Angelesen #59


Phew – die letzten paar Monate waren viel Konferenzzeit und viel Reisen. Daher hatte ich irgendwie nie wirklich viel Musse hier auch noch was zu schreiben.

CNAME Cloaking, the dangerous disguise of third-party trackers (medium.com)

Web Tracking Wars #1 – Original start of the whole thing

If someone wants you to use CNAME cloaking for whatever smart reason they come up with – please decline politely.

Volksinitiative gegen Naturgesetz (higgs.ch)

Die Hälfte der Schweizerinnen und Schweizer möchte den Ausbau von 5G stoppen, kantonal wurden bereits Moratorien beschlossen. Und nun fordert eine Volksinitiative die drastische Senkung der Funkstrahlung. Doch eine Umsetzung würde das Gegenteil bewirken.

🤦🤦‍♀️🤦🤦‍♀️

Alternativ darf man sich noch folgenden Artikel aus der WOZ gönnen und dann wäre eigentlich alles gesagt, was der informierte Bürger benötigen würde, aber ja… Der Habi hat das auch schon schön erwähnt letztlich.

Lustige Anekdote dazu: Im Winter war ich in Adelboden auf den Skiern. Auf dem Bus ins Tal rein hat eine Dame neben mir auf ihrem iPhone X (wahrscheinlich mit 4G) die Petition ‘Stop’ 5G’ unterschrieben und sich dazu ca. 20 Minuten lang Videos in den Bus gestreamt…

Die Nightjets der neuen Generation: Ein erster Blick in die Zukunft! (blog.oebb.at)

Also ich freue mich schon auf 2022 🙂 Mehr zur ganzen Nachtzugthematik im Referat an der umverkehR-Fachtagung

Edge vs. Chrome: Microsoft’s Tracking Prevention hits Google the hardest (zdnet.com)

Web Tracking Wars #2

On January 15, 2020, Microsoft is scheduled to roll out a completely revamped Edge browser to the general public. That browser, which is available for beta testing now on all supported versions of Windows and MacOS, includes a feature called Tracking Prevention.

There was a really good talk at MS Ignite about the why and hows of using Chromium as backend for all the new Edge rendering. But seeing the Tracking Prevention making it to major browsers like Edge and Firefox is a refreshing thing to see.

The Captured City (reallifemag.com)

The “smart city” is not a coherent concept, let alone an actually existing entity. It’s better understood as a misleading euphemism for a corporately controlled urban future.

A very good take on smart cities and why you should not embrace it right away.

Predictions 2019-1

  • Microsoft will swap their existing Kernel with an Open Source Linux Kernel (as they already work on a lot of Subsystem improvements https://github.com/microsoft/WSL2-Linux-Kernel)
  • Podcasts will have an even bigger revival, but the openness will suffer by monetisation – this can already be seen with closed systems like Spotify or Luminary
  • RSS will probably die out more and more due to Podcasts being moved into walled systems
  • Apple will close down their system to an extent where it will not allow any changes and could loose the favour of the development community

Angelesen #58

And again got stuck in just drafting things and not publishing them. Let’s fix that.

#NoDeployFriday: helpful or harmful? (theengineeringmanager.com)

Understanding the blast radius of a change The maturity of the deployment pipeline The ability to automatically detect errors The time it takes to fix problems

Good writeup on why I usually decline condemn deployments to production systems on a Friday. Because you usually don’t tick all the boxes you should.

the “future of work” is here… so why aren’t more companies remote-first? (upside.fm)

When I tell people I’m the CEO of a company with 80 team members in 14 time zones and no “real” offices (no offense to WeWork), many look at me like I’m crazy.

Ah… so familiar with that. Conventional company structures still are in the minds of people. In my perspective the pros outweigh the cons on a fully remote team drastically. It will just take time till more and more companies adopt this schema.

RAMBleed (rambleed.com)

We don’t recommend that you stop using SSH any more than we recommend that you stop using the internet.

Rowhammering has been discussed here in the blog already a few times – This time it seems to be more serious. Everything is broken – but also that’s not really news.

Maker Faire halts operations and lays off all staff (techcrunch.com)

Years ago i built the Lunamod together with Habi. Since then I was subscribed to the Makezine. Sad to see that the company is hitting a rough time.

The End of an Era for easyDNS… (easydns.com)

A couple days later the landlord came back, standing firm on 5-year extension, plus an across the board rental increase of about 8%, plus a baked-in annual increase of 6%, plus an additional levy for a new HVAC system on the roof.

Considering this against the macro backdrop: We’re staring a recession in the face. After kicking the can after the 2000 Tech Wreck the 2008 GFC, central banks and policy makers have no dry powder. Interest rates are already near zero, they can’t normalize. Real estate in Canada has topped out and next major move for property prices will likely be down. The next recession will be global and it is going to be brutal. (All IMHO, of course. I write a lot more about these issues over on Guerrilla-Capitalism)

And here we have a chance to painlessly jettison a major chunk of SG&A, along with a long term liability north of 7-digits and the difference goes straight to the bottom line.

The decision was a no-brainer. It was time to pack up shop, and go 100% virtual.

Interesting Twist on virtual teams when it comes to the rental cost of an office.

Fresh Spectre Vulnerabilities May Force Cloud Providers to Disable Intel Hyper-Threading (thenewstack.io)

Because disabling Hyper-Threading will slow the processor speeds — Apple, for example, has seen “up to 40%” degradation in server performance from disabling Hyper-Threading — such measures “could introduce real costs from the loss of available density in these cloud providers’ environments,” he wrote.

Old news – But HyperThreading seems to be broken – And AMD is still smiling (till everyone is digging trough the AMD architecture)

Open Source! – Wenn dein täglich Brot für jede*n einsehbar ist

Am Easterhegg 19 in Wien hatte ich das Vergnügen nebst gutem Kaffe zu trinken, Menschen zu treffen welche ich am Kongress zum letzten mal gesehen habe.

Einige mögen den Talk bereits kennen. Diesmal war das ganze aber in Deutsch und meine Güte, wenn dem Hirn schon bewusst ist was es auf Englisch erzählen würde aber Mensch dann auf Deutsch reden will wird es lustig.

Nebst dem Talk hab ich zum ersten mal auch geengelt als Nachwuchs-AV-Engel hab ich meine ersten paar Schichten bestritten.

Referenzen

Hier mal noch ein paar Referenzen welche im Talk erwähnt werden:

Slides

Recording

Angelesen #57

Uploadfilter und E-Voting dominieren momentan. Darunter sind noch ein guter Beitrag zum Hosting von Webseiten in China. Alles eher Long-Reading daher weniger Artikel aufs mal 🙂

Urheberrechtsreform: Pyrrhus-Sieg heißt jetzt Voss-Sieg (spiegel.de)

Das europäische Leistungsschutzrecht wird ein Debakel, wie das deutsche zuvor, weil die Medienlandschaft abseits jeder Realität argumentierte. Google News wird wahrscheinlich einfach abgeschaltet, dann wird geheult und geschrien.

Uploadfilter werden einen von Google kontrollierten Markt eröffnen, auf dem – absurde Wendung! – Medienkonzerne wahrscheinlich selbst Google-Technologie kaufen werden, wenn sie je eigene Plattformen gründen oder sich daran beteiligen. Was sie vermutlich tun werden, auch weil die Werbegelder der Welt massiv in diese Richtung strömen. Und in der Richtlinie steht, ein Unternehmen müsse nachweisen, dass es "nach Maßgabe hoher branchenüblicher Standards für die berufliche Sorgfalt alle Anstrengungen unternommen hat, um sicherzustellen, dass bestimmte Werke nicht verfügbar sind".

Die "branchenüblichen Standards" für Uploadfilter setzt niemand anders als Google. Die Entwicklung von YouTubes Filtertechnik "Content ID" hat mehr als 100 Millionen Euro gekostet. Googles Wissensvorsprung eingerechnet könnte die Kreativwirtschaft auch mit 500 Millionen Euro diesen Standard nicht erreichen und stattdessen auf neue oder bereits existente, aber sicherlich nicht bessere Technik zurückgreifen.

Last month Scytl criticized researchers for misunderstanding the cryptographic mechanisms in Swiss Post’s "state of the art" e-voting solution. Today Swiss Post have announced they are temporarily suspending e-voting citing (twitter.com)

Beitrag der Post – Wer kommt eigentlich bei der Post auf die Idee das es schlau ist solche Publikationen am Freitagnachmittag zu veröffentlichen – Ich bin ja nicht Kommunikationsfachmensch aber irgendwie… Ich hege ein gewisses Mitgefühl für die Person die die Kanäle monitoren darf übers Wochende. Für die E-Voting-Platform gilt: #lolburnitwithfire

My Cognitive Bias – Why we built this extension (mycognitivebias.com)

Our thinking is riddled with systematic mistakes known to psychologists as cognitive biases. And they affect everything we do. They make us spend impulsively, be overly influenced by what other people think. They affect our beliefs, our opinions, and our decisions, and we have no idea it is happening.

Useful Browser extension.

DARPA Is Developing an Open-Source Voting System (schneier.com)

Evoting : Dear Post Switzerland and Scytl – Take note plase!

A critical flaw in Switzerland’s e-voting system is a microcosm of everything wrong with e-voting, security practice, and auditing firms (boingboing.net)

The belief that companies can be trusted with this power defies all logic, but it persists. Someone found Swiss Post’s embrace of the idea too odious to bear, and they leaked the source code that Swiss Post had shared under its nondisclosure terms, and then an international team of some of the world’s top security experts (including some of our favorites, like Matthew Green) set about analyzing that code, and (as every security expert who doesn’t work for an e-voting company has predicted since the beginning of time), they found an incredibly powerful bug that would allow a single untrusted party at Swiss Post to undetectably alter the election results.

And, as everyone who’s ever advocated for the right of security researchers to speak in public without permission from the companies whose products they were assessing has predicted since the beginning of time, Swiss Post and Scytl downplayed the importance of this objectively very, very, very important bug. Swiss Post’s position is that since the bug only allows elections to be stolen by Swiss Post employees, it’s not a big deal, because Swiss Post employees wouldn’t steal an election.

But when Swiss Post agreed to run the election, they promised an e-voting system based on "zero knowledge" proofs that would allow voters to trust the outcome of the election without having to trust Swiss Post. Swiss Post is now moving the goalposts, saying that it wouldn’t be such a big deal if you had to trust Swiss Post implicitly to trust the outcome of the election.

Cory Doctorow has made a good point there.

So you want your app/website to work in China… (chanind.github.io)

Any time a request needs to go from within China to the outside world, or from the outside world into China, the request crosses the Chinese Great Firewall. When this happens, there’s a lot of latency that gets added, and there’s a high chance the request will randomly fail. Requests through the firewall may appear to work most of the time, but then suddenly get fully blocked for several hours. The firewall doesn’t seem like it’s implemented uniformly across China either, so it’s possible that if you test in Shanghai your request may go through but a user in Changsha will have their requests blocked.

A good insight on what I’m telling some of our clients regularly. Great writeup!