Episode 74: There is pumpkin spice in the air
This episode we talk about Chinese spy chips, new sophisticated voice phishing schemes, and Facebook’s huge security breach. https://recompilermag.com/2018/10/12/episode-74-there-is-pumpkin-spice-in-the-air Community Event Planning pre-order. Still time to get in on the book previews. https://community-events-2.backerkit.com/hosted_preorders Survey for event organizers. Please fill it out! https://airtable.com/shrvbemYqHvL1Z7tt Issue 10 - Science! It’s shipping. Back order sale use code READER18 for buy 2, get 3rd 1/2 off! https://shop.recompilermag.com China planted spy chips in computers from Portland-based Elemental, Bloomberg reports | OregonLive.com https://www.oregonlive.com/silicon-forest/index.ssf/2018/10/chinese_planted_spy_chips_insi.html The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies - Bloomberg https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies The Big Hack: Amazon, Apple, Supermicro, and Beijing Respond - Bloomberg https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond Chinese Hackers Have Allegedly Compromised the Supply Chain to Spy on Amazon and Apple https://motherboard.vice.com/en_us/article/gye8w4/chinese-supply-chain-hack-apple-bloomberg Voice Phishing Scams Are Getting More Clever — Krebs on Security https://krebsonsecurity.com/2018/10/voice-phishing-scams-are-getting-more-clever/ Facebook says nearly 50m users compromised in huge security breach | Technology | The Guardian https://www.theguardian.com/technology/2018/sep/28/facebook-50-million-user-accounts-security-berach Kim Zetter on Twitter: "The Facebook breach gets even worse - it's not just that an attacker who has your Facebook token can access other accounts you've used your Facebook account to access, he/she can access accounts you haven't even used Facebook to access… https://t.co/BCCpuPG9XI" https://twitter.com/kimzetter/status/1046806168348160000?s=21 jason polakis on Twitter: "Given the scale and severity of the @facebook breach, I’ll share some thoughts based on our recent @USENIXSecurity paper with @m0eb1t, amrutha, @kaytwo, @stevecheckoway, where we explored the ramifications of your Facebook account being compromised. https://t.co/6gS2ERrGvO (1/n)" https://twitter.com/jpolakis/status/1046086964410294272 Facebook Security Bug Affects 90M Users — Krebs on Security https://krebsonsecurity.com/2018/09/facebook-security-bug-affects-90m-users/ O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web https://www.cs.uic.edu/~polakis/papers/sso-usenix18.pdf Can Mark Zuckerberg Fix Facebook Before It Breaks Democracy? | The New Yorker https://www.newyorker.com/magazine/2018/09/17/can-mark-zuckerberg-fix-facebook-before-it-breaks-democracy Burgerville Notifies Guests of Data Breach https://www.prnewswire.com/news-releases/burgerville-notifies-guests-of-data-breach-300723908.html THE WILD INNER WORKINGS OF A BILLION-DOLLAR HACKING GROUP https://www.wired.com/story/fin7-wild-inner-workings-billion-dollar-hacking-group/ Episode 69: We’ll just make a pickle grid – The Recompiler https://recompilermag.com/2018/08/10/episode-69-well-just-make-a-pickle-grid/ MIDI unicorn https://www.youtube.com/watch?v=i3tiuGVDDkk Willamette River presents stunning lidar image on poster from Department of Geology | OregonLive.com https://www.oregonlive.com/travel/index.ssf/2013/04/willamette_river_presents_stun.html
Episode 73: A bold move
This episode we talk about moral clauses in FOSS licenses, ShotSpotter’s partnership with Verizon, how Buffer bought out its VCs, and WayMo. https://recompilermag.com/2018/10/11/episode-73-a-bold-move Devopsdays Portland - SEPTEMBER 11-13, 2018 - RECOMPILERFRIENDS 20% discount http://devopsdays.org/events/2018-portland/ Community Event Planning pre-order Still time to get in on the book previews https://community-events-2.backerkit.com/hosted_preorders Survey for event organizers https://airtable.com/shrvbemYqHvL1Z7tt Call for Contributors, Issue 12 Machines and Things https://recompilermag.com/2018/07/24/call-for-contributors-for-issue-12-machines-things/ Major Open Source Project Revokes Access to Companies That Work with ICE https://motherboard.vice.com/en_us/article/8xbynx/major-open-source-project-revokes-access-to-companies-that-work-with-ice Stop using my tools, racists https://github.com/palantir/blueprint/issues/2876 Palantir employees are racist and they need to stop using my tools https://github.com/palantir/blueprint/issues/2877 Add text to MIT License banning ICE collaborators https://github.com/lerna/lerna/pull/1616 Please remove jamiebuilds as maintainer for CoC violations https://github.com/lerna/lerna/issues/1630 Remove Microsoft from Restrictive License https://github.com/lerna/lerna/pull/1631 Restore unmodified MIT license https://github.com/lerna/lerna/pull/1633 SPDX license list https://spdx.org/licenses/index.html My potted view on adding extra ethical clauses to open source licenses https://mastodon.social/@mala/100642002012668168 ShotSpotter Expands Verizon Partnership With Reseller Agreement for Gunshot Detection Services http://globenewswire.com/news-release/2018/08/28/1557516/0/en/ShotSpotter-Expands-Verizon-Partnership-With-Reseller-Agreement-for-Gunshot-Detection-Services.html Ingrid Burrington on Twitter: "So one way to read this is it's a way for Shotspotter installations to avoid any resident pushback by burying them in a contract–instead of making SST a line item, it's just tacked onto a broader services agreement with Verizon that wouldn't otherwise raise eyebrows." https://twitter.com/lifewinning/status/1035211677375946752 Rochester man shot by police sues cops, city, and ShotSpotter https://www.democratandchronicle.com/story/news/2018/08/30/silvon-simmons-rochester-police-officer-joseph-ferrigno-gun-lawsuit/1119014002/ We Spent $3.3M Buying Out Investors: Why and How We Did It https://open.buffer.com/buying-out-investors/ Amir Efrati on Twitter: "Just out: The truth about Waymo... https://t.co/q9Oet5j5Ck" https://twitter.com/amir/status/1034442936774258688 A day in the life of a Waymo self-driving taxi - The Verge https://www.theverge.com/2018/8/21/17762326/waymo-self-driving-ride-hail-fleet-management Donut County http://donutcounty.com/ Martin “Sexy Nuclear Disarmament” Pfeiffer🏳️🌈 on Twitter: "🚨NOW PUBLICLY ACCESSIBLE🚨 Find below the link to my complete archive of 1951-1997 Sandia nuclear laboratory documents from my FOIA. https://t.co/Z8BzUTdF6g You can also support my work at: https://t.co/GzHV653OGL or https://t.co/tvFac0gW44… https://t.co/243xjjkj5k" https://twitter.com/i/web/status/1035331181141581824
Episode 72: I’ve just confused myself
This episode we’re talking about Wickr’s use of domain-fronting and other anti-censorship techniques, HashWick vulnerability, Verizon throttling emergency responders data cellular connections, licensing shenanigans. https://recompilermag.com/2018/10/11/episode-72-ive-just-confused-myself Devopsdays Portland - SEPTEMBER 11-13, 2018 - RECOMPILERFRIENDS 20% discount http://devopsdays.org/events/2018-portland/ RECOMPILERFRIENDS is a 20% off discount Community Event Planning pre-order https://community-events-2.backerkit.com/hosted_preorders Survey for event organizers https://airtable.com/shrvbemYqHvL1Z7tt Call for Contributors, Issue 12 Machines and Things https://recompilermag.com/2018/07/24/call-for-contributors-for-issue-12-machines-things/ Wickr has a new plan for dodging internet blocks - The Verge https://www.theverge.com/2018/8/23/17770384/wickr-psiphon-partnership-internet-censorship HashWick V8 Vulnerability https://darksi.de/12.hashwick-v8-vulnerability/ Node.js and the "HashWick" vulnerability https://nodesource.com/blog/node-js-and-the-hashwick-vulnerability/ Verizon throttled fire department’s “unlimited” data during Calif. wildfire | Ars Technica https://arstechnica.com/tech-policy/2018/08/verizon-throttled-fire-departments-unlimited-data-during-calif-wildfire Use Debian? Want Intel's latest CPU patch? Small print sparks big problem https://www.theregister.co.uk/2018/08/21/intel_cpu_patch_licence/ Redis: This is not the license change you are looking for https://blog.tidelift.com/redis-this-is-not-the-license-change-you-are-looking-for- Software Freedom Ensures the True Software Commons https://sfconservancy.org/blog/2018/aug/22/commons-clause/ Redis licensing https://redislabs.com/community/licenses/ Skills for our software future / Audrey Eschright http://lifeofaudrey.com/2018/09/06/3rd-wave.html Oregon DEQ map https://oraqi.deq.state.or.us/home/map HRRR-Smoke Model Fields - Experimental https://rapidrefresh.noaa.gov/hrrr/HRRRsmoke/
Episode 71: That sounds both interesting and ridiculous
This week Audrey and I chat about about Las Vegas Hotel security issues during DefCon, Foreshadow speculative execution vulnerability, and issues with the music industry business model and copyright. Complete show notes: https://recompilermag.com/2018/09/25/episode-71-that-sounds-both-interesting-and-ridiculous
- [01:06] Devopsdays Portland - SEPTEMBER 11-13, 2018 - RECOMPILERFRIENDS 20% discount
- [01:54] Community Event Planning pre-order
- [02:34] Survey for event organizers
- [03:15] Call for Contributors, Issue 12 Machines and Things
- [04:09] In post-massacre Vegas, security policies clash with privacy values - The Parallax
- [07:48] Open letter to the Hacker Community. | Marc's Security Ramblings
- [22:15] Chris Dagdigian on Twitter: "this happened to me as well at a Marriott owned hotel property..."
- [23:33] Foreshadow: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution
- [31:07] Artists Made Only 12% of Music Industry Revenue in 2017, Citigroup Report Finds | Pitchfork
- [40:01] Recording Industry Hypocrisy On Full Display In Continuing To Push The CLASSICS Act That Expands Copyright | Techdirt
- [50:17] USB Dongle Authentication
- [51:36] Two Factor Auth List
- [54:09] Thru-hiking the US/Mexico border
- [56:04] Natives Outdoors
- [32:45] PUTTING THE BAND BACK TOGETHER: Remastering the World of Music (pdf)
Episode 70: I see a bear!
This week Audrey and I chat about a security incident with Homebrew (the macOS package manager), Twitter’s refusal to moderate hate speech, and Firefox’s upcoming support of DNS over HTTP. Complete show notes: https://recompilermag.com/2018/08/14/episode-70-i-see-a-bear
- [03:42] Devopsdays Portland - SEPTEMBER 11-13, 2018 - RECOMPILERFRIENDS 20% discount
- [04:06] Recompiler DevOpsDays ticket giveaway, deadline August 20
- [04:25] Community Event Planning pre-order
- [04:54] Survey for event organizers
- [06:08] Call for Contributors, Issue 12 Machines and Things
- [07:08] Security Incident Disclosure — Homebrew
- [08:16] How I gained commit access to Homebrew in 30 minutes
- [11:39] How I gained commit access to all Jenkins projects in 30 minutes…and how security warnings to the
- [16:19] jack on Twitter: "We didn’t suspend Alex Jones or Infowars yesterday..."
- [19:49] Jay Rosen on Twitter: "It's been called the bullshit asymmetry:..."
- [22:16] Political Strategy and Buzzfeed’s analysis of "the Twitter problem"
- [33:02] I’m done with Twitter
- [35:10] Episode 57: Do we have to do more Facebook? – The Recompiler
- [36:22] Improving DNS Privacy in Firefox – Firefox Nightly News
- [37:54] ungleich Blog - Mozilla's new DNS resolution is dangerous
- [45:45] BearCam
- [47:51] Books by Gerald M. Weinberg
Episode 69: We’ll just make a pickle grid
This week we’re talking about Reddit’s security breach, retail spearfishing indictments, ghost characters, and surveillance capitalism. Complete show notes: https://recompilermag.com/2018/08/10/episode-69-well-just-make-a-pickle-grid
- [01:29] Devopsdays Portland - SEPTEMBER 11-13, 2018 - RECOMPILERFRIENDS 20% discount
- [02:17] Community Event Planning book pre-order
- [02:51] Survey for event organizers
- [03:22] Call for Contributors, Issue 12 Machines and Things
- [04:16] We had a security incident. Here's what you need to know.
- [09:24] How Criminals Recruit Telecom Employees to Help Them Hijack SIM Cards
- [15:43] Community questions following the eslint security incident
- [18:51] Ukrainian hackers arrested for stealing 15 million credit cards - The Verge
- [22:13] Three Members of Notorious International Cybercrime Group “Fin7” In Custody for Role in Attacking Over 100 U.S. companies | OPA | Department of Justice
- [24:57] A Spectre is Haunting Unicode
- [28:09] Decolonizing Unicode
- [29:43] I Can Text You A Pile of Poo, But I Can’t Write My Name
- [33:39] Let’s make private data into a public good
- [35:47] Out of the frying pan and into the fire
- [44:19] NowThis on Twitter: "118 goats took over the streets of this Boise suburb — and it was baaaaaaaaad… "
- [45:43] James Wong on Twitter: "Maize is an artificial species created entirely thanks to human ingenuity (right). ..."
Episode 68: Celebrating Prime Day
This week we’re talking about the ethics of corporate research and how your data is used, Twitter's developer API changes, how Amazon Prime Day went, and more. Complete show notes: https://recompilermag.com/2018/08/09/episode-68-celebrating-prime-day
- [01:08] Devopsdays Portland - SEPTEMBER 11-13, 2018 - RECOMPILERFRIENDS 20% discount
- [01:37] DevOpsDays ticket giveaway - enter by Aug 20!
- [01:59] The Recompiler Issue 8: Wildcard
- [03:43] Responsible Communication Style Guide reprint
- [04:19] New developer requirements to protect our platform
- [13:59] Dropbox still has questions to answer after claims of improper data sharing | ZDNet
- [15:43] A Study of Thousands of Dropbox Projects Reveals How Successful Teams Collaborate
- [23:44] How collaborating in Dropbox helps NICO advance scientific research
- [31:01] Pandora’s Checkbox – Emily St＊
- [31:28] Private and secure multiparty histograms
- [35:23] Why Is Google Translate Spitting Out Sinister Religious Prophecies?
- [38:10] Amazon’s facial-recognition tool misidentified 28 lawmakers as people arrested for a crime, study finds - The Washington Post
- [41:41] The Motherboard Guide to Amazon Prime Day's Best Deals
- [44:23] Amazon warehouse workers are striking across Europe on Prime Day
- [44:33] Muslim Amazon Employees Protest Increased Workload During Ramadan | Observer
- [45:15] The Hidden Environmental Cost of Amazon Prime’s Free, Fast Shipping
- [45:22] I'm Starting to Have Serious Doubts About Amazon Prime
- [53:24] #124 The Magic Store by Reply All from Gimlet Media
- [57:19] Lina Khan and the “Hipster Antitrust” Movement - The Atlantic
- [59:25] Academic writes 270 Wikipedia pages in a year to get female scientists noticed
- [1:00:35] The Library Music Project Will Surprise and Delight Your Ears - Music - Portland Mercury
Episode 67: Capital NO
This week Audrey and I chat about the compromised NPM package that stole a bunch of credentials, OSCON code of conduct issues, and Guido van Rossum stepping down abruptly from BDFL of Python. Complete show notes: https://recompilermag.com/2018/08/08/episode-67-capital-no
- [01:52] Devopsdays Portland - SEPTEMBER 11-13, 2018 - RECOMPILERFRIENDS 20% discount
- [02:53] The Recompiler Issue 8: Wildcard
- [04:14] Community Event Planning book pre-order
- [05:00] npm, Inc. Status - Compromised version of eslint-scope published
- [22:32] [python-committers] Transfer of power
- [44:17] Sage Sharp on Twitter: "As I live in a country where a specific political party..."
- [49:16] Coraline Ada Ehmke — Coraline Ada Ehmke: Why I Am Not Speaking at OSCON
- [44:45] Christie Koehler on Twitter: "As someone involved in persuading O'Reilly to adopt a code of conduct for OSCON in the first place, I'm disappointed in them for this decision.…"
- [45:20] Audrey Eschright on Twitter: "This is a fundamental misunderstanding of harm and oppression. I’m disappointed but not surprised — many of us spent significant effort to get @OReillyMedia to adopt a code of conduct because they didn’t understand the need and we saw mixed results.… "
- [1:00:11] On Avoiding Conflation of Political Speech and Hate Speech - Bradley M. Kuhn ( Brad ) ( bkuhn )
- [1:02:24] Political Speech and Conference Codes of Conduct | Tim O'Reilly | Pulse | LinkedIn
- [1:05:43] rhysd/vim.wasm: Vim editor ported to WebAssembly
- [1:07:39] Cheesecake the capybara fosters puppies
Episode 66: Season of Regrets
This week Audrey and I chat about the recent raid by German police against a privacy group, how Juggalos help beat facial recognition, and what Tim Berners-Lee is working on now to fix the web. Complete show notes: https://recompilermag.com/2018/08/03/episode-66-season-of-regrets
- [01:39] Devopsdays Portland - SEPTEMBER 11-13, 2018 - RECOMPILERFRIENDS 20% discount
- [02:42] The Recompiler Issue 8: Wildcard
- [04:30] Responsible Communication Style Guide
- [05:17] German police raid homes of Tor-linked group's board members | ZDNet
- [05:25] Coordinated raids of Zwiebelfreunde at various locations in Germany
- [05:50] Bavarian raids - riseup.net
- [16:46] Juggalos figured out how to beat facial recognition | The Outline
- [18:49] TAHKION is in Vegas on Twitter: "i made a breakthrough..."
- [26:39] “I Was Devastated”: Tim Berners-Lee, the Man Who Created the World Wide Web, Has Some Regrets | Vanity Fair
- [35:10] solid/solid: Solid - Re-decentralizing the web
- [39:06] Decentralized Web Summit 2018: Global Visions / Working Code
- [44:55] Social media moderators should look to the oldest digital communities for tips about caring — Quartz
- [47:28] Spiders Use Earth's Electric Field to Fly Hundreds of Miles - The Atlantic