• Human Infrastructure
  • Posts
  • Human Infrastructure 399: Hey Chatbot, Does This Newsletter Make Me Look Fat?

Human Infrastructure 399: Hey Chatbot, Does This Newsletter Make Me Look Fat?

AuthorAuthor

Ethan Banks & Drew Conry-Murray
May 01, 2025

THIS WEEK’S MUST-READ BLOGS 🤓

Casey Newton writes about chatbots that tell their human users what they want to hear, whether or not it’s true or valid. Chatbot developers do this on purpose because it increases user engagement and revenue. Casey writes: 

A series of recent, invisible updates to GPT-4o had spurred the model to go to extremes in complimenting users and affirming their behavior. It cheered on one user who claimed to have solved the trolley problem by diverting a train to save a toaster, at the expense of several animals; congratulated one person for no longer taking their prescribed medication; and overestimated users’ IQs by 40 or more points when asked.”

A sycophantic chatbot that endorses your ideas or behaviors regardless of circumstance could certainly be problematic. But another sentence in this post jumped out at me:

By upvoting all their compliments, and giving a thumbs down to their criticisms, we are teaching LLMs to conceal their honest observations.”

It’s really hard to write about AI and LLMs without falling into the trap of ascribing intelligence, intention, and even empathy to something that has none of those things.

Chatbots don’t have “honest observations.” They also don’t have dishonest observations. Chatbots don’t tell white lies to boost your self-esteem or spare your feelings.

Chatbots don’t know anything about your feelings, or about truth, or about lies. Chatbots use statistical analysis, influenced by parameters such as weights, internal system prompts, and feedback, to arrange a string of tokens that best fit those parameters. To us, those strung-together tokens appear to be the responses of an entity possessed of reason. But it’s an illusion.

You know who can reason? The humans who devise the weights and internal prompts that influence how tokens are strung together. Those humans possess agency and intentions. And it’s their intentions we need to worry about. - Drew

Peter Welcher asks some questions and makes some predictions about the Network as a Service (NaaS) market. (In this case, NaaS means providing network connectivity in a service model, often for WAN or cloud use cases though not exclusively. There’s also a set of companies that position themselves as NaaS that provide LAN equipment and operations. That’s not this.)

Peter uses MegaPort and Graphiant as categorical examples here. If you’re considering NaaS as maybe an MPLS replacement, or to connect your data center to a public cloud, or other use cases, check out this post. - Drew  

Dave gets into various ways IPv4 & IPv6 addresses can be represented beyond the standard styles we’re used to. For instance, Dave points out that 192.168.140.255 is the same as 0300.0250.0214.0377 (octal) which is the same as 0xc0.0xa8.0x8c.0xff (hex) which is the same as 3232271615 (all 32 bits of an IPv4 address represented as a single integer instead of 4 integers separated by a dot).

Many (most?) tools that parse IP addresses can handle these various representations. Fun if you like to play the obfuscation game and impress your friends.

Dave has a lot of other examples and quirky corner cases worth browsing through. If you’ve always struggled converting base-10 (decimal) to other numbering systems, this piece will put some of the pieces together for you, assuming you can make the right inferences. - Ethan

Martin’s thread shares his experience of the massive electrical blackout experienced by much of western Europe this week. Poignant, demonstrating just how quickly the world changes when society loses basic services, including Internet connectivity.

Even with the mobile network starting to come back up, he observed the following.

“I went to stroll through the streets and check the connectivity down there. On the streets it was still pretty bad. Also I noticed a significant change in the composition. There were far less women on the streets and there were a lot more young men in small groups looking bored. If the outage persisted after sundown, looting would not surprise me and I discussed my observations with the hotel staff. It turned out they were way ahead of me concerning that curve and they had quietly started preparing for it.” Emphasis mine, and ouch. - Ethan

Today I learned what a “spudger” is. If you already know what a spudger is and why you might need to use it, you’ll enjoy traveling back in time with Jeff to a land of AppleTalk, StarControllers, plugging RJ11s into RJ45 ports, and how a spudger saved the day. If you don’t know what a spudger is, read the story and marvel at how LANs were put together in the old days. - Drew 

MORE BLOGS

Get ready for IaCConf: the first community-driven IaC virtual event

Join hundreds of DevOps and Platform Engineering leaders on May 15, 2025 for IaCConf 2025 - a FREE fast-paced, half-day virtual event. Discover new trends, learn from experts, and get hands-on with the future of Infrastructure as Code.

Hear from IaC and DevOps experts on the following topics:

  • AI impact on platform engineering

  • OpenTofu adoption and best practices

  • Best practices for IaC management

  • Using Ansible and Terraform together

And more!

Register for free virtual event today → IaCConf 2025 Registration

TECH NEWS 📣

It’s not often that you see Apple’s name associated with a widespread vulnerability. Security researchers discovered flaws in the SDK for Apple’s AirPlay, a feature that lets you stream music or videos or share photos with other devices, including non-Apple devices, such as TVs, wireless speakers, and so on. The bugs enable attackers on the same wireless network to hijack  and take over devices running AirPlay.

Apple has been rolling out updates to address the bugs. The challenge is that third-party devices also need to be updated, and if users aren’t aware, that could leave a lot of devices exposed. - Drew

If you’re buying or using anything created by Meta/Facebook, privacy’s probably not high on your list. Meta seems to be counting on this based on updated privacy terms for its glasses, which can take photos, record video, and capture speech. Under the new policy, AI features will be turned on by default. Tech Cruch reports “This means Meta’s AI will analyze photos and videos taken with the glasses while certain AI features are switched on. Meta will also store customers’ voice recordings to improve its products, without an option to opt out.”  You can delete voice captures, but you have manually erase each one via the glasses’ companion app. - Drew

This piece is from nearly a year ago, but caught my eye as it describes problems that we are seeing in some LLMs today. The idea is that if LLMs are used to generate text, and models are then trained on that LLM-generated text, the LLM output will degrade to the point of being unusable.

The piece explains the illustration above, walking through the training progressions that lead to the model collapse on the far right.

Model collapse is a clear and present danger in that there’s not enough training data out there anymore. As I understand it, one training technique is exactly what this article points out. AI generating more ever more copy (because more is better, right?) to train AI.

Now imagine training a model on, say, network device configs by using configs generated by another model instead of configs that were from a vendor reference guide or validated design. Codifying hallucinations, basically.😬 - Ethan

TL;DR. AI compute is expensive to rent in the cloud. Lots of resources required paired with high demand. So, lots of companies are building their own AI data centers to stay in control of their data and save some money. This echoes some of the talks I heard at the Data Center Dynamics Connect show in NYC about a month ago.

My take…AI data centers networks are a growing specialty. If you’re competent in this area, your skills are somewhat rare and probably in demand. Be keeping up with things like Ultra Ethernet, RDMA, RoCE, GPU-to-GPU communications, frontend vs. backend networks, co-packaged optics, and maybe even Infiniband. Also understand the offerings of companies such as Netris and Drut that are leaning into the needs of AI data center operators to supply multi-tenancy and composability.

On the other hand, keep a level head. The economy is a confusing thing right now, and there are mixed signals about AI buildouts…

- Ethan

MORE NEWS

FOR THE LULZ 🤣

Shared in the Packet Pushers Community Slack by Anton.

RESEARCH & RESOURCES 📒

From their front page. “Internet-in-a-Box “learning hotspots” are used in dozens of countries, to give everyone a chance, e.g. in remote mountain villages in India.

It works without internet — like a community fountain, but for the mind — wirelessly serving anyone nearby with a smartphone, tablet or laptop.

Now you too can put the internet in a box and customize it with the very best free content for your school, clinic or family!”

Options like Raspberry Pis and other very small form factors kits for well under $100. - Ethan

DHCP option 121 allows you to configure static routes on a host. This tool calculates the option values for your static routes. - Ethan

Excerpts from the README. “The firewall mark registry is a registry for software that uses the packet or connection mark features of Linux's packet filter system.

There are two registries, one for bitwise users and one for whole-mark users. Allocations apply to both packet mark and connection mark (connmark) uses, since the most common use of connmark is copying back and forth to/from packet marks.

Like most registries on the internet, this list is purely informative, and non-binding. It's attempting to document current uses, to help developers of new software pick some non-interfering values.” To get a sense of this, here’s the current Bitwise Mark Registry.

Network engineers might find this collection of data esoteric, but this was one of those “I didn’t know this was a thing” moments. So I thought I’d share. - Ethan

As applications become more cloud-centric, distributed and service-oriented, traditional system-centric monitoring is no longer enough.

Join Catchpoint CEO Mehdi Daoudi and GigaOm COO Howard Holton for an exclusive fireside chat as they discuss the Internet Performance Monitoring (IPM) Maturity Model and its role in guiding enterprises toward greater resilience and performance. Learn why organizations must rethink their approach to monitoring, key steps to maturing their digital strategy, and how businesses can stay ahead to deliver the experiences their users expect.

Key Takeaways:

  • Why traditional monitoring falls short in today’s cloud-centric environment.

  • The role of the IPM Maturity Model in assessing and advancing your organization's monitoring capabilities.

  • How to evolve from reactive to proactive monitoring and improve digital experience resilience.

  • Best practices for optimizing internet-dependent services and ensuring seamless user experiences.

  • Predictions for the future of performance monitoring and what IT leaders need to prepare for next.

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

Secure networking vendor NetFoundry has landed a $12M+ Series A venture funding round. What do they do? Check out a couple of our Packet Pushers podcasts for details on their OpenZiti offering upon which the NetFoundry commercial product is based.

While it’s been a while since I thought about the NetFoundry architecture, I remember it as a really different way to think about networking and making secure connections between applications—a platform and toolkit developers could take advantage of to bake secure connectivity and transport right into their apps. - Ethan

BeyondTrust, which provides privileged access management and identity management software, has announced a free assessment to help organizations understand attack surfaces related to identity. BeyondTrust says this assessment can help illuminate “paths to privilege” that attackers might exploit to gain privileges to corporate resources. The assessment connects to your identity infrastructure, including AD and Entra ID, Okta, and Ping. The assessment then delivers “a unified view of high-risk identities, unused accounts, and an understanding of how attackers could elevate privileges, facilitating informed decisions.” - Drew

Palo Alto Networks has announced a new offering, AIRS, that aims to help organizations address AI-related risks. AIRS capabilities include scanning of AI models for vulnerabilities, assessments of security posture such as excessive permissions for AI agents or potential exposure of sensitive data, and an AI red-teaming service that tests an organization’s AI tools against attacks such as prompt injection. The new offering also includes tools to protect against agentic AI threats such as impersonation. As AI adoption ramps up, get ready to see more of these kinds of offerings pouring out of the security industry. - Drew

Like swallows returning to San Juan Capistrano, the annual data breach report from Verizon Business is roosting in the inboxes and desktops of CISOs, analysts, tech journalists, and infosec podcasters. This comprehensive report serves as a kind of industry-wide security scorecard and trend tracker. Findings from this year include a 34% jump over last year in attackers exploiting vulnerabilities to gain a foothold into their targets, and a 44% increase in ransomware being present in breaches. You can get your own copy by clicking the link above in exchange for some contact details. (Do they have to be your contact details? That’s up to you.) - Drew

Usually when a blog title asks a provocative question, it’s meant as click-bait as it implies the answer isn’t as rhetorical as you think it is. Even so, I clicked as I don’t follow OTel all that closely, but I have been interested in it conceptually.

TL;DR. Yeah. You can do some infrastructure monitoring with OTel now. OTel’s not just for distributed tracing anymore. (The scope…it doth creep.) Observability vendor SigNoz points this out, as it’s a use case for their product.

Will OTel become useful for monitoring network infrastructure specifically? I wasn’t seeing that in this post, but I am at least curious to maybe poke at OTel and see what’s possible. - Ethan

MORE INDUSTRY NOISES

DYSTOPIA IRL 🐙

TOO MANY LINKS WOULD NEVER BE ENOUGH 🐳

LAST LAUGH 😆