FF, Self-service, Argo, MDS, RDS, Python 3

  • Technical Details on the Recent Firefox Add-on Outage - Really nice post summarizing it with background information. - Of course studies and telemetry are disabled, duh. - Still waiting for the final postmortem.
  • Nearly endless discussion about self-service point of sale terminals, pros versus cons, what's the best user interface, what kind of steps it should include. What actions require confirmation, authorization, how often to invoke random checks. Are the article specific check levels and so on. No simple or absolute answers, but lots of good discussion and options which can be configured in different usage environments.
  • Argo and Cloudflare Private Backbone - Nice post, I would love to see more technical details, maybe those are coming out later. But in general, I have to confess that before I started to check routes more often, I didn't have any idea how BAD routing unfortunately often is. Right now, traffic from Elisa Network to UpCloud (HEL2) is being routed via Stockholm adding nice 16 ms of extra latency. This is happening even if the data center and the physical servers are is about 200 meters from where I'm sitting right now. Tromboning at it's best! - Also this own backbone network answers the questions why companies choose to build something, when they could buy similar kind of service from some existing provider. Control is often the reason, as well as you can build system which is perfectly designed for your specific needs. Instead of just buying CPU, memory, disk, network and storage capacity. - Also quickly checked out Google GlobalLoadBalancer and AWS GlobalAccelerator.
  • Due to new Microarchitectural Data Sample (ZombieLoad, RIDL, Fallout) - discussion I reminded my self about temporal multithreading and barrel processor. See: ZombieLoad Attack and MDS Attacks.
  • The RDS vulnerability was really nice find. CVE-2019-0708 - A Wormable Remote Code Execution Vulnerability in Remote Desktop Services aka BlueKeep. Oh joy. Started morning by patching bunch of servers. Luckily the fix was released before that 0-day exploit got wild. It could have spread carnage around the Internet. Almost all environments are of course using NLA already, but it has been disabled in a few situations when clients use extremely outdated clients. But I'm sure there will be many systems which won't get patched, so we'll be hearing about this exploit later, it's pretty much guaranteed. Because someone didn't update and or fix the system configuration. Common Vulnerability Scoring System (CVSS) score for this issue is 9.8 / 10. Nice. kw: Windows, Microsoft, Exploit
  • Python 3 features which you should use - F-strings, I love it. Pathlib sure, used all the time. Type hinting, not so much. Enumerations with auto feature, nope. Reason? Data is often saved in database, and that's the reason why I don't want integer references to be auto generated, because it would be so easy to mess everything up. Of course if it's only temporary runtime data, then using auto doesn't matter. Because all references are limited to single initiation. LRU cache, well, no. I use PyClockPro CAR cache, which is more efficient on specific hit ratios due to wiser internal logic and flush resistance. Data Classes, when writing next larger project from scratch I'll probably use data classes in the project. When storing very simple data I often use dict or list instead of data class, but using data class would be much more correct way of doing it.