Angelesen #51 – Serverless, Rowhammer and Disabled USB Ports

Wow what a week! After leaving Switzerland on Tuesday I made it to Verona  Italy by train where I had the chance to attend JSDay and speak at PHPDay. I am astonished how much work the organisation Team behind those Conferences puts in – They not only run JS- and PHPDay they even branched out into Devops, Containers, React and much more. Way to go! It was a smooth experience and I had tons of fun and learned a lot during the conference.

 

AWS won serverless – now all your software are kinda belong to them (theregister.co.uk)

Leading Edge Forum’s Simon Wardley, never one to mince words, helps to parse what a 70 per cent (or 44 per cent) lead means: “Let me translate that for you. Amazon is currently positioned to own 70 per cent of the future of ALL software.” Developers, for their part, happily focus on writing business logic while AWS (or Microsoft/Google) handle all the server infrastructure. As Matt Wood, AWS general manager of Deep Learning and AI, told me: “With S3, DynamoDB, and Lambda, you can build apps without thinking about the underlying infrastructure.”

Just let that sink in for a minute, shall we? I’m very happy that there are alternatives to the walled gardens that seem to be oh-so-confortable.

Walmart has patented autonomous robot bees (weforum.org)

Walmart has just filed a patent for autonomous, robot bees. Yes, that Walmart — and no, you didn’t slip into another, stranger dimension. The mega-corporation’s patent specifically covers “pollination drones.” These tiny robots could act just like bees, pollinating crops autonomously.

Black mirror is it you?

Google YOLO (blog.innerht.ml)

Buttons are everywhere. Elevator buttons, machinery buttons, and even “Nuclear Button” that sits on the President’s office desk. But are you always sure the button you push really performs what you want it to do?

Fun with Buttons!

iOS 11.4 to Disable USB Port After 7 Days: What It Means for Mobile Forensics (blog.elcomsoft.com)

Apparently, iOS stores information about the date and time the device was last unlocked or had a data connection to a USB port. After the seven days elapse, the Lightning port will be disabled. Once this happens, you will no longer be able to pair the device to a computer or USB accessory, or use an existing lockdown record, without unlocking the device with a passcode. The only thing you’ll be able to do is charging.

A good move! Wondering when Google draws level disabling the USB ports after a while.

Russlands Staatsfeind Nummer eins (republik.ch)

Das russische Internet steht kopf, seitdem Moskau versucht, den Kurznachrichtendienst Telegram zu blockieren. Wer ist Telegram-Gründer Pawel Durow, der als «russischer Zuckerberg» gilt?

Good Longread on Telegram and how their Founder operates.

Conference Buddy (conferencebuddy.io)

The idea was born for a simple reason: While I love going to meetups, barcamps and conferences, I don’t like going on my own when I don’t know anyone. Even the thought is intimidating. And I can’t be the only one, right?

A thing we talked about at PHPDays Verona during the past week. Great initiative!

Now Is The Perfect Time For An RSS Renaissance (neflabs.com)

So the very idea of RSS – obtaining content from a website without having to visit the site itself – is due for a comeback. No ads. No suspicious javascript. Just the signal without the noise. It’s not perfect privacy, but it’s one step back and two steps forward in the right direction.

Still on RSS. Never went away from it… even if it feels a bit oldscool. Own your content.

Victory! Fourth Circuit rules that border officials can’t subject electronic devices to suspicionless forensic searches (boingboing.net)

Now, in U.S. v. Kolsuz, the first appellate ruling since Riley, the Fourth Circuit appeals court has held that it is unconstitutional for US border officials to subject visitors devices to forensic searches without individualized suspicion of criminal wrongdoing.

Win!

Passive Wi-Fi: Bringing Low Power to Wi-Fi Transmissions (usenix.org)

We build prototype hardware and implement all four 802.11b bit rates on an FPGA platform. Our experimental evaluation shows that passive Wi-Fi transmissions can be decoded on off-the-shelf smartphones and Wi-Fi chipsets over distances of 30–100 feet in various line-of-sight and through-the-wall scenarios. Finally, we design a passive Wi-Fi IC that shows that 1 and 11 Mbps transmissions consume 14.5 and 59.2 µW respectively. This translates to 10000x lower power than existing Wi-Fi chipsets and 1000x lower power than Bluetooth LTE and ZigBee.

Impressive presentation!

120+ WordPress-Plugins im DSGVO-Check (mit Lösungen, Alternativen und Plugin-Tipps!) (blogmojo.de)

Because GDPR/DSGVO && WordPress

Everything old is new again: Microservices (blogs.dxc.technology)

Well, it depends. If you got your start programming in the 90s, you’d say I just defined a Service-Oriented Architecture (SOA). But, if you’re younger and cut your developer teeth on the cloud, you’d say: “Oh, you’re talking about microservices.”

Serverless, Microservices – Isn’t that all just SOA?

Translations of My hovercraft is full of eels in many languages (omniglot.com)

Mis Luftchüssiboot isch volle Aal

The most useful phrase in many languages 😉

This is what it’s like using only open-source software on Android (androidpolice.com)

Four years ago, Ars Technica wrote a detailed analysis of using Android without all the proprietary Google software. It wasn’t a great experience, as you can probably guess. But plenty can change in four years, so is the situation any better in 2018? That’s what I wanted to find out.

If you want to go Google-Free that’s a good article here!

New Rowhammer Attack Can Hijack Computers Remotely Over the Network (amp.thehackernews.com)

Since triggering a bit flip requires hundreds of thousands of memory accesses to specific DRAM locations within tens of milliseconds, a successful Throwhammer attack would require a very high-speed network of at least 10Gbps.
In their experimental setup, researchers achieved bit flips on a targeted server after accessing its memory 560,000 times in 64 milliseconds by sending packets over LAN to its RDMA-enabled network card.

Nerdy, i know but Rowhammer attacks are intersting!

Remediating Fukushima—“When everything goes to hell, you go back to basics” (arstechnica.com)

To further limit groundwater flow into reactors buildings, TEPCO actually froze the ground around them, creating a kind of frozen wall down to a depth of about 30 meters. Approximately 1,500 meters long, the wall is kept frozen by pipes filled with an aqueous solution of calcium chloride cooled to -30ºC. Freezing commenced in March 2016 and is now “99 percent complete,” according to Kohta.

Just one piece in the puzzle of cleaning up the Aftermath of Fukushima – And yes it’s already 7 years since the accident happened.

#PHPDay – More on Serverless 🤖

More Serverless! After two inspiring days of attending the JSDay, I had the chance to talk about the concepts around the serverless movement and our approach to it at PHPDay. It’s been a while since my last PHPDay/JSDay and the conference is still as welcoming and nice as I had it in my memory. (Just that I completely forgot about the fabulous strong Italian coffee ) Thank you for having me!

Slides:
Resources:

#WAQ18 – Serverless in the new world of web development 🚀

I was given the huge oportunity to talk about serverless and how infrastructure evolves over time at the annual Web à Quebéc. A huge thanks already goes out to the team that organizes the conference. It’s a blast to see so many dedicated people investing their spare time into such a massive conference! Merci a tous!

Slides:

Resources:

Abt. konspirative Verschlüsselung

Soso Verschlüsselung ist ein hochgradig konspiratives Vorgehen, wenn man den deutschen Behörden zuhört:

Die Behörden scheinen Probleme zu haben, an die Informationen der bei Razzien beschlagnahmten Computer zu gelangen. Die Daten waren verschlüsselt und es wurden sichere Mailadressen verwendet. Ob die Rechner inzwischen geknackt wurden, wollte das Innenministerium auf Anfrage der taz nicht bestätigen. Doch bereits den Einsatz von Verschlüsselungstechnologien wertete das BMI als problematisch. Es zeige ein „hochgradig klandestines und konspiratives“ Vorgehen, wie aus der Verbotsverfügung des Innenministeriums hervorgeht.

Quelle – taz.de – Verbot auf dem Prüfstand

Besorgniserregend finde ich, dass jede Verwendung von Verschlüsselungstechnologie als böse und schädlich angesehen wird, sobald Vater Staat die Finger im Spiel hat.

Wer sich bezüglich dem Verbot von linksunten informieren möchte kann sich den Talk All Computers are Beschlagnahmt vom 34C3 gönnen. Da wird alles gesagt das man wissen muss.

Angelesen #50 – Kubernetes and Space!

Sonntagabend, knapp vor acht Uhr: Hier kommen die Links der Woche: Mal schauen, ob ich die wöchentliche Veröffentlichung hinkriege, ich streiche derzeit einfach die Artikel raus, welche mir nach ein paar Tagen missfallen, und versuche so um die 10-15 interessantesten Artikel der Woche drin zu behalten.

Ansonsten gibt es gute Links und Artikel zu allem, was mit Kubernetes zusammenhängt, drüben bei Cloud-Native.

Go Ahead, Millennials, Destroy Us (nytimes.com)

One of my students once asked me, when I was teaching the writing of political op-ed essays, why adults should listen to anything young people had to say about the world. My answer: because they’re afraid of you. They don’t understand you. And they know you’re going to replace them.

That op-ed hits close to home

TunSafe: Experimental WireGuard VPN Client for OSX (tunsafe.com)

This is the web page for the experimental early release of the TunSafe WireGuard Client for OSX. Warning: This is pre-release software. Use at your own risk.

Wireguard for OSX! By far the most advanced VPN Client so far.

European clocks lose six minutes after dispute saps power from electricity grid (theguardian.com)

The continental network had lost 113GWh of energy since mid-January because Kosovo had been using more electricity than it generates. Serbia, which is responsible for balancing Kosovo’s grid, had failed to do so, ENTSO-E said.

113GWh wer zum Teufel braucht so viel Strom!
Ok Witz bei seite, spannend zu sehen wie lange es dauert, bis man rausfindet wo der fehlende Strom herkommt (oder eben nicht). Bleibt nur zu hoffen, dass keine “wichtige” Infrastruktur auch zu billig Produziert wird und auf einen Quarz verzichtet.

How we discovered a database leak in one of the biggest Swiss hosting provider (security.infoteam.ch)

During the development of our new security SaaS, allowing anyone to check the security level of its own servers, we ran tests on one of our own websites. Since the website is hosted by one of the biggest hosting provider in Switzerland, we didn’t expect to find any critical vulnerabilities. It turned out we were wrong.

Very sad to see such neglects at big swiss hosters. But it also shows how important good security processes are.

World-first firing of air-breathing electric thruster (esa.int)

In a world-first, an ESA-led team has built and fired an electric thruster to ingest scarce air molecules from the top of the atmosphere for propellant, opening the way to satellites flying in very low orbits for years on end.

Scheduling in Kubernetes (alexandrutopliceanu.ro)

This process informs about the trade-offs engineers made in the implementations. Knowing a tool’s strengths and weaknesses helps better design systems on top of it; it exposes potential failure modes and helps debug critical errors when they occur. It also reveals brilliant ideas, tricks, patterns and conventions used in production systems.

Interesting walk trough on the k8s scheduling implementation

Volk beerdigt No Billag (tageswoche.ch)

Über Ganz schlechte Verlierer und Noch schlechtere Verlierer

kube-ops-view: Kubernetes Operational View – read-only system dashboard for multiple K8s clusters (github.com)

Goal: provide a common operational picture for multiple Kubernetes clusters.

Render nodes and indicate their overall status (“Ready”)
Show node capacity and resource usage (CPU, memory)

The one tool I’m fanboying now for more than a week. Simply gives me a high-level overview when things hit the fan and the K8s cluster gets out of hand. The only thing that bugs me at the moment is that it’s not really built for nodes that feature a lot of containers 😉

This Glorious Madman Stuffed A Tesla Drivetrain Into A 1981 Honda Accord (jalopnik.com)

While the Teslonda’s main parts came from the Model S, other parts were often bought based on what fit in a given space and still work with the car. They didn’t plan this build so much as put things together and see what fits. Belosic’s final build sheet has a hilarious variety of donor vehicles as a result.

Tesla Drivetrain in a Honda Accord… well why not?

February 28th DDoS Incident Report (githubengineering.com)

Between 17:21 and 17:30 UTC on February 28th we identified and mitigated a significant volumetric DDoS attack. The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints. It was an amplification attack using the memcached-based approach described above that peaked at 1.35Tbps via 126.9 million packets per second.

Great Post-Mortem on the 1.35Tbps DDoS which hit Github

Taking a sabbatical changed my life. Here’s why you should do it too (weforum.org)

The problem is that most people do not realize that taking a break is an option and most people do not ask for such things since they assume that the company will not support it. Moreover, in our competitive work environment, we fear we would be ‘left behind’ in the invisible race we are all running in the name of ambition.

An interesting take on sabbaticals