Angelesen #56

Bunt gemischt – von Cybercybercybercyberdefense zu freien Notebooks zum Schweizer E-Voting Hickhack.

Schools in England Introduce a New Subject: Mindfulness (nytimes.com)

Students in England already learn about mathematics, science and history, but hundreds of schools are preparing to expand the traditional curriculum with a new subject: mindfulness.

In up to 370 English schools, students will start to practice mindfulness as part of a study to improve youth mental health, the British government said on Monday.

They will work with mental health experts to learn relaxation techniques, breathing exercises and other methods to “help them regulate their emotions,” the government said

Guter Schritt in die richtige Richtung.

Mein Auto hintergeht mich (republik.ch)

Guter Kommentar – der zum Nachdenken anregt

Cyberdefense: Bundesrat regelt Armee-Selbstverteidigung (inside-it.ch)

Um dies klar zu betonen: Die Armee ist nach dem Willen des Bundesrats nicht dafür zuständig, die ganze Schweiz im Falle eines Cyberangriffs zu schützen. Es geht nur um ihren eigenen Schutz.

Cyber Abwehr Batterie 95 Leicht – Kampfwertgesteigert sozusagen

wtfutil/wtf: The personal information dashboard for your terminal. (github.com)

A personal terminal-based dashboard utility, designed for displaying infrequently-needed, but very important, daily data.

Gefunden und für nützlich empfunden

MNT Reform: A free and open source modular computing platform (mntmn.com)

An der FOSSDEM gesehen 🙂 Ein freies zusammengehacktes Notebook <3

On Infrastructure at Scale: A Cascading Failure of Distributed Systems (medium.com)

My mantra “smaller clusters, more of them” is affirmed. The workloads we had in the smaller development Kubernetes clusters were not affected the same as the big one. Same goes for prod. And we would have been hosed if dev and prod were on the same cluster.

Interesting long-read on cascading failures in distributed systems.

Microsoft Azure data deleted because of DNS outage (nakedsecurity.sophos.com)

It’s. a. dns. issue.

Das heikle Geschäft mit der Demokratie (republik.ch)

Eigentlich müsste sich die Schweizerische Post freuen. Nach dem Aus ihres Genfer Konkurrenten CHVote besitzt sie das E-Voting-Monopol im Land. Alle anderen Anbieter haben aufgegeben: weil sie die hohen Sicherheits­kosten scheuen oder den Anforderungen des Bundes nicht standhalten.

Freuen müsste sich auch Scytl. Die spanische E-Voting-Firma ist der Branchen­leader. Sie verkauft ihre Wahlsoftware an 42 Länder. Die Post ist einer ihrer wichtigsten Kunden.

Doch die Freude wird getrübt. Die Kritik am E-Voting wird lauter und lauter. Immer mehr Politikerinnen zweifeln an der Zuverlässigkeit des digitalen Wählens. Vergangenen Freitag präsentierten die Gegner gar eine Volks­initiative gegen das E-Voting. Mit einem Moratorium wollen sie die Wahl­technologie so lange verbieten lassen, bis nachgewiesen werden kann, dass die Stimmabgabe im Internet dieselben Sicherheits­standards erfüllt wie jene der Urnenwahl.

Der Artikel geht gerade durch die Decke.

Randnotiz: Hier kann man die Volksinitiative zum E-Voting-Moratorium unterschrieben

Ten minutes a day (medium.com)

Now, I didn’t say I wrote the book every day — just that I worked on it. Some (many) days, I would work on sample code, futz with formatting, brainstorm ideas, or make edits. All I needed to do was stare at the page for ten minutes and try to do something that felt like progress.

On persistence

Die abfälligen Kommentare über Greta Thunberg sind unerträglich (ze.tt)

Dass so viele Menschen seine Auffassung zu teilen scheinen und andere, wie etwa der Welt-Chefredakteur oder weitere, eigentlich gemäßigtere Journalisten auf den Anti-Greta-Zug aufspringen, offenbart einige tief sitzende Charakterschwächen in der (männlichen) Gesellschaft. Sie betreiben freimütig Altersdiskriminierung, Thunberg ist 16; Sexismus, Thunberg ist ein Mädchen; Ableismus, Thunberg hat das Asperger-Syndrom, eine Form des Autismus. Sie führen diese Dinge an, um Thunberg als Person und Individuum abzuwerten und wollen verhindern, dass ihre Argumente ein Gehör finden. Ihre Tweets sagen dadurch natürlich mehr über den mentalen Zustand dieser Männer aus als über Thunberg. Wer mit solchen Methoden die Deutungshoheit für sich konstatiert, entlarvt sich selbst als Paradebeispiel der Rückständigkeit.

Hass und abfällige Kommentare sind keine Meinung

Kubernetes Failure Stories (srcco.de)

I started to compile a list of public failure/horror stories related to Kubernetes. It should make it easier for people tasked with operations to find outage reports to learn from.

We’ve all been there 😉 More war stories here

ATH+++: Comments

After a longer period of contemplation: I decided to shut down comments on here. If people want to get in touch with me or let me know their remarks Twitter has been far more usable/direct. Sorry for the ones one that was still using the comments — Sorry Habi 😉

Angelesen #55

Was war diese Woche denn so wichtig? Nebst einer ziemlich grossen Passwortsammlung gab es da noch die 10 Year Challenge, welche auch ganz spannende Fragen aufwerfen kann. Abgerundet wird das Ganze mit einem langen Artikel über Open Source Software.

The internet, but not as we know it: life online in China, Russia, Cuba and India (theguardian.com)

More than half of the world’s population is now online, but that does not mean we all see the same thing. From being filtered by the government to being delivered by post, the internet can vary enormously depending on where you live. Here are four illustrated examples

Spannender Artikel zum Internet in China, Russland, Kuba und Indien.

Mit der Republik ins zweite Jahr (republik.ch)

Mit der Republik ins zweite Jahr Erneuerungsrate Crowdfunder und Unterstützerinnen der ersten Stunde

Die Republik zeigt mit tagaktuellen Daten, auf wie es um die Erneuerungen steht. Gelebte Transparenz!

Troy Hunt: The 773 Million Record "Collection #1" Data Breach (troyhunt.com)

Da sind mal wieder einige Passwörter geleakt – Am besten mal die gängige Mailadresse durch Have I been pwned durchlaufen lassen und Passwörter aktualisieren 😉

Security Checklist (securitycheckli.st)

An open source checklist of resources designed to improve your online privacy and security. Check things off to keep track as you go.

Durchschauen Lohnt sich!

Facebook’s ’10 Year Challenge’ Is Just a Harmless Meme—Right? (wired.com)

Me 10 years ago: probably would have played along with the profile picture aging meme going around on Facebook and Instagram Me now: ponders how all this data could be mined to train facial recognition algorithms on age progression and age recognition

Der Twitter Thread zum Thema ist auch sehr lesenswert

5G: if you build it, we will fill it (ben-evans.com)

Gute Abhandlung zum 5G Netz. Fazit: Wenn es mehr Bandbreite geben wird, wird diese auch genutzt werden.

Does Former Nikon Shooter Have Regrets After Switching To Sony? (alphauniverse.com)

The problem with overstaying your relationship with a brand is that, like any dysfunctional relationship, it works on a certain level. Your basic needs are met, your professional identity has been wrapped up in it, many friends know you through the brand, and you might even have logo coffee cups that cement the relationship. Changing all that just seems all too much to bear, especially if we think of ourselves as loyal people and not bandwagon folk. Maybe, you think to yourself, “if I just stick through this a little bit longer, it could get better. It might make all the waiting worth it. I could look smart.”

Guter Artikel, wie lange habe ich doch auf das nächste grosse Ding von Nikon gewartet… Unterdessen bin ich mit einer Sony unterwegs und ganz zufrieden.

How open source software took over the world (techcrunch.com)

It is also important to realize the increasing importance of the developer for these open-source projects. The traditional go-to-market model of closed source software targeted IT as the purchasing center of software. While IT still plays a role, the real customers of open source are the developers who often discover the software, and then download and integrate it into the prototype versions of the projects that they are working on. Once “infected”by open-source software, these projects work their way through the development cycles of organizations from design, to prototyping, to development, to integration and testing, to staging, and finally to production. By the time the open-source software gets to production it is rarely, if ever, displaced. Fundamentally, the software is never “sold”; it is adopted by the developers who appreciate the software more because they can see it and use it themselves rather than being subject to it based on executive decisions.

Longread über quelloffene Software 😉

Angelesen #54

Also irgendwie brauchte ich einen Moment, um nach den upgrade zu WordPress 5 wieder einen Workflow hinzubiegen, der mir Markdown erlaubte. Nun läuft das Ganze aber wieder. Aber der neue Gutenberg Editor in WordPress macht halt irgendwie schon ganz ordentlich Spass, wenn man sich mal daran gewöhnt hat.

Dunedan/mbp-2016-linux: State of Linux on the MacBook Pro 2016 & 2017 (github.com)

State of Linux on the MacBook Pro 2016 & 2017

Back to the 90ies… nachdem ich vor dem 35C3 versucht habe "nur mal eben kurz" mein zweit Notebook mit Linux zu bestücken und schlussendlich nicht mal die Tastatur funktionierte habe ich im Januar nochmal eine Stunde in die Problematik versenkt… Als dann mein uralter Wifi Dongle besser schlussendlich funktionierte als das verbaute WifiModul habe ich kurz einen Ragequit gemacht. -_-

Make a web frame with Raspberry Pi in 30 minutes (balena.io)

interesting 🙂

Privacy-Handbuch (privacy-handbuch.de)

Spannende Lektüre zum spurenarmen Surfen.

Ne0nd0g/merlin: Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang. (github.com)

jessebye/awser: A cool little tool to SSH to EC2 instances using their names (github.com)

Neat! EC2 instance autocompletion!

New malware pulls its instructions from code hidden in memes posted to Twitter (techcrunch.com)

Trend Micro said in a blog post that the malware listens for commands from a Twitter account run by the malware operator. The researchers found two tweets that used steganography to hide “/print” commands in the meme images, which told the malware to take a screenshot of an infected computer. The malware then separately obtains the address where its command and control server is located from a Pastebin post, which directs the malware where to send the screenshots — 10/10 points for creativity, that’s for sure.

Next level things!

Bridget Kromhout | tl;dr: your talk is accepted (bridgetkromhout.com)

Bridget schreibt über die Speaker Infomails die sie für die DevOpsDays verschickt. Sehr genial!

We all <3 Terminals. – Terminals Are Sexy (terminalsare.sexy)

A curated list of Terminal frameworks, plugins & resources for CLI lovers.

Und noch ein Video das ich gemocht habe:

Angelesen #53

And here we are again. The past few months were pretty intense but interesting – A few conferences, side projects and yes a TEDxBern went smoothly by. Oh yes and I spent quite some times in the mountains thats why it was quite silent here (if you’re with me since a while you know this happens every once in a while.)

On Cash (tbray.org)

Rout­ing ev­ery­thing through my cred­it card is feed­ing the glob­al pay­ments cartel, who ex­tract a tar­iff mea­sured in freak­ing dol­lars for al­most ev­ery rou­tine trans­ac­tion. I’ve seen so many great busi­ness plans go beg­ging be­cause they could have done some­thing won­der­ful in the world if you could on­ly do mi­cro­pay­ments, which you can’t, did I men­tion that car­tel that ba­si­cal­ly has it locked up and tied down?

Goodread on cash 🙂

4G Mobiltelefon – MP02 (punkt.ch)

Wenn es Zeit ist, online zu gehen, kann die 4G LTE-Verbindung des MP 02 mit einem Tablet/Laptop geteilt werden – das bedeutet eine leichtere Eingabe als beim Smartphone und einen größeren Bildschirm. Dieser Zwei-Geräte-Ansatz bedeutet, dass das Internet etwas ist, in das Sie eintauchen, und nicht umgekehrt.

Finally! A Dumbphone with 4G wifi capability.

IRL Glasses Block All the Screens Around You (wired.com)

Originally, they prototyped the glasses using the Casper film stuck onto regular lenses. But they later realized that any polarized lens rotated 90 degrees and flattened could produce the same screen-blocking effect. Right now, their lenses can block light emitted from LCD and LED screens, but not OLED screens. That means they tune out most televisions and some computers, but not the newer crop of smartphones like the OLED-packing iPhones.

Love the idea!

Balancing Engineering and Support (stories.amazee.io)

The schedule we currently operate on is two weeks of support and two weeks of engineering. It’s not a completely pure system, of course, you might get pulled into support when you are on an engineering sprint but there is an expectation that you can and should have time to build, to innovate, and to unplug if necessary to do it.

A few insights from Tyler how we handle engineering and support at amazee.io

12 Factor CLI Apps (medium.com)

At Heroku, we’ve come up with a methodology called the 12 factor app. It’s a set of principles designed to make great web applications that are easy to maintain. In that spirit, here are 12 CLI factors to keep in mind when building your next CLI application. Following these principles will offer CLI UX that users will love.

We’ve also built a CLI framework called oclif that is designed to follow these principles to build great CLIs in Node.

Interesting approaches for people building CLI apps.

Delaying Further Symantec TLS Certificate Distrust (blog.mozilla.org)

Unfortunately, because so many sites have not yet taken action, moving this change from Firefox 63 Nightly into Beta would impact a significant number of our users. It is unfortunate that so many website operators have waited to update their certificates, especially given that DigiCert is providing replacements for free.

We prioritize the safety of our users and recognize the additional risk caused by a delay in the implementation of the distrust plan. However, given the current situation, we believe that delaying the release of this change until later this year when more sites have replaced their Symantec TLS certificates is in the overall best interest of our users. This change will remain enabled in Nightly, and we plan to enable it in Firefox 64 Beta when it ships in mid-October.

Change takes time… an awful lot of it

Schweizer Steuer-App speicherte alle Daten öffentlich in der Cloud (heise.de)

Zwar schon älter aber der Facepalm hallt nach. 🤦

How Will Climate Change Affect Politics? (theatlantic.com)

Day Zero is still hypothetical, but Cape Town’s reality will soon impact many global cities, where water will become a constant concern, and democracy will become contingent upon the taps.

A good read on climate change and how it will affect politics.

Build a better Bookshelf (huytd.github.io)

Step 1: Install any document scanning app on your phone
Step 2: Scan all the index pages and table of contents in all of your books
Step 3: Send it to whatever software you’re using that has OCR feature
Step 4: Now you can search your books digitally

Great Idea!

CLI: improved (remysharp.com)

Remy has a few nice changes he implemented on his shell.. 🙂

I fell for prettyping

GovCMS coming of age (lilengine.co)

The Lagoon product does push us to the very limits of what can be realistically open sourced and free of vendor lock-in. So what would it take a government organisation to run/roll their own Lagoon?

<3 I love feedback like this on our open source project!