- Human Infrastructure
- Posts
- Human Infrastructure 406: De-Hyping AI, Design Like Bandwidth Is Scarce, and More
Human Infrastructure 406: De-Hyping AI, Design Like Bandwidth Is Scarce, and More
THIS WEEK’S MUST-READ BLOGS 🤓
Should we design for iffy internet? - bytes.zone
https://bytes.zone/posts/should-we-design-for-iffy-internet/
TL;DR. Yes.
My addendum. FOR THE LOVE OF ALL THAT’S HOLY…YES! PLEASE DEVS, STOP DESIGNING YOUR APPS AS IF EVERYONE IS ON YOUR GIGABIT LAN!
Sorry about that. As you were, everyone. I’ve been fighting this issue since the 90’s, but not much seems to change. So let’s keep cramming those huge web payloads down latent, jittery, tiny pipes. It’ll be fine. Your users can wait. They need to learn patience anyway. And honestly, I love it when my phone browser crashes because of all the crap being shoved into it. Reminds me to put the binky down and get a life. - Ethan
One of my favorite “de-hype” articles about AI & agents I’ve read. Delicious sarcasm.
“I've recognized the potential LLMs bring with a productive mindset. Think: "Aha, so what new things could I now automate?" instead of "Let's cut half of the workforce due to this paradigm shift in civilization and go all-in on the company which writes 'AI' the most on their front page". The former is pragmatic and is ironically enough more likely to cause a paradigm shift in civilization. The latter a subjective hype-fest based on sci-fi novels and tech-bros smoking weed on podcasts.” - Ethan
OCSP and Certificate Mapping for Cisco Routers - Send The Payload
https://sendthepayload.com/ocsp-and-certificate-mapping-for-cisco-routers/
Valid certs are essential for VPNs. Katherine McNamara walks through how to use Cisco’s Online Certificate Status Protocol (OCSP) to help you check certificate validation on Cisco routers. A handy blog! - Drew
Docker Networking with Zabbix Proxies - Majornetwork
https://majornetwork.net/2025/06/docker-networking-with-zabbix-proxies/
Zabbix provides monitoring software for networks, clouds, containers, and other use cases. In this post, Markku walks through four scenarios for working with Zabbix proxies and Docker containers. - Drew
Is Cisco Live Still The Place To Be - The Networking Nerd
https://networkingnerd.net/2025/06/17/is-cisco-live-still-the-place-to-be/
Tom Hollingsworth offers a sort of eulogy for tech social media as a way to organize people and bring them together both online and then in person at tentpole events such as Cisco Live. Those days are gone, as evidenced by a muted meetup at an unsociable “Social Lounge” at CLUS 2025. Tom writes “Things have shifted. It’s not that social isn’t a component of things. It’s that social was practically absent and no one noticed.” But he also believes that community will still find a way because “People matter. They always will. And the people are greater than everything.” - Drew
Setting and Changing Static WAN IP Addresses on the Juniper SSR - Bryan Ward
https://bryanward.net/wp/2025/06/16/setting-and-changing-static-wan-ip-addresses-on-the-juniper-ssr/
Bryan writes “if your ISP has assigned a Static IP Address, you’ll need to know how to set that on the SSR using the console port before it will be able to phone-home to the Mist cloud.” He walks through the configurations needed to make that happen. - Drew
MORE BLOGS
How I Passed the AWS Certified Security – Specialty (SCS-C02) Exam in 2025 - The Hidden Port
How to modify Starlink Mini to run without the built-in WiFi router (hardware hacking) - Oleg Kutkov Personal Blog
Start your own Internet Resiliency Club - Bow Shock Systems Consulting
The Promised LAN - Notes From PaulTag
Networking Basics with Docker Compose - Nick Janetakis
Bypassing Internet Censorship Using SSH (2023) - Zola’s Blog
![]() | ![]() |
TAKE YOUR PACKET PUSHERS SWAG ON VACATION!
The Packet Pushers Merch Store has tees, sweatshirts, hats, hoodies, mugs, and more. Like Eric Chou, host of Network Automation Nerds, you can bring your favorite show on the road this summer!
https://store.packetpushers.net/
TECH NEWS 📣
The New AI Networks | Ultra Ethernet UEC | UALink vs Broadcom Scale Up Ethernet SUE - SemiAnalysis
https://semianalysis.com/2025/06/11/the-new-ai-networks-ultra-ethernet-uec-ualink-vs-broadcom-scale-up-ethernet-sue/
This piece is primarily a summary of the key pieces of the initial UEC specification, which weighs in at over 500 pages. A couple of key points should you find yourself involved with an AI data center build that’s going to leverage UEC …
UEC relies on NICs primarily. You can use the switches you have, assuming they support modern explicit congestion notification (ECN). That is, you don’t have to buy Ultra Ethernet switches.
UEC’s congestion control mechanism, arguably the point of all this, is UEC-CC. You use UEC-CC by itself. UEC-CC replaces data center flow control mechanisms you might be familiar with. “The widely used older methods RoCE and DCQCN will degrade UEC-CC performance because, unlike UEC-CC, they do not directly update flow control to match the actual location of a flow problem. PFC (Priority Flow Control) is unnecessary and must be disabled between switches, where it can block valid flows. It is also deprecated where NICs connect to switches, as it lacks UEC-CC’s precision and may over-reduce flows. Credit Based Flow Control is similarly deprecated due to interference with UEC-CC.”
There’s plenty more to consider on the click, including a comparison of UEC with competing technologies like Ultra-Accelerator Link (UALink) and Broadcom’s Scale-Up Ethernet (SUE). - Ethan
Broadcom Tomahawk 6 Launched for 1.6TbE Generation - ServeTheHome
https://www.servethehome.com/broadcom-tomahawk-6-launched-for-1-6tbe-generation/
Patrick Kennedy reports, “Broadcom is launching its next-generation of switch ASICs with the Broadcom Tomahawk 6 series. This is a new 102.4Tbps switch that can handle up to 64 ports of 1.6TbE. Yes, we are now replacing the “Gigabit” with the “Terabit” Ethernet port era. The two new ASICs, the Broadcom BCM78910 and BCM78914 offer two different configurations for different applications.”
So much bandwidth that it’s genuinely difficult to get one’s head around. Lots more detail on the Broadcom announcement on the click. As I understand it from chatting with folks at Juniper and elsewhere, it will be a couple more years before we see 1.6Tbps Ethernet on the market, so you have some time to get your nuclear power plant online first. - Ethan
Cybersecurity takes a big hit in new Trump executive order - Ars Technica
https://arstechnica.com/security/2025/06/cybersecurity-take-a-big-hit-in-new-trump-executive-order/
One problem with a US president making policy via executive orders is that they aren’t as durable as laws passed by Congress. A new president can amend or dismiss any and all executive orders issued by previous administrations just by issuing a new executive order.
As a case in point, Ars Technica walks through changes to cybersecurity EOs issued under the Biden administration that are now being amended by Trump. Like the Reverse card in a game of UNO, Trump is dropping or relaxing requirements around some sensible security measures. This includes a mandate that federal agencies and contractors adopt quantum-safe encryption products, and removing a requirement that the Commerce Department work with NIST to publish guidance for government networks and service providers that work with government networks to implement RPKI, a standard to limit the risk of route leaks and BGP hijacking.
We know US government networks are being successfully targeted by nation-state actors, among others, so it seems odd to want to walk back these kinds of orders intended to strengthen them. - Drew
AWS locks down cloud security, hits 100% MFA enforcement for root users - The Register
https://www.theregister.com/2025/06/17/aws_enforces_mfa_root_users/
In contrast to the federal government (see above) AWS claims it reached a significant security milestone: that root users of every account across AWS is now using Multi-Factor Authentication (MFA). MFA is a reasonable security practice and can help limit the damage from problems such as stolen credentials. AWS also reinforced its commitment to Secure By Design, a program championed by the US Cybersecurity and Infrastructure Security Agency (CISA). Secure by Design is a set of principles that “prioritize the security of customers as a core business requirement” and organizations can voluntarily pledge to implement those principles. - Drew
MORE TECH NEWS
Agentic AI for networking: Catalyst or distraction? - Search Networking by TechTarget
Vandals cut fiber-optic lines, causing outage for Spectrum Internet subscribers (they thought it was copper) - Ars Technica
VMware drops the lowest tier of its partner program – except in Europe - The Register
Amazon joins the big nuclear party, buying 1.92 GW for AWS - TechCrunch
Enterprise AI adoption stalls as inferencing costs confound cloud customers - The Register
FOR THE LULZ 🤣

RESEARCH & RESOURCES 📒
I first heard about Temporal at the AutoCon3 network automation conference, where Naveen Achyuta presented on it. My summary of that talk is on LinkedIn here.
In short, Temporal is a workflow engine that takes on state tracking, interruptions, and so on for you so that you don’t have to handle all of those exceptions in your code. Ergo, a “durable execution platform”. There are both paid and open source flavors.
Lots of network automation use cases for Temporal. - Ethan
Magic Wormhole - magic-wormhole via GitHub
https://github.com/magic-wormhole/magic-wormhole
One of those projects that’s been around forever, but I don’t think I’d run into it before. From the README.
“Get things from one computer to another, safely.
This package provides a library and a command-line tool named wormhole, which makes it possible to get arbitrary-sized files and directories (or short pieces of text) from one computer to another. The two endpoints are identified by using identical "wormhole codes": in general, the sending machine generates and displays the code, which must then be typed into the receiving machine.
The codes are short and human-pronounceable, using a phonetically-distinct wordlist. The receiving side offers tab-completion on the codewords, so usually only a few characters must be typed. Wormhole codes are single-use and do not need to be memorized.”
Docs here. - Ethan
MORE RESOURCES
Flowhawk: eBPF-powered Network Security Monitoring Platform - alexhraber via GitHub
tcpulse: TCP/UDP load generator written in Go - yuuki via GitHub
h2tunnel: TCP over HTTP/2 - Alexei Boronine
INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬
Meet Containerization (video) - Apple Developer
https://developer.apple.com/videos/play/wwdc2025/346/
https://github.com/apple/container
Announced at the somewhat underwhelming 2025 WWDC, Apple has released containerization tooling for macOS. You can download the tool from GitHub.
From the README. “Container is a tool that you can use to create and run Linux containers as lightweight virtual machines on your Mac. It's written in Swift, and optimized for Apple silicon.
The tool consumes and produces OCI-compliant container images, so you can pull and run images from any standard container registry. You can push images that you build to those registries as well, and run the images in any other OCI-compliant application.” - Ethan
Sandfly Security Collaborates with DigitalOcean on Agentless Linux Security for Modern Cloud Environments - Sandfly Security
https://sandflysecurity.com/blog/sandfly-security-partners-with-digitalocean
Sandfly Security offers agentless Endpoint Detection and Response (EDR) for Linux operating systems. It can also be used for forensics investigation, asset visibility, and other use cases for your Linux fleet. The company has partnered with Digital Ocean to be available as a Security Droplet within Digital Ocean’s infrastructure, making it easier for Digital Ocean customers to access the Sandfly product. - Drew
Network Security Climbs 12 Percent to $6.2 B in 1Q 2025 on 21 Percent Surge in Application Security & Delivery, According to Dell’Oro Group - Dell’Oro Group
https://www.delloro.com/news/network-security-climbs-12-percent-to-6-2-b-in-1q-2025-on-21-percent-surge-in-application-security-delivery/
Apparently Q1 of 2025 was a good time to be a network security vendor. The Dell’Oro Group says global revenues for network security hit $6.2 billion in the quarter, up 12% over this time last year. By market segment, ADCs and WAFs saw big growth (21%), while hardware firewall revenue was up 5 % and virtual firewall revenue jumped 27%. - Drew
Alcatel-Lucent Enterprise Expands Partnership with Versa to Enhance Enterprise Cybersecurity - EIN Newswire
https://www.einnews.com/pr_news/822634250/alcatel-lucent-enterprise-expands-partnership-with-versa-to-enhance-enterprise-cybersecurity
Alcatel-Lucent Enterprise is extending its partnership with SASE vendor Versa to, according to the press release “offer enhanced Zero Trust security at every network edge. This expansion of strategic collaboration brings more of Versa’s solutions and capabilities to ALE’s customers, including Secure SD-WAN and Zero Trust Network Access (ZTNA), complementing ALE's recognized LAN and WLAN network access control capabilities to address a broader range of secure connectivity use cases.” - Drew
MORE INDUSTRY NOISES
Leading European Telcos Build AI Infrastructure With NVIDIA for Regional Enterprises (file under “rent a sovereign GPU”) - NVIDIA Blog
DYSTOPIA IRL 🐙
The Russian people have essentially lost access to the internet - Hacker News
Signalgate 2.0 proves it - there’s no such thing as a “Backdoor for the Good Guys Only” - Tuta Blog (Tuta is a personal privacy vendor)
AI Scraping Bots Are Breaking Open Libraries, Archives, and Museums - 404 Media
TOO MANY LINKS WOULD NEVER BE ENOUGH 🐳
Fun with Telnet (2024) - Brandon Rozek
Sneakernet - Wikipedia
Norbauer Seneca review: a $3,600 luxury keyboard for the keyboard obsessed - The Verge
A tour of AT&T's Network Operations Center (1979) - AT&T Archives via YouTube
What It’s Like to Be a Woman at a Tech Conference (2017) - Chloe Condon via Medium
Unprecedented optical clock network lays groundwork for redefining the second - phys.org
After 20 Years, the Globally Optimal Boggle Board - danvk.org
Iceland adopted the 4-day workweek in 2019, nearly 6 years later, all the predictions made by Generation Z have come true. - Info Culture
LAST LAUGH 😆

Shared on the Packet Pushers Community Slack by Kaj.