Carlos Fenollosa

Carlos Fenollosa

Engineer, developer, entrepreneur

Carlos Fenollosa — Blog

Thoughts on science and tips for researchers who use computers

No more Google Analytics

May 22, 2020 — Carlos Fenollosa

I have removed the GA tracking code from this website. cfenollosa.com does not use any tracking technique, neither with cookies, nor js, nor image pixels.

Even though this was one of the first sites to actually implement a consent-based GA tracking, the current situation with the cookie banners is terrible.

We are back to the flash era where every site had a "home page" and you needed to perform some extra clicks to view the actual content. Now those extra clicks are spent in disabling all the tracking code.

I hate the current situation so much that I just couldn't be a part of it any more. So, no banner, no cookies, no js, nothing. Any little traffic I get I'll analyze with a log parser like webalizer. I wasn't checking it anyways.

Tags: internet, web, security

Comments? Tweet  

Evolution of my link roundups

May 10, 2020 — Carlos Fenollosa

As you may have noticed, I'm a fan of link compilation digests.

However, compiling them was quite the work for me. I always found interesting links during the week, then had to reserve an hour in the weekend to prepare the blogpost, which sometimes I did not had.

Furthermore, this format was flooding my blog with link roundups, which is not very user friendly for somebody who stumbles upon my front page.

I needed something better in two ways. First, the link publication has to be on the spot. Adding them to a list, then editing a post was not cutting it. Second, the links need to be their own section, independent from the rest of blog posts.

Fortunately, one of my link sources had the solution in front of me. The idea behind it is very simple and I got inspired by waxy's implementation. A box with links in the front page, and a special page only with links.

So this weekend project has been a very nice 1-line patch to bashblog, a bit of messing with postfix to parse links received to a special inbox, and some glue on top of it. I'm happy with the result!

The links index page is very crude right now. There is no CSS, and no feed available, but that will come soon. Meanwhile, feel free to bookmark it and visit it sometime!

Tags: roundup, bashblog

Comments? Tweet  

Links for 2020-02-09

February 08, 2020 — Carlos Fenollosa

🐲 For Tolkien fans

The Tolkien Meta-FAQ (RH, via usenet)

Usenet FAQs used to be a great source of information. I recently found the Tolkien Meta-FAQ and it is absolutely amazing.

🎨 Mario Paint tunes

Meet the musicians who compose in Mario Paint (5 min, via waxy)

Delightfully retro.

PS: There is a Mario Paint subreddit!

πŸ’£ Android remote code execution via Bluetooth

Critical Bluetooth Vulnerability in Android (CVE-2020-0022) (1 min, via @dethos@s.ovalerio.net)

On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code [...] as long as Bluetooth is enabled. No user interaction is required.

I wonder if there are exploits in the wild already. Walking around a big city infecting all phones in a 10-foot radius.

🀯 40 concepts for understanding the world

In 40 tweets I will describe 40 powerful concepts for understanding the world (5 min, via @paulg)

This thread is worth reading. It's better than most popular books about ideas, and much shorter.

πŸ“’ What they don't teach you in CS classes

The Missing Semester of Your CS Education (RH, via lobste.rs)

Over the years, we have seen that many students have limited knowledge of the tools available to them.

Common examples include holding the down arrow key for 30 seconds to scroll to the bottom of a large file in Vim, or using the nuclear approach to fix a Git repository (https://xkcd.com/1597/)

This is one of the best resources I have ever linked to.

You must learn these skills.

(Self plug: my own UNIX tools workshop slides)

πŸš‚ Upscaling a 1896 film with AI

Someone used neural networks to upscale a famous 1896 video to 4k quality (5 min, via HN)

We already had this capability. Only that it required an enormous effort by experienced video editors.

In a few years movies will be created just by feeding a script to an AI.

πŸš— Fake GMaps traffic jam

Google Maps Hacks (5 min, via @simon_deliver)

99 smartphones are transported in a handcart to generate virtual traffic jam in Google Maps. Through this activity, it is possible to turn a green street red which has an impact in the physical world by navigating cars on another route!

Devilishly genius!

Tags: roundup

Comments? Tweet  

Links for 2020-02-02

February 02, 2020 — Carlos Fenollosa

πŸ’£ Remote exploit in OpenSMTPd

OpenSMTPD advisory dissected (5 min, via)

The author of OpenSMTPd does a good post-mortem of the catastrophic bug that has left a remote exploit available for three years and a half.

We can’t prevent human mistakes, they will happen because tools won’t help spot that a human-described logic is flawed. What we need is to make changes so that OpenSMTPD becomes more resistant to human errors. In other words, we need safe-guards that are not dependant on sanity checks and input, we need safe-guards that will guarantee that even if OpenSMTPD lets completely untrusted input pass through, this will have the most limited consequences... then we ensure that it doesn’t let untrusted input pass through.

Agreed. There is no such thing as bug-free code.

πŸ–₯ CacheOut, another Intel CPU vulnerability

CacheOut, Leaking Data on Intel CPUs via Cache Evictions (5 min, via)

Every single one of these would be a scandal. Now, we've gotten used to it. Shame on Intel.

πŸ‘΄ UNIX lore

The Unix Heritage Society (RH, via)

Great resource to learn more about UNIX history.

Make sure to browse their wiki

πŸ’‰ Antivirus selling user data

Leaked Documents Expose the Secretive Market for Your Web Browsing Data (1 min, via)

An Avast antivirus subsidiary sells 'Every search. Every click. Every buy. On every site.' Its clients have included Home Depot, Google, Microsoft, Pepsi, and McKinsey.

How ironic.

🎨 Oldschool web design trends

Dark Ages of The Web (2 min, via) is a visual trip through old web design trends.

It contains, of course:

  • Tables
  • Animated gifs
  • The Web 2.0
  • Flash
  • The "Home Page"

and more

πŸ΄β€β˜ οΈ Whatsapp hack for Jeff Bezos

Technical Report of the Bezos Phone Hack (20 min, pdf, via)

Besides the actual forensics of the hack, which are not very in depth, this report provides an interesting insight into the tools and environments that real security firms use to study malware. It seems that Cellebrite's software is very popular.

Be sure to read the HN discussion, which seems to agree with my point: the forensic analysis was not very good, but the between-lines content is insightful.

🍎 Vintage Apple magazines

VintageApple, Information from the early Apple era (RH, via) is an archive of vintage Apple material, like magazines, books, pictures, and more.

Make sure to check this one out if you're a retro Apple fan.

πŸ‘ The Eye, another internet archive

The Eye (RH, via)

I hope you already know about The Internet Archive, a non-profit effort to archive a lot of content on the Web. If you don't, contgratulations! Play with MS-DOS software in your browser, read free books and watch copyright-free movies

Then, check out The Eye. It's another non-profit project aimed at file archival, a bit more chaotic, which makes browsing through its pages a real archeology dig.

The-Eye is a non-profit, community driven platform dedicated to the archiving and long-term preservation of any and all data including but by no means limited to... websites, books, games, software, video, audio, other digital-obscura and ideas.

πŸ•Ή Starfox into Zelda

This amazing glitch puts Star Fox 64 ships in an unmodified Zelda cartridge (15 min, via)

The fact that these glitches can be run, and that there is people actively looking for them, makes me very happy.

Let's give due credit: Zfg1 on Twitch

Related link: Ocarina of Time glitches and code execution

Tags: roundup

Comments? Tweet  

Links for 2020-01-26: bash power and Windows nostalgia

January 25, 2020 — Carlos Fenollosa

πŸ“ How to write good bash

Anybody can write good bash (with a little effort) (5 min, via) provides some basic techniques to make your scripts more robust.

The article already mentions this, but I'll reiterate: use shellcheck

⌨️ More bash tricks

THC's favourite Tips, Tricks & Hacks (Cheat Sheet) (5 min) is a nice compilation of shell/unix tricks and tools.

If you liked these, make sure to read my own compilation of UNIX tricks

🌍 Bash web server

bashweb, A tiny web server that serves static files (1 min) is the perfect companion to my own bashblog, I guess?

✏️ Vanilla vim is nicer than you think

How to Do 90% of What Plugins Do (With Just Vim) (1 hr, video)

Vim is big; so big that it does some very useful things that are often overlooked. Plugins can buy us a lot of functionality, but they can add a lot of burden in the form of dependency complexity. In this talk, we'll explore some of the tradeoffs we can make between plugins and "vanilla" Vim features that achieve similar results, including:

  • autocomplete (VimAwesome, YouCompleteMe)
  • file jumping (FuzzyFinder, Ctrl-P)
  • visual filesystem navigation (NERDTree)
  • build integration
  • snippets

An informative, practical and enjoyable talk.

πŸ”  Oldschool fonts

The Ultimate Oldschool PC Font Pack (5 min, via) is exactly what the title says.

It contains my favorite font of all time, IBM VGA8, the one I use in all my terminals, which I'm looking at while I write this blogpost.

πŸ” How to use security usb keys

Getting started with security keys (15 min, via)

This is the definitive guide on how to set up security keys. It's full of resources, news, and specific gadgets that you can use.

The site is beautiful too, be sure to check it out!

πŸ’¬ Developing Slack for win31

Building a new Win 3.1 app in 2019 (5 min)

This is so delightful. Even the win31 colorscheme brings great memories.

β˜‘οΈ Why the Windows 95 UI was so great

Not everything was perfect in 1995, but I think we've lost something on the way (1 min, tweetstorm, via)

I wholeheartedly agree with Tuomas here.

I despise flat design for software. It is confusing, ugly, and throws out the window (pun intended) what we learned in the last 30 years of UI design.

πŸ’€ Windows 7 EOL

Windows 7 support ended on January 14, 2020 (1 min, via)

While I hate Windows in general, and not only from a philosophical point of view but rather because they're terrible tools, what Microsoft has done with Windows 10 is disgusting.

I've had to pay for Windows 10 copies for my company, and in return the system is slow, spies on you, and has ads on the Start menu.

Windows 7 didn't have that, so that's something. Not that it was a good experience, either

Sorry for the rant. I have nothing interesting to contribute regarding the actual link. I just couldn't pass on the opportunity to hate on modern Windows.

πŸ‘΄πŸΌ Appreciating resilient software

Writing Software to Last 50 Years (5 min, via) is a short article that uses grep as an example of good, lasting software. The author analyzes some of the reasons that make good tech.

Thanks to a comment by andyc I've learned about the Lindy Effect: the longer some tech has been available, the longer you expect it will continue being available in the future.

β›“ Cloudflare, the Gatekeeper

Cloudflare is turning off the internet for me (1 min, via)

I could not finish one of these roundups without your weekly reminder that the centralization of the internet is a scary thing and we all have the responsibility to fight against it.

πŸ΄β€β˜ οΈ Support the Indie Web

The IndieWeb, a people-focused alternative to the "corporate web" (RH)

What can we do to push against a total centralization of the Internet by a dozen of companies?

Subscribe to independent RSS feeds, do not use Cloudflare unless strictly necessary, move your conent out of the mainstream platforms, use federated networks, etc.

Do not play their game.

Tags: roundup

Comments? Tweet