Bruno Vernay: March summary - 2017-03

2017-04-03

March summary - 2017-03

03 Mars

Social

Rationalisation, Escalation of commitment "Escalade d'engagement"
- Insisted both on "The Black Swan" and "Petit traité de manipulation a l'usage des honnêtes gens" https://www.amazon.fr/Petit-trait%C3%A9-manipulation-lusage-honn%C3%AAtes/dp/2706118857
Maker Fair Grenoble excellent.
- designer Helena Amalric, spécialisée dans le biomimétisme et bénévole au Bio Lab de la Casemate. Helena nous présente les réalisations du BioLab conçues à partir de champignons https://Grenoble.makerfaire.com/designer-helena-amalric-presente-productions-bio-lab-de-casemate/
- Morgan Dours, chef de projet Bio Lab à La Casemate

Tech

Tools
- XFreeRDP very useful Remote Desktop Protocol (RDP) client. (I had connexion problems with Vinegar)
  - Can mount a drive!
  - /usr/bin/xfreerdp /u:xxxx /p:XXX\! /v:xxxx.cloudapp.net +clipboard /size:1580x980 /drive:MY_DRIVE,/home/bruno/tmp
  - http://www.freerdp.com/ & https://github.com/FreeRDP/FreeRDP
  - Looks like there is a GTK+ GUI: Remmina http://www.remmina.org/
- Gnome Desktop extensions are great (Wayland integration not perfect yet.)
  - Integration with Chrome https://wiki.gnome.org/Projects/GnomeShellIntegrationForChrome
  - ScreenCast https://github.com/EasyScreenCast/EasyScreenCast
In TCP/IP: IPTable connections differ from Kernel connections!!
- http://www.SE-Radio.net/2017/02/se-radio-episode-282-Donny-Nadolny-on-debugging-distributed-systems/
- https://www.SlideShare.net/DonnyNadolny/debugging-distributed-systems-devoxx-belgium-2016-extended
Security
- Agents: I am usually very reluctant to solutions requiring running an agent on all nodes. The agent itself can be an attack vector! But OSQuery at least looks good: https://github.com/facebook/osquery Via https://risky.biz/RB446/
- Interesting details about JWT and cookies: https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid (be sure to read the linked articles)
- Fancy shell prompt are risky (zsh plugins ...): https://github.com/njhartwell/pw3nage?utm_source=cronweekly.com
- Token binding to TLS session. Demo: https://www.ietf.org/mail-archive/web/unbearable/current/msg01332.html
  - IETF Token Binding (tokbind) https://datatracker.ietf.org/wg/tokbind/about/
- If regulations are too slow to come, the market might create them https://www.cnet.com/news/consumer-reports-cybersecurity-privacy-product-reviews/
- Internet CA: slow and tiny improvements https://cabforum.org/2017/03/08/ballot-187-make-caa-checking-mandatory/
Containers: Docker's monopoly closer to its end
- "Death of Docker?" https://www.certdepot.net/death-of-docker/?utm_source=cronweekly.com
- "CoreOS's rkt and Docker's containerd jointly donated to CNCF" https://coreos.com/blog/rkt-container-runtime-to-the-cncf.html?utm_source=cronweekly.com
  - Cloud Native Computing Foundation (CNCF) https://www.cncf.io/ Hosts Kubernetes, Fluentd, OpenTracing, Linkerd, Prometheus ...
About Java memory in containers https://developers.redhat.com/blog/2017/03/14/java-inside-docker/

Security & AI
- The scope is wider, with this insidious trends:
  - AI can find the most efficient way to influence you, analysing your tweets, Facebook and so on ...
- Breaking Google security with Google services! ReCaptcha broken with AI https://east-ee.com/2017/02/28/rebreakcaptcha-breaking-googles-recaptcha-v2-using-google/
- Very informed Podcast on the subject RiskyBusiness "Machine Learning: Woot or woo?" https://risky.biz/RB449/ others episodes mention AI also.

No comments:

Subscribe to: Post Comments (Atom)