• Human Infrastructure
  • Posts
  • Human Infrastructure 384: Linux Routing, Python Scripts, 6-Day Certs, and More

Human Infrastructure 384: Linux Routing, Python Scripts, 6-Day Certs, and More

AuthorAuthor

Ethan Banks & Drew Conry-Murray
January 16, 2025

THIS WEEK’S MUST-READ BLOGS 🤓

Ivan Pepelnjak’s netlab tool for creating networking labs is different from GNS3, EVE-NG, and CML. There’s no GUI. With netlab, you configure the lab via a YAML file, and netlab stands the lab up for you. Some folks object to this, complaining that configuring everything by hand is important. Ivan points out that, yes, if you’re new to all of those routine configuration tasks, you should practice that. But what about when all of the basic config work is old hat, and you’ve got other things to learn? You don’t want tedious lab configuration getting in the way. Thus, netlab (which I run on a bare-metal Ubuntu box and love). - Ethan

Pat Allen shares three Python scripts you can start using right away for tasks including getting device information and automating configuration. He also links to popular Python libraries and shares learning resources for those looking to start building or improve their Python chops. - Drew 

Gregory digs into why it matters that newcomer terminal app Ghostty is OS native. It’s not just about performance. It’s also about familiar UI behavior, security, window serialization, and more. Gregory feels that Ghostty is doing the right things and has additional right things on the roadmap. - Ethan

You know how some tutorials are like reading gibberish because the author assumes you have a level of knowledge you don’t have yet? This isn’t that. Okay, it doesn’t start assuming you’re completely ignorant of Linux and networking. But if you’re an IT pro with some general systems and network knowledge, this piece strikes the perfect balance of not getting too in the weeds while providing useful information to get you up to speed with Linux routing (not all of Linux networking!) quickly. - Ethan

MORE BLOGS

AutoCon3

Join us for AutoCon 3, the premier network automation event, May 26-30, 2025 in Prauge!

  • The schedule: Workshops are Monday and Tuesday; the conference runs Wednesday through Friday.

  • The venue: AC3 will be held at the Hilton Prague. Details and the discounted rate booking link are available here.

  • The call: Submission forms are open for speaker and workshop proposals. Bring your experience and expertise to our stage! Closes 28 Feb.

  • The price: Conference registration is €699. Workshop tickets are an additional €699.

Super Early Bird Registration Starts Now!!!

Super Early Bird Registration - €299 - This discount is meant for folks who are unemployed, self-employed, or otherwise on a more restricted budget. These tickets will be available starting 16 January. Only one ticket may be purchased per person and only 100 of these tickets are available. 

TECH NEWS 📣

AI assistants are taking the hallowed place of StackOverflow, it seems.

“StackOverflow…is suffering from declining activity, with new questions tumbling 75 percent since their peak in 2017, and down 60 percent year-on-year in December 2024.”

Aside from personal AI, a change in culture might also be to blame. Anecdotally, SO moderators are getting heavy-handed these days. - Ethan

United will begin testing Starlink on flights in February 2025. United says that eventually, their entire fleet will be equipped with ElonNet. From a latency and bandwidth perspective, I suspect this will be a winner compared to most in-flight Internet experiences. I hope, anyway. - Ethan

Considering the sheer girth of the security industry, emphasis on secops, new security startups, and growth in cybersecurity jobs…most organizations aren’t good at security. Sufficiently motivated bad actors still seem to find their way in.

This story is a continuation of the Salt Typhoon saga. Just…brutal. - Ethan

The FBI has turned a malware command-and-control (C2) system into a malware removal tool. The Register reports that the FBI, with the authorization of US warrants, remotely removed PlugX malware from over 4,000 infected devices in the United States by issuing a self-destruct order from a C2 system that had been previously seized by French authorities. The FBI says it will notify the owners of the now-cleaned computers of its actions.

If you weren’t aware that the FBI was allowed to remotely access computers it doesn’t own to delete software, this has been happening since 2021. It’s a novel application of a search and seizure warrant that judges can issue to law enforcement officers. This blog post from 2021 has a good explanation of how the warrant was applied to malware removal for the first time. The blog also notes “It is important to have a robust discussion about where to draw the line with respect to the circumstances and manner in which law enforcement may access victim systems…” - Drew 

MORE NEWS

FOR THE LULZ 🤣

RESEARCH & RESOURCES 📒

Chris Wahl has launched a new podcast series, Thoughtfully Critical, that’s aimed at technology pros. The show is based on his experiences as a technologist, team leader, and consultant, and the idea is to share his insights and observations in 15-minute episodes. Topics will include deep work, dealing with change, professional development, tech leadership, and more. Long-time Packet Pushers listeners may remember Chris from the Datanauts podcast. The URL above has all the links to where you can subscribe to Chris’s podcast. If you’re looking for sensible, dare I say thoughtful, ideas on being a technologist, this is worth checking out. - Drew 

There are lots of labbing options out there for certs, learning, and testing (containerlab and Ivan Pepelnjak’s netlab, for instance). Another possibility is the Cisco Modeling Lab (CML). David Alecia has a good video overview of CML, including a short walkthrough of how to set up a simple topology. CML is, of course, Cisco-centric, but if you’re on a Cisco cert track, that’s not a problem. It also means CML comes with Cisco images out of the box, which can save you some steps. - Drew

Click through to view the README containing all the Python reference goodness. - Ethan

In 2025, you’re going to hear a LOT about agentic AI from all your favorite vendors. You want to know what is being implied by this term? Read this whitepaper. 42 pages of mostly words, diagrams, and code snippets, plus endnotes. Beefy. - Ethan

MORE RESOURCES

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

RtBrick, which makes routing software to run on disaggregated hardware, has added support for multiple security features that aim to improve security and operations of ISP networks. The new feature support includes RPKI, which can minimize the possibility of route hijacks; TCP-AO, which can authenticate TCP segments exchanged during BGP sessions; BGP Flowspec for DDoS protection; sFlow for traffic analysis; and GTSM, also for route hijack protection. More details are available in the release linked above. And if you want to know more about RPKI, check out this Packet Protector podcast episode with BGP expert Russ White. - Drew

If you’re interested in developing products based on P4, it just got easier for you. P4 is open source now using the Apache License.

P4.org reports, “Developers now have access to the entire source code, which is organized in two main repos inside the p4lang structure. The p4c repo now additionally contains the Tofino compiler components, with subfolders such as arch, common, control-plane, driver, midend, test and docs. The Tofino backend is hierarchically at the same level as bmv2, ubpf and other backends. The newly introduced open-p4studio repo contains all the other components of the Tofino P4 Studio, such as bf_driver, bf_diags, bf_utils and tofino_model.”

I suppose the larger question is how much this matters at this point in SDN’s technological history. Too little, too late? If you care about P4 either as a user or developer of networking products, let me know. I know you’re out there, but I’m unsure of how many of you. - Ethan

Optigo makes software for monitoring OT networks: sensors, industrial controls, and so on. The company has just announced Site Scope+, an add-on for its OptigoVN core product. The add-on lets you share advanced diagnostics with folks inside and outside your organization. It also has no fees or restrictions on the number of users, making it more affordable to put into more hands (while also providing role-based access). From the press release: “With Site Scope+, each OT network can be shared with an entire organization or just a handful of specific users. Access is easily granted or revoked in a few clicks.” - Drew

The RIPE team looks into the fiber cuts from mid November, examining how Internet routing tables converged around the issues. They did a preliminary analysis using ICMP for latency measurements, but kick the analysis up a notch here, using traceroute data to study the new paths and ASNs involved. - Ethan

This post explains the interference issue that can be experienced if you attempt to use a channel in the 5GHz spectrum that’s also being used by radar nearby. The wireless tech in question Dynamic Frequency Selection (DFS).

“The DFS process is all about detecting when a radar facility is nearby and ensuring that any Wi-Fi devices can't interfere.

The Access Points spend some of their time off-channel scanning and if they hear radar (and they are on a DFS channel), they will decide to go off channel, for a period of 45 - 60 seconds. This is a programmed feature to allow Wi-Fi to make use of the same spectrum as a radar, but try not to either interfere with it - or be interfered by it.”

The article goes on to explain the user experience if the AP they connect to is using a channel that requires DFS to run. Not seamless. - Ethan

Let’s Encrypt, the non-profit certificate authority, will roll out support for certificates with a 6-day lifecycle, as well as the ability to include an IP address in addition to a domain name in a certificate. The 6-day cert is most interesting to me. Let’s Encrypt says short-lived certs are better for security. Typically if a private key is compromised, a certificate has to be revoked.

Let’s Encrypt writes “​​Unfortunately, certificate revocation doesn’t work very well. This means that certificates with compromised keys (or other issues) may continue to be used until they expire. The longer the lifetime of the certificate, the longer the potential for use of a problematic certificate. The primary advantage of short-lived certificates is that they greatly reduce the potential compromise window because they expire relatively quickly. This reduces the need for certificate revocation, which has historically been unreliable.”

Certs with a 6-day lifespan will be available starting in February. And if you want to know more about how to protect your certificate infrastructure, Packet Protector recently released an episode with Ed Harmoush on Certification Authority Authorization (CAA) and Certificate Transparency (CT). - Drew 

MORE INDUSTRY NOISES

DYSTOPIA IRL 🐙

TOO MANY LINKS WOULD NEVER BE ENOUGH 🐳

  1. List of IP version numbers - Wikipedia

  2. IP-over-Toslink - KittenLabs

  3. Network activity visualizer (maker project) - Hackster.io

  4. Das Blinkenlights! (maker project) - Roving Dynamics Ltd

  5. What if you tried hard? (2024) - Aaron Francis

  6. How to disappear completely (disappearing content problem) - The Verge

  7. Be careful with introducing AI into your notes - Juha-Matti Santala

  8. Model 777 (stunning 1:60 model of Boeing 777-300ER from manila folders) - Luca

  9. extraDock - Create more docks for macOS ($4.99)

  10. NASA’s Parker Solar Probe has survived the closest-ever Sun flyby - The Verge

LAST LAUGH 😆

Apologies to the IPv6 Buzz podcast crew…