2018 September Assorted Links

October 3, 2018

Photo taken in July 2016 at Red Rock Canyon National Conservation Area in Las Vegas, Nevada with a Sony Alpha α7II, FE 28mm F/2.

Little late… I’ve been dragging my feet as on writing as I’ve become irritated (maybe for the final time) in the direction Ghost is headed. I’ve been mucking about with Hugo and am trying to decide on exactly how I want things to look before transitioning.

Culture #

• Might be better under technology, however this post and the greater series are quite interesting. Handling BIM in libre software is pretty interesting.
• Language Science Press publishes high quality, peer reviewed open access books in the field of linguistics. Conveniently they share their manuscripts source so that one could crib off them for LaTeX formatting of long form publications.
• Along those same lines this repository is a wealth of knowledge around building a comprehensive manuscript for a Computer Science Thesis.
• Phantom Power Films, a film instutute based in Scotland, has an interesting series called NATION in which they feature The Faroe Islands and Iceland. They dig into interesting ways these island cultures have created modern and high quality ways of life. Worth the watch!
• A developer from Kerbal Space Program is back with a new parametric engineering game, this time in VR.
• The Markup, announced as a news site dedicated to investigating technology and its effect on society, was recently funding by craigslist co founder Craig Newmark (who has an interesting philanthropic history. Some of the originating members are coming from ProPublica, notably Julia Angwin who shed light on the financial state of GPG development a couple years back. NYTimes had a well written article about the announcement.
• Cloudflare announced a ton of stuff for their “crypto week”, one thing they announced around the same time is their own registrar. It’s interesting, right now this company seems to be a boon of incredibly valuable technical tools that are advancing the state of the web, but at the same time there is a convergence towards centralization. Similar to github centralized the fundamentally decentralized git. Some of their announcements during the “crypto week” were interesting, pushing decentralized technologies like IPFS and onion routing.
• Long time ago I’d stumbled across a documentary about The Bellevielle Three and had interest piqued about this cultural export of Detroit. Might have been Universal Techno, or Detroit Techno - The Creation of Techno Music. There was a well written article about this phenomena by wired recently

Technology #

• There seems to be rising skepticism towards using Google Chrome due to release 69 effectively bundling the concept of logging into a google service and using the browser. There is a well written article here about the phenomena. This apparently also impacts Chromium. For those who are willing to try it, Firefox has been making some big leaps lately.
• Monitor has been announced by firefox, similar to (or maybe drawing from) haveibeenpwned, it seems like a nice service to have looking out for you. The best part is the landing page that offers six pretty fundamental forms of advice for hygenic computing (the sixth is a self referencing plug, however its a good idea to have some sort of alerting mechanism for your online identities).
• TLS1.3 is in the wild now with many distros moving the OpenSSL packages to 1.1.1. If you’re coming to this site with a modern browser you likely will be using TLS1.3, however I’ve left TLS1.2 enabled for the time being due to the Mozilla project not having updated it’s recommendations (Might be being tracked through this ticket). Dropping TLS1.2 in favor of the simpler TLS1.3 is a goal, and it’s likely that browsers are already prepared for this, but I’m betting that there are going to be some wonky problems with mobile libraries on phones that applications rely on (e.g. this riot-android issue).
• As a side note I’ve seen that Observatory is ranking Subresource Integrity now with a -50 rating… which is pretty aggressive compared to all of their other rankins (This site is now a D as it’s transntioned to TLS1.3. It appears that I’d have to transntion from Ghost to something else if this was of a concern of mine.
• SNI is likely not long for this world, cloudflare has recently announced ESNI as a solution for people want traversal through their ecosystem. It’s something that will be causing a lot of headaches for network operators who wanted to see where people were headed with their encrypted traffic, but it’s for the best as it’s one of the last major gaps in online privacy (DNS being another one). Likely this is going to add some complexity for my own web facing deployments, either pushing me towards snarfing up more addresses at a cost, or instead doing SAN certificates. I’ll be looking to dig into this when browser support for ESNI hits in Firefox.
• Mullvad who I’ve recommended in this article has been publicising an audit of their client application, which is primarily focused on protocls that are not as interesting as wireguard… but it is nice to see they are prioritizing external oversight on their implementations.
• Was a post this week on a comprimising vector for iDRAC called iDRACULA. There was a good post on what BMC is in practice. One thing I’d never been aware of was the OpenBMC project. For someone who just needs SSH and SOL it looks like it would be an awesome alternative to trusting OEMs.
• This is funny
• A good map of Linux performance tools
• An interesting post on using haproxy to handle both SSL/TLS and SSH on the same port. Would be a nice form of obscurity. This post might be a simpler form of implementing the same thing if you don’t have the need for VPN as well. This post seems even better.
• Encoding media is incredibly interesting (watch those videos, seriously watch them right now). AV1 is a super interesting next generation approach. Recently spotted the Dav1d project with “The goal of this project is to provide a decoder for most platforms, and achieve the highest speed possible to overcome the lack of AV1 hardware decoder”.
• The first UEFI rootkits are seen in the wild, Hn discussion about it here.
• A well written article on the upcoming security approaches for Zephyr and Fuschsia.
• purism announced a partnership with nitrokey called librem key, Hn discussed here which led me to this talk on heads.

Analysis #

• Masters Thesis on examining Linux Kernel Vulnerabilities over the last ten years
• Wonderful Data Visualization where the answers to life, the universe, and everything, can be be described using exactly 42 cluster-groups of philosophies. The visualization and typography are absolutely sublime, I only wish that they used the vertical bar for title/author on the top and bottom like they did on the left and right.
• Interesting discussion formulating a model for “how many megapixels” is enough in a camera sensor to support the human eye at a size and distance.
• This product would have changed my life 25 years ago… It’s an exciting future for kids learning math now days. Interesting Hn discussion about it.
• Super interesting manuscript on Keystroke Recognition Using WiFi Signals where researchers are seeing high 90% accuracy by examining Channel State Information.