Weekly Digest – Week 30, 2021
Articles and News
The Cost of Cloud, a Trillion Dollar Paradox
»You’re crazy if you don’t start in the cloud; you’re crazy if you stay on it.«
#cloud #cloud-cost
Where Text Protocols Came From, and Why They’re Not Going Anywhere
In this post, the author shows that even if not always the most efficient solution, there still are use-cases where human-readable protocols still shine.
https://blog.apnic.net/2021/07/30/where-text-protocols-came-from-and-why-theyre-not-going-anywhere/
#protocol #uuencode
Mobile Device Best Practices
https://www.documentcloud.org/documents/21018353-nsa-mobile-device-best-practices
#nsa #mobile-device-security
From Stolen Laptop to Inside the Company Network
Even a laptop following security best practices does not keep attackers from exploiting it. In this case, a TPM secured, FDE SSD was targeted.
https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network
#hardware-security #tpm
Kernel Pwning with eBPF: A Love Story
This blog post provides the reader with an in-depth look at eBPF and its security implications in general and details of the specific bug CVE-2021-3490.
https://www.graplsecurity.com/post/kernel-pwning-with-ebpf-a-love-story
#ebpf #ebpf-security
Top Routinely Exploited Vulnerabilities
»Four of the most targeted vulnerabilities in 2020 affected remote work, VPNs, or cloud-based technologies.«
https://us-cert.cisa.gov/ncas/alerts/aa21-209a
Syslog-ng 3.33: The MQTT Destination
Syslog-ng is now able to send log messages to an MQTT broker.
https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-3-33-the-mqtt-destination
#syslog-ng #mqtt
Netcat - All You Need to Know
https://blog.ikuamike.io/posts/2021/netcat/
#netcat
ENISA Telecom Security Incidents 2020 - Annual Report
Of the 170 registered incidents in 2020, 50 % were caused by system failures, 40 % by human errors, 7 % by natural phenomena, and 2 % by malicious actions.
#enisa #telecom-security
Sysadmins: Why Not Simply Verify There’s No Backdoor in Every Program You Install, and Thus Avoid Any Cyber-Drama?
In this article, Gareth Corfield comments on ENISA’s supply chain attack report.
https://www.theregister.com/2021/07/31/enisa_supply_chain_attack_report/
#enisa
IBM’s z/OS Update for Mainframes About to Land
This article summarizes the information on the upcoming z/OS 2.5 release.
https://www.theregister.com/2021/07/28/z_os_2_5_launch/
#ibm #z-os #mainframe
5000x faster CRDTs: An Adventure in Optimization
The author explains how he optimized the performance of conflict-free replicated data types.
https://josephg.com/blog/crdts-go-brrr/
#cfrd #distributed-systems
You Really Shouldn’t Roll Your Own Crypto
An empirical study of vulnerabilities in cryptographic libraries.
https://arxiv.org/pdf/2107.04940.pdf
#security #cryptographic-library
Project and Releases
Grml 2021.07
Version 2021.07 of the Debian-based live system, primarily targeted at system administrators, was released.
https://grml.org/changelogs/README-grml-2021.07/
#grml #type:release
FreeBSD Status Report Q2 2021
Amongst other news, the report for Q2 contains information on:
- A new, web-based installer.
- LLDB Debugger Improvements.
- Update of the Linux compatibility layer.
pfsyncookie support.- The RAIDZ expansion update
- helloSystem
https://www.freebsd.org/status/report-2021-04-2021-06/
#freebsd
Szyszka
»Szyszka is a simple but powerful and fast bulk file renamer.«
https://github.com/qarmin/szyszka
#file-renamer
curlie
»If you like the interface of HTTPie but miss the features of curl, curlie is what you are searching for.«
#curl #http #web-development
Calamares
Distribution-independent installer framework.
https://github.com/calamares/calamares
#installer-framework
Refined Blog
List of personal blogs focusing on software.
#personal-blog
ipv6.watch
#ipv6
The Linux Command Line
https://deac-ams.dl.sourceforge.net/project/linuxcommand/TLCL/19.01/TLCL-19.01.pdf
#book #command-line
:wq