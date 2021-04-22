Web Browsers Leftovers
-
Some reflections about WebAssembly, the Bytecode Alliance and desktop application development.
To know more about the Bytecode Alliance (WebAssembly outside-the-browser), you can read this nice article by Mozilla.
-
One winner will have their essay published and featured on Pocket. And that’s not all. The winner will also receive a personal mentorship call with a Mozilla executive and take home a $5,000 cash prize.
-
Google is working on an update for its web browser Chrome that will improve the speeds of clients for Windows, Linux and macOS.
As reported by Windows Latest, Google is planning to introduce support for “back-forward cache” on desktop platforms with Google Chrome 92. The feature, which has long be available on Android, enables instantaneous page loading when users click the “back” or “forward” buttons.
-
After rolling out to most Chrome OS devices a few weeks ago, the latest Stable Channel update is here for the Chromebooks that have been waiting. While Chrome OS 90 arrives late for some Chromebooks, it brings Android 11 in the new containerized environment to them. There are still three Chromeboxes currently running on Chrome OS 89.
-
The actual implementation of the exploit varies by browser, however the basic concept is the same. It works by asking the browser to show a confirmation dialog in a popup window. Then the JavaScript code can detect if a popup has just been opened and detect the presence of an application based on that.
Programming and Development Leftovers
-
Today marks Rust's sixth birthday since it went 1.0 in 2015. A lot has changed since then and especially over the past year, and Rust was no different. In 2020, there was no foundation yet, no const generics, and a lot organisations were still wondering whether Rust was production ready.
In the midst of the COVID-19 pandemic, hundreds of Rust's global distributed set of team members and volunteers shipped over nine new stable releases of Rust, in addition to various bugfix releases. Today, "Rust in production" isn't a question, but a statement. The newly founded Rust foundation has several members who value using Rust in production enough to help continue to support and contribute to its open development ecosystem.
-
This isn't the first time I've seen SC2181 and as always, I rolled my eyes at it because it seemed obviously wrong, because of course you can't merge these two lines together. But this time I went off to the Shellcheck repository to report it as an issue, and before I reported it as an issue I did a search, and that was when I discovered that Shellcheck was not wrong.
To my surprise, the Bourne shell allows you to perform command substitutions and capture the output in variables in if expressions. You really can write my two lines in a single one as: [...]
-
This is the fourth in a series of articles about features that first appeared in a version of Python 3.x. Python 3.3 was first released in 2012, and even though it has been out for a long time, many of the features it introduced are underused and pretty cool. Here are three of them.
-
While I no longer use it regularly for the purposes of analysis, I will always have a soft spot in my heart for excel1. Furthermore, using a “correct” set of data science tools often requires a bridge2. Integrating a rigorous component into a messy spreadsheet based pipeline can be an initial step towards the pipeline or team or organization starting on a path of continuous improvement in their processes3. Also, spreadsheets are foundational to many (probably most) BizOps teams and therefore are sometimes unavoidable…
In this post I will walk through a short example and some considerations for when you might decide (perhaps against your preferences) to integrate your work with extant spreadsheets or shadow “pipelines” within your organization.
-
It’s almost eerie to me how a programming problem can seem completely unsolvable and then you extend the language a bit and suddenly it’s easy.
It’s happened to me most often with Lisps of course, but it can happen with pretty much any language. I remember a few Java occasions, personally, where I put in a functor framework and previously challenging problems suddenly became easy.
-
So, you now know how to verify an EU VAT number with Node.js.
-
You may know of the VIES site where you can manually validate EU VAT numbers but did you know that the European Commission also has an API for programmatically doing this?1
Proprietary Software, Microsoft, and Security Blunders
-
Micheál Martin, the country’s Taoiseach (prime minister), says Ireland will not be paying any ransom.
-
The health service has temporarily shut down its IT system to protect it after the attack.
-
The NCSC said it is also working with the HSE to identify the technical details of the malware used in the incident and will issue an advisory later to share these details.
-
The Pipeline Security Act would codify the responsibility of both the Transportation Security Administration (TSA) and the Cybersecurity and Infrastructure Security Agency’s (CISA) responsibility for securing pipelines against threats. The effort is being led by Rep. Emanuel Cleaver (D-Mo.).
It would also require TSA to update pipeline security guidelines and conduct risk assessments, create a personnel strategy for staffing its Pipeline Security Section and improve congressional oversight of TSA’s pipeline efforts.
-
-
A CIA-backed threat intelligence firm claims the operator of the DarkSide ransomware gang has lost control of its infrastructure after the malware was used to attack the Colonial Pipeline Company in the US which runs the country's biggest petrol pipeline.
-
A day after US President Joe Biden said the US plans to disrupt the hackers behind the Colonial Pipeline cyberattack, the operator of the Darkside ransomware said the group lost control of its web servers and some of the funds it made from ransom payments.
“A few hours ago, we lost access to the public part of our infrastructure, namely: Blog. Payment server. CDN servers,” said Darksupp, the operator of the Darkside ransomware, in a post spotted by Recorded Future threat intelligence analyst Dmitry Smilyanets.
“Now these servers are unavailable via SSH, and the hosting panels are blocked,” said the Darkside operator while also complaining that the web hosting provider refused to cooperate.
-
How many times have we seen the FBI and other US intelligence capabilities portrayed as deftly taking on our enemies. Now finally here is a really hard test for them to succeed in. Can they do it? We pay you for this, lets see it happen. Just publishing a warning is not enough. Soon.
-
The audacious ransomware attack that shut down a major fuel pipeline and sent Americans scrambling for gasoline in the Southeast this week was not the first time [crackers] have disrupted America’s aging, vulnerable energy infrastructure. And it’s unlikely to be the last.
Across the globe, cyberattackers are increasingly taking aim at the energy systems that underpin modern society. A February report from IBM found that the energy industry was the third most targeted sector for such attacks in 2020, behind only finance and manufacturing. That was up from ninth place in 2019.
-
The consequences are telling. The operator, taken offline to enable an investigation to be conducted by US cybersecurity firm Mandiant; fuel left stranded at refineries in Texas; a spike in fuel prices at the pump – up six cents per gallon on the week to $2.967 per gallon of unleaded gasoline. “Unless they sort it out by Tuesday,” warned oil market analyst Gaurav Sharma, “they’re in big trouble.” The impact would be felt first in Atlanta, then Tennessee, perpetuating a domino effect to New York. “This is the largest impact on the energy system in the United States we’ve seen from a cyberattack, full stop,” opined Rob Lee of the cybersecurity firm Dragos.
The company, in unconvincing tones, issued a statement that it was “continuing to work with third-party cybersecurity experts, law enforcement, and other federal agencies to restore pipeline operations quickly and safely.” President Joe Biden rushed to calm fears that this had compromised fuel security. “The agencies across the government have acted quickly to mitigate any impact on our fuel supply.” The deputy national security advisor for cyber and emerging technologies Anne Neuberger waffled to the press that the Biden administration was “taking a multi-pronged and whole-of-government response to this incident and to ransomware overall.”
-
Anything the Chinese government can weaponize against its Uighur Muslim population, it will. And has. Further details about an iPhone exploit discovered by Chinese hackers show the Chinese government got into the bug bounty program solely to find vulnerabilities to wield against the government's least-liked residents.
WordPress and DMCA
-
I actually had a post ready to go today, and there’s a reason why you’re not seeing it. Early this morning, I decided to go over it one more time and make a few edits. While doing so, I accidentally closed my browser tab, and when I came back to the post I discovered that it had reverted to an early version of the post lacking at least 1,500 carefully chosen words that had been added to it as I completed it last night. Going through versions on the WordPress back end failed to find the missing text. Ultimately, disgusted and annoyed, I decided I didn’t have the time or the inclination to try to reconstruct the missing post given that I had to go to work. I don’t know if I’ll take what remains of the post tonight or tomorrow and try to reconstruct what I had written, the better to publish it over the weekend or on Monday. I might. I might not. Right now, I have no motivation to do so. All I have time to do before heading to work is to post a brief explanation.
-
WordPress parent company Automattic reports that the number of DMCA takedown notices it received increased by more than 50% last year. What stands out most, however, is the fact that 83% of all notices were rejected, often as a result of inaccurate automated takedown processes.
-
Famed YouTuber and Twitch streamer Angry Joe, or Jose Antonio Vargas, has made it onto Techdirt's pages in the past. True to his name, we've discussed his responses on a couple of intellectual property issues he's suffered through. When Nintendo flagged a video Angry Joe did about Mario Party 10, preventing him from further monetizing the video, he simply and angrily swore off of doing any Nintendo videos in the future, rightly noting that with the decision all the free advertising he'd given Nintendo just disappeared. When CBS blocked a review video he did because the review used 13 seconds of Star Trek: Picard, he took to Twitter to rip them to shreds as well. The point is that when Angry Joe encounters the frustrations many others deal with thanks to overly restrictive intellectual property practices, he doesn't stay silent. He gets... well... angry.
