Sponsored Content




Intermarkets' Privacy Policy
Support





























































« Tuesday Overnight Open Thread (9/7/21) | Main | The Morning Report - 9/8/21 »
September 08, 2021

Daily Tech News 8 September 2021

Top Story

  • WhatsApp - the secure end-to-end encrypted messaging app - isn't quite. (Gizmodo)

    Says WhatsApp:
    We can't read or listen to your personal conversations, as they are end-to-end encrypted. This will never change
    On the other hand, if someone reports you for misconduct, WhatsApp's moderation team can see your messages.

    You need to read past the scary headline and get into the details before you find out what's going on: Someone pressing that report button sends the decrypted messages from you straight back to WhatsApp. It has to work that way, or you'd have no way of handling complaints. But it means - and this should be obvious anyway - that no matter how secure the channel, if the person at the other end can't be trusted, you have no security at all.

    Think of WhatsApp as a room full of classified documents and the report button as Bradley Manning.




Tech News

  • Or think of WhatsApp as a McDonald's Monopoly contest and the report button as a database connection error. (Bleeping Computer)

    One thing I learned long ago is if you're lazy and hard-code database connection parameters in some pre-production code, make sure they're assigned to variables well outside any potential stack trace. Because if you put them right in the connection call, and you forget that debug mode is enabled on the application server, and the pre-production code gets rushed into production - all events with a 95% or better probability - then the first time you have a connection error every single user will see your database password.

    Of course your database should be locked to your internal network and firewalled both locally and at the network boundary, right? And you wouldn't also leak the login credentials for the server itself. Nobody would be that silly.


  • IBM's Power 10 CPUs are on their way. (AnandTech)

    15 cores with 8 threads per core on each chip, and two chips per socket. 30MB L2 and 128MB L3 cache. 1TB memory bandwidth per socket, 1TB of inter-socket interconnect, and 512GB of PCIe 5.0 for I/O.

    Just don't ask how much it costs.


  • The SEC is suing Coinbase over its Lend program which doesn't even exist yet. (Coinbase)

    The SEC asked the crypto industry to provide information on upcoming projects so that the SEC could provide regulatory guidance. Coinbase - the fools - took them at their word. And now the SEC has filed notice of intent to sue Coinbase, over a product that doesn't exist, without at any point before or since saying what the substance of the complaint is.


  • GitHub creates useless garbage merges. (Kernel.org)

    It's just Linus Torvalds spouting off again. It's not like he invented Git or anything.

    ...

    Oh.


  • Hacking hackers hacked the Jenkins project's Confluence server... And used it to mine Monero. (Bleeping Computer)

    This could have been a crippling supply-chain attack, because Jenkins is widely used to automate software testing.

    Fortunately for us all, the hackers were idiots.


  • Intel is spending $80 billion on two new chip plants in Europe. (Thurrott.com)

    You might well ask why not in the US, and the answer is they are already expanding all their facilities in the US and building a huge new facility in Arizona as well.

    They're betting that demand for semiconductors isn't going to decline any time soon - and hedging against the possibility of disruption in the Far East. Even short of a war, China could cause significant mischief.


  • Almost forgot this one. We've used two monitoring services at my day job - Datadog and StatusCake. (I also use StatusCake for my own servers.)

    The monitoring agent for Datadog is a 750MB install that includes its own version of Python. I have no idea what is going on in there; it's completely unauditable and I consider it a supply chain attack waiting to happen.

    The monitoring agent for StatusCake fits on one page. I read through it, passed it on to our new sysadmin, he read through it, and we shrugged and are going to install it on all our servers.

    Not everything needs to be an avalanche of crap.



Disclaimer: This is fine.
digg this
posted by Pixy Misa at 05:00 AM

| Access Comments




Recent Comments
Eromero: "175 It is true that one thing coming out of the Uk ..."

NaCly Dog (u82oZ): "Ex-ex You can rent a propane tank for less tha ..."

Ex-ex: "I was looking at something like a 6K dual fuel. I ..."

Walter Freeman: "[I]@178: "I think Joe's brain is in storage on ali ..."

templetontherat: "*Screams into a void* Now that's over, I am proud ..."

Eromero: "184 Well, well, well.Robert Hanssen dies in prison ..."

Ciampino - felines, cats, kitties: "[b]Ciampino's Rescue kitties[/b] https://is.gd ..."

NaCly Dog (u82oZ): "Ex-ex A small gasoline generator can do that. H ..."

NaCly Dog (u82oZ): "Ex-ex They are nice, especially to keep my wife ..."

Paul: "In the last 12 months Disney has earned a profit o ..."

Ex-ex: "I haven't worked on any whole house generator syst ..."

runner: " Well, well, well.Robert Hanssen dies in prison. ..."

Recent Entries
Search


Polls! Polls! Polls!
Frequently Asked Questions
The (Almost) Complete Paul Anka Integrity Kick
Top Top Tens
Greatest Hitjobs

The Ace of Spades HQ Sex-for-Money Skankathon
A D&D Guide to the Democratic Candidates
Margaret Cho: Just Not Funny
More Margaret Cho Abuse
Margaret Cho: Still Not Funny
Iraqi Prisoner Claims He Was Raped... By Woman
Wonkette Announces "Morning Zoo" Format
John Kerry's "Plan" Causes Surrender of Moqtada al-Sadr's Militia
World Muslim Leaders Apologize for Nick Berg's Beheading
Michael Moore Goes on Lunchtime Manhattan Death-Spree
Milestone: Oliver Willis Posts 400th "Fake News Article" Referencing Britney Spears
Liberal Economists Rue a "New Decade of Greed"
Artificial Insouciance: Maureen Dowd's Word Processor Revolts Against Her Numbing Imbecility
Intelligence Officials Eye Blogs for Tips
They Done Found Us Out, Cletus: Intrepid Internet Detective Figures Out Our Master Plan
Shock: Josh Marshall Almost Mentions Sarin Discovery in Iraq
Leather-Clad Biker Freaks Terrorize Australian Town
When Clinton Was President, Torture Was Cool
What Wonkette Means When She Explains What Tina Brown Means
Wonkette's Stand-Up Act
Wankette HQ Gay-Rumors Du Jour
Here's What's Bugging Me: Goose and Slider
My Own Micah Wright Style Confession of Dishonesty
Outraged "Conservatives" React to the FMA
An On-Line Impression of Dennis Miller Having Sex with a Kodiak Bear
The Story the Rightwing Media Refuses to Report!
Our Lunch with David "Glengarry Glen Ross" Mamet
The House of Love: Paul Krugman
A Michael Moore Mystery (TM)
The Dowd-O-Matic!
Liberal Consistency and Other Myths
Kepler's Laws of Liberal Media Bias
John Kerry-- The Splunge! Candidate
"Divisive" Politics & "Attacks on Patriotism" (very long)
The Donkey ("The Raven" parody)
Powered by
Movable Type 2.64