The Recompiler Podcast

Episode 75: Do we need to Faraday cage your office?

This episode we talk about Amazon’s AI recruiting fail, WordPress accessibility issues, Google+ and more.  https://recompilermag.com/2018/10/16/episode-75-do-we-need-to-faraday-cage-your-office [https://recompilermag.com/2018/10/16/episode-75-do-we-need-to-faraday-cage-your-office] Community Event Planning pre-order. Still time to get in on the book previews! https://community-events-2.backerkit.com/hosted_preorders [https://community-events-2.backerkit.com/hosted_preorders] Survey for event organizers https://airtable.com/shrvbemYqHvL1Z7tt [https://airtable.com/shrvbemYqHvL1Z7tt] Issue 10 - Science! It’s shipping. Back order sale use code READER18 for buy 2, get 3rd 1/2 off! https://shop.recompilermag.com [https://shop.recompilermag.com] Amazon scraps secret AI recruiting tool that showed bias against women | Reuters https://www.reuters.com/article/us-amazon-com-jobs-automation-insight/amazon-scraps-secret-ai-recruiting-tool-that-showed-bias-against-women-idUSKCN1MK08G [https://www.reuters.com/article/us-amazon-com-jobs-automation-insight/amazon-scraps-secret-ai-recruiting-tool-that-showed-bias-against-women-idUSKCN1MK08G] I have resigned as the WordPress accessibility team lead. Here is why. - Rian Rietveld https://rianrietveld.com/2018/10/09/i-have-resigned-the-wordpress-accessibility-team/ [https://rianrietveld.com/2018/10/09/i-have-resigned-the-wordpress-accessibility-team/] A Plan for 5.0 – Make WordPress Core https://make.wordpress.org/core/2018/10/03/a-plan-for-5-0/ [https://make.wordpress.org/core/2018/10/03/a-plan-for-5-0/] JAMstack | JavaScript, APIs, and Markup https://jamstack.org/ [https://jamstack.org/] Google is shutting down Google+ following massive data exposure https://www.engadget.com/2018/10/08/google-shutting-down-google-plus/ [https://www.engadget.com/2018/10/08/google-shutting-down-google-plus/] Google faces mounting pressure from Congress over Google+ privacy flaw - The Verge https://www.theverge.com/2018/10/11/17964134/google-plus-congress-privacy-data-vulnerability [https://www.theverge.com/2018/10/11/17964134/google-plus-congress-privacy-data-vulnerability] Tampered Chinese Ethernet port used to hack ‘major US telecom,’ says Bloomberg report https://www.theverge.com/platform/amp/2018/10/9/17955848/supermicro-telecom-server-hack-apple-amazon [https://www.theverge.com/platform/amp/2018/10/9/17955848/supermicro-telecom-server-hack-apple-amazon] Zotero Blog » Blog Archive » Improved PDF retrieval with Unpaywall integration https://www.zotero.org/blog/improved-pdf-retrieval-with-unpaywall-integration/ [https://www.zotero.org/blog/improved-pdf-retrieval-with-unpaywall-integration/] Julia Evans Zines https://jvns.ca/zines/ [https://jvns.ca/zines/] https://jvns.ca/blog/2018/09/23/why-sell-zines/ [https://jvns.ca/blog/2018/09/23/why-sell-zines/] Let’s Pair! https://www.kickstarter.com/projects/marlenac/lets-pair [https://www.kickstarter.com/projects/marlenac/lets-pair]

Episode 74: There is pumpkin spice in the air

This episode we talk about Chinese spy chips, new sophisticated voice phishing schemes, and Facebook’s huge security breach. https://recompilermag.com/2018/10/12/episode-74-there-is-pumpkin-spice-in-the-air [https://recompilermag.com/2018/10/12/episode-74-there-is-pumpkin-spice-in-the-air] Community Event Planning pre-order. Still time to get in on the book previews. https://community-events-2.backerkit.com/hosted_preorders [https://community-events-2.backerkit.com/hosted_preorders] Survey for event organizers. Please fill it out! https://airtable.com/shrvbemYqHvL1Z7tt [https://airtable.com/shrvbemYqHvL1Z7tt] Issue 10 - Science! It’s shipping. Back order sale use code READER18 for buy 2, get 3rd 1/2 off! https://shop.recompilermag.com [https://shop.recompilermag.com] China planted spy chips in computers from Portland-based Elemental, Bloomberg reports | OregonLive.com https://www.oregonlive.com/silicon-forest/index.ssf/2018/10/chinese_planted_spy_chips_insi.html [https://www.oregonlive.com/silicon-forest/index.ssf/2018/10/chinese_planted_spy_chips_insi.html] The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies - Bloomberg https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies [https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies] The Big Hack: Amazon, Apple, Supermicro, and Beijing Respond - Bloomberg https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond [https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond] Chinese Hackers Have Allegedly Compromised the Supply Chain to Spy on Amazon and Apple https://motherboard.vice.com/en_us/article/gye8w4/chinese-supply-chain-hack-apple-bloomberg [https://motherboard.vice.com/en_us/article/gye8w4/chinese-supply-chain-hack-apple-bloomberg] Voice Phishing Scams Are Getting More Clever — Krebs on Security https://krebsonsecurity.com/2018/10/voice-phishing-scams-are-getting-more-clever/ [https://krebsonsecurity.com/2018/10/voice-phishing-scams-are-getting-more-clever/] Facebook says nearly 50m users compromised in huge security breach | Technology | The Guardian https://www.theguardian.com/technology/2018/sep/28/facebook-50-million-user-accounts-security-berach [https://www.theguardian.com/technology/2018/sep/28/facebook-50-million-user-accounts-security-berach] Kim Zetter on Twitter: "The Facebook breach gets even worse - it's not just that an attacker who has your Facebook token can access other accounts you've used your Facebook account to access, he/she can access accounts you haven't even used Facebook to access… https://t.co/BCCpuPG9XI [https://t.co/BCCpuPG9XI]" https://twitter.com/kimzetter/status/1046806168348160000?s=21 [https://twitter.com/kimzetter/status/1046806168348160000?s=21] jason polakis on Twitter: "Given the scale and severity of the @facebook breach, I’ll share some thoughts based on our recent @USENIXSecurity paper with @m0eb1t, amrutha, @kaytwo, @stevecheckoway, where we explored the ramifications of your Facebook account being compromised. https://t.co/6gS2ERrGvO [https://t.co/6gS2ERrGvO] (1/n)" https://twitter.com/jpolakis/status/1046086964410294272 [https://twitter.com/jpolakis/status/1046086964410294272] Facebook Security Bug Affects 90M Users — Krebs on Security https://krebsonsecurity.com/2018/09/facebook-security-bug-affects-90m-users/ [https://krebsonsecurity.com/2018/09/facebook-security-bug-affects-90m-users/] O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web https://www.cs.uic.edu/~polakis/papers/sso-usenix18.pdf [https://www.cs.uic.edu/~polakis/papers/sso-usenix18.pdf] Can Mark Zuckerberg Fix Facebook Before It Breaks Democracy? | The New Yorker https://www.newyorker.com/magazine/2018/09/17/can-mark-zuckerberg-fix-facebook-before-it-breaks-democracy [https://www.newyorker.com/magazine/2018/09/17/can-mark-zuckerberg-fix-facebook-before-it-breaks-democracy] Burgerville Notifies Guests of Data Breach https://www.prnewswire.com/news-releases/burgerville-notifies-guests-of-data-breach-300723908.html [https://www.prnewswire.com/news-releases/burgerville-notifies-guests-of-data-breach-300723908.html] THE WILD INNER WORKINGS OF A BILLION-DOLLAR HACKING GROUP https://www.wired.com/story/fin7-wild-inner-workings-billion-dollar-hacking-group/ [https://www.wired.com/story/fin7-wild-inner-workings-billion-dollar-hacking-group/] Episode 69: We’ll just make a pickle grid – The Recompiler https://recompilermag.com/2018/08/10/episode-69-well-just-make-a-pickle-grid/ [https://recompilermag.com/2018/08/10/episode-69-well-just-make-a-pickle-grid/] MIDI unicorn https://www.youtube.com/watch?v=i3tiuGVDDkk [https://www.youtube.com/watch?v=i3tiuGVDDkk] Willamette River presents stunning lidar image on poster from Department of Geology | OregonLive.com https://www.oregonlive.com/travel/index.ssf/2013/04/willamette_river_presents_stun.html [https://www.oregonlive.com/travel/index.ssf/2013/04/willamette_river_presents_stun.html]

Episode 73: A bold move

This episode we talk about moral clauses in FOSS licenses, ShotSpotter’s partnership with Verizon, how Buffer bought out its VCs, and WayMo. https://recompilermag.com/2018/10/11/episode-73-a-bold-move [https://recompilermag.com/2018/10/11/episode-73-a-bold-move] Devopsdays Portland - SEPTEMBER 11-13, 2018 - RECOMPILERFRIENDS 20% discount http://devopsdays.org/events/2018-portland/ [http://devopsdays.org/events/2018-portland/] Community Event Planning pre-order Still time to get in on the book previews https://community-events-2.backerkit.com/hosted_preorders [https://community-events-2.backerkit.com/hosted_preorders] Survey for event organizers https://airtable.com/shrvbemYqHvL1Z7tt [https://airtable.com/shrvbemYqHvL1Z7tt] Call for Contributors, Issue 12 Machines and Things https://recompilermag.com/2018/07/24/call-for-contributors-for-issue-12-machines-things/ [https://recompilermag.com/2018/07/24/call-for-contributors-for-issue-12-machines-things/] Major Open Source Project Revokes Access to Companies That Work with ICE https://motherboard.vice.com/en_us/article/8xbynx/major-open-source-project-revokes-access-to-companies-that-work-with-ice [https://motherboard.vice.com/en_us/article/8xbynx/major-open-source-project-revokes-access-to-companies-that-work-with-ice] Stop using my tools, racists https://github.com/palantir/blueprint/issues/2876 [https://github.com/palantir/blueprint/issues/2876] Palantir employees are racist and they need to stop using my tools https://github.com/palantir/blueprint/issues/2877 [https://github.com/palantir/blueprint/issues/2877] Add text to MIT License banning ICE collaborators https://github.com/lerna/lerna/pull/1616 [https://github.com/lerna/lerna/pull/1616] Please remove jamiebuilds as maintainer for CoC violations https://github.com/lerna/lerna/issues/1630 [https://github.com/lerna/lerna/issues/1630] Remove Microsoft from Restrictive License https://github.com/lerna/lerna/pull/1631 [https://github.com/lerna/lerna/pull/1631] Restore unmodified MIT license https://github.com/lerna/lerna/pull/1633 [https://github.com/lerna/lerna/pull/1633] SPDX license list https://spdx.org/licenses/index.html [https://spdx.org/licenses/index.html] My potted view on adding extra ethical clauses to open source licenses https://mastodon.social/@mala/100642002012668168 [https://mastodon.social/@mala/100642002012668168] ShotSpotter Expands Verizon Partnership With Reseller Agreement for Gunshot Detection Services http://globenewswire.com/news-release/2018/08/28/1557516/0/en/ShotSpotter-Expands-Verizon-Partnership-With-Reseller-Agreement-for-Gunshot-Detection-Services.html [http://globenewswire.com/news-release/2018/08/28/1557516/0/en/ShotSpotter-Expands-Verizon-Partnership-With-Reseller-Agreement-for-Gunshot-Detection-Services.html] Ingrid Burrington on Twitter: "So one way to read this is it's a way for Shotspotter installations to avoid any resident pushback by burying them in a contract–instead of making SST a line item, it's just tacked onto a broader services agreement with Verizon that wouldn't otherwise raise eyebrows." https://twitter.com/lifewinning/status/1035211677375946752 [https://twitter.com/lifewinning/status/1035211677375946752] Rochester man shot by police sues cops, city, and ShotSpotter https://www.democratandchronicle.com/story/news/2018/08/30/silvon-simmons-rochester-police-officer-joseph-ferrigno-gun-lawsuit/1119014002/ [https://www.democratandchronicle.com/story/news/2018/08/30/silvon-simmons-rochester-police-officer-joseph-ferrigno-gun-lawsuit/1119014002/] We Spent $3.3M Buying Out Investors: Why and How We Did It https://open.buffer.com/buying-out-investors/ [https://open.buffer.com/buying-out-investors/] Amir Efrati on Twitter: "Just out: The truth about Waymo... https://t.co/q9Oet5j5Ck [https://t.co/q9Oet5j5Ck]" https://twitter.com/amir/status/1034442936774258688 [https://twitter.com/amir/status/1034442936774258688] A day in the life of a Waymo self-driving taxi - The Verge https://www.theverge.com/2018/8/21/17762326/waymo-self-driving-ride-hail-fleet-management [https://www.theverge.com/2018/8/21/17762326/waymo-self-driving-ride-hail-fleet-management] Donut County http://donutcounty.com/ [http://donutcounty.com/] Martin “Sexy Nuclear Disarmament” Pfeiffer🏳️‍🌈 [https://s0.wp.com/wp-content/mu-plugins/wpcom-smileys/twemoji/2/72x72/1f3f3-fe0f-200d-1f308.png] on Twitter: "🚨 [https://s0.wp.com/wp-content/mu-plugins/wpcom-smileys/twemoji/2/72x72/1f6a8.png]NOW PUBLICLY ACCESSIBLE🚨 [https://s0.wp.com/wp-content/mu-plugins/wpcom-smileys/twemoji/2/72x72/1f6a8.png] Find below the link to my complete archive of 1951-1997 Sandia nuclear laboratory documents from my FOIA. https://t.co/Z8BzUTdF6g [https://t.co/Z8BzUTdF6g] You can also support my work at: https://t.co/GzHV653OGL [https://t.co/GzHV653OGL] or https://t.co/tvFac0gW44… [https://t.co/tvFac0gW44…] https://t.co/243xjjkj5k [https://t.co/243xjjkj5k]" https://twitter.com/i/web/status/1035331181141581824 [https://twitter.com/i/web/status/1035331181141581824]

Episode 72: I’ve just confused myself

This episode we’re talking about Wickr’s use of domain-fronting and other anti-censorship techniques, HashWick vulnerability, Verizon throttling emergency responders data cellular connections, licensing shenanigans. https://recompilermag.com/2018/10/11/episode-72-ive-just-confused-myself [https://recompilermag.com/2018/10/11/episode-72-ive-just-confused-myself] Devopsdays Portland - SEPTEMBER 11-13, 2018 - RECOMPILERFRIENDS 20% discount http://devopsdays.org/events/2018-portland/ [http://devopsdays.org/events/2018-portland/] RECOMPILERFRIENDS is a 20% off discount Community Event Planning pre-order https://community-events-2.backerkit.com/hosted_preorders [https://community-events-2.backerkit.com/hosted_preorders] Survey for event organizers https://airtable.com/shrvbemYqHvL1Z7tt [https://airtable.com/shrvbemYqHvL1Z7tt] Call for Contributors, Issue 12 Machines and Things https://recompilermag.com/2018/07/24/call-for-contributors-for-issue-12-machines-things/ [https://recompilermag.com/2018/07/24/call-for-contributors-for-issue-12-machines-things/] Wickr has a new plan for dodging internet blocks - The Verge https://www.theverge.com/2018/8/23/17770384/wickr-psiphon-partnership-internet-censorship [https://www.theverge.com/2018/8/23/17770384/wickr-psiphon-partnership-internet-censorship] HashWick V8 Vulnerability https://darksi.de/12.hashwick-v8-vulnerability/ [https://darksi.de/12.hashwick-v8-vulnerability/] Node.js and the "HashWick" vulnerability https://nodesource.com/blog/node-js-and-the-hashwick-vulnerability/ [https://nodesource.com/blog/node-js-and-the-hashwick-vulnerability/] Verizon throttled fire department’s “unlimited” data during Calif. wildfire | Ars Technica https://arstechnica.com/tech-policy/2018/08/verizon-throttled-fire-departments-unlimited-data-during-calif-wildfire [https://arstechnica.com/tech-policy/2018/08/verizon-throttled-fire-departments-unlimited-data-during-calif-wildfire] Use Debian? Want Intel's latest CPU patch? Small print sparks big problem https://www.theregister.co.uk/2018/08/21/intel_cpu_patch_licence/ [https://www.theregister.co.uk/2018/08/21/intel_cpu_patch_licence/] Redis: This is not the license change you are looking for https://blog.tidelift.com/redis-this-is-not-the-license-change-you-are-looking-for- [https://blog.tidelift.com/redis-this-is-not-the-license-change-you-are-looking-for-] Software Freedom Ensures the True Software Commons https://sfconservancy.org/blog/2018/aug/22/commons-clause/ [https://sfconservancy.org/blog/2018/aug/22/commons-clause/] Redis licensing https://redislabs.com/community/licenses/ [https://redislabs.com/community/licenses/] Skills for our software future / Audrey Eschright http://lifeofaudrey.com/2018/09/06/3rd-wave.html [http://lifeofaudrey.com/2018/09/06/3rd-wave.html] Oregon DEQ map https://oraqi.deq.state.or.us/home/map [https://oraqi.deq.state.or.us/home/map] HRRR-Smoke Model Fields - Experimental https://rapidrefresh.noaa.gov/hrrr/HRRRsmoke/ [https://rapidrefresh.noaa.gov/hrrr/HRRRsmoke/]

Episode 71: That sounds both interesting and ridiculous

This week Audrey and I chat about about Las Vegas Hotel security issues during DefCon, Foreshadow speculative execution vulnerability, and issues with the music industry business model and copyright. Complete show notes: https://recompilermag.com/2018/09/25/episode-71-that-sounds-both-interesting-and-ridiculous [https://recompilermag.com/2018/09/25/episode-71-that-sounds-both-interesting-and-ridiculous] * [01:06] Devopsdays Portland - SEPTEMBER 11-13, 2018 - RECOMPILERFRIENDS 20% discount [http://devopsdays.org/events/2018-portland/] * [01:54] Community Event Planning pre-order [https://community-events-2.backerkit.com/hosted_preorders] * [02:34] Survey for event organizers [https://airtable.com/shrvbemYqHvL1Z7tt] * [03:15] Call for Contributors, Issue 12 Machines and Things [https://recompilermag.com/2018/07/24/call-for-contributors-for-issue-12-machines-things/] * [04:09] In post-massacre Vegas, security policies clash with privacy values - The Parallax [https://www.the-parallax.com/2018/08/12/vegas-hotel-room-security-privacy-defcon/] * [07:48] Open letter to the Hacker Community. | Marc's Security Ramblings [http://marcrogers.org/2018/08/13/open-letter-to-the-hacker-community/#single-tabs] * [22:15] Chris Dagdigian on Twitter: "this happened to me as well at a Marriott owned hotel property..." [https://twitter.com/chris_dag/status/1029075338607898624] * [23:33] Foreshadow: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution [https://foreshadowattack.eu/] * [31:07] Artists Made Only 12% of Music Industry Revenue in 2017, Citigroup Report Finds | Pitchfork [https://pitchfork.com/news/artists-made-only-12-of-music-industry-revenue-in-2017-citigroup-report-finds/] * [40:01] Recording Industry Hypocrisy On Full Display In Continuing To Push The CLASSICS Act That Expands Copyright | Techdirt [https://www.techdirt.com/articles/20180528/22024539933/recording-industry-hypocrisy-full-display-continuing-to-push-classics-act-that-expands-copyright.shtml] * [50:17] USB Dongle Authentication [https://www.dongleauth.info/] * [51:36] Two Factor Auth List [https://twofactorauth.org/] * [54:09] Thru-hiking the US/Mexico border [https://www.outsideonline.com/2333816/two-women-just-completed-first-border-thru-hike] * [56:04] Natives Outdoors [https://www.instagram.com/nativesoutdoors/] * [32:45] PUTTING THE BAND BACK TOGETHER: Remastering the World of Music (pdf) [https://ir.citi.com/NhxmHW7xb0tkWiqOOG0NuPDM3pVGJpVzXMw7n+Zg4AfFFX+eFqDYNfND+0hUxxXA]