Interesting reads, 21 May 2018

Interesting things I read on the Internet this week

• Completely Silent Computer — This gave me a pang of nostalgia, remembering my teen years building computers for friends and family. I’m seriously tempted to build a fully silent machine, the holy grail I never managed to achieve.

• The sad state of sysadmin in the age of containers — Interesting from a security point of view — the fashion of installing software through “convenient” pre-built binary blobs. I wonder how many software images already contain backdoors?

• Flopstarter — A platform for bad ideas. Amazing.

• ”… customers who are unable to arm/disarm or lock/unlock via the Nest app” — The real problem is centralisation — thermostats and doors locks should work even when Nest’s infrastructure goes down, or the company goes bust or abandons the product. My own front door lock is open source and runs on a tiny computer in my home. If I can do it, a megacorp like Nest can too.

• EFAIL - vulnerability in email clients using PGP and S/MIME — Researchers found a crypto-fail in the way some email clients handle encrypted HTML emails. They put out a mysterious tweet but bizarrely withheld the actual vulnerability, making it impossible to know what to advise. The EFF jumped in with unhelpful advice, and some sort of holy war broke out. It was a total mess.

• LocationSmart API Vulnerability — If you had real-time access to the location of every cellphone in the US, you’d protect that information really carefully, right?

• ‘Huggybug Your Family Today’: Don’t play around with children’s online safety — Brilliant spoof from Consumers International on the reality of internet-connected childrens’ toys.