Stay-home Diaries

So obviously most of the countries suggest or force their citizens to stay home. Not a hugely big change from my side as I work from home regularly – but it’s pretty interesting when work from home (WFH) is forced upon a lot of people.

Notable things

  • All windows were cleaned after 48 hours after starting to work from home full-time
  • Fixed my bike (finally!)
  • Improvised a standing Desk after 3 Days – To get moving around sometimes
  • We cook a lot!
  • We also bake a lot of bread – Don’t underestimate a good fresh bread
  • Good Internet matters (always)
  • A shift in “what’s considered normal” e.g. seeing an advert where people stand in a crowd feels like from a distant past
  • An interest in Gardening – Let’s see where that leads to.
  • Getting to know our Neighbours and sharing food or even baking a loaf of bread too much and passing it on.
  • The first week where the majority of the population was forced to work from home were not really productive as everyone started to communicate on any channels and ask for best practices on video conferencing stuff and how to use chat
  • Limiting media usage is key – see Screentime
  • Taking breaks and enforcing lunchtime is needed – it’s too easy to just work through it – Thinking about getting back and trying out the Pomodoro technique again.
  • Good Media Outlets like Public Broadcasting (e.g. SRFSwissinfo) or Republik are priceless
  • Good Podcasts as well e.g. NDR Coronavirus-Update mit Christian Drosten
  • After 10-14 days I stopped paying attention to the concepts of weekdays

Currently, I’m into this somewhere around 37 days. And I originally started typing this list 17 Days ago… so there will be a followup.

Angelesen #63

A lot has been written in the past about static websites but the past few weeks showed this pretty clearly – the web needs to adapt and change. Dynamic websites can only hold up to so much traffic and in then end – ask yourself – Does the website really need to be dynamic.

Update #2 on Microsoft cloud services continuity (azure.microsoft.com)

We have seen a 775 percent increase of our cloud services in regions that have enforced social distancing or shelter in place orders.

The cloud is being used… a lot!

How to burn the most money with a single click in Azure (mijailovic.net)

After Corey asked to find the most expensive AWS resource people started looking in other places too 😂

In praise of S3, the greatest cloud service of all time (info.acloud.guru)

But S3 has become so much more than just a storage repository. As a static web server, S3 dishes up content for hundreds of thousands of websites including Netflix, Wikipedia, and the New York Times. In fact, the world has “standardized” on S3 APIs to such an extent that Google’s competing service just supports them out of the box.

Agreed 🙂

Inside the Story of How H-E-B Planned for the Pandemic (texasmonthly.com)

Longread on how H-E-B planned for the Pandemic

cancel all future O’Reilly in-person conferences and close down this portion of our business (oreilly.com)

Today, we’re sharing the news that we’ve made the very difficult decision to cancel all future O’Reilly in-person conferences and close down this portion of our business. Without understanding when this global health emergency may come to an end, we can’t plan for or execute on a business that will be forever changed as a result of this crisis. With large technology vendors moving their events completely on-line, we believe the stage is set for a new normal moving forward when it comes to in-person events.

The Post-Pandemic world for Conferences will be split 2 groups – The ones that aren’t able to adapt to a new reality where it might not be possible to run several 1000’s PAX events and the ones who adapt quickly and start to push a lot of conferences online. The main question there is… will we still pay 1000$+ conference tickets – I highly doubt it.

Will AirBnb Go Bankrupt? and When? (thehftguy.com)

Unpopular opinions there 🙂 But after seeing how many Flats got flushed back to the normal rent market in Dublin in wake of the current situation it’s clear that AirBnB has a lot of downsides. But maybe we will see a rent-price decline across a lot of cities.

Get Static (meyerweb.com)

If you are in charge of a web site that provides even slightly important information, or important services, it’s time to get static.

Get Static I

Picking Up Glowing Hot Space Shuttle Tiles with Bare Hands (kottke.org)

Ok this is just epic!

Emergency Website Kit (mxb.dev)

In cases of emergency, many organizations need a quick way to publish critical information. But existing (CMS) websites are often unable to handle sudden spikes in traffic.

Get Static II

4.2" and 7.5" NFC-powered e-Paper Displays Work without Battery (cnx-software.com)

Awww yes! Do want!

Migros-Logistik leistet Sondereffort (migros.ch)

Very well written article in German on how one of the biggest retailers deals with increased demand.

Here’s What a Googol-to-One Gear Ratio Looks Like (kottke.org)

Google’s Abandoned Android Authenticator App (shkspr.mobi)

For two-and-a-half years, Google hasn’t touched their 2FA app’s code. Perhaps it is perfect? Perhaps there are no more UI improvements or security enhancements that can be done? Or, more likely, it joins a long graveyard of Android apps – launched optimistically and then abandoned.

If you are still using the Google Authenticator App – Switch to something that makes sense… like Authy.

Certificate lifetime capped to 1 year from Sep 2020 (scotthelme.co.uk)

It’s finally happening! We’ve had 2 failed attempts through the CA/B Forum and now Apple has decided to enforce a maximum lifetime of 398 days on certificates issued from 1st Sep 2020.

If you are in a Let’s Encrypt world … Long Running Certificates feel like a very strange construct from the past.

Hacking for humanity: bag-cache.nrdy.ch

It’s been an interesting week so far. But I was saddened by the fact that the website of the Federal Office of Public Health in Switzerland was fighting and couldn’t withstand the traffic that was coming in. To be fair, I don’t have the slightest idea on how much traffic was coming in – but having run quite some big websites in the past few years I feel this issue could have been prevented. Needless to say that this is critical infrastructure and should be available. After a few Tweets Chregu setup a cache via Cloudfront and extended it later with an Nginx/Varnish combination. His mirror is available on https://bag.rokka.io/

I didn’t have too much time on Friday during the day to play around but had some ideas and always wanted to try out the Nginx proxy caching.

Enter bag-cache.nrdy.ch

It’s pretty simple but needed a few yak-shavy moments I used the nginx-cache from Paweł Mendelski as a starting point to get everything going. Currently, it caches every request for 10 minutes and tries to refresh content in the background and also trying to serve stale content if the cache can’t be updated after those 10 minutes. The core-config of the whole thing:

    location / {
      expires 30d;
      proxy_cache cache_zone;
      proxy_cache_lock on;
      proxy_cache_revalidate on;
      proxy_cache_background_update on;
      proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
      proxy_cache_valid 200 302 301 10m;
      proxy_cache_key $scheme://$host$request_uri;
      proxy_pass https://www.bag.admin.ch$request_uri;
      proxy_set_header User-Agent "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 (never gonna give you up, never gonna let you down - bag-cache.nrdy.ch - operated by bastian@amazee.io)";
      proxy_set_header Host www.bag.admin.ch;
      proxy_set_header Accept-Encoding ""; # no compression allowed or next won't work
      sub_filter "<!-- begin: container -->" "<p style='width: 100%; height: 100px; padding: 30px;'> ⚠️ This is a cached version and non-authoritative mirror of <a href='https://www.bag.admin.ch'>www.bag.admin.ch</a> for faster access during demanding times. It should be up to date around 10 minutes of delay.</p><!-- begin: container -->";
      sub_filter "https://www.bag.admin.ch/" "https://bag-cache.nrdy.ch/";
      add_header X-Cached $upstream_cache_status;
      add_header X-Cache-Server "amazeeio/nginx-cache";
      add_header X-Robots-Tag "noindex, nofollow";
      add_header X-LAGOON $hostname always;
      proxy_ignore_headers "Set-Cookie";
      proxy_ignore_headers "Expires";
      add_header set-cookie "";
      proxy_hide_header "x-content-type-options";
      proxy_hide_header "Set-Cookie";
    }

Way too much time was spent on figuring out why the sub_filter of Nginx didn’t work. This was in the end because the sub_filter does not unpack compressed backend requests. Fixed that by setting proxy_set_header Accept-Encoding "";. Also trying to be a good citizen and letting them know in the User-Agent string who to reach out if they don’t like the traffic from my mirror. Plus I switched off access logging of the Mirror as I don’t care about who visits the site – I only see Hits/Misses and the URI that has been hit.

The whole thing is built into a Container and then spun up on amazee.io.

Code can be found on Github – After all, It’s not rocket science and far from being perfect – Just a little bit of elbow-grease and trying to handle caching gracefully. I hope it’s of use for anyone.

Travel Setup 2020

Being on the road regularly comes with a few challenges. The main one would be charging all the things and a lot of tech changed since 2013 it seems 🙂

My daily driver remains a 13′ Macbook. And I’m pretty happy that most of the devices moved from proprietary connectors to mostly USB-C 🎉. I used the Apple USB-C charger for a long time but it feels wrong to use the notebook as a charging hub for my other devices and it’s sometimes a bit error prone. So I looked into a few new chargers to get an easier setup and landed with the Satechi Travel Charger. This gives me 2 USB-C and 2 normal USB Ports which is usually enough.

My setup currently:

  • Satechi Travel Charger 75W (2x USB-C and 2x USB-A)
  • USB-C Cables (good ones! – If you go cheap you won’t get far)
  • One of those Multi-USB Cables (USBC, Lightning, Micro-USB)
  • OmniCharge 13 or 20 (I backed those things back when there wasn’t a USB-C Version) The OmniCharge 20 has a variable DC Barrel Output and I used that for a while with a Dell Barrel to USB-C Adapter but after a while that started to fail and now I’m back to reverting to 220V HVDC or AC to charge things. HVDC works with most™ power supplies.

This is it. This part of kit gives me enough freedom to run on and off grid for quite some time. Bonus for the OmniCharge is that it can be charged via a lot of power sources so I sometimes hook it up to my Solar System to get the batteries replenished.

Angelesen #62

Rushing this one out somehow – A few links assorted. Makes me think if WhatsApp should be abandoned completely even though it is still a very strong ecosystem. But the need of trying to convince people to move to another messenger is just another pain in the behind.

Apollo 11 vs USB-C Chargers (forrestheller.com)

The most powerful CPU in the table is from the Anker PowerPort Atom PD 2 (CYPD4225). Compared with the Apollo 11 Guidance Computer it runs at ~48 times the clock speed with 1.8x the program space

Interesting what we got in terms of computing power in the small USB-C Powerbricks these days.

Boeing 737 Max: New Software Problem Discovered on Grounded Plane (bloomberg.com)

Boeing Co. has discovered a new software problem on the grounded 737 Max, but the company said the flaw won’t set back the goal of returning the plane to service in mid-2020.

It’s still a software project innit?

Wacom drawing tablets track the name of every application that you open (robertheaton.com)

What requires more explanation is why Wacom think it’s acceptable to record every time I open a new application, including the time, a string that presumably uniquely identifies me, and the application’s name.

What the actual…

Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access (perimeterx.com)

Whatsapp I: …

🎥 “Wir müssen reden!”: Was die Influencer JANAklar und Lisa Sophie ins Burnout getrieben hat (youtube.com)

Interessante Doku über das Youtuber/Influencer leben.

🎥 Wikkelhouse: pick your modular segments & click them together (youtube.com)

Lovely module-based building. The Channel of Kirsten Dirksen has a ton of videos with very interesting buildings and living concepts.

Microsoft Teams has been down this morning (techcrunch.com)

We’ve determined that an authentication certificate has expired causing, users to have issues using the service. We’re developing a fix to apply a new certificate to the service which will remediate impact. Further updates can be found under TM202916 in the admin center.

We’re all cooking with water it seems

TeamViewer – WhyNotSecurity (whynotsecurity.com)

TL;DR: TeamViewer stored user passwords encrypted with AES-128-CBC with they key of 0602000000a400005253413100040000 and iv of 0100010067244F436E6762F25EA8D704 in the Windows registry. If the password is reused anywhere, privilege escalation is possible. If you do not have RDP rights to machine but TeamViewer is installed, you can use TeamViewer to remote in. TeamViewer also lets you copy data or schedule tasks to run through their Service, which runs as NT AUTHORITY\SYSTEM, so a low privilege user can immediately go to SYSTEM with a .bat file. This was assigned CVE-2019-18988.

Yay!

99 second hand smartphones are transported in a handcart to generate virtual traffic jam (simonweckert.com)

" 99 second hand smartphones are transported in a handcart to generate virtual traffic jam in Google Maps.Through this activity, it is possible to turn a green street red which has an impact in the physical world by navigating cars on another route to avoid being stuck in traffic. " #googlemapshacks

Everyone knows it by know and if not, now you know!

Why Using WhatsApp Is Dangerous (telegra.ph)

Last week it became clear that this backdoor had been exploited to extract private communications and photos of Jeff Bezos – the richest person on the planet – who unfortunately relied on WhatsApp [3]. Since the attack seemed to originate from a foreign government, it is likely that countless other business and government leaders have been targeted [4].

Whatsapp II – The most complete Article so far with tons of additional sources

Cost of a 51% Attack for Different Cryptocurrencies (crypto51.app)

This is a collection of coins and the theoretical cost of a 51% attack on each network.

51% Attacks are getting cheap!

Technical Report of the Bezos Phone Hack (schneier.com)

"The amount of data being transmitted out of Bezos’ phone changed dramatically after receiving the WhatsApp video file and never returned to baseline. Following execution of the encrypted downloader sent from MBS’ account, egress on the device immediately jumped by approximately 29,000 percent," it notes. "Forensic artifacts show that in the six (6) months prior to receiving the WhatsApp video, Bezos’ phone had an average of 430KB of egress per day, fairly typical of an iPhone. Within hours of the WhatsApp video, egress jumped to 126MB. The phone maintained an unusually high average of 101MB of egress data per day for months thereafter, including many massive and highly atypical spikes of egress data."

Whatsapp III: Interesting things about the Whatsapp Hack based on the egress data

Historisches Urteil: 6-0 für die Klimajugend gegen die CS (nzz.ch)

Das Urteil kann an die nächste Instanz weitergezogen werden. Doch es ist schon jetzt historisch: Zum ersten Mal seit dem Aufkommen der Klimabewegung gibt ein Schweizer Gericht Aktivisten recht. Angesichts der Dringlichkeit der Situation wird ziviler Ungehorsam ausdrücklich nicht mehr als unzulässiges Mittel erachtet, um auf die Klimakrise aufmerksam zu machen. Die Anwälte übertreiben deshalb wohl nicht, wenn sie sagen, dass das Urteil Signalwirkung haben dürfte und der Tag «in die Geschichtsbücher der Schweizer Rechtsprechung» eingehen wird.

So. much. win!