Angelesen #60

Happy 2020 folks – A few links that found their ways into my bookmarks lately:

Which emoji scissors close (wh0.github.io)

Ah, scissors. They’re important enough that we have an emoji for them. On your device, it appears as ✂️. Unlike the real world tool it represents, the emoji’s job is to convey the idea, especially at small sizes. It doesn’t need to be able to swing or cut things. Nevertheless, let’s judge them on that irrelevant criterion.

Yeah why would scissors work anyway ;)?

Russia ‘successfully tests’ its unplugged internet (bbc.com)

Russia has successfully tested a country-wide alternative to the global internet, its government has announced.

Well this was announced for quite a while but it’s concerning if other nations start to follow suit.

How to Track POTUS (nytimes.com)

The Times Privacy Project obtained a dataset with more than 50 billion location pings from the phones of more than 12 million people in this country. It was a random sample from 2016 and 2017, but it took only minutes — with assistance from publicly available information — for us to deanonymize location data and track the whereabouts of the President.

Well nobody saw this coming, right? Right!

Open letter from the Home Secretary – alongside US Attorney General Barr, Secretary of Homeland Security (Acting) McAleenan, and Australian Minister for Home Affairs Dutton – to Mark Zuckerberg (gov.uk)

We are writing to request that Facebook does not proceed with its plan to implement end-to-end encryption across its messaging services without ensuring that there is no reduction to user safety and without including a means for lawful access to the content of communications to protect our citizens.

great… weakening E2E encrpyption for the greater good… Is this an rerun of the crypto exports all over again?

Autonomous DeLorean drives sideways to move forward (news.stanford.edu)

“We’re trying to develop automated vehicles that can handle emergency maneuvers or slippery surfaces like ice or snow,” Gerdes said. “We’d like to develop automated vehicles that can use all of the friction between the tire and the road to get the car out of harm’s way. We want the car to be able to avoid any accident that’s avoidable within the laws of physics.”

It’s insane to see an EV DeLorean driving that track without going off rails!

Fefes Blog (blog.fefe.de)

Und – dieses Detail hat mir echt die Schuhe ausgezogen – 60% der Energie dieses Kraftwerks geht wieder in den Betrieb des Tagebaus.

Kohle? Das kann weg oder?

Privacy Analysis of Tiktok’s App and Website (rufposten.de)

Another nail into TikToks Privacy coffin…

Nail 1: Tiktok – Überwachung und Kritik Nail 2: Cheerfulness and Censorship

The “Great Cannon” has been deployed again (cybersecurity.att.com)

These may seem like an odd selection of websites and memes to target, however these meme images appear on the LIHKG forums so the traffic is likely intended to blend in with normal traffic. The URLs are appended to the LIHKG image proxy url (eg; https://na.cx/i/6hxp6x9.gif becomes https://i.lih.kg/540/https://na.cx/i/6hxp6x9.gif?t=6009966493) which causes LIHKG to perform the bandwidth and computationally expensive task of taking a remote image, changing its size, then serving it to the user.

The Great Cannon has been deployed earlier already (also in the writeup) but It’s interesting how the DOS will be hit the target – by basically invalidating caches and re-rendering images.

36C3 Recap

While getting back to normal life after congress is always hard. I went through all the recordings and pulled out a few very good ones I either saw live or in days after. There were so many talks in parallel it was very hard to choose. All of this is also available in multiple languages thanks to the volunteers of the c3lingo team!

I also volunteered and got into the Stage Manager Supporter role during which was fun to see how other stages are managed – but I was also happy to have an easy first shift to learn 🙂

Now to the talks: Most of them are available in English and German and only the last one is only available in German. Translations can be found by clicking at the cog-wheel – Enjoy:

Boeing 737MAX: Automated Crashes 🇺🇸🇬🇧

A lot of background around the 737 Max issues.

What the world can learn from Hongkong 🇺🇸🇬🇧

How protest works in Hongkong

Reducing Carbon in the Digital Realm 🇺🇸🇬🇧

Digital Products seem always so sleek and “carbon-friendly” but most of the time they aren’t. Chris dives into this topic and sheds light on a lot of aspects I didn’t think about.

The Large Hadron Collider Infrastructure Talk 🇺🇸🇬🇧

If the LHC is among the things you like to know more about. That’s the talk!

Bahnmining – Pünktlichkeit ist eine Zier 🇩🇪

David already held a lot of good talks at the congress. This time he looked into punctuality of the German Railways – Die Bahn. With a lot of interesting things uncovered.

Von 4G zu 5G 🇩🇪

Peter is a regular speaker and talks usually about very interesting aspects of Mobile Radio Networks as he did at 35C3 on HF-Isses in the Uplink Channel. This time he looks into the Path from a 4G network to a 5G network.

Let’s play Infokrieg 🇩🇪

Hacking the Media 🇩🇪

The Peng Collective does all sorts of political actions. Civil disobedience at its best!

Hirne Hacken 🇩🇪

Looks like the weakest link in security is: YOU!

Das Mauern muss weg 🇩🇪

How the Informationsfreiheitsgesetz (IFG) / Freedom of Information Act (FOIA) can lead to very interesting behaviour in the government but als lead to interesting information being published.

Welches Betriebssystem hat der Bundestag und wie kann man es hacken? only 🇩🇪

RE: This Page is Designed to Last

I stumbled over the Article on preserving content on the web from Jeff and found it very interesting:

Bookmark after bookmark led to dead link after dead link. Vanished are amazing pieces of writing on kuro5hin about tech culture, and a collection of mathematical puzzles and their associated discussion by academics that my father introduced me to; gone are Woodman’s Reverse Engineering tutorials from my high school years, where I first tasted the feeling of dominance over software; even my most recent bookmark, a series of posts on Google+ exposing usb-c chargers’ non-compliance with the specification, disappeared.

This Page is Designed to Last: A Manifesto for Preserving Content on the Web

He dives into how we can make the web better (and simpler). As I’m currently facing the rear end of support on what my small website has been built on I’m putting in some thought on how I want to build a new website. Simplicity is a huge part here but also the curiosity to try something new. So it does not come to a surprise that I’m playing around with Gatsby so in the end, I won’t have to deal with upgrades and deprecations all too often as it just ends up being a static site – deployed by a simple build task attached to my version control repository.

But Jeff goes even further and lists 7 steps of preserving content:

  1. Return to vanilla HTML/CSS
  2. Don’t minimize that HTML
  3. Prefer one page over several
  4. End all forms of hotlinking
  5. Stick with the 13 web safe fonts +2
  6. Obsessively compress your images
  7. Eliminate the broken URL risk

An interesting list of approaches which all make perfect sense. Lately during a discussion with a friend we discussed the history we had over the time on twitter and one brought up “Do you remember the time where we couldn’t add images to tweets and those images have all been lost because the services were dying at some point”. And this is the exact same issue. This is also why I try to host my content myself and practising Publish (on your) Own Site, Syndicate Elsewhere (POSSE) whenever possible.

Of course, this does not hold true to a lot of “web application” sites but over the past, I worked on a few Web Performance projects for big websites and “simplifying things” lead also mostly to making a site more performant and more sustainable in the long run. And I think part of the strategies in Jeffs Blogpost apply to a much broader set of sites than we might think in the first place.

Angelesen #59


Phew – die letzten paar Monate waren viel Konferenzzeit und viel Reisen. Daher hatte ich irgendwie nie wirklich viel Musse hier auch noch was zu schreiben.

CNAME Cloaking, the dangerous disguise of third-party trackers (medium.com)

Web Tracking Wars #1 – Original start of the whole thing

If someone wants you to use CNAME cloaking for whatever smart reason they come up with – please decline politely.

Volksinitiative gegen Naturgesetz (higgs.ch)

Die Hälfte der Schweizerinnen und Schweizer möchte den Ausbau von 5G stoppen, kantonal wurden bereits Moratorien beschlossen. Und nun fordert eine Volksinitiative die drastische Senkung der Funkstrahlung. Doch eine Umsetzung würde das Gegenteil bewirken.

🤦🤦‍♀️🤦🤦‍♀️

Alternativ darf man sich noch folgenden Artikel aus der WOZ gönnen und dann wäre eigentlich alles gesagt, was der informierte Bürger benötigen würde, aber ja… Der Habi hat das auch schon schön erwähnt letztlich.

Lustige Anekdote dazu: Im Winter war ich in Adelboden auf den Skiern. Auf dem Bus ins Tal rein hat eine Dame neben mir auf ihrem iPhone X (wahrscheinlich mit 4G) die Petition ‘Stop’ 5G’ unterschrieben und sich dazu ca. 20 Minuten lang Videos in den Bus gestreamt…

Die Nightjets der neuen Generation: Ein erster Blick in die Zukunft! (blog.oebb.at)

Also ich freue mich schon auf 2022 🙂 Mehr zur ganzen Nachtzugthematik im Referat an der umverkehR-Fachtagung

Edge vs. Chrome: Microsoft’s Tracking Prevention hits Google the hardest (zdnet.com)

Web Tracking Wars #2

On January 15, 2020, Microsoft is scheduled to roll out a completely revamped Edge browser to the general public. That browser, which is available for beta testing now on all supported versions of Windows and MacOS, includes a feature called Tracking Prevention.

There was a really good talk at MS Ignite about the why and hows of using Chromium as backend for all the new Edge rendering. But seeing the Tracking Prevention making it to major browsers like Edge and Firefox is a refreshing thing to see.

The Captured City (reallifemag.com)

The “smart city” is not a coherent concept, let alone an actually existing entity. It’s better understood as a misleading euphemism for a corporately controlled urban future.

A very good take on smart cities and why you should not embrace it right away.

Predictions 2019-1

  • Microsoft will swap their existing Kernel with an Open Source Linux Kernel (as they already work on a lot of Subsystem improvements https://github.com/microsoft/WSL2-Linux-Kernel)
  • Podcasts will have an even bigger revival, but the openness will suffer by monetisation – this can already be seen with closed systems like Spotify or Luminary
  • RSS will probably die out more and more due to Podcasts being moved into walled systems
  • Apple will close down their system to an extent where it will not allow any changes and could loose the favour of the development community