• Human Infrastructure
  • Posts
  • Human Infrastructure 421: SSH Key Setup, Inside CDNs, Toying with In-Flight Wi-Fi, and More

Human Infrastructure 421: SSH Key Setup, Inside CDNs, Toying with In-Flight Wi-Fi, and More

AuthorAuthor

Drew Conry-Murray & Ethan Banks
October 16, 2025

THIS WEEK’S MUST-READ BLOGS 🤓

David Henderson built a Python script for setting up and configuring SSH keys so he wouldn’t have to keep looking up how to do it. He’s made the script available as an open-source resource. This post has the link to the script and provides more background and detail about what it does and how it works. - Drew 

I wish I had found this post before October 1st, but better late than never. Jim Jones writes about his plans to spend the month of October away from social media. Why? Too much doom scrolling and brain rot. By ditching social media for a month, his plan is to read more long-form works (including a re-read of The Phoenix Project), catch up on some tech learning, prepare for a speaking engagement, and watch a little TV. Frankly, I appreciate that he includes the TV part; we don’t always need to be hyper-optimizing our time or enhancing our productivity. It’s OK to relax!

In any case, there’s two weeks to go if you want to join Jim in an Offline October. For me, I’m going to try to stay off Bluesky and Reddit until the first of November. - Drew

This short entry in the BGP.tools knowledgebase explains that something we all take for granted—everyone can reach everyone else on the Internet—isn’t always true. Sometimes, ISP are upset with each other and won’t transit traffic across each other’s networks. If this happens, it could be that two networks can’t reach each other, with hilarity ensuing.

The article continues, “While these disputes have happened several times in the past, they are usually limited to short periods of time and are resolved relatively quickly. Unfortunately, for IPv6, this has not been the case: two of the largest ISPs, Cogent and Hurricane Electric, do not – and have not, for several years – been able to reach each other on IPv6.”

There’s no timestamp on this article, so I’m not sure of this Cogent/HE v6 reachability problem is still an issue in 2025. The fact that Internet reachability due to ISP disputes is a potential problem outside of governmental “great walls” was my TIL of the day. - Ethan

CDNs have been on my mind lately, as the CDN Packet Pushers uses to distribute our podcasts to all of you nice people let us down recently, serving a file from an entirely unrelated podcast in place of the actual episode we published. While I understand that things happen in the digital realm that most of us reading are caretakers of, the issue did get me to thinking…what would it take to build my own CDN?

Okay…while building my own CDN (at least for production purposes) is a manifestly silly idea, I am reviewing the CDN market to see what’s out there these days. Looking at you, Vultr. Your $10/mo + bandwidth both calls to and scares me…

Anyway, as luck would have it, Dustin Demers wrote this short summary article explaining the point of CDNs and how they do what they do. Thanks! Dustin’s been writing up a storm, by the way. You might like to follow his ctrlaltroute.com. - Ethan

Ramsay explains how he was able to use a proxy on port 53 to bypass the restrictions of the Wi-Fi setup on a recent airplane trip. He needed the help of a friend not on the airplane, but got it done. The thinking process, diagrams, and useful output are all on display for you to ponder. Read this one for the education if proxies, ports, and tunneling are interesting but perhaps abstract concepts to you, especially if you find cybersecurity fascinating. You’ll walk away more knowledgable. - Ethan

Not all AI-based code generation implies vibe coding and the associated negativity. Ariel Pérez says, “The key point isn’t about different AI tools or approaches. It’s about understanding that AI multiplies whatever rigor you already apply. At low rigor, AI accelerates chaos. At high rigor, AI enhances quality and velocity. Your outcomes depend less on the tool and more on the discipline you bring to the process.

Most teams using AI tools responsibly aren’t vibe coding at all—they’re operating in entirely different regions of what I see as the AI development matrix. Understanding where you sit on this matrix determines whether AI becomes a superpower or a disaster.”

He goes on to explain his position, and I think he strikes the right balance. - Ethan

MORE BLOGS

Deploy Bravely


Pursue your ideas fearlessly with the world’s most comprehensive AI security platform safeguarding your innovation. Prisma AIRS by Palo Alto Networks ensures your innovations radiate hope, not risk. Be a Genius. Deploy Bravely.

TECH NEWS 📣

Initially, the breach was thought to have impacted only 5% of the firewall configuration backups. Nope. The bad guys got all the configs. Seems like something you should be aware of if you’re a Sonicwall shop. If your policy is weak, they’re gonna know. - Ethan

The bad guys got hold of BIG-IP (F5’s core load balancing code), and would have been able to see not-yet-public vulnerabilities in the codebase that F5 was working on fixing. Some customer related config info was stolen as well, “for a limited number of customers.”

If you’re one of those customers, F5’s gonna ping you. F5’s also issued patches for all those previously undisclosed vulnerabilities, so upgrading your BIG-IP boxes probably just moved up on your priority list. Sigh. - Ethan

How big was it, Ethan? Well! Pretty freaking huge. Brian says that ~300K hosts have been used in an escalating series of DDoS attacks.

“In May 2025, KrebsOnSecurity was hit with a near-record 6.35 terabits per second (Tbps) attack from Aisuru, which was then the largest assault that Google’s DDoS protection service Project Shield had ever mitigated. Days later, Aisuru shattered that record with a data blast in excess of 11 Tbps.

By late September, Aisuru was publicly flexing DDoS capabilities topping 22 Tbps. Then on October 6, its operators heaved a whopping 29.6 terabits of junk data packets each second at a targeted host. Hardly anyone noticed because it appears to have been a brief test or demonstration of Aisuru’s capabilities: The traffic flood lasted less only a few seconds and was pointed at an Internet server that was specifically designed to measure large-scale DDoS attacks.”

Brian’s piece goes on to detail the havoc Aisuru has been wreaking on the Internet at large in recent months. - Ethan

TL;DR. While the exact problem is not clear the me, the root cause of the outage seems to have been BGP. All routes from AS25135 were withdrawn from the global routing table during the outage. What caused the routes to be withdrawn? That’s the interesting bit we all want to know so we don’t do the same thing. AFAICT, that series of unfortunate events is not public knowledge yet. If you know differently, please let me know! - Ethan

MORE NEWS

FOR THE LULZ 🤣

RESEARCH & RESOURCES 📒

Jennifer Minella (my co-host on the Packet Protector security podcast) presented on “Invisible Threats and Wi-Fi Missteps” at the Wireless LAN Professionals Conference 2025 in Prague. She shares the slide deck from her presentation (a video of it should be up soon on the WLP YouTube channel). The slides cover issues including invisible SSID misconfigurations, RADIUS fails, vendor fails regarding Wi-Fi 7 security, and more. The deck is both informative and funny, so check it out. - Drew  

Networking vendor Selector has been using AI to do novel things in network operations. They had a gathering in NYC a couple of weeks ago that I attended, and presented a series of talks. If Selector as a vendor is interesting to you, watch them all if you’ve got the time. (And listen to the shows they’ve sponsored with us, of course.)

If you don’t care about Selector one way of the other but are interested in AI’s usefulness for network operations, going from my memory, you should find at least these two talks engaging.

  • Upgrading the Network Engineer's Toolbelt by Du'An Lightfoot - Du’An covers several AI-related tools that you can put to use in your network operations work.

  • The AI Behind Networking by Surya Nimmagadda - Surya is the Chief Data Scientist at Selector. He discusses the various AI models and techniques that are used to deliver Selector’s product. Even if you don’t care about Selector, you’ll learn a LOT about what it takes to effectively use a variety of AI methods to ingest events in real-time, detect anomalies, surface issues, determine root cause, and interact with that data using natural language. It’s not all about LLMs. I spoke at length to someone (who did not work for Selector) at the event afterwards who was especially impressed by this talk because of how transparent it was. Also, Surya was bombarded with questions from the audience throughout his talk, and answered nearly all of them.

Enjoy! - Ethan

MORE RESOURCES

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

Ostinato bills itself as a “traffic generator for network engineers.” It’s been a resource for networking for a long time, and Srivats P has been on the Packet Pushers network from time to time chatting about it.

Srivats’ fine work continues with the 2.0 release. LOTS to take in here, which you can review at the changelog page. - Ethan

Siemens has launched a new security platform for OT devices called SINEC Secure Connect. It creates overlays to establish secure connections among OT devices, as well as connections to cloud and data center resources, without the need for a VPN client. From the release: “The platform establishes end-to-end encrypted, identity-verified connections between authorized devices while protecting industrial systems from unauthorized external access. Unlike traditional VPN approaches that create broad network access, SINEC Secure Connect implements granular, policy-based controls that prevent lateral movement… .” - Drew

Big freaking router alert. The point of Cisco’s 8223 is for interconnection of AI data centers.

Emphasis mine. “The Cisco 8223 is a power-optimized fixed router, making it ideal for environments with limited power. With 51.2 Tbps of capacity and high programmability, it gives organizations maximum flexibility to adapt to evolving networking needs. Supporting both Octal Small Form-Factor Pluggable (OSFP) and Quad Small Form-Factor Pluggable Double Density (QSFP-DD) optical form factors, the 8223 is purpose-built to connect geographically dispersed AI clusters. In an era where AI model training and inferencing require seamless interconnectivity and massive data throughput, the 8223 stands out with its ability to provide consistent, high-bandwidth, low-latency communication across multiple data centers.”

It’s also got the Silicon One P200 inside, deep buffers, MACsec support, coherent optic support, and runs a variety of operating systems. Cisco highlighted SONiC and future support for IOS-XR.

The Cisco 8200 series data sheet is here with more detail on the entire line, including the 8223. - Ethan

Arelion is adding a DDoS protection option to its Direct Internet Access (DIA) and IP transit services. Arelion says the service can detect DDoS attacks, including volumetric attacks, and then use BGP Flowspec for mitigation. Flowspec is a BGP extension that can quickly distribute traffic filters and rate limiting rules via BGP. Arelion’s press release says the use of Flowspec “provides Arelion's customers with more granular DDoS mitigation than brute-force defenses, such as blackholing, without adding implementation complexity.” - Drew 

MORE INDUSTRY NOISES

DYSTOPIA IRL 🐙

TOO MANY LINKS WOULD NEVER BE ENOUGH 🐳

LAST LAUGH 😆

Shared by Kaj, a wellspring of memes, via the Packet Pushers Slack channel.