The Weekly Accountability 9

Engineering

News

• Bodo.ai secures $14M, aims to make Python better at handling large-scale data. Do companies who use open source have an obligation to contribute something back to open source? I would say, while legally no obligation is present, there is definitely a moral obligation, to contribute back. We could hold a yearly event where we fix bugs or sponsor people to fix bugs in the open source projects we use, like Google Summer of Code. Source

Write-Ups

• This blog post from stackoverflow introduces the concept of stretch work assignments which are essentially assignments which are a bit beyond the current skill level of engineers to help them improve. It’s a really cool idea, people please read this. Source

Security

Vulnerabilities

• Plugging in a Razer mouse allows you to get Windows 10 admin access. The methodology is very simple and interesting and I think it can be applied to any process that launches as root and allows us to select the installation folder. Source
• A vulnerability has been found in Azure cloud which allowed access to all customers of Cosmos DB, a database offering by Microsoft. Source

News

• Hacker claims responsibility for T-Mobile attack, bashes the carrier’s security. It’s high time we get personal breach insurance or some sort of clause in the EULA where we get paid if our data gets leaked. I mean, if someone is profiting off of my data, I atleast deserve a share. Source
• Hacker returns more than $600 million stolen from Poly Network. The company has awarded him with half a million as bounty. They even offered him a job but he has turned it down. What if the job offer was a way to lure him in and trap him? Source

Technology

News

• A startup wants to help dentists identify cavities better in X rays by using Machine Learning. I will personally never agree with technology and medicine being mixed unless there is a lot better regulation. Like traditional tech products, manufacturers drop support for devices after a certain period and if any issues are found in the devices after that time frame, you are screwed. Most of the devices don’t even have a mechanism for updates. Source
• COVID surge is causing liquid oxygen problems for other uses like water purification and rockets. We could create a dependency mapping for everything we use and have contingencies in place. A bit more thinking leads to the fact that almost all companies are doing this, like YouTube which developed their own hardware encoder for encoding videos when they figured encoding videos is a huge problem, Facebook which builds everything from data stores to CTF platforms in house to limit their external dependencies. Source