Drupal Mountain Camp : Systems then and now

During the first Drupal Mountain Camp in the wonderful scenery of Davos, I was given the opportunity to talk about the concepts of virtualized systems, containers and how systems have been provisioned during my time on the job.

Several principles of System Design were covered as well as the fact that “new technologies” are maybe not so new anymore, as the name or trend might suggest.

You can view the slides of my presentation at the download link below:




Angelesen #38

Da wären wir mal wieder. 3-2-1 Links der Woche:

And that, kids, is why we call it a “Patch (twitter.com)


deviantony/docker-elk: The ELK stack powered by Docker and Compose. (github.com)

Run the latest version of the ELK (Elasticseach, Logstash, Kibana) stack with Docker and Docker-compose.

Das docker-elk teste ich derzeit gerade. Sieht vielversprechend aus. Und läuft auch mit Metricbeat :)

Drumpf’s cyber-guru Giuliani runs ancient ‘easily hackable website’ (theregister.co.uk)

Giulianisecurity.com, the website for the ex-mayor’s eponymous infosec consultancy firm, is powered by a roughly five-year-old build of Joomla! that is packed with vulnerabilities. Some of those bugs can be potentially exploited by miscreants using basic SQL injection techniques to compromise the server.

Was könnte da wohl schief gehen…?

At the BBC, the launch of in-app vertical video is a step toward connecting with new audiences (niemanlab.org)

Vertical Video? FFS!

Law Enforcement Access to IoT Data (schneier.com)

The particulars of the case are weird. Amazon’s Echo does not constantly record; it only listens for its name. So it’s unclear that there is any evidence to be turned over. But this general issue isn’t going away. We are all under ubiquitous surveillance, but it is surveillance by the companies that control the Internet-connected devices in our lives. The rules by which police and intelligence agencies get access to that data will come under increasing pressure for change.

U.S. Global Entry Program to Start in Switzerland February 1, 2017 (ch.usembassy.gov)

Ambassador Suzan G. LeVine commented: “Having been a user of the Global Entry program for several years now, I personally know that business and leisure travelers alike will appreciate the efficiency and speed with which members can get through the port of entry. This will allow participating travelers from Switzerland to focus on their travel plans and reduce the time spent at passport control.”


Simon Sinek on “The Millennial Question” (youtube.com)

15 Minuten über die Millenials, sehr gutes Interview mit Simon Sinek

HTTPS on NYTimes.com (open.blogs.nytimes.com)

This is a significant milestone in the 21-year history of our website, and though it’s taken us some time, we are very excited to share this with our readers.

Grosse Seiten auf HTTPS zu bringen ist nicht einfach. Toll zu sehen, dass die NY Times da vorreiter sind!

Atlassian acquires Trello for $425M (techcrunch.com)

Atlassian today announced that it has acquired project management service Trello for $425 million.

Atlassian hat mal wieder eingekauft.

Angelesen #37

Kurz mal die wöchentliche* Linkschleuder :)

LG threatens to put Wi-Fi in every appliance it releases in 2017 (arstechnica.co.uk)

Now that phenomenon is reaching its logical endpoint: during the company’s CES press conference today, LG marketing VP David VanderWaal says that “starting this year” all of LG’s home appliances will feature “advanced Wi-Fi connectivity.”

Looking forward to the time when your toaster is DDOSing your fridge ;)

A wide-angle camera mounted inside the fridge lets you look inside your fridge remotely just in case you think you left something off your grocery list.

Seriously? ¯_(ツ)_/¯

C3TV – Gone in 60 Milliseconds (media.ccc.de)

More and more businesses are moving away from monolithic servers and turning to event-driven microservices powered by cloud function providers like AWS Lambda. So, how do we hack in to a server that only exists for 60 milliseconds?

Sehenswerter CCC Talk über die Sicherheit von “serverloser” Infrastruktur.

C3TV – Software Defined Emissions (media.ccc.de)

A technical talk on how to reverse-engineer electronic control units in order to document what was left apparently intentionally undocumented by the vendor – including how Volkswagen tweaked their cycle detection code while already being investigated by the EPA, how different the Volkswagen approach is really to the rest of the industry, and of course some trivia on how the „acoustic function“ got its name.

Zum Thema Dieselgate ein genialer Vortrag zum Thema Software Defined Emissions

How I Built This : Yvon Chouinard built @patagonia (twitter.com)

Podcast mit dem Firmendgründer von Patagonia

Great Talks and Presentations at 33C3 (metachris.com)

The Chaos Computer Congress is Europe’s leading hacker and tech community conference, taking place annualy in Hamburg, Germany between Christmas and New Year. This year was the 33rd time (hence 33C3), and as usual featured a large number of amazing talks and presentations.

Gute Auflistung von 33C3 Talks :)

Open-Sourcing Our Incident Response Documentation (pagerduty.com)

Our internal incident response documentation is something we’ve built up over the last few years as we’ve learned and watched our customers learn. It details the best practices of our process, from how to prepare new employees for on-call responsibilities, to how to handle major incidents, both in preparation and after-work. Few companies seem to talk about their internal processes for dealing with major incidents. It’s sometimes considered taboo to even mention the word “incident” in any sort of communication. We would like to change that, making it possible to learn and be better.

Äusserst Lesenswerte Dokumentation von Pagerduty für alle die öfters mal On-Call sind.

Does Google execute JavaScript? (stephanboyer.com)

My conclusion is: Google may or may not decide to run your JavaScript, and you don’t want your business to depend on its particular inclination of the day. Do server-side/universal/isomorphic rendering just to be safe.

Ob google Javascript beim crawlen ausführt oder nicht ;)

  • hoffentlich ab jetzt wieder öfters

Angelesen #36

Und da wären wir. Das 2017 ist angebrochen. Die letzten paar Tage habe ich mich morgens zuerst um das Einfeuern der Holzheizung gekümmert, da es sonst ein bisschen kalt gewesen wäre. In den Bergen ist das Neujahr viel unspektakulärer (Mensch lese “leiser”) als in der Stadt.

2017 is not just another prime number (weijr-note.blogspot.ch)

Was 2017 ist und was nicht.

GoPro is going down hard (vowe.net)

No, not only that. Now somebody has decided that you cannot use their existing remote control software without a login to a “GoPro+” account. And you need to be connected to the Internet to do that.

My feeling trying to reconnect to the GoPro last time I used it.

Electricity Map | Live CO2 emissions of the European electricity production (electricitymap.tmrow.co)

Live Karte des europäischen Strom Im- und Export.

Diagnose subito! Und bitte mit Bild! (tagesanzeiger.ch)

DNP will auch rasch eine genaue Diagnose, am besten mit Röntgenbild oder MRI-Scan. Eine umschreibende Beurteilung genügt nicht – dabei läge gerade darin die Stärke der Hausarztmedizin: Es gilt, eine essenzielle Krankheit oder eine schwere Verletzung auszuschliessen, die eine sofortige Therapie nötig machten – um sich dann in folgenden Konsultationen der Diagnose anzunähern, während dazwischen die Zeit heilt.

Grossartiger Artikel geschrieben von einem Hausarzt.

Maslow’s hierarchy of SRE needs (plus.google.com)

Good read!

No Signal: Egypt blocks the encrypted messaging app as it continues its cyber crackdown (techcrunch.com)

Last week Egyptian users raised the alarm about their inability to access the highly encrypted app popular among activists, including important whistleblower Edward Snowden.

If your government tells you that something is wrong when they can’t access your private data you should be very much alarmed!

You Need to Rethink that “Jump Server.” (donjones.com)

This jump server should be destroyed and rebuilt frequently – like, once a day – using automated tooling. Doing so makes it harder for a hacker to take hold. Access to the jump server must be via two-factor authentication (2FA), period, making it harder for a compromised account to insert code onto the server.

Guter Artikel zum oft gepriesenen Jumphost