Blog

This is what we’ve been reading about over the last couple of weeks

Tech

XDP closer integration with network stack

"We claim XDP is not kernel-bypass, as it is a layer before and it can easily fall-through to netstack. Reality is that it can easily be (ab)used to create a kernel-bypass situation, where non of the kernel facilities are used (in form of BPF-helpers and in-kernel tables)."

Presentation: Kernel Recipes Conference 2019

RouterOS: Chain to Root - DNS Request to a Root Busybox Shell

"The path to code execution isn’t always a straight line. Sometimes the path is long and winding. Such is the case with a series of vulnerabilities that I reported to MikroTik that was recently patched in 6.45.7. This blog guides the reader down that path, beginning with unauthenticated requests to Winbox and ending with a root busybox shell."

Opensource itself, isn’t a revolution anymore

EPIC thread from a maintainer of CouchDb on open-source.

“opensource itself, isn’t a revolution anymore. The openness of code is the least significant part of the puzzle”

You (probably) don’t need recaptcha

"In this post I explain several reasons why ReCAPTCHA […] is often unnecessary, inconveniences users, and subjects users to intensive tracking and fingerprinting that they are not able to opt-out of."

BPF at Facebook

This talk will provide several examples of how Facebook engineers use BPF to scale the networking, prevent denial of service, secure containers, analyze performance. It’s suitable for BPF newbies and experts.

Presentation

General

Norsk Hydor’s Cyber Insurance has paid just a fraction of its breach related losses so far

"Norsk Hydro received an insurance payout of $3.6 million following a highly publicized cyberattack earlier this year, the company revealed in its third quarter earnings report.

The insurance payout represents about 6% of the $60 million to $71 million in costs created by the incident through the third quarter, the company said.“

Migrating Russian eagles run up huge data roaming charges

"Russian scientists tracking migrating eagles ran out of money after some of the birds flew to Iran and Pakistan and their SMS transmitters drew huge data roaming charges."

SpaceX submits paperwork for 30,000 more Starlink satellites

This is a pre-emptive land grab in SpaceX plans for backhaul.

Coral moves out of beta

This is interesting - Google Coral now out of beta - mobile Tensorflow on small devices. Google’s Edge TPU with the NXP IMX8M SoC, Wi-Fi and Bluetooth connectivity, memory, and storage, and you can buy it.

Undercover reporter reveals life in a Polish troll farm

“I burst out laughing!” writes Girl from Żoliborz, a self-described “traditionalist” commenting on a newspaper story about a former campaign adviser to Barack Obama and Emmanuel Macron coming to Warsaw to address a group of liberal activists.

“The opposition has nothing to offer. That’s why they use nonsense to pull the wool over people’s eyes,” replies Magda Rostocka, whose profile tells her almost 4,400 followers she is “left-handed with her heart on the right”.

In reality, neither woman existed. Both accounts were run by the paid employees of a small marketing company based in the city of Wrocław in southwest Poland.“

The troll farm employs disabled people and has received around £300,000 from Poland’s National Disabled Rehabilitation Fund.