εxodus – The privacy audit platform for Android applications (reports.exodus-privacy.eu.org)

εxodus analyzes Android applications in order to list the embedded trackers. A tracker is a piece of software meant to collect data about you or your usages. So, εxodus reports tell you what are the ingredients of the cake.

I traced down a specific telemetry tracker that performed around 3000 DNS Lookups for a domain per day. After playing back and forth, I figured out that it comes from 1 app with a tracker embedded. Thanks to the Exodus project, I was able to find the tracker and switch off background data for the app – Look mom no DNS Requests anymore!

"I am real mad about the Elastic relicense so I’m going to vent a bit." (twitter.com)

By using an open source license and accepting contributions, they asked the community to trust them with their CLA. Implicitly: not just at the time the public made contributions, but for the life of the project! Instead they chose to set that trust, and their community, on fire.

Elasticsearch Licencing Change #1

I remember signing the Contributor License Agreement – And also remember that it basically made me lose interest in contributing to the project. That’s why I cherish the existence of Institutions like the CNCF as a solid steward for all things Cloud Native.

PostgreSQL on ARM-based AWS EC2 Instances: Is It Any Good? (percona.com)

There were not many cases where the ARM instance becomes slower than the x86 instance in the tests we performed. The test results were consistent throughout the testing of the last couple of days. While ARM-based instance is 25 percent cheaper, it is able to show a 15-20% performance gain in most of the tests over the corresponding x86 based instances. So ARM-based instances are giving conclusively better price-performance in all aspects. We should expect more and more cloud providers to provide ARM-based instances in the future. Please let us know if you wish to see any different type of benchmark tests.

ARM-based CPUs will most likely take over the Datacenter market quite quickly. At amazee.io we started the move away from Intel to AMD CPUs in most of our infrastructure because of the Performance/Price benefit, and it won’t be much different as ARM-based Instances start to be more widely available in the cloud.

What You Should Know Before Leaking a Zoom Meeting (theintercept.com)

It is not immediately apparent at what point Zoom injects its “ultrasonic” audio watermark into the audio stream — whether this happens only if a meeting attendee presses the Record button in Zoom or if the audio stream is watermarked prior to that point. Nonetheless, when recording a Zoom meeting, it is best to avoid using Zoom’s built-in recording option and to capture the meeting using a third-party audio/video recorder. Zoom mentions that in order to identify the participant who recorded the meeting, they need at least two minutes of audio from the meeting, though it stands to reason that shorter snippets may also be identifiable if they happen to contain the audio watermark.

A few good pointers when it comes to Zooms recording fingerprinting and leaking information.

Moxie Marlinspike Has a Plan to Reclaim Our Privacy (newyorker.com)

That’s the Longread of the week folks! (You can also listen to it there’s a full recording of the article).

And as always: Us Signal/Threema. Use Tor.

Truly Doubling Down on Open Source (logz.io)

Over the last few days, we’ve been closely collaborating with a growing number of organizations that believe that Elasticsearch and Kibana need to stay open-source, Apache 2, to serve the broad and diverse community of users working with and contributing to it

Elasticsearch Licencing Change #1

Stepping up for a truly open source Elasticsearch (aws.amazon.com)

The term “open source” has had a specific meaning since it was coined in 1998. Elastic’s assertions that the SSPL is “free and open” are misleading and wrong. They’re trying to claim the benefits of open source, while chipping away at the very definition of open source itself. Their choice of SSPL belies this. SSPL is a non-open source license designed to look like an open source license, blurring the lines between the two. As the Fedora community states, “[to] consider the SSPL to be ‘Free’ or ‘Open Source’ causes [a] shadow to be cast across all other licenses in the FOSS ecosystem.”

Elasticsearch Licencing Change #3

Tobias has a great sum-up of all the important articles in his weekly newsletter.

What Parler Saw During the Attack on the Capitol (projects.propublica.org)

Below is a collection of more than 500 videos that ProPublica determined were taken during the events of Jan. 6 and were relevant and newsworthy. Taken together, they provide one of the most comprehensive records of a dark event in American history through the eyes of those who took part.

The Revolution Will Not Be Televised Livestreamed. Also wearing a mask woudln’t be stupid. You know err… the rona.

System Separation in the Continental Europe Synchronous Area on 8 January 2021 – update (entsoe.eu)

At approximately 14:05 CET, the frequency in the North-West Area of Continental Europe initially decreased to a value of 49.74 Hz within a period of around 15 seconds. Afterwards, the frequency reached a steady state value of approximately 49.84 Hz. At the same time, the frequency in the South-East Area initially increased to a value of up to 50.6 Hz before settling at a steady state frequency between 50.2 Hz and 50.3 Hz. This can also be seen from the graph below.

Due to the underfrequency in the North-West Area, the contracted interruptible services in France and Italy, in total around 1.7 GW, were disconnected in order to reduce the frequency deviation. These services are large customers, who are contracted by the respective Transmission System Operators (TSOs) and get disconnected if frequency drops under a certain threshold. In addition, 420 MW and 60 MW of supportive power were automatically activated from the Nordic and Great Britain Synchronous areas respectively. These countermeasures ensured that, already at 14:09 CET, the frequency deviation was limited to a deviation of around 0.1 Hz in the North-West Area from the nominal frequency of 50 Hz (see Figure 2).

More info on what’s known about the big Electricity grid issue that happened on 2021-01-08.

Also a great thread (in german) on why renewables aren’t to blame in this case.

WhatsApp delays privacy changes following backlash (dw.com)

Following WhatsApp’s initial announcement many users have signed up for other messaging services, including privacy-minded Signal and Telegram. Signal said that a massive influx of users had led to technical difficulties in delivering some messages on Friday.

WhatsApp also canceled its February 8 deadline for accepting the tweak to its terms of service, involving sharing data with Facebook servers.

Well totally didn’t see that one coming! I would love to see how many people moved platforms and the impact on WhatsApp. Signal/Threema/Telegram all saw a huge spike of signups.

Again Use Signal/Threema 😉