Episode 74: There is pumpkin spice in the air

This episode we talk about Chinese spy chips, new sophisticated voice phishing schemes, and Facebook’s huge security breach. https://recompilermag.com/2018/10/12/episode-74-there-is-pumpkin-spice-in-the-air Community Event Planning pre-order. Still time to get in on the book previews. https://community-events-2.backerkit.com/hosted_preorders Survey for event organizers. Please fill it out! https://airtable.com/shrvbemYqHvL1Z7tt Issue 10 - Science! It’s shipping. Back order sale use code READER18 for buy 2, get 3rd 1/2 off! https://shop.recompilermag.com China planted spy chips in computers from Portland-based Elemental, Bloomberg reports | OregonLive.com https://www.oregonlive.com/silicon-forest/index.ssf/2018/10/chinese_planted_spy_chips_insi.html The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies - Bloomberg https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies The Big Hack: Amazon, Apple, Supermicro, and Beijing Respond - Bloomberg https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond Chinese Hackers Have Allegedly Compromised the Supply Chain to Spy on Amazon and Apple https://motherboard.vice.com/en_us/article/gye8w4/chinese-supply-chain-hack-apple-bloomberg Voice Phishing Scams Are Getting More Clever — Krebs on Security https://krebsonsecurity.com/2018/10/voice-phishing-scams-are-getting-more-clever/ Facebook says nearly 50m users compromised in huge security breach | Technology | The Guardian https://www.theguardian.com/technology/2018/sep/28/facebook-50-million-user-accounts-security-berach Kim Zetter on Twitter: "The Facebook breach gets even worse - it's not just that an attacker who has your Facebook token can access other accounts you've used your Facebook account to access, he/she can access accounts you haven't even used Facebook to access… https://t.co/BCCpuPG9XI" https://twitter.com/kimzetter/status/1046806168348160000?s=21 jason polakis on Twitter: "Given the scale and severity of the @facebook breach, I’ll share some thoughts based on our recent @USENIXSecurity paper with @m0eb1t, amrutha, @kaytwo, @stevecheckoway, where we explored the ramifications of your Facebook account being compromised. https://t.co/6gS2ERrGvO (1/n)" https://twitter.com/jpolakis/status/1046086964410294272 Facebook Security Bug Affects 90M Users — Krebs on Security https://krebsonsecurity.com/2018/09/facebook-security-bug-affects-90m-users/ O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web https://www.cs.uic.edu/~polakis/papers/sso-usenix18.pdf Can Mark Zuckerberg Fix Facebook Before It Breaks Democracy? | The New Yorker https://www.newyorker.com/magazine/2018/09/17/can-mark-zuckerberg-fix-facebook-before-it-breaks-democracy Burgerville Notifies Guests of Data Breach https://www.prnewswire.com/news-releases/burgerville-notifies-guests-of-data-breach-300723908.html THE WILD INNER WORKINGS OF A BILLION-DOLLAR HACKING GROUP https://www.wired.com/story/fin7-wild-inner-workings-billion-dollar-hacking-group/ Episode 69: We’ll just make a pickle grid – The Recompiler https://recompilermag.com/2018/08/10/episode-69-well-just-make-a-pickle-grid/ MIDI unicorn https://www.youtube.com/watch?v=i3tiuGVDDkk Willamette River presents stunning lidar image on poster from Department of Geology | OregonLive.com https://www.oregonlive.com/travel/index.ssf/2013/04/willamette_river_presents_stun.html

Episode 73: A bold move

This episode we talk about moral clauses in FOSS licenses, ShotSpotter’s partnership with Verizon, how Buffer bought out its VCs, and WayMo. https://recompilermag.com/2018/10/11/episode-73-a-bold-move Devopsdays Portland - SEPTEMBER 11-13, 2018 - RECOMPILERFRIENDS 20% discount http://devopsdays.org/events/2018-portland/ Community Event Planning pre-order Still time to get in on the book previews https://community-events-2.backerkit.com/hosted_preorders Survey for event organizers https://airtable.com/shrvbemYqHvL1Z7tt Call for Contributors, Issue 12 Machines and Things https://recompilermag.com/2018/07/24/call-for-contributors-for-issue-12-machines-things/ Major Open Source Project Revokes Access to Companies That Work with ICE https://motherboard.vice.com/en_us/article/8xbynx/major-open-source-project-revokes-access-to-companies-that-work-with-ice Stop using my tools, racists https://github.com/palantir/blueprint/issues/2876 Palantir employees are racist and they need to stop using my tools https://github.com/palantir/blueprint/issues/2877 Add text to MIT License banning ICE collaborators https://github.com/lerna/lerna/pull/1616 Please remove jamiebuilds as maintainer for CoC violations https://github.com/lerna/lerna/issues/1630 Remove Microsoft from Restrictive License https://github.com/lerna/lerna/pull/1631 Restore unmodified MIT license https://github.com/lerna/lerna/pull/1633 SPDX license list https://spdx.org/licenses/index.html My potted view on adding extra ethical clauses to open source licenses https://mastodon.social/@mala/100642002012668168 ShotSpotter Expands Verizon Partnership With Reseller Agreement for Gunshot Detection Services http://globenewswire.com/news-release/2018/08/28/1557516/0/en/ShotSpotter-Expands-Verizon-Partnership-With-Reseller-Agreement-for-Gunshot-Detection-Services.html Ingrid Burrington on Twitter: "So one way to read this is it's a way for Shotspotter installations to avoid any resident pushback by burying them in a contract–instead of making SST a line item, it's just tacked onto a broader services agreement with Verizon that wouldn't otherwise raise eyebrows." https://twitter.com/lifewinning/status/1035211677375946752 Rochester man shot by police sues cops, city, and ShotSpotter https://www.democratandchronicle.com/story/news/2018/08/30/silvon-simmons-rochester-police-officer-joseph-ferrigno-gun-lawsuit/1119014002/ We Spent $3.3M Buying Out Investors: Why and How We Did It https://open.buffer.com/buying-out-investors/ Amir Efrati on Twitter: "Just out: The truth about Waymo... https://t.co/q9Oet5j5Ck" https://twitter.com/amir/status/1034442936774258688 A day in the life of a Waymo self-driving taxi - The Verge https://www.theverge.com/2018/8/21/17762326/waymo-self-driving-ride-hail-fleet-management Donut County http://donutcounty.com/ Martin “Sexy Nuclear Disarmament” Pfeiffer🏳️‍🌈 on Twitter: "🚨NOW PUBLICLY ACCESSIBLE🚨 Find below the link to my complete archive of 1951-1997 Sandia nuclear laboratory documents from my FOIA. https://t.co/Z8BzUTdF6g You can also support my work at: https://t.co/GzHV653OGL or https://t.co/tvFac0gW44… https://t.co/243xjjkj5k" https://twitter.com/i/web/status/1035331181141581824

Episode 72: I’ve just confused myself

This episode we’re talking about Wickr’s use of domain-fronting and other anti-censorship techniques, HashWick vulnerability, Verizon throttling emergency responders data cellular connections, licensing shenanigans. https://recompilermag.com/2018/10/11/episode-72-ive-just-confused-myself Devopsdays Portland - SEPTEMBER 11-13, 2018 - RECOMPILERFRIENDS 20% discount http://devopsdays.org/events/2018-portland/ RECOMPILERFRIENDS is a 20% off discount Community Event Planning pre-order https://community-events-2.backerkit.com/hosted_preorders Survey for event organizers https://airtable.com/shrvbemYqHvL1Z7tt Call for Contributors, Issue 12 Machines and Things https://recompilermag.com/2018/07/24/call-for-contributors-for-issue-12-machines-things/ Wickr has a new plan for dodging internet blocks - The Verge https://www.theverge.com/2018/8/23/17770384/wickr-psiphon-partnership-internet-censorship HashWick V8 Vulnerability https://darksi.de/12.hashwick-v8-vulnerability/ Node.js and the "HashWick" vulnerability https://nodesource.com/blog/node-js-and-the-hashwick-vulnerability/ Verizon throttled fire department’s “unlimited” data during Calif. wildfire | Ars Technica https://arstechnica.com/tech-policy/2018/08/verizon-throttled-fire-departments-unlimited-data-during-calif-wildfire Use Debian? Want Intel's latest CPU patch? Small print sparks big problem https://www.theregister.co.uk/2018/08/21/intel_cpu_patch_licence/ Redis: This is not the license change you are looking for https://blog.tidelift.com/redis-this-is-not-the-license-change-you-are-looking-for- Software Freedom Ensures the True Software Commons https://sfconservancy.org/blog/2018/aug/22/commons-clause/ Redis licensing https://redislabs.com/community/licenses/ Skills for our software future / Audrey Eschright http://lifeofaudrey.com/2018/09/06/3rd-wave.html Oregon DEQ map https://oraqi.deq.state.or.us/home/map HRRR-Smoke Model Fields - Experimental https://rapidrefresh.noaa.gov/hrrr/HRRRsmoke/

Episode 71: That sounds both interesting and ridiculous

This week Audrey and I chat about about Las Vegas Hotel security issues during DefCon, Foreshadow speculative execution vulnerability, and issues with the music industry business model and copyright. Complete show notes: https://recompilermag.com/2018/09/25/episode-71-that-sounds-both-interesting-and-ridiculous

Episode 70: I see a bear!

This week Audrey and I chat about a security incident with Homebrew (the macOS package manager), Twitter’s refusal to moderate hate speech, and Firefox’s upcoming support of DNS over HTTP. Complete show notes: https://recompilermag.com/2018/08/14/episode-70-i-see-a-bear

Episode 69: We’ll just make a pickle grid

This week we’re talking about Reddit’s security breach, retail spearfishing indictments, ghost characters, and surveillance capitalism. Complete show notes: https://recompilermag.com/2018/08/10/episode-69-well-just-make-a-pickle-grid

Episode 68: Celebrating Prime Day

This week we’re talking about the ethics of corporate research and how your data is used, Twitter's developer API changes, how Amazon Prime Day went, and more. Complete show notes: https://recompilermag.com/2018/08/09/episode-68-celebrating-prime-day

Episode 67: Capital NO

This week Audrey and I chat about the compromised NPM package that stole a bunch of credentials, OSCON code of conduct issues, and Guido van Rossum stepping down abruptly from BDFL of Python. Complete show notes: https://recompilermag.com/2018/08/08/episode-67-capital-no

Episode 66: Season of Regrets

This week Audrey and I chat about the recent raid by German police against a privacy group, how Juggalos help beat facial recognition, and what Tim Berners-Lee is working on now to fix the web. Complete show notes: https://recompilermag.com/2018/08/03/episode-66-season-of-regrets

Episode 65: Right place, right time.

This week Audrey shares what she learned at this year’s Allied Media Conference in Detroit.