Angelesen #45

Howdy y’all! Böse Zungen behaupten, dass ich zwischen August und November ziemlich schwer zu erreichen bin. Tja die #CrazyTime gibt es jedes Jahr. Nach meinem Aufenthalt in Wien ist die USA an der Reihe! Ich bin derzeit gerade in San Francisco, wo die Temperaturen mit 28°C sehr im Rahmen des erträglichen sind! Nachdem ich heute 15km rumgelaufen bin treffe ich noch einige Freunde bevor am Mittwoch das BadCamp beginnt.

The Depression Thing (zachholman.com)

Longread von Zach Homan zum Thema Depressionen.

Die ersten Anzeigen seit der Einführung des Verhüllungsverbots in Österreich (watson.ch)

fassungsloses Kopfschütteln auf das wir in der Schweiz solchen Unfug bachab schicken!

What I Learned From Reading Every Amazon Shareholders Letter (medium.com)

If you’re offered a seat on a rocket ship, don’t ask what seat. Just get on.
Jemand hat sich die Mühe gemacht, sämtliche Shareholder Letters durchzulesen, darunter hat es einige Trouvailen und clevere Schlussfolgerungen

Google is nerfing all Home Minis because mine spied on everything I said 24/7 (androidpolice.com)

What could have possibly gone wrong… uhm wait!

OnePlus OxygenOS built-in analytics (chrisdcmoore.co.uk)

from a development point of view, wanting to know about abnormal reboots seems legitimate – but the screen on/off and unlock activities feel excessive.

Ein Privacy WTF der Extraklasse!

What will programming look like in the future? (highscalability.com)

Right now, limited as we are by human programmers using methods that haven’t changed much in 30 years, software is just nibbling at the world. And that won’t scale. We need more software. A lot more software. And humans are the bottleneck.

Spannender Gedanke zur Zukunft von Software

Changing Lanes: Watch Median Movers & Cone Collectors Rapidly Modify Roads – 99% Invisible (99percentinvisible.org)

Persisting state between AWS EC2 spot instances (peteris.rocks)

Direkt aus der Abteilung für “Amazon AWS Spot Instance”-Hacks

No Justification for Spanish Internet Censorship During Catalonian Referendum (eff.org)

With an extremely narrow range of exceptions, government censorship of the Internet is prohibited by Article 19 of the Universal Declaration of Human Rights, and by Article 10 of the European Convention on Human Rights, both of which guarantee everyone’s right to receive and impart information and ideas regardless of frontiers. The Spanish government’s censorship of online speech during the Catalonian referendum period is so wildly disproportionate and overbroad, that its violation of these instruments seems almost beyond dispute.

Keine Regierung sollte ihren Bürgern jemals vorschreiben was sie im Internet anzusurfen haben. Geschweige denn Seiten in diesem Masse sperren – Basta!

HAProxy vs nginx: Why you should NEVER use nginx for load balancing! (thehftguy.com)

Conclusion: Avoid nginx at all costs

Talking about NGINX as Loadbalancer

GitLab raises $20M Series C round led by GV (techcrunch.com)

Way to go GitLab!

Bluetooth won’t replace the headphone jack (theverge.com)

To improve Bluetooth, platform vendors like Apple and Google are riffing on top of it, and that means they’re building custom solutions. And building custom solutions means they’re taking the opportunity to prioritize their own products, because that is a fair and rational thing for platform vendors to do.

Preach!

The playbook is simple: last year, Apple dropped the headphone jack and replaced it with its W1 system, which is basically a custom controller chip and software management layer for Bluetooth. The exemplary set of W1 headphones is, of course, AirPods, but Apple also owns Beats, and there are a few sets of W1 Beats headphones available as well. You can still use regular Bluetooth headphones with an iPhone, and you can use AirPods as regular Bluetooth headphones, but the combination iPhone / W1 experience is obviously superior to anything else on the market. No one else can make W1 headphones, and obviously no one else can modify iOS to support their own custom wireless Bluetooth riff. So your choices are the four W1 headphones, and then a large market of second-class citizens.

Nicht das Google das unglaublich viel offener Machen würde. Aber der Trend ist eine DRMifizierung von sämtlichen Datenwegen. Gefällt der Musikindustrie und den Premium-Hardware-Herstellern bestimmt ;)

Julian Assange Told Young Catalans What Chat Apps To Use To Avoid Spanish Authorities (buzzfeed.com)

Tracking police activity was one of the largest priorities for the Catalan activists on the day of the vote. A user-generated map quickly started getting shared around. “There was a map, a Google map, with points where the police had been and you could see different colors. I don’t know who made it,” Rosique said.

Crowd-gesourctes Riot Management, Mobilisierung über End-to-End verschlüsselte Dienste wie Whatsapp/Signal/Telegram. Wow!

And now everyone : Use Tor, Use Signal

Deutsche Bank makes its computer code publicly available for the first time – Newsroom (db.com)

Opensource FTW!

Band uses delay from Facebook Live to loop a song and it’s incredible (mashable.com)

Ein Video zur Abwechslung

Personal Power Plant projects (sunboxlabs.com)

sunboxlabs is a platform for sharing DIY solar projects. learn, share, build.

Zusammenfassung von verschiedenen Solarprojekten.

UK gives WhatsApp another spanking over e2e crypto (techcrunch.com)

So Rudd’s views on e2e crypto — and her apparent willingness to continue to misunderstand how technologies work — should worry us all.

Guter Artikel zur End-To-End Crypto Diskussion in den UK. Wetten, dass Natasha beim schreiben des Beitrags viel Spass hatte!

No Bitcoin-based protocol can handle more than 20M users per month (runeksvendsen.github.io)

Titel sagt alles ;)

DrupalCon Vienna – Stories and thoughts on Drupal Hosting — stories.amazee.io (stories.amazee.io)

In Eigener Sache : Ich habe drüben auf unserem Firmenblog über die DrupalCon geschrieben.

Angelesen #40

Und da wären wir wieder die Links der Woche! Zwischen Musik – Shell-Reparatur und Security. Zudem hat Habi hat die recommended readings aufgegeben, leider. Aber ja das Bloggen heutzutage…

Support us / Hype Machine (hypem.com)

As music experiences on the internet have become more centralized, powered by a handful of large services, they’ve also become more alike. Today, a listener’s choice is between minor interface and catalog differences—a narrow way of interacting with a key part of contemporary culture. We think that people deserve a multitude of ways of experiencing music, and we’d like to build more of them with your support and feedback.

Ich habe geradel meine HypeMachine Supporter Subscription aktiviert. Den Musikdienst nutze ich seit etwa 2009. Gut für alle die Musik-Nerds die gerne mal etwas neues hören :)

Scott Gilbertson: ‘Kill Google AMP Before It Kills the Web’ (daringfireball.net)

I’d stand by that even if the implementation were great. But the implementation is not great — it’s terrible. Yes, AMP pages load fast, but you don’t need AMP for fast-loading web pages. If you are a publisher and your web pages don’t load fast, the sane solution is to fix your fucking website so that pages load fast, not to throw your hands up in the air and implement AMP.

AMP optimiert das Web für Google und sonst für niemanden.

Theresa May to create new internet that would be controlled and regulated by government (independent.co.uk)

“Some people say that it is not for government to regulate when it comes to technology and the internet,” it states. “We disagree.”

Das geht ja total in die richtige Richtung, NOT!

BASH – Fix The Display and Console Gibberish on a Linux / Unix / OS X / BSD Systems – nixCraft (cyberciti.biz)

$ reset
$ stty sane
$ clear

the three steps to get your shell back in order :)

GoAccess – Visual Web Log Analyzer (goaccess.io)

GoAccess is an open source real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser.

It provides fast and valuable HTTP statistics for system administrators that require a visual server report on the fly.

  • Looks nice √
  • Websockets √
  • runs on the shell √
  • and in docker √√√√

Bartender 2 | Mac Menu Bar Item Control (macbartender.com)

Bartender 2 lets you organize your menu bar apps, by hiding them, rearranging them, or moving them to the Bartender Bar.

Ja, ich weiss das Tool gibts schon lange. Bin aber erst grad mal wieder darüber gestolpert. Jetzt habe ich endlich auch eine aufgeräumte Menu-Bar.

PINEBOOK – PINE64 (pine64.org)

PINEBOOK is an 11.6″ or 14″ notebook powered by the same Quad-Core ARM Cortex A53 64-Bit Processor used in our popular PINE A64 Single Board Computer. It is lightweight and comes with a full size keyboard and large multi-touch touchpad for students and makers.

Spannendes Projekt. Ein ARM basierendes Notebook mit allen Nettigkeiten die man sich so wünscht.

“MP3 is dead” missed the real, much better story (marco.org)

MP3 is supported by everything, everywhere, and is now patent-free. There has never been another audio format as widely supported as MP3, it’s good enough for almost anything, and now, over twenty years since it took the world by storm, it’s finally free.

MP3 ist nicht Tod, es ist jetzt frei :)

The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack (blogs.microsoft.com)

The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.

Word!

Wie das früher mit der Zeitansage funktioniert hat (kraftfuttermischwerk.de)

Die Sendung mit der Maus erklärte in den 70er Jahren, wie die Zeitansage funktioniert hat. Und nein, ich wusste das bis eben nicht. Allerdings habe ich auch noch nie in meinem Leben bei der Zeitansage angerufen.

PHP Versions Stats – 2017.1 Edition (seld.be)

A few observations: With a big boost of PHP 7.1 installs, PHP 7 overall now represents over 50%. 5.3/5.4 are really tiny and even 5.5 is dropping significantly which is good as it is not maintained anymore since last summer. That’s a total of 85% of installs done on supported versions, which is pretty good.

Promising statistics!

njhartwell/pw3nage: If you get pw3ned, might want to fix your shell (github.com)

This is a rather silly POC of a vulnerability in custom shell prompt scripts that I suspect is rather widespread. I noticed when working on a branch that included (for the sake of cuteness) a $ that my prompt that usually includes the branch name had a bunch of gibberish. I suspected the zsh pluging I was using did not properly escape shell metacharacters, so I tried a few more things and landed on this.

You might want to fix your shell ;)

Angelesen #39

Mal wieder ein paar Links. Irgendwie sollt ich das hinkriegen das wieder wöchentlich zu veröffentlichen :)

Guaranteed Minimum What? (granolashotgun.com)

We’re now seeing the next wave of creative destruction transforming society. We don’t yet know how it will end. At the moment it looks like people with the skills to create and manage complex systems or build and maintain computer guided equipment will do pretty well. So what about everyone else?

600 Watt, 3d-printed, Halbach Array, brushless DC electric Motor (youtube.com)

Ein self-made 600 Watt Brushless Motor!

Kurz frottiert: SVP gegen Reitschul-Schliessung (derbund.ch)

Die Reitschule sei eine «öffentliche Institution», schreibt Beuchat. «Darf diese einfach nach Belieben schliessen?»

Nicht alles das öffentliche Gelder erhält ist de-facto eine öffentliche Institution. Abgesehen davon ganz Lustig wenn die SVP was gegen die schliessung der Reitschule hat ;)

CPU Utilization is Wrong (brendangregg.com)

Nowadays, CPUs have become much faster than main memory, and waiting on memory dominates what is still called “CPU utilization”. When you see high %CPU in top(1), you might think of the processor as being the bottleneck – the CPU package under the heat sink and fan – when it’s really those banks of DRAM.

MicroBadger (microbadger.com)

Have you ever found an image on Docker Hub and wondered what code it was built from? Or tried to locate the Docker image for a source code repo?

MicroBadger makes it easy to see the contents of a container image, including the layers, the base image it depends on, and its labels & other metadata.

As imagelayers.io is dead microbadger can help out

Schweiget! und schreibet! (dasnuf.de)

MAN MUSS AUCH NICHT JEDEN SCHEISS MITMACHEN!

Früher ging es auch ohne. Da haben wir noch getippt! Sogar bevor es die Smartphones gab! Selbst da haben wir uns SMS geschickt. Wir haben die Zifferntasten als Buchstabenauswahl genutzt, mussten teilweise 3x auf die Taste drücken, bis endlich der gewünschte Buchstabe erschien und es gab gar keine Wortvorschläge. Wir haben jeden fucking einzelnen Buchstaben ausgewählt! Jedes Wort einzeln und bis ganz zu Ende getippt. So war das damals! Disziplin hatten wir! Durchhaltevermögen! Ehrgeiz! Echter Kommunikationswille!

Gelateria in Zürich eröffnet: Grazie, Berna (nzz.ch)

In der Bundesstadt hat sich die «Gelateria di Berna» innert sieben Jahren einen legendären Ruf erarbeitet. Nun wagt sie erstmals den Schritt aus Bern hinaus – und hat am Freitag ihren kleinen Zürcher Ableger eröffnet.

Bäm Hauptstadt-Export sozusagen <3

Democracy Hacked (medium.com)

The most prolific account tweeted 1668 times in the roughly 24 hours of data ― that’s faster than a single (re)tweet per minute, all day with no sleep.

Die Ökonomie der Desinformation.

Something is wrong when the ‘telephone app’ on your phone becomes 3rd party (martinruenz.de)

But when I realised that the dialler now labelled itself as ‘truecaller’ – something I had never heard of, shoot, I didn’t even know the dialler is an app – it gave rise to a bad suspicion: Is some of my phone’s core functionality now provided by a 3rd party app? Indeed. Does it respect my privacy? No. Can I uninstall it again? No. Was I ever asked to comply with their terms and conditions? Of course not.

Interessanter Beitrag.

“Of course it leaks” (groups.google.com)

I was once working with a
customer who was producing on-board software for a missile. In my analysis
of the code, I pointed out that they had a number of problems with storage
leaks. Imagine my surprise when the customers chief software engineer said
“Of course it leaks”. He went on to point out that they had calculated the
amount of memory the application would leak in the total possible flight time
for the missile and then doubled that number. They added this much
additional memory to the hardware to “support” the leaks. Since the missile
will explode when it hits it’s target or at the end of it’s flight, the
ultimate in garbage collection is performed without programmer intervention.

Angelesen #38

Da wären wir mal wieder. 3-2-1 Links der Woche:

And that, kids, is why we call it a “Patch (twitter.com)

:)

deviantony/docker-elk: The ELK stack powered by Docker and Compose. (github.com)

Run the latest version of the ELK (Elasticseach, Logstash, Kibana) stack with Docker and Docker-compose.

Das docker-elk teste ich derzeit gerade. Sieht vielversprechend aus. Und läuft auch mit Metricbeat :)

Drumpf’s cyber-guru Giuliani runs ancient ‘easily hackable website’ (theregister.co.uk)

Giulianisecurity.com, the website for the ex-mayor’s eponymous infosec consultancy firm, is powered by a roughly five-year-old build of Joomla! that is packed with vulnerabilities. Some of those bugs can be potentially exploited by miscreants using basic SQL injection techniques to compromise the server.

Was könnte da wohl schief gehen…?

At the BBC, the launch of in-app vertical video is a step toward connecting with new audiences (niemanlab.org)

Vertical Video? FFS!

Law Enforcement Access to IoT Data (schneier.com)

The particulars of the case are weird. Amazon’s Echo does not constantly record; it only listens for its name. So it’s unclear that there is any evidence to be turned over. But this general issue isn’t going away. We are all under ubiquitous surveillance, but it is surveillance by the companies that control the Internet-connected devices in our lives. The rules by which police and intelligence agencies get access to that data will come under increasing pressure for change.

U.S. Global Entry Program to Start in Switzerland February 1, 2017 (ch.usembassy.gov)

Ambassador Suzan G. LeVine commented: “Having been a user of the Global Entry program for several years now, I personally know that business and leisure travelers alike will appreciate the efficiency and speed with which members can get through the port of entry. This will allow participating travelers from Switzerland to focus on their travel plans and reduce the time spent at passport control.”

Yes!

Simon Sinek on “The Millennial Question” (youtube.com)

15 Minuten über die Millenials, sehr gutes Interview mit Simon Sinek

HTTPS on NYTimes.com (open.blogs.nytimes.com)

This is a significant milestone in the 21-year history of our website, and though it’s taken us some time, we are very excited to share this with our readers.

Grosse Seiten auf HTTPS zu bringen ist nicht einfach. Toll zu sehen, dass die NY Times da vorreiter sind!

Atlassian acquires Trello for $425M (techcrunch.com)

Atlassian today announced that it has acquired project management service Trello for $425 million.

Atlassian hat mal wieder eingekauft.

Angelesen #37


Kurz mal die wöchentliche* Linkschleuder :)

LG threatens to put Wi-Fi in every appliance it releases in 2017 (arstechnica.co.uk)

Now that phenomenon is reaching its logical endpoint: during the company’s CES press conference today, LG marketing VP David VanderWaal says that “starting this year” all of LG’s home appliances will feature “advanced Wi-Fi connectivity.”

Looking forward to the time when your toaster is DDOSing your fridge ;)

A wide-angle camera mounted inside the fridge lets you look inside your fridge remotely just in case you think you left something off your grocery list.

Seriously? ¯_(ツ)_/¯

C3TV – Gone in 60 Milliseconds (media.ccc.de)

More and more businesses are moving away from monolithic servers and turning to event-driven microservices powered by cloud function providers like AWS Lambda. So, how do we hack in to a server that only exists for 60 milliseconds?

Sehenswerter CCC Talk über die Sicherheit von “serverloser” Infrastruktur.

C3TV – Software Defined Emissions (media.ccc.de)

A technical talk on how to reverse-engineer electronic control units in order to document what was left apparently intentionally undocumented by the vendor – including how Volkswagen tweaked their cycle detection code while already being investigated by the EPA, how different the Volkswagen approach is really to the rest of the industry, and of course some trivia on how the „acoustic function“ got its name.

Zum Thema Dieselgate ein genialer Vortrag zum Thema Software Defined Emissions

How I Built This : Yvon Chouinard built @patagonia (twitter.com)

Podcast mit dem Firmendgründer von Patagonia

Great Talks and Presentations at 33C3 (metachris.com)

The Chaos Computer Congress is Europe’s leading hacker and tech community conference, taking place annualy in Hamburg, Germany between Christmas and New Year. This year was the 33rd time (hence 33C3), and as usual featured a large number of amazing talks and presentations.

Gute Auflistung von 33C3 Talks :)

Open-Sourcing Our Incident Response Documentation (pagerduty.com)

Our internal incident response documentation is something we’ve built up over the last few years as we’ve learned and watched our customers learn. It details the best practices of our process, from how to prepare new employees for on-call responsibilities, to how to handle major incidents, both in preparation and after-work. Few companies seem to talk about their internal processes for dealing with major incidents. It’s sometimes considered taboo to even mention the word “incident” in any sort of communication. We would like to change that, making it possible to learn and be better.

Äusserst Lesenswerte Dokumentation von Pagerduty für alle die öfters mal On-Call sind.

Does Google execute JavaScript? (stephanboyer.com)

My conclusion is: Google may or may not decide to run your JavaScript, and you don’t want your business to depend on its particular inclination of the day. Do server-side/universal/isomorphic rendering just to be safe.

Ob google Javascript beim crawlen ausführt oder nicht ;)

  • hoffentlich ab jetzt wieder öfters