The level of ritual was probably the #1 thing I disliked the most about working at Google on a day-to-day basis. Being forced to write pointless unit tests for trivial functions, in a project that had no meaningful integration testing at all. Having code reviews rejected for putting the wrong whitespace in a line. Having to jump through hoops to get a “readability” certification in a language, just so I could submit a changeset.
I feel like I get about 5x as much accomplished in a day, now that I work at a startup on a team with almost no unnecessary rituals.
I’ve resurrected my full-on blog, complete with most of the old content. (I did delete a bunch of posts that are no longer relevant or interesting.) It’s now run by Jekyll and themed by HPSTR and hosted by Github Pages, as you can read here.
Exactly what it says on the tin. A blog post with guidance on how to download and build (for iOS) Google’s big and hairy WebRTC framework.
Today at the Chaos Computer Congress (30C3), xobs and I disclosed a finding that some SD cards contain vulnerabilities that allow arbitrary code execution — on the memory card itself. …
From the security perspective, our findings indicate that even though memory cards look inert, they run a body of code that can be modified to perform a class of MITM attacks that could be difficult to detect; there is no standard protocol or method to inspect and attest to the contents of the code running on the memory card’s microcontroller. Those in high-risk, high-sensitivity situations should assume that a “secure-erase” of a card is insufficient to guarantee the complete erasure of sensitive data. Therefore, it’s recommended to dispose of memory cards through total physical destruction (e.g., grind it up with a mortar and pestle).
Bunnie Huang — On Hacking MicroSD Cards
tl;dr: SD cards (and other flash memory cards) contain reasonably powerful microcontrollers onboard, which have firmware that can often be rewritten, allowing an attacker to change the behavior of the card. Yikes.
A new book by Ilya Grigorik, published by O’Reilly and freely readable online.
I’m partway through chapter 2, and the book is excellent so far. Despite the title it’s not just about web browsers or for web developers — it’s a thorough overview of IP networking, protocols, performance and security.