• Human Infrastructure
  • Posts
  • Human Infrastructure 418: Workslop, Ansible For NetEng, Nornflow, 2x Critical Cisco CVEs w/ RCE

Human Infrastructure 418: Workslop, Ansible For NetEng, Nornflow, 2x Critical Cisco CVEs w/ RCE

Plus blowing up asteroids. For science.

AuthorAuthor

Drew Conry-Murray & Ethan Banks
September 25, 2025

THIS WEEK’S MUST-READ BLOGS 🤓

The AT Protocol (or ATProto if you’re into the whole brevity thing) is a protocol and standard for decentralized social networking. Its best-known use case is probably the Bluesky social media platform (follow me there @drewcm.bsky.social if you like). Because ATProto is decentralized, one of its principles is that you should be able to host your own user data repository (called a PDS) or migrate your PDS from one hosting provider to another as you see fit. This blog provides detailed steps for PDS migration when a hoster isn’t as cooperative as you might hope for. - Drew 

This post provides a useful formula to help you figure out a reasonably credible risk metric around prompt injection attacks. This formula could be useful if you’re trying to budget for AI and LLM security, or you need to go to the business with some numbers to get more budget. - Drew 

Not only did Nvidia get an approximately 4% stake in Intel with its $5 billion investment, it likely also bought some political goodwill with the Trump administration. This post says “In an era of heightened geopolitical tensions and a strong emphasis on domestic manufacturing, securing favor with Washington is a critical business objective.” I agree with that assessment. 

The post also says “​​This move provides Nvidia with valuable political cover at a time when big tech consolidation is under intense regulatory scrutiny…” I disagree with that assessment. The current administration doesn’t care about tech consolidation or regulations broadly applied. Its modus operandi is purely transactional: what can I get from you right now? So $5 billion might buy some temporary favor, but I wouldn’t bet this is the last transaction Nvidia has to make. - Drew

A handy overview of various Linux certs, some vendor-neutral and some not. Each cert is listed along with the sorts of things you’re likely to care about when evaluating a certification, including…

  • Price

  • Format

  • Prerequisites

  • Focus

  • Salary range

  • Best for

  • Recertification

I feel Linux certs are useful for network folks. You’re almost certain to run into Linux in day to day operations, and lots of open source software is happiest in a Linux environment. Pursuing one of the simpler certs from this list might be a good way to get your head around this ubiquitous operating system and way of doing things if you’re unfamiliar. - Ethan

Dave Hall points out the problem of LLMs generating bad Terraform code, which engineers take and then publish as a valid answer, which the LLMs then train on resulting in Terraform code that’s even worse. This cycle of the blind leading the blind is a reference to model collapse.

What to do? Dave opines, “First we stop publishing bad Terraform. We need to improve the quality of the training data the bots consume.

Have someone competent review your Terraform. No GitHub Copilot reviews don’t count. It doesn’t do a great job of reviewing Terraform. I suspect this is because it is using the same bad training dataset that generated the bad Terraform.

The low hanging fruit should be caught by a linter. I started the “Dave says” TFLint ruleset to enforce some of the basics. The rest needs a human. Microtica’s Infrastructure Code Review Guide provides a good starting point for the types of questions you should be asking during a peer review.”

The larger point to me is that this isn’t just a Terraform problem. Any of us writing any sort of code need to be careful to only publish product that’s known to be good. At least until all the foundation models in the world are so good they can’t possibly be wrong. Hmm… - Ethan

MORE BLOGS

Unlock Faster AI-Powered Security Insights
Don't let massive network data slow down your threat detection.

Our NetFlow Optimizer supercharges your AI-native security by intelligently reducing and enriching raw NetFlow data into high-quality intelligence. This empowers your AI to identify subtle anomalies and predict threats more accurately, without data overload.

Imagine: eliminating redundancy, aggregating flows, and reconstructing conversations for a complete view. Beyond reduction, we enrich data with application identification, geolocation, user details, threat intelligence, and VM names. This context-rich data fuels your AI, enabling it to learn normal network behavior and pinpoint malicious activity precisely.

Seamlessly integrate your optimized NetFlow data with your SIEM and monitoring systems, creating a central security hub. Detect and respond to sophisticated threats faster and more effectively.

With our NetFlow Optimizer, you're not just collecting data – you're unlocking the full potential of your AI-powered security, staying one step ahead of evolving threats.

TECH NEWS 📣

This article shares results from an ongoing survey about the prevalence of AI-generated “workslop” in the workplace. The article defines workslop as “AI generated work content that masquerades as good work, but lacks the substance to meaningfully advance a given task.”

Workslop is bad for productivity because it forces the recipient to spend extra time and effort to figure out what’s useful, what’s not, and what’s outright fake. 

This problem isn’t new. Much of our professional time is already consumed by ancillary work that don’t meaningful advance a given task: checking email, attending meetings, keeping up with corporate chats, and so on. And we’ve always had to spend mental energy sorting ham from spam, be it in an email, a report, in vendor documentation, and so on.

Maybe what’s new here is the potential for LLMs to crank up the velocity and volume of workslop and the ancillary work it will generate (like sending a bunch of emails to set up meetings to discuss writing a policy to deal with workslop). Perhaps there’s a business opportunity for a startup to build an AI that can filter AI-generated workslop. They could call it ‘Ouroboros.’ - Drew 

Wired Magazine used to be a cheerleader for Silicon Valley. These days, the scales have fallen from its editorial eyes. Case in point is this piece from Steven Levy, who for decades has reported on and written books about Silicon Valley, the technologies it spawned, and its culture.

In this essay, or perhaps eulogy, Levy tries to figure out how an industry that championed ideals of connection and creativity and not being evil turned into “pernicious behemoths who enshittify their products to extract more profits.” I think it’s a simple diagnosis: they either never meant what they said, or those ideals were eroded by extreme wealth and the power and privileges that come with it. They like their power and money, they don’t like constraints or responsibilities, and they behave accordingly.  - Drew

A story about the Léon Thévenin, “the only cable repair ship permanently stationed in Africa” and her crew. These folks are among the very few supporting the African continent with the knowledge to splice cables and otherwise maintain the fiber optic strands lying on the ocean floor. - Ethan

Here’s the key data on this attack. “Saturday's problems were centered on MUSE software made by Collins Aerospace, which provides systems for several airlines at airports globally, airports said.

RTX (RTX.N), Collins Aerospace's parent company, said it was aware of a "cyber-related disruption" to the software at selected airports, without naming them.

Heathrow Airport said it was among those affected. Brussels Airport and Berlin Airport were also affected, they said separately. Hours later, Dublin Airport said it was also facing minor impact from the issue, along with Cork Airport, Ireland's second biggest after Dublin.

"The impact is limited to electronic customer check-in and baggage drop and can be mitigated with manual check-in operations," RTX said in an emailed statement, adding that it was working to fix the issue as quickly as possible.” - Ethan

MORE NEWS

FOR THE LULZ 🤣

RESEARCH & RESOURCES 📒

Ivan Pepelnjak has made most of his Ansible training available for free. Go get some! - Ethan

André Lima reports in the README as follows. “NornFlow is a lightweight workflow orchestration framework built on top of Nornir, bringing structure and predictability to network automation projects.

NornFlow bridges the gap between development and operations teams by providing:

  • A structured workflow system for organizing Nornir tasks into reusable automation flows

  • A declarative YAML interface for defining complex automation sequences

  • A command-line interface for running individual Nornir tasks or complete workflows

  • A variable system with multi-level precedence for flexible customization”

André states that Nornflow is beta right now. Wield accordingly. - Ethan

From the README. “NetHtop++ is a real-time network inspection and response console built for operators, analysts, hackers, blue teamers, red teamers, and those who need to know what the hell is going on — fast. Inspired by htop, but for sockets and flows, NetHtop++ fuses multiple tools into a single, powerful, terminal-native battlefield command interface.”

I fired this up on an old Mac running Ubuntu 22.04 LTS with Python 3.10.12, and it worked fine. I didn’t have a lot of processes running on the box, but enough to get a sense for NetHtop++. Kinda cool. - Ethan

An offensive security tool written in Go that you are encouraged to use responsibly. From the README. “Valkan is a real and powerful tool, designed specifically for legitimate network scanning and vulnerability exploitation in controlled and authorized environments. Its usage is strictly limited to offensive security testing, ethical hacking, and auditing with explicit permission from system owners.”

I curl’ed the binary down to a Ubuntu 22.04 box, and Valkan ran with no trouble. The primary language is Portuguese, though. Just in case you’re spoiled like I am and are used to everything being in English. 😊 - Ethan

MORE RESOURCES

  1. OpenTaco (CI/CD orchestrator for Terraform) - Team Digger

  2. Elephantshark (decrypt, re-encrypt, and analyze Postgres traffic) - neondatabase-labs via GitHub

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

You probably wanna read up on these to see if you’re affected. We don’t report on too many security vulnerabilities because the list never ends. But these seem…special. You do have to have certain features configured, and not all of you will. These related vulnerabilities aren’t that special. But…the situation ain’t good, and Cisco doesn’t have any workarounds to offer yet.

I hope none of you are in for long weekends. - Ethan

A networking startup called Upscale AI has launched with $100 million in seed funding to get the company off the ground. According to the launch press release, the company will develop “silicon, systems, and software for ultra-low latency networking, enabling breakthrough performance and scalability for AI training, inference, generative AI, edge computing, and cloud-scale deployments.” In other words, they aim to bring new networking hardware and software to market aimed at AI infrastructure.

The company says its portfolio will be built using the open-source SONIC network OS and Switch Abstraction Interface (SAI) and will support Ultra Ethernet Consortium standards. Breaking into the network hardware market is a tough business, but given the crazy amounts of money being thrown at AI infrastructure, the conditions for an exit or acquisition are probably the best they’ll ever be. - Drew

Ties de Kock contributes, “Have you heard about MRT dumps, but never tried to use them because the bar seems too high? Or are you tired of doing “parse -> grep -> process” every time you touch BGP MRT dumps? This hands-on guide shows how to load RIS/RouteViews data into ClickHouse - covering tools, schema, and example queries - so you can explore prefixes, paths, and more with fast, ergonomic SQL.” - Ethan

Cisco is arguing that as more and more AI agents get deployed on networks to perform operations tasks, existing network architectures aren’t well-suited to support bursty, east-west traffic that demands near-instantaneous responses. The solution? A new architecture built on new Cisco switches, routers, and APs that provides a microsecond-latency fabric. Of course, you probably could’ve guessed that answer. That said, the blog may still be worth reading to help you consider the implications of AI agents running wild on your network. - Drew 

Android is adding support for DHCPv6 Prefix Delegation, which will allow Android to extend IPv6 addressing to things like wearable devices, tethered laptops, VMs, and more without having to employ NAT, which added complexity and drained batteries faster. The blog says “This truly realizes the potential of IPv6 to allow end-to-end, scalable connectivity to an unlimited number of devices and functions, without requiring NAT. And because the prefix is assigned by the network, network operators can use existing DHCPv6 logging infrastructure to track which device is using which prefix.” Thanks to Ed Horley of the IPv6 Buzz podcast crew for suggesting this post.  - Drew

TL;DR. Here are the core reasons cited in the piece, which seem about right to me.

  1. Dominance in AI and machine learning

  2. Strength in data science and analytics

  3. Syntax that’s simple and scalable

  4. A mature and versatile ecosystem

  5. Community support and shared knowledge

  6. Cross-domain versatility

The reasons are backed in part by data reported in the State of Python 2025. - Ethan

MORE INDUSTRY NOISES

TOO MANY LINKS WOULD NEVER BE ENOUGH 🐳

LAST LAUGH 😆

Shared on Reddit at r/programmerhumor