Wednesday, September 08

Geek

Daily News Stuff 8 September 2021

Water In The Fire Edition

Top Story

  • WhatsApp - the secure end-to-end encrypted messaging app - isn't quite.  (Gizmodo)Says WhatsApp:
    We can’t read or listen to your personal conversations, as they are end-to-end encrypted.  This will never change
    On the other hand, if someone reports you for misconduct, WhatsApp's moderation team can see your messages.

    You need to read past the scary headline and get into the details before you find out what's going on: Someone pressing that report button sends the decrypted messages  from you straight back to WhatsApp.  It has to work that way, or you'd have no way of handling complaints.  But it means - and this should be obvious anyway - that no matter how secure the channel, if the person at the other end can't be trusted, you have no security at all.

    Think of WhatsApp as a room full of classified documents and the report button as Bradley Manning.


Tech News

  • Or think of WhatsApp as a McDonald's Monopoly contest and the report button as a database connection error.  (Bleeping Computer)

    One thing I learned long ago is if you're lazy and hard-code database connection parameters in some pre-production code, make sure they're assigned to variables well outside any potential stack trace.  Because if you put them right in the connection call, and you forget that debug mode is enabled on the application server, and the pre-production code gets rushed into production - all events with a 95% or better probability - then the first time you have a connection error every single user will see your database password.

    Of course your database should be locked to your internal network and firewalled both locally and at the network boundary, right?  And you wouldn't also leak the login credentials for the server itself.  Nobody would be that silly.


  • IBM's Power 10 CPUs are on their way.  (AnandTech)

    15 cores with 8 threads per core on each chip, and two chips per socket.  30MB L2 and 128MB L3 cache.  1TB memory bandwidth per socket, 1TB of inter-socket interconnect, and 512GB of PCIe 5.0 for I/O.

    Just don't ask how much it costs.


  • The SEC is suing Coinbase over its Lend program which doesn't even exist yet.  (Coinbase)

    The SEC asked the crypto industry to provide information on upcoming projects so that the SEC could provide regulatory guidance.  Coinbase - the fools - took them at their word.  And now the SEC has filed notice of intent to sue Coinbase, over a product that doesn't exist, without at any point before or since saying what the substance of the complaint is.


  • GitHub creates useless garbage merges.  (Kernel.org)

    It's just Linus Torvalds spouting off again.  It's not like he invented Git or anything.

    ...

    Oh.


  • Hacking hackers hacked the Jenkins project's Confluence server...  And used it to mine Monero.  (Bleeping Computer)

    This could have been a crippling supply-chain attack, because Jenkins is widely used to automate software testing.

    Fortunately for us all, the hackers were idiots.


  • Intel is spending $80 billion on two new chip plants in Europe.  (Thurrott.com)

    You might well ask why not in the US, and the answer is they are already expanding all their facilities in the US and building a huge new facility in Arizona as well.

    They're betting that demand for semiconductors isn't going to decline any time soon - and hedging against the possibility of disruption in the Far East.  Even short of a war, China could cause significant mischief.


  • Almost forgot this one.  We've used two monitoring services at my day job - Datadog and StatusCake.  (I also use StatusCake for my own servers.)

    The monitoring agent for Datadog is a 750MB install that includes its own version of Python.  I have no idea what is going on in there; it's completely unauditable and I consider it a supply chain attack waiting to happen.

    The monitoring agent for StatusCake fits on one page.  I read through it, passed it on to our new sysadmin, he read through it, and we shrugged and are going to install it on all our servers.

    Not everything needs to be an avalanche of crap.



Disclaimer: This is fine.

Posted by: Pixy Misa at 06:57 PM | Comments (5) | Add Comment | Trackbacks (Suck)
Post contains 698 words, total size 6 kb.

1 Re: trouble from China

Over at accordingtohoyt, one of the semi-regulars is a little involved in finance.  Recently, he has been pretty concerned about Evergrande.

Just checked for an update, and he says Evergrande has defaulted, and he doesn't understand what is happening, because their stock closed up.

Posted by: PatBuckman at Thursday, September 09 2021 12:44 AM (r9O5h)

2 Yep.  China is facing a domestic economic disaster of their own making.  Whether that will curtail or exacerbate their foreign adventures waits to be seen.

Posted by: Pixy Misa at Thursday, September 09 2021 12:18 PM (PiXy!)

3 They're facing a food shortage this winter too. China is at the intersection of stupid policy and bad luck on economics and groceries. As Pixy notes, how they react is unclear but bears watching.

Posted by: The Brickmuppet at Thursday, September 09 2021 03:37 PM (SjASx)

4 I remember Acronis True Image.  I bought versions 10, 11, 2009, 2011, 2013, and 2018.  It was great stand-alone self-booting backup software that could handle FAT, FAT32, NTFS, and ext2/3/4 partitions, and many many others.  Pretty impressive.

Either version 2013 or 2018 (can't remember which) stopped being able to support the ext2/3/4 partitions properly.  Instead of backing up the files and ignoring the blank space, it instead insisted on backing up the entire partition (sector by sector, blank space included) and trying to compress all of that.  The partition image files for ext2/3/4 partitions were thus huge, slow to make, and slow to restore.  I don't know why this change was made, but performance and time required to deal with linux partitions became an awful experience.

It might have been the 2013 version that the problem manifested in, and 2018 was only purchased to see if they'd fixed things (they hadn't) and I started using the open source CloneZilla shortly after that.  It's not the most user friendly UI but it does things properly, and that's all I really ask.
I don't even look at Acronis' products anymore, as a result.

Posted by: Grumpy and Recalcitrant at Thursday, September 09 2021 11:41 PM (nRMeC)

5 The fact that I was nodding in agreement with a financial times column about the trouble China is in that was written by George Soros of all people shows just bad things are getting Re: China.

Posted by: StargazerA5 at Friday, September 10 2021 10:47 AM (AnIjE)

Hide Comments | Add Comment




Apple pies are delicious. But never mind apple pies. What colour is a green orange?




55kb generated in CPU 0.0212, elapsed 0.3816 seconds.
58 queries taking 0.3733 seconds, 344 records returned.
Powered by Minx 1.1.6c-pink.