tester’s perspective. - Drew

JSON5 – JSON for Humans
https://json5.org

I believe the opening statements get to the heart of JSON5. “JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). It is not intended to be used for machine-to-machine communication.”

The JSON5 spec includes features from ECMAScript 5.1. You can find an example here. I suppose I’m most keen on the ability to add comments. - Ethan

MORE RESOURCES

  1. SSH Artist: hash visualization patterns - villasv via GitHub

  2. RFC 9457: Problem Details for HTTP APIs (2023) - IETF

  3. Vaultview: TUI for HashiCorp Vault - milosveljkovic via GitHub

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

Graphiant provides on-demand WAN network connectivity to help you connect enterprise, data center, and remote sites quickly. Graphiant has announced a new feature that lets you set network policies based on data, not just applications. From the press release: “Enterprises can specify specific paths data can – and cannot – travel. These rules can be driven by a combination of performance and security objectives.” Data is encrypted while in transit. How does Graphiant know what data you’re sending to apply the right policies? Graphiant’s Web page on the Data Assurance feature doesn’t say much, other than that more details are coming, so stay tuned. - Drew

Cato Networks is adding a new IoT/OT discovery and protection feature to its SASE platform. The company says it can discover and classify IoT and OT devices, including type, manufacturer, and version. You can also apply and enforce access policies. IT teams are getting more responsibility for OT devices, and security vendors are responding with more OT-centric offerings. - Drew

SonicWall is partnering with CrowdStrike on a new managed service for SMBs. SonicWall will provide the management, and CrowdStrike will provide its Falcon endpoint detection and response software. Small and medium-size businesses can get 24/7 monitoring and threat mitigation from SonicWall’s SOC. As part of the deal, customers can also get a twice-monthly configuration audit from SonicWall to miminize configuration mistakes on the endpoint software and highlight any issues that might need to be addressed. SonicWall also says the service doesn’t have annual contracts, and there are no minimum number of endpoints to qualify for the service. On paper, this strikes me as a valuable offering for small and medium-size companies that can’t afford to build out their own security operations center. As always, however, you’ll want to make sure you understand the fine print, particularly in regard to incident response and mitigation. - Drew 

DYSTOPIA IRL 🐙

TOO MANY LINKS WOULD NEVER BE ENOUGH 🐳

  1. Go vs Python - Bitfield Consulting

  2. The History of Motorola - Abort Retry Fail

  3. This Canadian is the new world champion of spreadsheets, and he has the belt to prove it - CBC

  4. The End Is Near for NASA’s Voyager Probes - Wired

  5. Apple's Camera Shutter Sound Was Recorded From a Canon AE-1 (2018) - Fstoppers

  6. AWS re:Invent 2024 Swag Review - Nick Triantafillou via Medium

  7. PyGyat - Python with rizz. Be a sigma and mog your skibidi toilet opps before they crashout. Maybe this should have gone in the Dystopia IRL section…

LAST LAUGH 😆