Articles and News

Fastly Status - Global CDN Disruption

Incident Report on Fastly’s service disruption this week.

https://status.fastly.com/incidents/vpk0ssybt3bj

#fastly #cdn #incident #varnish #post-mortem

FBI Sold Phones to Organized Crime and Read 27 Million “Encrypted” Messages

The encrypted device company ANOM, developed and operated by the FBI, was used to route messages to an FBI-owned server and decrypted with a master key.

https://arstechnica.com/tech-policy/2021/06/fbi-sold-phones-to-organized-crime-and-read-27-million-encrypted-messages/

#fbi #anom #operation-trojan-shield #operation-ironside

A Secure and Formally Verified Linux KVM Hypervisor

Paper on SeKVM, a modified version of KVM, that guarantees data confidentiality and integrity.

https://www.cs.columbia.edu/~nieh/pubs/ieeesp2021_kvm.pdf

#kvm #virtualization #kvm virtualization

Video: HotOS 2021: Cores That Don’t Count

In this 10-minute video, one of the authors summarizes the issues with silent silicon data corruption presented in their »Cores that don’t count paper«.

https://www.youtube.com/watch?v=QMF3rqhjYuM

#hardware #cpu #data-corruption

The Pedantic Checklist for Changing Your Data Model in a Web Application

Example step-by-step guide for introducing data model changes.

https://rtpg.co/2021/06/07/changes-checklist.html

#data-migration #database

ALPACA Attack

»ALPACA is an Application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session.«

https://alpaca-attack.com/

#tls #security #vulnerability

Choose Boring Technology

Not only are the capabilities of boring technology well understood, but more importantly, their failure modes, too.

https://mcfunley.com/choose-boring-technology

#software-engineering #software-architecture

Projects and Releases

Grafana 8.0

Grafana 8.0 was released. Among other improvements, it centralizes alerting information, introduces library panels and real-time streaming.

https://grafana.com/docs/grafana/latest/whatsnew/whats-new-in-v8-0/

#grafana #type:release

Terraform 1.0

»Terraform v1.0.0 intentionally has no significant changes compared to Terraform v0.15.5. You can consider the v1.0 series as a direct continuation of the v0.15 series; we do not intend to issue any further releases in the v0.15 series, because all of the v1.0 releases will be only minor updates to address bugs.«

https://github.com/hashicorp/terraform/releases/tag/v1.0.0

#terraform #infrastructure-as-code

X2Go

Open-source remote desktop software for Linux.

https://wiki.x2go.org/

#remote-desktop #nx-technology

Nikto

Web server scanner.

https://github.com/sullo/nikto

#security-scan #vulnerability-scan #web-security

Random Walk Through Git

»A weird tour through Git and some of its internals.«

https://github.com/bakkenbaeck/a-random-walk-through-git

#git

Dark Patterns

Introduction to the concept of dark patterns used in websites and apps.

https://www.darkpatterns.org/

#ui-design #ux-design #dark-pattern

:wq