Weekly Digest – Week 34, 2021

Aug 29, 2021

Articles and News

Asking Nicely for Root Command Execution (And Getting It)

»Suffice it to say, if you work someplace with enough machines, there’s probably some way for you to get root on all of them if you can hit them with a handful of packets. I’ve seen it happen far too many times at enough companies to expect things to stay secure. I’m not talking about buffer overflows and stuff like that, although those exist too. I mean just straight up asking a service to please run a command for you (as root), and it gladly complies.«

https://rachelbythebay.com/w/2021/08/17/pop/

#security

Survey: 1 in 4 Facility Managers Experienced OT System Breaches

»A survey commissioned by industrial giant Honeywell showed that roughly a quarter of facility managers have admitted suffering a breach of operational technology (OT) systems in the past year.«

https://www.securityweek.com/survey-1-4-facility-managers-experienced-ot-system-breaches

#ot-security

Latency Sneaks Up On You

The author explains why high-percentile latency is not a good way to measure efficiency.

https://brooker.co.za/blog/2021/08/05/utilization.html

#latency #systems-performance

Five Ansible Techniques I Wish I’d Known Earlier

https://zwischenzugs.com/2021/08/27/five-ansible-techniques-i-wish-id-known-earlier/

#ansible

macOS 11’s Hidden Security Improvements

https://blog.malwarebytes.com/mac/2021/08/macos-11s-hidden-security-improvements/

#macos #macos-security #m1-soc

HTTP/2 in Infrastructure: Ambry Network Stack Refactoring

This post shows how HTTP/2 solved bottlenecks between frontend and storage nodes in LinkedIn’s distributed object-store.

https://engineering.linkedin.com/blog/2021/http-2-in-infrastructure--ambry-network-stack-refactoring

#linkedin #linkedin-ambry #http/2

Video: Joscha Bach: Nature of Reality, Dreams, and Consciousness | Lex Fridman Podcast

https://youtu.be/rIpUf-Vy2JA

#joscha-bach #i

DebConf21 Recordings

https://meetings-archive.debian.net/pub/debian-meetings/2021/DebConf21/

#debian #debconf

Projects and Releases

Turing Pi 2

https://turingpi.com/turing-pi-v2-is-here/

#raspberry-pi #arm

Pi-KVM

https://pikvm.org/

#kvm #raspberry-pi #ip-kvm

qemu 6.1.0

https://www.qemu.org/2021/08/24/qemu-6-1-0/

#qemu #type:release

Podman 3.3

https://github.com/containers/podman/releases/tag/v3.3.0

#podman #type:release

CRI-O 1.22

https://github.com/cri-o/cri-o/releases/tag/v1.22.0#changelog-since-v1210

#cri-o #type:release

h2c - Headers to curl

https://curl.se/h2c/

#http-headers #curl

Uptime Kuma

https://github.com/louislam/uptime-kuma

#monitoring

Tools to manipulate CSV files from the Command Line

https://www.ict4g.net/adolfo/notes/data-analysis/tools-to-manipulate-csv.html

#csv #command-line

:wq