Human Infrastructure 446: Bye Tim, Model Swapping, RPKI Exposure, and More

AuthorAuthor

Drew Conry-Murray & Ethan Banks
April 30, 2026

THIS WEEK’S MUST-READ BLOGS 🤓

Tony Mattke reviews the good and bad of Tim Cook’s tenure at Apple. The good includes huge revenue numbers and a corporate valuation in the trillions. Apple also made smart bets on building its own silicon and adding new revenue streams via services.  

The bad is that Apple is letting software quality slip. Not dramatically, but in small ways that add up to a larger problem. After describing a raft of software glitches across Apple’s portfolio, Tony writes “Each one of these, on its own, is just a bug. Together, they’re a culture.” 

Ouch! Tony’s post is a sharply observed diagnosis about where Apple is going wrong. We’ll see if the new CEO has the right treatment. - Drew 

Sasha walks through a series of vulnerabilities she uncovered in RIPE Web sites that would have allowed her to mess with RPKI settings for RIPE NCC, which covers Europe, the Middle East, and Central Asia. She writes “The impact of an RPKI compromise is fast and broad: connectivity drops before the cause is clear. RIPE Database compromise has a slower effect on routing, but allows hijacking that locks the legitimate owner out until RIPE NCC staff intervene.”

This post details how she uncovered the vulnerabilities, which started with a shared session cookie. Note that Sasha worked with RIPE to get these issues fixed before disclosing them. - Drew   

Gabor is a network engineer who’s also diving into the deep end of AI. In this blog he writes about what should have been a straightforward swap of one model for another in AWS Bedrock turned into a bit of a quest when the swap didn’t take. He shares how he tracked down and fixed the issue, and offers some advice on how to communicate with AWS to get the best support results. - Drew  

While the title is promising, Jeff’s post mostly expresses frustration in trying to get 10Gbps throughput. The problem? The ridiculous unpredictability in USB port speeds, which really, really matters when it comes to shoving full bandwidth through these new adapters. TL;DR. Make sure you’re plugging into a USB 3.2 Gen 2 2x2 20 Gbps port.

Lots more detail & nuance from Jeff, including heat management and his take on 2.5Gbps & 5Gbps vs. 10Gbps adapters. - Ethan

Chris tackles the problem of distinguishing different types of systems that need to boot their OS from the network. This distinction is needed because, depending on the type of system, a different response is required. Chris documents how to sort out which clients might need BIOS PXE boot, UEFI PXE boot, or UEFI HTTP boot, and how to configure ISC’s DHCP server to respond appropriately.

Maybe you don’t use the now old-fashioned ISC DHCP server (they’d rather you run Kea), but there’s still really interesting details Chris shares that might be useful no matter what DHCP server you’re running. - Ethan

MORE BLOGS

Build a data foundation your automation can grow on
When you start a network automation project, it's tempting to grab popular tools and go. You’ll land some quick wins. But 18 months from now, you’ll either be scaling smoothly…or bumping up against painful gaps and constraints.

The future you face comes down to the data foundation you pick at the start.

Infrahub from OpsMill is a data management platform purpose-built to power network automation and AIOps. A fully extensible schema manages anything you want. Version control and change management are core features, not plugins.

When you build on that data foundation, the possibilities open up fast: scalable provisioning, self-service catalogs, durable lifecycle management, context-enriched agentic workflows.

Try the live Infrahub sandbox or grab the open-source version on GitHub. Your future self will thank you.

TECH NEWS 📣

Bleeping Computer reports “An exploit has been published for a local privilege escalation vulnerability dubbed “Copy Fail” that impacts Linux kernels released since 2017, allowing an unprivileged local attacker to gain root permissions.” 

Researchers at the security firm Theori uncovered the bug, which lurks in the kernel of Linux’s authencesn cryptographic template, according to the researchers. You can read their full writeup and see proof of concept exploits here. Thanks to Adam in the Packet Pushers Community Slack for sounding the alarm.  - Drew 

A notable headline, but not quite what it sounds like. Governor Janet Mills vetoed the bill because it didn’t include an exemption for an existing data center project happening in Jay, Maine—not because she wants to turn Maine’s endless square miles of pine trees into AI data centers. There’s still an appetite to keep data centers out because of environmental concerns and the power supply problem. - Ethan

The article reports, “The EIA projected power demand will rise from a record 4,195 billion ​kilowatt-hours (kWh) in 2025 to 4,244 billion kWh in 2026 and 4,381 billion ⁠kWh in 2027.

Demand is surging due in large part to data centers dedicated to ​artificial intelligence and cryptocurrency, and as homes and businesses use more electricity and less fossil ​fuels for heat and transportation.”

If you were thinking (as I have been) that nuclear would be filling in demand, not yet. It’s mostly renewables. Check out these projections. “As renewable ‌output ⁠rises, the EIA said the share of power generation from coal will slide from 17% in 2025 to 16% in 2026 and 15% in 2027. Natural gas' share would ease from 40% in 2025 to 39% in 2026 before rising back to 40% in ​2027.

The percentage of renewable ​generation will rise ⁠from around 24% in 2025 to 25% in 2026 and 27% in 2027, while nuclear power's share will hold at 18% in ​2025, 2026, and 2027, according to the outlook.”

As I understand it, nuclear is viewed by some as the ultimate energy answer, but fuel for modern SMRs is a supply chain challenge. - Ethan

MORE NEWS

FOR THE LULZ 🤣

An English-to-LinkedIn translator

Credit to Kaj in the Packet Pushers Community Slack for his ongoing distribution of endorphin-releasing images that enhance our mood and elevate productivity.

RESEARCH & RESOURCES 📒

I confess that I didn’t get very far in this paper. (I suppose I could’ve had Gemini summarize it for me.) I’m linking to it because it justifies my priors, and I like knowing someone has thought deeply about AI and consciousness for when the AI Bros start talking about LLMs and cognition.

In any case, here’s a snippet of the argument: “Here, we derive the logical sequence that vindicates the intuition that computation is not sufficient to instantiate consciousness. The difficulty with computational functionalism is not just that it may overlook biological details. The problem runs much deeper. It is rooted in a misunderstanding of how physics relates to information and computation.” 

I salute those of you who venture beyond the Introduction. - Drew 

The first edition of the TorNog gathering of network operators in Toronto took place in April. John Capobianco was a speaker, and here’s a YouTube video of his talk. It’s an informal conversation about how network engineers who feel a bit overwhelmed by the rapid pace of AI developments can still catch up and get on board this train. 

BTW, props to Mark Prosser for launching TorNog. Every talk from the event is available to watch here: https://www.youtube.com/@TeamTORNOG - Drew

This is an excerpt from a recently released book by Cindy Cohn, Executive Director of the Electronic Frontier Foundation (EFF). This excerpt covers how an AT&T technician, Mark Klein, literally knocked on the EFF’s front door to disclose how the National Security Agency (NSA) was conducting mass surveillance of Americans’ Internet communications.

The NSA had, with the knowledge and cooperation of AT&T, set up a room in an AT&T Internet Exchange in San Francisco. AT&T had split out fiber optic cables in that facility so that the NSA could capture and monitor all the traffic coming through that exchange. 

This widespread surveillance net was cast after the terrorist attacks of 2001. Twenty-five years on, the government continues to insist it must have broad surveillance powers. But back then, it still felt like a shock. - Drew  

MORE RESOURCES

UPCOMING LIVE EVENTS 🍕🍻

A curated list of near-future meatspace events of interest to network engineers. Sometimes a Packet Pusher or two will be there (noted below).

Subscribe to events.packetpushers.net in your calendar software.

MAY 2026

Extreme Connect | Extreme Networks
4 - 7 May | Orlando, FL (Packet Pushers attending)

NLNAM Meetup 2 | NL Network Automation Meetup
13 May | Alphen aan den Rijn, Netherlands

Wi-Co Brussels
21 May | Brussels, Belgium

(NH)NUG | New Hampshire Networking User Group (USNUA)
27 May | Londonderry, NH (Ethan co-organizing)

Wi-Co Memphis
29 May | Memphis, TN

Cisco Live US
31 May - 4 June | Las Vegas, NV (Ethan attending)

JUNE 2026

Wi-Co Oslo
3 June | Oslo, Norway

AUTOCON5 | Network Automation Forum
8 - 12 June | Munich, Germany (Packet Pushers attending)

Wi-Co North Carolina
11 June | Jamestown, NC

HPE Discover
14 - 19 June | Las Vegas, NV (Packet Pushers possible)

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

Although this release doesn’t get into engineering specifics, there are at least two things to highlight.

  • Bluecat’s on board with Model Context Protocol. So aim your AI agents at their MCP server(s) so they can consume Bluecat’s considerable knowledge of your network as part of a workflow.

  • Bluecat’s got an AI-driven interface called LiveAssist that you can query with plain language. LiveAssist now knows all things BlueCat—all products, documentation, and the knowledgebase. That is, LiveAssist just got smarter.

MCP and LiveAssist are in Bluecat’s tech preview at the moment, but will be broadly available within the Bluecat ecosystem as 2026 rolls on. Bluecat’s on board as a Packet Pushers sponsor, so look for us to get into the details with them in future Heavy Networking podcast episodes. - Ethan

Phillip Simonds writes, “Infrahub Skills is an AI skills package for infrastructure engineers and platform teams using Infrahub. It gives their AI coding assistant built-in expertise on Infrahub. Teams describe what they want in plain language, and the skills produce valid, best-practice schemas, generators, transforms, checks, and more. Whether they’re prototyping a new use case, extending an existing implementation, or onboarding a new engineer, Skills helps them get more out of Infrahub, faster.”

If you’re a network automator, AI skills in general make all kinds of sense. If you’re using Infrahub, Infrahub Skills is an open-source addition to the Infrahub universe. If you want to know more, the OpsMill team is offering a webinar—at the bottom of the article once you click through. - Ethan

From the press release:

Nile’s Innovations on its security-first architecture include:

  • An industry-first zero-trust fabric with embedded identity-based micro-segmentation to prevent lateral security threats and contain breaches

  • Industry-first identity-based access control natively integrated into the network fabric eliminating standalone NAC appliances and cutting complexity and cost by 30-70%

  • New “Segment-of-1” architecture that isolates every device and limits blast radius to prevent malware propagation including IT and IoT

  • Expanded security services catalog with the new Nile Trust Service, Secure Guest, RADIUS, DHCP as well as the integrated Internet Edge offering

MORE INDUSTRY NOISES

DYSTOPIA IRL 🐙

TOO MANY LINKS WOULD NEVER BE ENOUGH 🐳

LAST LAUGH 😆