Interesting links, week 1, 2024
Happy new year! 2023 was a really weird one.
Interesting telco/tech news for this week:
- How 50% of telco Orange Spain’s traffic got hijacked — a weak password: Turns out an info stealer in september was exploited in december to alter the RIPE account used to manage the BGP resources of the operator. This is somehow symptomatic of the telco industry - a drop of overall technical literacy for managing properly their core business, offloaded to contractors or vendors. Nevertheless, reviewing my own RIPE account, I notice the second factor was not properly enforced in their system. I had to disable and re-enable it. Properly an isolated issue with my account, but worrying nevertheless for the RIPE zone.
- Direct to phone pricing: “Deutsche Telekom is charging 4.99 euros ($5.50) per month for up to 30 messages (180 Characters max) using the satellite service”. An interesting revival of SMS pricing during the end of the nineties. Note that there is a nice followup comment on the beam capacity.
- What your phone won’t tell you: Exploration of QMI protocol on iOS. Again the sysdiagnose logs are used via post processing to get data on COTS phones.
- Picture of french tower site with Starlink: apparently the 2nd operator in France has started to use Starlink as backhaul solution.
- I’ll be building a CM4 based PTP grandmaster (Twitter): Picture of a CM4 based PTP grandmaster. Interesting for 5G networks.
- ÉTAT DE LA MENACE CIBLANT LE SECTEUR DES TÉLÉCOMMUNICATIONS: [FR] french cert report on the thread on telecoms.
- Full Chain Baseband Exploits, P1: Full chain baseband exploits covering the MIPS based Mediatek and Samsung architectures. One of the vuln is actually related to NAS protocol itself, and is affecting the TFT management in Samsung chipsets (i.e. the Traffic Flow Template for enabling QoS on dedicated bearers).
- Las Antenas de la NASA: [ES] Spanish urbex on a decomissioned Telefonica Teleport close to Madrid. The pictures and video shoots with the drone are great, the rest is… well youtube.
Found a couple of nice links this week on the Internet:
- 7 watts idle on Intel 12th/13th gen: deep dive into power consumption of a small x86 motherboard, targeting NAS usage. Great care into analyzing the root cause of each power consumption, chipset and PCIe constraints.I have the same take away on buying a kill-a-watt device to get ground truth on what is happening.
- AST-based specification for Go APIs: A Go GIN OpenAPI generator, i.e. take the code and create the corresponding OpenAPI interface.
- Dashboards As Resources in Kubernetes: a welcomed k8s operator to generate Dashboard in grafana from CRDs. Some problems with releasing resource in case the Grafana API calls are failing in my experience. Follow this link for getting some API token on Grafana.
- There are only 2 types of good software. (Twitter): Totally concur with this tweet. Either the team is focused with direction and funding to hire great people and make an elegant thing happen (like Tailscale and a control plane for overlay), or this is a passionate guy driving a small piece of software for years (curl ?).
- A CAP tradeoff in the wild: a k8s-based sample of the CAP tradeoff theorem. Basically the API server acts as a cache, and a disconnection from the underlying Etcd might induce some non-safety and serve bad data.
- How the press manufactured consent for never-ending COVID reinfections: I don’t like the click bait title, but the article has a point with a proper review of past press articles on COVID.
- Amazon’s Silent Sacking: beyond the article, a couple of good observations - especially the day 2 ones.
- Chromium Money Tree Browser: An interesting experiment where bug bounty related changes are mapped to the source code of chromium the web browser (v8 included).
- PocketBase: a SQlite-based backend engine with auth, API and batteries included, and a overall philosophy of a simple approach. They recommend Litesteam as replication solution.
- Blimp: latency monitoring tool that run from a web page. Ideal for visualizing changes in realtime.
- BGPTunnel: Free tunnel to announce ASN and prefix.
- Truenas CSI driver: a HPE CSI storage plugin to work with the TrueNAS NAS software and offer a storage class on k8s. Worked quite out of the box, but as with all CSI solutions, time will tell.
- Carbonyl: Chromium based text browser. Being able to run
docker run --rm -ti fathyb/carbonyl https://youtube.comis amazing.
- Fixing Macs Door to Door: some stories around the AppleCare dispatch program.
- multihomed AS change (Twitter): Observations on the use of AS prepend in hyperscalers.
- What Is GitOps And Why Is It (Almost) Useless?: a review of GitOps from a CIOps perspective. I don’t agree with the conclusions, but the discussion is nevertheless interesting.
- Look up Apple API errors quickly!: Search engine on Apple API errors.
- Cobalt: Media extractor, used to download offline copies of online content.