08 November 2019
We've been reading... #1
This is what we’ve been reading about over the last couple of weeks
"We claim XDP is not kernel-bypass, as it is a layer before and it can easily fall-through to netstack. Reality is that it can easily be (ab)used to create a kernel-bypass situation, where non of the kernel facilities are used (in form of BPF-helpers and in-kernel tables)."
"The path to code execution isn’t always a straight line. Sometimes the path is long and winding. Such is the case with a series of vulnerabilities that I reported to MikroTik that was recently patched in 6.45.7. This blog guides the reader down that path, beginning with unauthenticated requests to Winbox and ending with a root busybox shell."
EPIC thread from a maintainer of CouchDb on open-source.
“opensource itself, isn’t a revolution anymore. The openness of code is the least significant part of the puzzle”
"In this post I explain several reasons why ReCAPTCHA […] is often unnecessary, inconveniences users, and subjects users to intensive tracking and fingerprinting that they are not able to opt-out of."
This talk will provide several examples of how Facebook engineers use BPF to scale the networking, prevent denial of service, secure containers, analyze performance. It’s suitable for BPF newbies and experts.
"Norsk Hydro received an insurance payout of $3.6 million following a highly publicized cyberattack earlier this year, the company revealed in its third quarter earnings report.
The insurance payout represents about 6% of the $60 million to $71 million in costs created by the incident through the third quarter, the company said.”
"Russian scientists tracking migrating eagles ran out of money after some of the birds flew to Iran and Pakistan and their SMS transmitters drew huge data roaming charges."
This is a pre-emptive land grab in SpaceX plans for backhaul.
This is interesting - Google Coral now out of beta - mobile Tensorflow on small devices. Google’s Edge TPU with the NXP IMX8M SoC, Wi-Fi and Bluetooth connectivity, memory, and storage, and you can buy it.
“I burst out laughing!” writes Girl from Żoliborz, a self-described “traditionalist” commenting on a newspaper story about a former campaign adviser to Barack Obama and Emmanuel Macron coming to Warsaw to address a group of liberal activists. “The opposition has nothing to offer. That’s why they use nonsense to pull the wool over people’s eyes,” replies Magda Rostocka, whose profile tells her almost 4,400 followers she is “left-handed with her heart on the right”. **In reality, neither woman existed.** Both accounts were run by the paid employees of a small marketing company based in the city of Wrocław in southwest Poland."
The troll farm employs disabled people and has received around £300,000 from Poland’s National Disabled Rehabilitation Fund.