- ‘Reproducing the Microsoft Exchange Proxylogon Exploit Chain’ by Anthony Weems and Dallas Kaman and Michael Weber for Praetorian
- ‘The End of Silicon Valley as We Know It?’ by Tim O’Reilly for O’Reilly Radar
- ‘The iconic watches that inspired Apple Watch faces’ by Arun Venkatesan for his blog
- ‘Can We Stop Pretending SMS Is Secure Now?’ by Brian Krebs for KrebsOnSecurity
- ‘The Battle of Thacker Pass’ by Maddie Stone for Grist
- ‘How Facebook got addicted to spreading misinformation’ by Karen Hao for MIT Technology Review
- ‘What’s in your browser (backup)?’ by Matthew Green for his blog
- ‘Buffer overruns, license violations, and bad code: FreeBSD 13’s close call’ by Jim Salter for Ars Technica
First up, we have a detailed breakdown from Praetorian of the recent Microsoft Exchange Proxylogon exploit. It is quite technical and personally some of it is went above my head but its an interesting read nonetheless.
The essay from Tim O’Reilly is essentially talking about why the importance of Silicon Valley both as a physical and metaphysical concept is slowly diminishing as the future is in companies that have the solutions for the climate relate problems that need to be tacked are not the ones currently dominant in the technological space.
More specifically he is talking about how we need to stop caring about “casino capitalism” and the “betting economy” and focus on investment on our long term problems, namely the climate and the environment. I understand the sentiment here but I don’t think a different kind of capitalism is going to solve the very real problems of the future and this idea looks a lot like the stuff I remember reading about “corporate social responsibility” in a business 101 class. If the motive to solve these problems is still monetary profit, I don’t think we are getting anywhere useful.
Arun Venkatesan writes a nice post about the iconic watches that inspired the Apple Watch faces. It was very interesting to read the history behind these watch faces and the examples of the watch advertising were amusing. Especially the one that mentioned the Concorde airplane (RIP). Personally, I don’t use any of these watchfaces, I prefer the more digital watch faces. Infograph Modular, Activity Digital, and Numerals Duo are the watch faces I use. I find it easier to read the time or other information at a glance when using one of these watch faces than any of the ones that mimic analog watch designs.
Brian Krebs writes about the situation with Sakari and how anyone can easily intercept someone’s SMS messages. SMS continues to demonstrate that it is not suitable for anything resembling a secure system. Please stop using it for two factor authentication where possible folks.
Maddie Stone writes about the situation in Thacker Pass and the environmental effects of lithium mining. This is also in the face of increased pressure and demand for lithium as we use more and more of that in lithium ion batteries, in cars and other devices. The irony of the situation being that to reduce the United States reliance on fossil fuels, a different kind of resource extraction is needed to provide the necessary replacements in the form of batteries for electric cars.
Karen Hao writes a eye opening piece about what the real priorities are at Facebook. Specifically how AI is used in the name of growth and at the cost of an increasingly polarized user base. It’s also partly a profile about Joaquin Quiñonero Candela, a director of AI at Facebook who comes off more of a sympathetic character than I expected. That last line is particularly chilling:
“I don’t know,” he said with a halting stutter. Then he repeated, with more conviction: “That’s my honest answer. Honest to God. I don’t know.”
Joaquin Quiñonero Candela, 2021
Matthew Green writes about the situation with browser’s backing up user data like browsing history. Reading this made me reconsider if I really should be using Firefox’s sync functionality to sync browsing history across systems. Matthew does not cover Firefox so I am not entirely sure what Mozilla is doing to protect this kind of user data. Regardless, I think I need to consider not syncing browser history at all as it is not particularly useful to me to have that synced across devices. I don’t think I’ve ever used history data across devices.
Jim Salter writes a fantastic piece about the whole Netgate/FreeBSD/Wireguard situation. If you haven’t been keeping abreast of the situation, this is a good place to get started. Jim breaks down the situation from all sides involved. Here’s hoping that at least there have been some lessons learned on the FreeBSD side of things and going forward there are processes in place to not have something like this happen again. Personally, I am never recommending anyone use pfSense or any other Netgate product ever again. If you need something equivalent, go take a look at opnSense instead.
That’s all from me folks, I’ll see y’all next week. Stay safe out there.