My Weekly RoundUp #113
Happy Birthday, Unix!
Celebrating 50 years of Unix
We are commemorating Unix’s anniversary with the Unix50 event, a two-day celebration that will reflect on Unix’s past and explore the future of computing. Speakers and panelists include many of the original team that built Unix and designed the C programming language, as well as luminaries in the fields of computing and robotics. The event will also feature a gallery of Unix artifacts, a coding challenge requiring students to program robots to navigate the industrial spaces of the future, and numerous other activities drawing on Unix’s rich and colorful history at Bell Labs.
How To Fix "Aw Snap!" Crash in Google Chrome 78
Google Chrome updated to version 78 a few days ago and some users have been experiencing "Aw, Snap!" crashes instead of the promised features.
This disruption occurs when launching the web browser on systems with an outdated version of Symantec Endpoint Protection (SEP).
Symantec details that systems affected by this problem are Windows Server 2012, 2016, and Windows 10 RS1 with any version of SEP installed.
Any other Windows operating systems running a version of SEP older than 14.2 are also impacted. On these, updating to the latest SEP should fix the issue.
Elon Musk sends tweet via SpaceX’s Starlink satellite broadband
SpaceX's Starlink division is on track to offer satellite-broadband service in the United States in mid-2020, a company official said today. Meanwhile, SpaceX CEO Elon Musk posted two tweets that show he's testing the broadband service.
Build Your Own Plasma Ball
[Discrete Electronics Guy] built a plasma bulb using the casing from an old filament bulb and an ignition coil connected to a high voltage power supply. The power supply is based on the 555 timer IC. It uses a step-up transformer (the ignition coil) driven by a square wave oscillator circuit at a high frequency working as AC voltage. The square wave signal boosts the current into the power transistor, increasing its power.
The plasma is produced inside the bulb, which contains inactive noble gases. When touching the surface of the bulb, the electric arc flows to the point of contact. The glass medium protects the skin from burning, but the transparency allows the plasma to be seen. Pretty cool!
New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites
A team of German cybersecurity researchers has discovered a new cache poisoning attack against web caching systems that could be used by an attacker to force a targeted website into delivering error pages to most of its visitors instead of legitimate content or resources.
The issue could affect sites running behind reverse proxy cache systems like Varnish and some widely-used Content Distribution Networks (CDNs) services, including Amazon CloudFront, Cloudflare, Fastly, Akamai, and CDN77.
Alexa and Google Home devices leveraged to phish and eavesdrop on users, again
Hackers can abuse Amazon Alexa and Google Home smart assistants to eavesdrop on user conversations without users' knowledge, or trick users into handing over sensitive information.
The attacks aren't technically new. Security researchers have previously found similar phishing and eavesdropping vectors impacting Amazon Alexa in April 2018; Alexa and Google Home devices in May 2018; and again Alexa devices in August 2018.
Both Amazon and Google have deployed countermeasures every time, yet newer ways to exploit smart assistants have continued to surface.
The latest ones were disclosed today, after being identified earlier this year by Luise Frerichs and Fabian Bräunlein, two security researchers at Security Research Labs (SRLabs), who shared their findings with ZDNet last week.
7 million Adobe Creative Cloud accounts exposed to the public
Nearly 7.5 million Adobe Creative Cloud user records were left exposed to anyone with a web browser, including email addresses, account information, and which Adobe products they use.
Comparitech partnered with security researcher Bob Diachenko to uncover the exposed database. The Elasticsearch database could be accessed without a password or any other authentication.
Diachenko immediately notified Adobe on October 19 and the company secured the database on the same day.
Google And Facebook Are Reading Your License Plates
For years I’ve gone back and forth over the practice of obscuring license plates on photos on the internet. License plates are already publicly-viewable things, so what’s the point in obscuring them, right? Well, now I think there actually is a good reason to obscure your license plates in photos because it appears that Google and Facebook are actually reading the plates in photos, and then making the actual license plate alphanumeric sequence searchable. I tested it. It works.
Starting with Google, the way this works is to search for the license plate number using Google Images. That’s it.
Read This Before You Whistleblow With an App
Government whistleblowing is harder than just downloading an app. Earlier this month, California Congressman Ted Lieu shared an article on Twitter, detailing options for federal employees who want to leak unclassified information, including the use of encrypted messaging apps like Signal, WhatsApp, and Telegram.
But disclosing sensitive information to the press may be risky, particularly for a federal employee. The decision to blow the whistle could cost them their livelihood, freedom, or worse.
Open Sourcing Mantis: A Platform For Building Cost-Effective, Realtime, Operations-Focused Applications
Today we’re excited to announce that we’re open sourcing Mantis, a platform that helps Netflix engineers better understand the behavior of their applications to ensure the highest quality experience for our members. We believe the challenges we face here at Netflix are not necessarily unique to Netflix which is why we’re sharing it with the broader community.
As a streaming microservices ecosystem, the Mantis platform provides engineers with capabilities to minimize the costs of observing and operating complex distributed systems without compromising on operational insights. Engineers have built cost-efficient applications on top of Mantis to quickly identify issues, trigger alerts, and apply remediations to minimize or completely avoid downtime to the Netflix service. Where other systems may take over ten minutes to process metrics accurately, Mantis reduces that from tens of minutes down to seconds, effectively reducing our Mean-Time-To-Detect. This is crucial because any amount of downtime is brutal and comes with an incredibly high impact to our members — every second counts during an outage.
Star Wars: The Rise of Skywalker
The typography of Neo Genesis Evangelion
Evangelion Fonts in Usewas among the first anime to create a consistent typographic identity across its visual universe, from title cards to NERV’s user interfaces. Subcontractors usually painted anything type-related in an anime by hand, so it was a novel idea at the time for a director to use desktop typesetting to exert typographic control. Although sci-fi anime tended to use either sans serifs or hand lettering that mimicked sans serifs in 1995, Anno decided to buck that trend, choosing a display serif for stronger visual impact. After flipping through Fontworks’ specimen catalog, he personally selected the extra-bold (EB) weight of Matisse (マティス), a Mincho-style serif family.
Netflix’s GHOST IN THE SHELL Gets its First Teaser
The only thing we know about Netflix’s upcoming Ghost in the Shell is that the anime will have two seasons, and each will have 12 episodes. That’s about it. Watch the teaser!