tobru.guru Newsletter #40
6 min read

tobru.guru Newsletter #40

Cool releases: Argo CD 2.0 and LineageOS 18.1. Ubiquiti: What the hell is going on? And more articles related to security.

News

Software releases, news articles and other new stuff

Release v2.0.0 · argoproj/argo-cd
#release, #argocd

Pods View, Logs Viewer, Banner Feature

Very cool to see a new major release of Argo CD. Will upgrade my cluster very soon to make use of it. Especially the application sets sound very interesting.

See the CNCF blog for more insights what's new.

Changelog 25 - Exemplary Eleven, Ravishing Recorder, Captivating Calendar, Beaming Backup – LineageOS – LineageOS Android Distribution
#android, #lineageos, #release

As always, let’s talk about versioning conventions - you may be thinking “Shouldn’t this be 18.0, as AOSP is on 11, and not 11.1?”. As we stated in our last blog post, after 17.0, whenever we conduct a platform wide rebase, we will be incrementing our minor version. So, when we rebased on the December Android Security Bulletin (ASB) due to its fairly massive changes, LineageOS 18.1 was born.

Yay, a new LineageOS release. And this time even LineageOS for microG was very fast (#139) providing a new build with the latest release. I upgraded all LineageOS devices (voyager, pioneer, x2) of the family straight away, this was really easy and went through without any issues. Thanks to LineageOS and microG to make it possible to use a Google-Free Android!

Whistleblower: Ubiquiti Breach “Catastrophic” — Krebs on Security
#security, #breach, #ubiquiti

"It was catastrophically worse than reported, and legal silenced and overruled efforts to decisively protect customers,” Adam wrote in a letter to the European Data Protection Supervisor. “The breach was massive, customer data was at risk, access to customers’ devices deployed in corporations and homes around the world was at risk."

What a shame! As a user of Ubiquiti access points I lost all hope in this vendor. The hardware is great, the software not. Time to change something. I figured out the great OpenWRT project supports the Ubiquiti hardware very well. Together with OpenWISP it might be possible to achieve a similar system like Ubiquiti offers with the Unifi controller, with a central management for all access points. I'll certainly give it a try and upgrade all my Ubiquiti access points to OpenWRT. It will be more work, but for me that's completely worth it.

For a short time I considered buying mesh access points from Tp-Link (Deco) or Linksys (Velop), but they seem to be even more evil than the Ubiquiti hardware: They require an Android app for setup, which alone isn't the biggest issue. What's even more painful is that one must register for a cloud-account at the vendor. Thanks, but no thanks. Time to go back to Open Source.

What puzzled me the most: I disconnected all my Ubiquiti gear from the Unifi cloud offering and wanted to delete my account. That is only possible by requesting it via support, you can't do that yourself. At least they were very fast in response. But still, what?

More reads on the Ubiquiti fall-down:


Articles

Interesting articles and blog posts

Gigaset smartphones infected with malware due to compromised update server | The Record by Recorded Future
#security, #hack

Hackers have compromised at least one update server of German smartphone maker Gigaset and deployed malware to some of the company’s customers.

Another WTF of the week.

PodSecurityPolicy Deprecation: Past, Present, and Future | Kubernetes
#kubernetes, #deprecation, #psp

PodSecurityPolicy (PSP) is being deprecated in Kubernetes 1.21, to be released later this week. This starts the countdown to its removal, but doesn’t change anything else. PodSecurityPolicy will continue to be fully functional for several more releases before being removed completely. In the meantime, we are developing a replacement for PSP that covers key use cases more easily and sustainably.

I think it's good that PSP will go away. I was never fan of it and had a hard time to really understand it. The same goes for SCC of OpenShift, which is basically the same. Better use the mentioned policy tools from the article.

This man thought opening a TXT file is fine, he thought wrong. macOS CVE-2019-8761
#macos, #security, #textfile, #html

This research originated when I realized the default text reader on OSX, TextEdit is used to open files with TXT extension by default. On the interface of TextEdit, it looked like you can do basic customization to your text (you can turn text bold, italic, change color etc...), so I was wondering how a TXT file was storing and parsing this information. It seems it uses RTF format instead of TXT if we add customizations to the text.

It's always fascinating what security issues get discovered all the time.

The Things Network upgrade to V3 - V2 to V3 Upgrade - The Things Network
#ttn, #lorawan, #upgrade

As announced during the opening keynote 131 of The Things Conference 2021 92, The Things Network is upgrading to The Things Stack V3. Finally!

Good to see this developed. My LoRaWAN gateway is connected to the network ever since, time to reconfigure and upgrade it.

This blog is now hosted on a GPS/LTE modem
#pinephone, #modem, #story

For context, the PinePhone has a Quectel EG25-G modem, which handles GPS and wireless connectivity for the PinePhone. This piece of hardware is one of the few components on the phone which is closed-source.
[...]
It turns out the modem runs its own OS totally separate from the rest of the PinePhone OS. With the latest updates, it runs Linux 3.18.44.

This is insane! The modem runs Linux - again. And so totally outdated. I could cry. A fascinating article.

RFC 8996 - Deprecating TLS 1.0 and TLS 1.1
#rfc, #tls, #deprecation

This document formally deprecates Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346). Accordingly, those documents have been moved to Historic status.

Finally!

Why All My Servers Have an 8GB Empty File - BiteofanApple
#sysadmin, #linux, #disk

On Linux servers it can be incredibly difficult for any process to succeed if the disk is full. Copy commands and even deletions can fail or take forever as memory tries to swap to a full disk and there's very little you can do to free up large chunks of space. But what if there was a way to free up a large chunk of space on disk right when you need it most?

Cool tip!

SQLite is not a toy database | Anton Zhiyanov
#sqlite

Whether you are a developer, data analyst, QA engineer, DevOps person, or product manager - SQLite is a perfect tool for you. Here is why.

I'm also using SQLite more and more, I find it a very interesting approach to store data.

Redefining Blameless Post-Mortem Terminology - matiasfrndz
#postmortem, #incident

Conducting post-mortems after responding to incidents is a powerful practice. It enables organisational learning and helps increasing service reliability. However, the terminology used in this context is misleading. In this article, I propose a new definition of the term “post-mortem” and point out four key aspects of the post-mortem practice: culture, structure, facilitation and documentation.

Yes, post-mortems are important. With that thoughts I think we can improve them as well at VSHN.

Kubernetes resource management and you | mhutter
#kubernetes, #schedule, #resource

Scheduling and resource management is a topic many Kubernetes users seem to struggle with, even though it is vital to understand it and correctly configure your workload to ensure optimal resource usage and application availability. In this article, I’ll explain what scheduling and resource management exactly is, how you configure and use them, and go into some best practices.

Fantastic write-up of my work-mate Manuel.


Tools

Open Source tools newly discovered

gravitl/netmaker: Netmaker makes networks. Netmaker makes networking easy, fast, and secure across all environments.
#wireguard, #vpn

Connect any computers together over a secure, fast, private network, and manage multiple networks from a central server.

Nginx Proxy Manager
#nginx, #reverseproxy, #letsencrypt

Expose your services easily and securely

ohmyform/ohmyform: ✏️ Free open source alternative to TypeForm, TellForm, or Google Forms ⛺
#form, #questionnaire, #survey

An open source alternative to TypeForm that can create stunning mobile-ready forms, surveys and questionnaires.

hackerschoice/gsocket: Connect like there is no firewall. Securely.
#vpn, #nat, #socket

The Global Socket Toolkit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.

Hardware

Hardware which caught my attention

Banrai/PiScan: A personal shopping and inventory-tracking device based on the Raspberry Pi
#raspberry, #scanner, #barcode, #inventory

This is a personal shopping and inventory-tracking device based on the Raspberry Pi and off-the-shelf usb barcode scanners, with an option to share and contribute to the Open Product Data (POD) database of product barcodes, as part of the Saruzai Open Data project.

Build a Simple Raspberry Pi LED Power/Status Indicator - Howchoo
#raspberry, #powerbutton, #led

This short guide will show you how to add an LED power indicator/status light to your Raspberry Pi, letting you know when it's powered and when it's safe to unplug your Pi. This LED will illuminate when your Pi is running and turn off when your Pi has been successfully shut down.

How to Add a Power Button to Your Raspberry Pi - Howchoo
#raspberry, #powerbutton

To keep the price down, the Raspberry Pi doesn't ship with a power button, yet it's easy to add your own! This guide will show you how to add a power button to your Raspberry Pi that can turn your Pi on or off. This is one of the most useful Raspberry Pi projects you can complete!

Enjoying these posts? Subscribe for more


Mastodon