tobru.guru Newsletter #20
Software releases, news articles and other new stuff
GC108P / GC108PP Firmware Version 188.8.131.52 | Answer | NETGEAR Support
Starting from firmware version 184.108.40.206, product registration is required to unlock full access to the local browser UI. You can login and access all features through the local browser UI 3 times without registering the switch through your netgear.com account. A limited feature set is available without registration. For more information, visit the NETGEAR knowledge base article at https://kb.netgear.com/000061174.
It's not that I own such a device, but I was shocked when I read that I would have to register to use all features of the device. That's absolutely not what I would be expecting from a network device!
Gitter is joining Element
When we created Element we defined one of its primary goals as supporting and growing the Matrix ecosystem. So when GitLab proposed that Gitter, the leading developer-focused chat platform, could be stronger as part of the Matrix network, we knew we couldn’t miss the chance!
Matrix is a very promising idea and technology to be the future of federated chat. With the growing of the company behind it I hope it gets more traction and will be more and more adopted over time.
Interesting articles and blog posts
Migrating data and apps to a new device with adb (LineageOS 17)
This article describes how you can migrate your apps and data from your old to your new smartphone (LineageOS 17.1) using adb pull/push.
Unfortunately the "spider-app" got force-installed on my Smartphone on Friday evening. Fortunately I had a spare device around (voyager) which I can use as an appropriate replacement. Migrating data and applications was very easy with the help of this article.
How One Guy Ruined #Hacktoberfest2020 #Drama
If you aren't familar, Hacktoberfest is an annual event that occurs every October. It is held by Digital Ocean and encourages developers to submit Pull Requests to Open Source repositories and as a reward you get a T-Shirt. There's almost no limits, so if your request is merged into any Open Source repository, you qualify. Amazing.
As soon as October started in some timezones Spam started to come in. I was really shocked and didn't expect that. Hopefully this stops soon as I already had to cleanup many PRs in GitHub projects I help to maintain.
Hacktoberfest Shared commitment to reducing spam with Hacktoberfest
We’ve traced the majority of this year’s spammy contributions back to a participant with a large online audience who openly encouraged their community to take part in spammy activities, including ideas on how to game the system. However, we know the spam issues go beyond this one example. This is an aspect of Hacktoberfest we have been working to improve since we started the program seven years ago.
At least DigitalOcean is aware of it and is taking measures.
Let's Encrypt's New Root and Intermediate Certificates - Let's Encrypt - Free SSL/TLS Certificates
#letsencrypt, #tls, #certificate
On Thursday, September 3rd, 2020, Let’s Encrypt issued six new certificates: one root, four intermediates, and one cross-sign. These new certificates are part of our larger plan to improve privacy on the web, by making ECDSA end-entity certificates widely available, and by making certificates smaller.
Interesting read on what's going on behind the scenes in the land of TLS certificates.
How I bypassed Cloudflare's SQL Injection filter
#security, #sql, #waf
In late 2018 I was tasked with performing a Web Application security assessment for a large client. After running the standard scans with automated tools, something interesting came up: a possible SQL injection which couldn’t be exploited using the tool. The reason: Cloudflare’s WAF and more specifically its SQL Injection filter.
I'm not a big fan of Web Application Firewalls, in my opinion the application should implement appropriate security measures. A WAF could still be usefull as an additional defense barier, but should not be the main way to "secure" an app.
Open Source tools newly discovered
GitHub - jetstack/version-checker: Kubernetes utility for exposing image versions in use, compared to latest available upstream, as metrics.
#kubernetes, #images, #scan, #security
version-checker is a Kubernetes utility for observing the current versions of images running in the cluster, as well as the latest available upstream. These checks get exposed as Prometheus metrics to be viewed on a dashboard, or soft alert cluster operators.
A simple, consistent open-source icon set designed to be used in a wide variety of digital products.
GitHub - AkihiroSuda/sshocker: ssh + reverse sshfs + port forwarder, in Docker-like CLI
This is akin to docker run -p 8080:80 -v $(pwd):/mnt IMAGE, but sshocker is for remote hosts, not for containers.
Plug & Play Raspberry Pi cluster. Host cloud apps, run Kubernetes, Docker, Serverless locally.
PLUG & PLAY RASPBERRY PI CLUSTER. HOST KUBERNETES, DOCKER, SERVERLESS LOCALLY.