Angelesen #67

The avid reader of my not so weekly blogposts might have realized that sometimes a German article finds it’s ways into the list – I start to mark them now with 🇩🇪

I saw that Marcel also started his blog series named Crossreading – enjoy!

1000 OSCILLATOR MEGA DRONE PART 3, Testing 500 Oscillators on this massive analog synthesizer (youtube.com)

Oddly Satisfying 🙂 I know how fun to build the Dronelab

🇩🇪 ÅSKSTORM USB-Ladegerät 40W (ikea.com)

Wenn ich Ikea höre, denke ich nicht zuerst an Ladegeräte, jedoch hat Ikea seit längerer Zeit ziemlich solide USB Netzteile im Angebot nun auch mit bis zu 30 Watt Power Delivery. Dazu gibt es auch das passende USBC – USBC Kabel 🎉

🇩🇪 Mit Lincoln gegen Trump (desktop.12app.ch)

Das ist alles recht plump – und zwar mit Absicht. Die Idee dahinter hat George Conway in einem Podcast der Website The Daily Beast so beschrieben: «Wahlkampfspots sollten zum Ziel haben, Trump zu ärgern.» Weil der Präsident so dünnhäutig sei, lasse er sich leicht aus der Bahn werfen, was sich wiederum auf seinen Wahlkampf auswirke – zu seinen Ungunsten.

Raspberry Pi 4 PCI-Express Bridge “Chip” (blog.zakkemble.net)

So, here’s a PCIe bridge “chip” that simply replaces the VL805 USB 3.0 controller chip on the Pi, giving access to the PCI-Express bus on a USB 3.0 port

PCI-Express on a RaspberryPi 4 – YESPLEASE!

🇩🇪 Der große Nestlé-Report (zdf.de)

Nesquik, Vittel und Maggi – alles Produkte von Nestlé, dem weltgrößten Nahrungsmittelkonzern. Die Doku zeigt, wie es um Fairness, Verantwortung und Produktqualität bei dem Giganten steht.

Sehenswerte Doku!

  • Wasserausbeutung in Vittel (Wieso im Jahre 2020 Flaschenwasser in weiten Teilen von Europa nach wie vor ein Verkaufsprodukt ist ist mir schleierhaft)
  • Viel Zucker und wenig Inhaltsstoffe
  • Preisdruck / Werksschliessungen

ae4d6809912f8171b23f6aa43c6a4e8e627de784 – chromium/src (chromium.googlesource.com)

Enforce publicly trusted TLS server certificates have a lifetime of 398 days or less, if they are issued on or after 2020-09-01.

Yay – More reasons to go straight to Let’s Encrpyt! I’m pushing our customers usually to LE Certificates – As the CA signed certificates might get more work-instensive to roll over that might also play a role into moving to LE more and more (hopefully)

Our AWS bill is ~ 2% of revenue. Here’s how we did it (sankalpjonna.com)

  • Use lightsail instances (20$ per instance) instead of EC2 instances (37$ per instance)
  • Use a lightsail database (60$ per DB) instead of RDS (200$ per DB)
  • Use a self hosted redis server on a compute instance (40$) instead of ElastiCache (112$)
  • If feasible, use a free CDN (cost savings depends on traffic size)
  • Use a self hosted NGINX server (20$ fixed cost) instead of ELB (cost depends on traffic and usage)

Not factoring in the Engineering Hours to build it on Lightsail instances… But at least it’s mentioned in the closing notes:

I would like to put emphasis on the fact that we are a micro-SaaS product that solves a small and specific use case and therefore this kind of AWS setup worked for us. This may not work for big organisations or products where the traffic is erratic. This setup will also not work for folks who have a ton of stuff to do already and would prefer to use managed services and not take the additional headache of monitoring, maintaining and provisioning hardware resources on a regular basis because this has a time cost to it. We are a team of 2 people with a product that is not computation heavy and has cloud requirements that are quite straightforward. We have been running this product for a little over 1 year with this AWS setup and so far we have not encountered any problems.

If you can run simple setups – do so – go ahead and use the most boring (and stable) stack out there. But It also means that scaling might be much harder in the mid-term

Angelesen #66

This week a few ARM discussions around the new announcement Apple made (apparently ARM is all the rage these days), the new CERN super-collider (yes 100km circumference!), assessments on the US power-grid and a K8s upgrade good read.

maxgoedjen/secretive: Store SSH keys in the Secure Enclave (github.com)

Secretive is an app for storing and managing SSH keys in the Secure Enclave. It is inspired by the sekey project, but rewritten in Swift with no external dependencies and with a handy native management app.

Interesting approach to save the SSH keys in the secure enclave of the Mac

‘My Little Pony’ Fans Confront Their Nazi Problem (theatlantic.com)

As illustrated by the massive revolt on Reddit earlier this month, Black Lives Matter has led to a rethinking of what online communities are for and whom they serve on a very basic level. That the conversation has managed to penetrate one of the most head-in-the-sand groups on the whole internet speaks to how far the movement has already gone in challenging people where they are—in their imaginary worlds, in their anonymous message threads, and in all of the places where there have long been no rules.

“The fandom has to recognize that it doesn’t exist purely within the vacuum of an online fantasy,” Acesential said. “It exists in a world where these problems are still here.”

Good Read/Listen

Why America’s police look like soldiers (youtube.com)

The gadgets Late Night with Seth Meyers uses to keep the show running from home (theverge.com)

Recording Meyers’ audio was also dependent on consumer tech. Since the show couldn’t look like it’s in a TV studio, Vietmeier wanted to make sure it at least sounded more like it was. The producers quickly realized that viewers were more critical of audio quality than video quality, a common complaint on YouTube.

Great article on how Late Night shows get recorded from home. Pretty interesting what can be pulled of with a few 100$ consumer grade equipment.

CERN approves plans for a $23 billion, 62-mile long super-collider (engadget.com)

CERN has approved plans to build a $23 billion super-collider 100 km in circumference (62 miles) that would make the current 27 km 16 teraelectron volt (TeV) Large Hadron Collider (LHC) look tiny in comparison. The so-called Future Circular Collider (FCC) would smash particles together with over 100 TeV of energy to create many more of the elusive Higgs bosons first detected by CERN in 2012. This “Higgs factory” would be key to helping physicists learn more about dark matter and other mysteries of the Standard Model of physics.

Whoop – I remember the discussions about the super-colider and the size a few years ago. Glad to see this will be a real thing soon 🙂

Apple is switching Macs to its own processors starting later this year (theverge.com)

Apple is officially moving to its own silicon chips for some of its Mac hardware. Calling it a “historic day for the Mac,” Apple CEO Tim Cook detailed the transitions to PowerPC, Mac OS X, and the move to Intel chips before unveiling its plans to use Apple’s own ARM-powered silicon in Macs in the future. It’s a big move that means macOS will support native iOS apps and macOS apps side by side on these new machines in the future.

Apple will release the first Mac with Apple silicon at the end of this year, and it expects the transition to take two years. New Intel-powered Macs are still in the pipeline, so Apple isn’t moving exclusively to ARM-based Macs just yet. Still, this is a big shift for Apple to move away from Intel-based silicon in Macs.

Did i mention that RISC based CPUs were the past but are also the future 😉

Kubernetes node pool upgrades with Pipeline (banzaicloud.com)

A good best-practice on K8s pool upgrades – Banzaicloud is a good thought leader on many K8s topics

An assessment of threats to the American power grid (energsustainsoc.biomedcentral.com)

Originally read this blogpost about the paper – Highly interesting – I wasn’t aware that the lead times for HV transformers is between 12 to 24 months under normal demand conditions.

I wonder how the Electrical Grinds across Europe would handle such a situation.

whytheplatypus/switchboard: Simple mDNS based reverse proxy for personal infrastructure. (github.com)

Simple mDNS-based reverse proxy for personal infrastructure.

The server will check for mDNS broadcasts regularly and update its configuration. TLS is supported through Let’s Encrypt.

That looks like an interesting piece of technology for my raspberry pi services 😀

Angelesen #65

And another week in the books – Lots of things going currently and I wanted to finish one of my other blogposts but that didn’t make it past draft stage yet. I might try to join the #100DaysToOffload challenge at some point. This week a lot of EOLed Software (bye Flash 👋), AWS Snowbal Edge Computing and the occasional security topics (hint it’s about QR-Codes) – enjoy.

endoflife.date (endoflife.date)

This site maintains quick links for checking End Of Life dates for various tools and technologies.

Always a good resource if you need to get the EOL date of a particular software quickly.

Adobe Flash Player End of Life (adobe.com)

As previously announced in July 2017, Adobe will stop distributing and updating Flash Player after December 31, 2020 (“EOL Date”).

Flash is a thing of the past. And the distribution of it will stop end of the year 🎉

Introducing AWS Snowcone – A Small, Lightweight, Rugged, Secure Edge Computing, Edge Storage, and Data Transfer Device (aws.amazon.com)

The title is already a mouth full – but carry on:

Like other Snow Family devices, Snowcone includes an E Ink shipping label designed to ensure the device is automatically sent to the correct AWS facility and to aid in tracking. It also includes 2 CPUs, 4 GB of memory, wired or wireless access, and USB-C power using a cord or the optional battery. There’s enough compute power for you to launch EC2 instances and to use AWS IoT Greengrass.

The usecases for having the possibility to ship a tiny bit of compute (or in case of a Snowball Edge a bit more of compute) to any location is an interesting case

Also that AWS announced the Snowball Edge Updates around a month ago:

The newest Snowball Edge Storage Optimized devices feature 40 vCPUs and 80 GB of memory, up from 24 and 48, respectively. The processor now runs at 3.2 GHz, allowing you to launch more powerful EC2 instances that can handle your preprocessing and analytics workloads even better than before. In addition to the 80 TB of storage for data processing and data transfer workloads, there’s now 1 TB of SATA SSD storage that is accessible to the EC2 instances that you launch on the device. The improved data transfer speed that I mentioned earlier is made possible by a new 100 Gigabit QSFP28 network adapter.

That’s a looot of compute for this box 🙂

Turn on MFA Before Crooks Do It For You (krebsonsecurity.com)

But people who don’t take advantage of these added safeguards [2FA] may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control. Here’s the story of one such incident.

That hurts if you get locked out someone else enabling MFA for you.

100 Days To Offload (100daystooffload.com)

#100DaysToOffload is a simple concept that Kev Quirk thought of one day. The rationale behind the whole thing is to challenge people to publish 100 posts on their personal blog in a year. That’s approximately 1 post every 3.5 days.

This is a great initiative, not sure if I can keep up with that but there would be a few things I’d like to write about. I saw this initiative first over Mastodon where I’ve found a few great articles last week.

Swiss QR Code Invoices for Phun and Profit (blog.compass-security.com)

The QR code invoice aims to reduce the four types into one handy “Swiss QR Code” Invoice which would allow the use of existing and maintained technology (like the ZXing library) to read the code. This way, users can scan it with their smartphone (even without E-Banking App) and see the contents of it. It also means that developers do not need to handle different types of “ESR” codes, thus making development easier or at least more maintainable.

But is this solution reliable and secure?

Not sure if a QR Code is the best way to go…

Intel + ARM Performance Characteristics for S3 Compatible Object Storage (blog.min.io)

Let us start by saying that, for all practical purposes, both the Intel and ARM platforms provide plenty of computational power to saturate even the fastest networking speeds and NVMe drives. So in that sense both are perfectly capable of fulfilling the highest performance demands placed upon MinIO’s object storage server.

Having said that, what is clear is that the ARM architecture, with the introduction of the Graviton2 processor by AWS, has closed the performance gap to Intel and even surpassed it for multi-core performance.

ARM is everywhere 🙂 And most likely the future – Back to RISC!

Helium shortage has ended, at least for now (physicstoday.scitation.org)

As demand for party balloons—which account for 10% or more of total helium use, according to market consultant Phil Kornbluth—disappeared in March, and as industrial demand slowed in concert with shelter-in-place orders, the global helium supply crunch of the past two years abruptly ended. “It was like somebody flipped a light switch. It went from shortage to an ample supply within a month,” says Kornbluth. The current supply situation, he says, is “between ample and plentiful.”

We all heard about the issues around Oil, but would never have thought that Helium sees similar dynamics.

Ebay is port scanning visitors to their website – and they aren’t the only ones (blog.nem.ec)

To summarize what we’ve found so far:

  • Ebay collects data on whether certain ports are open on your local PC
  • This data is shipped to an Ebay domain, but does not seem to be used otherwise
  • Additional data like User Agent and IP are also sent

First I thought that it’s "just" a little portscanning, but:

It’s not just Ebay scanning your ports, there is allegedly a network of 30,000 websites out there all working for the common aim of harvesting open ports, collecting IP addresses, and User Agents in an attempt to track users all across the web. And this isn’t some rogue team within Ebay setting out to skirt the law, you can bet that LexisNexis lawyers have thoroughly covered their bases when extending this service to their customers (at least in the U.S.).

Technically you can create another fingerprint to track people later with open ports and metrics you can gather via the portscan.

Angelesen #64

The hiatus is real – There were so many articles piled up in the stack that I decided to restart from scratch and just pick a few that I ran into the past few weeks. From bash-scripts to AWS EC2 Spot instances to the usual surveillance topics. Enjoy

Take care editing bash scripts (thomask.sdf.org)

So be careful running editing a bash script that may be currently executing. It could execute an invalid command, or do something very surprising.

If you ever wondered, what happens when you edit a file of a running bash script – tldr – DONT!

The definitive guide to running EC2 Spot Instances as Kubernetes worker nodes (itnext.io)

The title gives it away: a very good and complete primer on running EC2 Spot instances as K8s worker nodes 🙂

Why is Kubernetes getting so popular? (stackoverflow.blog)

A good high level primer why Kubernetes is so popular these days.

Coming from the world of Puppet and Chef, one of the big shifts with Kubernetes has been the move from infrastructure as code towards infrastructure as data—specifically, as YAML. All the resources in Kubernetes that include Pods, Configurations, Deployments, Volumes, etc., can simply be expressed in a YAML file.

Infrastructure as Code – FTW!

One of the main challenges developers face in the future is how to focus more on the details of the code rather than the infrastructure where that code runs on.

Guess what my dayjob is… 😉

Zoom-Müdigkeit: Wieso Videochats so anstrengend sind (nzz.ch)

Sprechen wir online miteinander, versuchen wir die fehlenden Reize zu ergänzen und zu kompensieren. «Wir investieren in Videokonferenzen viel mentale Energie, um fehlende soziale Hinweisreize herzuleiten. Wir sind – teilweise unbewusst – ständig am Ergänzen und Interpretieren dieser sozialen Situation. Gleichzeitig verarbeiten wir das Gesagte und erhalten ja den Dialog aufrecht. Unsere kognitiven Kapazitäten, all dies gleichzeitig zu tun, sind begrenzt. Das strengt uns an – und macht uns müde», sagt Zahn.

The Quick and Dirty Tear Gas Primer (blog.totallynotmalware.net)

Because tear gas is a commonly-used dispersal tactic all around the world, here is a primer containing all the basic information you need to deal with it before, during, and after exposure.

Handy hints for – who knows when…

How we reduced the AWS costs of our streaming data pipeline by 67% (taloflow.ai)

A good overview how to rethink large infrastructures to run more cost efficient on AWS

Slack partners with Amazon to take on Microsoft Teams (theverge.com)

Slack is partnering with Amazon in a multiyear agreement that means all Amazon employees will be able to start using Slack. The deal comes just as Slack faces increased competition from Microsoft Teams, and it will also see Slack migrate its voice and video calling features over to Amazon’s Chime platform alongside a broader adoption of Amazon Web Services (AWS).

tl;dr: Slack is switching to Amazon Chime for voice and video calling

De-escalation Keeps Protesters And Police Safer. Departments Respond With Force Anyway. (fivethirtyeight.com)

One thing they will tell you is that when the police respond by escalating force — wearing riot gear from the start, or using tear gas on protesters — it doesn’t work. In fact, disproportionate police force is one of the things that can make a peaceful protest not so peaceful. But if we know that (and have known that for decades), why are police still doing it?

This article goes deep into studies around using force against demonstrations

Experts say the following decades of research have turned up similar findings. Escalating force by police leads to more violence, not less. It tends to create feedback loops, where protesters escalate against police, police escalate even further, and both sides become increasingly angry and afraid.

De-Escalation would be key…

We Chat, They Watch: How International Users Unwittingly Build up WeChat’s Chinese Censorship Apparatus (citizenlab.ca)

We found that documents and images that were transmitted entirely among non-China-registered accounts were analyzed for Chinese political sensitivity. Upon analysis, files deemed politically sensitive were used to invisibly train and build up WeChat’s Chinese political censorship system. We also conducted analysis of WeChat’s public-facing policy documents, made data access requests, and engaged with Tencent data protection representatives to assess whether those methods could also explain, or uncover, the content surveillance carried out towards international users’ communications. We found that none of the information WeChat makes available to users explains the rationales for such surveillance or the transmission of content hashes from WeChat International to WeChat China.

It’s a long read but a really good one if you want to learn more on how We Chat builds a huge censorship apparatus.

Stay-home Diaries

So obviously most of the countries suggest or force their citizens to stay home. Not a hugely big change from my side as I work from home regularly – but it’s pretty interesting when work from home (WFH) is forced upon a lot of people.

Notable things

  • All windows were cleaned after 48 hours after starting to work from home full-time
  • Fixed my bike (finally!)
  • Improvised a standing Desk after 3 Days – To get moving around sometimes
  • We cook a lot!
  • We also bake a lot of bread – Don’t underestimate a good fresh bread
  • Good Internet matters (always)
  • A shift in “what’s considered normal” e.g. seeing an advert where people stand in a crowd feels like from a distant past
  • An interest in Gardening – Let’s see where that leads to.
  • Getting to know our Neighbours and sharing food or even baking a loaf of bread too much and passing it on.
  • The first week where the majority of the population was forced to work from home were not really productive as everyone started to communicate on any channels and ask for best practices on video conferencing stuff and how to use chat
  • Limiting media usage is key – see Screentime
  • Taking breaks and enforcing lunchtime is needed – it’s too easy to just work through it – Thinking about getting back and trying out the Pomodoro technique again.
  • Good Media Outlets like Public Broadcasting (e.g. SRFSwissinfo) or Republik are priceless
  • Good Podcasts as well e.g. NDR Coronavirus-Update mit Christian Drosten
  • After 10-14 days I stopped paying attention to the concepts of weekdays

Currently, I’m into this somewhere around 37 days. And I originally started typing this list 17 Days ago… so there will be a followup.