Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | TuneIn | RSS
In this episode Joe introduces us to more security items you should be aware of in the world of CWE’s, Michael bends to the will of Joe and Allen in his favorite portion of the show, and Allen pontificates on the time spent setting up IDE’s and environments.
Reviews – Thank You!
- iTunes: Vlad Bezden, Mom in VA, Make1977
- Spotify: chutney3000, Xuraith
Upcoming Events
- Atlanta Dev Con
September 7th, 2024
https://www.atldevcon.com/
Topics
Open Telemetry
- The backend matters
https://opentelemetry.io/ecosystem/integrations/- Some backends are more fully featured than others
- Splunk Trace Analyzer
https://docs.splunk.com/observability/en/apm/apm-spans-traces/trace-analyzer.html - Google Trace Explorer
https://cloud.google.com/trace/docs/finding-traces - Azure OTel Guide
https://learn.microsoft.com/en-us/azure/azure-monitor/app/opentelemetry-enable?tabs=aspnetcore - AWS OTel Information
https://aws.amazon.com/otel/
- Splunk Trace Analyzer
- Some backends are more fully featured than others
- The processor can decouple you
https://opentelemetry.io/docs/collector/configuration/#processors
CNCF – Cloud Native Computing Foundation
- If you’re working in a cloud environment, you should know the projects here
https://www.cncf.io/projects/ - Super cool visualization tool for the projects
https://landscape.cncf.io/
Llama 3 – the next version of Meta’s AI engine
- “Now available with both 8B and 70B pretrained and instruction-tuned versions to support a wide range of applications”
https://llama.meta.com/llama3/
Environmental concerns over the processing required for AI
- Power requirements for processing some of the LLM’s
https://www.nnlabs.org/power-requirements-of-large-language-models/ - The Microsoft underwater datacenter
https://news.microsoft.com/source/features/sustainability/project-natick-underwater-datacenter/
Setting up IDE’s and environments
- IDE vs old school debugging
- Setup can require a significant amount of time
- Is it worth it?
- What if you’re just working on a bug?
Security Resources
- What’s the difference between CWE and OWASP?
- CWE (Common Weakness Enumeration) is a community-developed list of common software and hardware weaknesses.
- It’s similar to OWASP, but older (1999 vs 2001) and more general – including non web apps and (more recently) hardware
- The infamous “NVD” database links CVE (Common Vulnerabilities and Exposures) to CWE
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
https://cwe.mitre.org/top25/archive/2023/2023_trends.html
Tips
Pre-warning – probably wouldn’t recommend installing this!
Saw a cool Windows utility called “Windrecorder” that records video and text from your desktop, and lets you rewind and search.
- Uses ffmpeg to record screen into small 15-minute fragment files
- Search(by window titles, text keywords, or descriptions of images)
- Everything happens should only on your computer
- Cons: No instant rewind (have to be out of the window), Storage is unencrypted, Not much LLM / ML fancy stuff…and security
https://tonoko.notion.site/I-made-an-open-source-app-to-rewind-search-everything-happened-on-your-screen-on-Windows-184d1a9d5edb494dba0c2f46d311ec5c
https://github.com/yuka-friends/Windrecorder
MacOS’s Spotlight is more powerful than you maybe knew
https://www.intego.com/mac-security-blog/spotlight-secrets-15-ways-to-use-spotlight-on-your-mac/
https://beebom.com/spotlight-tips-tricks/
If you’re grep command isn’t working like you thought it should, you might be a victim of content getting kicked out of the buffergrep --line-buffered
iOS – get text from images
https://support.apple.com/guide/iphone/use-live-text-iphcf0b71b0e/ios