Angelesen #65

And another week in the books – Lots of things going currently and I wanted to finish one of my other blogposts but that didn’t make it past draft stage yet. I might try to join the #100DaysToOffload challenge at some point. This week a lot of EOLed Software (bye Flash 👋), AWS Snowbal Edge Computing and the occasional security topics (hint it’s about QR-Codes) – enjoy.

endoflife.date (endoflife.date)

This site maintains quick links for checking End Of Life dates for various tools and technologies.

Always a good resource if you need to get the EOL date of a particular software quickly.

Adobe Flash Player End of Life (adobe.com)

As previously announced in July 2017, Adobe will stop distributing and updating Flash Player after December 31, 2020 (“EOL Date”).

Flash is a thing of the past. And the distribution of it will stop end of the year 🎉

Introducing AWS Snowcone – A Small, Lightweight, Rugged, Secure Edge Computing, Edge Storage, and Data Transfer Device (aws.amazon.com)

The title is already a mouth full – but carry on:

Like other Snow Family devices, Snowcone includes an E Ink shipping label designed to ensure the device is automatically sent to the correct AWS facility and to aid in tracking. It also includes 2 CPUs, 4 GB of memory, wired or wireless access, and USB-C power using a cord or the optional battery. There’s enough compute power for you to launch EC2 instances and to use AWS IoT Greengrass.

The usecases for having the possibility to ship a tiny bit of compute (or in case of a Snowball Edge a bit more of compute) to any location is an interesting case

Also that AWS announced the Snowball Edge Updates around a month ago:

The newest Snowball Edge Storage Optimized devices feature 40 vCPUs and 80 GB of memory, up from 24 and 48, respectively. The processor now runs at 3.2 GHz, allowing you to launch more powerful EC2 instances that can handle your preprocessing and analytics workloads even better than before. In addition to the 80 TB of storage for data processing and data transfer workloads, there’s now 1 TB of SATA SSD storage that is accessible to the EC2 instances that you launch on the device. The improved data transfer speed that I mentioned earlier is made possible by a new 100 Gigabit QSFP28 network adapter.

That’s a looot of compute for this box 🙂

Turn on MFA Before Crooks Do It For You (krebsonsecurity.com)

But people who don’t take advantage of these added safeguards [2FA] may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control. Here’s the story of one such incident.

That hurts if you get locked out someone else enabling MFA for you.

100 Days To Offload (100daystooffload.com)

#100DaysToOffload is a simple concept that Kev Quirk thought of one day. The rationale behind the whole thing is to challenge people to publish 100 posts on their personal blog in a year. That’s approximately 1 post every 3.5 days.

This is a great initiative, not sure if I can keep up with that but there would be a few things I’d like to write about. I saw this initiative first over Mastodon where I’ve found a few great articles last week.

Swiss QR Code Invoices for Phun and Profit (blog.compass-security.com)

The QR code invoice aims to reduce the four types into one handy “Swiss QR Code” Invoice which would allow the use of existing and maintained technology (like the ZXing library) to read the code. This way, users can scan it with their smartphone (even without E-Banking App) and see the contents of it. It also means that developers do not need to handle different types of “ESR” codes, thus making development easier or at least more maintainable.

But is this solution reliable and secure?

Not sure if a QR Code is the best way to go…

Intel + ARM Performance Characteristics for S3 Compatible Object Storage (blog.min.io)

Let us start by saying that, for all practical purposes, both the Intel and ARM platforms provide plenty of computational power to saturate even the fastest networking speeds and NVMe drives. So in that sense both are perfectly capable of fulfilling the highest performance demands placed upon MinIO’s object storage server.

Having said that, what is clear is that the ARM architecture, with the introduction of the Graviton2 processor by AWS, has closed the performance gap to Intel and even surpassed it for multi-core performance.

ARM is everywhere 🙂 And most likely the future – Back to RISC!

Helium shortage has ended, at least for now (physicstoday.scitation.org)

As demand for party balloons—which account for 10% or more of total helium use, according to market consultant Phil Kornbluth—disappeared in March, and as industrial demand slowed in concert with shelter-in-place orders, the global helium supply crunch of the past two years abruptly ended. “It was like somebody flipped a light switch. It went from shortage to an ample supply within a month,” says Kornbluth. The current supply situation, he says, is “between ample and plentiful.”

We all heard about the issues around Oil, but would never have thought that Helium sees similar dynamics.

Ebay is port scanning visitors to their website – and they aren’t the only ones (blog.nem.ec)

To summarize what we’ve found so far:

  • Ebay collects data on whether certain ports are open on your local PC
  • This data is shipped to an Ebay domain, but does not seem to be used otherwise
  • Additional data like User Agent and IP are also sent

First I thought that it’s "just" a little portscanning, but:

It’s not just Ebay scanning your ports, there is allegedly a network of 30,000 websites out there all working for the common aim of harvesting open ports, collecting IP addresses, and User Agents in an attempt to track users all across the web. And this isn’t some rogue team within Ebay setting out to skirt the law, you can bet that LexisNexis lawyers have thoroughly covered their bases when extending this service to their customers (at least in the U.S.).

Technically you can create another fingerprint to track people later with open ports and metrics you can gather via the portscan.