podcast Archives | Clever Cloud

#68 – Solana hack les ips biélorusses de node-ipc sans créer de compte GCP

Steven Leroux — Thu, 07 Apr 2022 16:50:08 +0000

Steven Le Roux

Julien Durillon

Florentin Dubois

Manuel Luzarreta

Dans cet épisode à caractère apéritif de MACI, nous parlons d'un malware qui fait du revenge hack sur node-ipc, de bugs sur CGP, d'outage sur Spotify et Discord, de sécurité des OS desktop, de la release de Go 1.18 et de Arti, de IO Uring, d'une chaine Youtube pour tout savoir sur les réseaux, de Warp 10. Nous évoquons aussi deux nouveauté de Clever Cloud avant de laisser la conclusion à l'orchestre.

Regarder sur Youtube

👋 Venez discuter avec nous sur @clever_cloudFR pour nous dire ce que vous avez pensé de ce nouvel épisode.

➡️ Pour découvrir ou réécouter d’anciens épisodes c’est par ici !

Timecodes & liens :

00:00:00 Introduction

00:02:15 Hack d’une plateforme de cryptomonnaie :
https://www.reddit.com/r/solana/comments/sj7ba7/heres_how_98k_eth_was_stolen_on_solana_explained/
Mesure de sécurité de qualité : signature nok xor personne non autorisée ? On bloque.

00:11:15 Node-ipc malware target russian and belarus IP :
Le dev du package node-ipc a implem du code malveillant dans cette lib
Cible uniquement les machines avec une IP russe ou belarusse
Pas mal d’issues ouvertes depuis
CVE (2022-23812)
https://nvd.nist.gov/vuln/detail/CVE-2022-23812
https://github.com/RIAEvangelist/node-ipc/issues?page=4&q=is%3Aissue

00:16:11 Impossible de créer un compte GCP
Un mec tente de créer un compte GCP
Il n’y arrive pas
Fin de l’histoire
https://twitter.com/sixhobbits/status/1504739663302602752

00:19:20 Spotify/Discord outage due to GCP Traffic director outage
https://engineering.atspotify.com/2022/03/incident-report-spotify-outage-on-march-8/
https://discordstatus.com/incidents/cjdx9txnrv03

00:25:10 - OS mobile vs OS “desktop”
Les OS “traditionnels” ont pas été pensé pour la sécurité
Il suffit d’une app malveillante pour leaker ou détruire toutes les informations localisées sur la machine
X server == cancer
Si opération “sensible”, plus
https://grapheneos.org/
https://wonderfall.space/reflexions-os/

00:38:20 Go 1.18
https://go.dev/blog/go1.18
Les generics (enfin!)
20% plus rapide pour les cpu Apple M1, ARM et PowerPC 64 bits
workspace

00:45:20 Arti release 0.1.0 : une réécriture de Tor en rust
https://www.reddit.com/r/rust/comments/tf1itb/arti_010_release_an_official_rewrite_of_tor_in/
Client only
Release 1.0.0 in september
Call for feedback

00:48:03 IO_Uring for networking
https://www.phoronix.com/forums/forum/phoronix/latest-phoronix-articles/1314634-io_uring-gets-network-overhead-reduction-by-3~4
https://twitter.com/axboe

00:52:13 PieterExplainsTech - Chaine youtube vulgarisation système/réseau
https://www.youtube.com/channel/UCaNX_EGXBgJYyrsRrziKnDQ

00:55:45 Warp10 Discovery Explorer
https://blog.senx.io/discovery-explorer-dashboards-server/

01:01:20 Clever Cloud News
TCP Redir dans la console
(Faites attention au namespace de votre redir ! cleverapps ≠ default)
Blog post operator
https://www.clever.cloud/blog/features/2022/03/16/clever-operator/
https://github.com/CleverCloud/clever-operator

01:08:00 Musiques de l’épisode :
Flo (16-20) : https://www.youtube.com/watch?v=QRQwZDWz1Pw

#55 – If Debian Is New Then Listen Music

Clément Nivolle — Tue, 07 Sep 2021 23:42:44 +0000

Avec par ordre d’apparition : @zepag @blackyoup @waxzce @bibear

00:00:00 Introduction

00:04:40 Episode des Cast-codeurs sur le Cloud de Confiance:
https://twitter.com/lescastcodeurs/status/1433335376249303045

00:06:00 Le monde regagne de l’intérêt pour le modèle Français
https://www.newstatesman.com/world/europe/2021/08/why-world-becoming-more-french?amp

00:10:00 Problème de gestion des données privées pour les employés d’Apple
https://www.theverge.com/22648265/apple-employee-privacy-icloud-id

00:16:00 Apple acquires Classical music streaming Primephonic:
https://www.apple.com/newsroom/2021/08/apple-acquires-classical-music-streaming-service-primephonic/

00:23:20 Evolution de la programmation et combattre les idées reçues en mode back in time.
https://www.youtube.com/watch?v=8pTEmbeENF4&ab_channel=JoeyReid

00:28:15 Sortie de Debian 11 en août
https://www.phoronix.com/scan.php?page=news_item&px=Debian-11-This-Weekend
Passage aux Kernels 5.x vs 4.x (5.10 en l’occurrence)
Support des Control Groups v2
Support d’exFAT
GCC 10.2 par défaut
Release notes: https://www.debian.org/releases/bullseye/amd64/release-notes/

J’ai loupé le timecode Docker Desktop n’est plus gratuit pour les grands comptes
https://www.theregister.com/2021/08/31/docker_desktop_no_longer_free/

00:50:15 Vulnérabilité dans OGNL, la couche d’implémentation d’Atlassian Confluence
https://therecord.media/confluence-enterprise-servers-targeted-with-recent-vulnerability/
Mettez à jour aux dernières versions urgemment!
Si pas possible dans l’immédiat ( ) désactiver le signup et lancer le script qui permet de limiter les exploitations de la faille de sécurité: https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html#ConfluenceSecurityAdvisory20210825-Mitigation
Voir: https://jira.atlassian.com/browse/CONFSERVER-67940
https://commons.apache.org/proper/commons-ognl/

00:59:00 Microsoft met en garde sur une faille critique dans CosmosDB (on en a parlé dans le dernier épisode) sur Azure
https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-azure-customers-of-critical-cosmos-db-vulnerability/
Microsoft recommande de re-générer toutes les clés primaires

01:03:30 Portage de Wireguard (tunnel VPN sécurisé et open source) dans le Kernel Windows
https://www.phoronix.com/scan.php?page=news_item&px=WireGuardNT-Windows-Kernel

01.09:25 Avoiding unintended connection failures with SO_REUSEPORT
https://lwn.net/Articles/853637/
SO_REUSEPORT introduit pour avoir plusieurs process qui acceptent les connexions
RST envoyés aux connections en queue pas encore accept() quand un des process exit (reload nginx, haproxy, upgrade sozu, …)
Questionnement sur le retour à un seul process qui accept et passe les sockets aux autres threads ?

01:27:00 Peertube supporte S3 pour le stockage (vs.Fuse)
https://github.com/Chocobozzz/PeerTube/pull/4290
On avait parlé de peertube 3 https://www.clever.cloud/podcast/27-wasm-est-il-secnumcloud/
-> Ça marche sur clever
Il faut faire une instance sur clever pour le MACI

01:32:15 Outils:

Bandwhich: Affiche l’utilisation du réseau par process
https://github.com/imsnif/bandwhich

Grex: Permet de créer des expressions régulières sur base d’exemples.
https://github.com/pemistahl/grex

Jetbrains Code with me
https://www.jetbrains.com/fr-fr/code-with-me/

(rip)grep sur la totalité des crates Rust en mémoire:
https://twitter.com/m_ou_se/status/1433043051212156933

Linux Hardware database:
https://linux-hardware.org/?view=howto

Choix musical de Bruno :
https://www.youtube.com/watch?v=5zq4spIlzOY&ab_channel=Alonsoyi

#53 – Les Bebes Pingouins Ont Une API Sur Whatsapp

Quentin Adam — Thu, 12 Aug 2021 17:51:46 +0000

Avec @cnivolle @baptistejamin et @waxzce

00:00:00 Introduction

00:03:35 Cloudflare fights against patents trolls https://techcrunch.com/2021/04/26/cloudflare-rallies-the-troops-to-fight-off-another-so-called-patent-troll/

00:11:20 Cloudflare about AWS Egress costs https://blog.cloudflare.com/aws-egregious-egress/

00:23:50 Netflix Openconnect: La preuve que matter du 4K ne tue pas les bebe pingouins https://papers.freebsd.org/2019/FOSDEM/looney-Netflix_and_FreeBSD.files/FOSDEM_2019_Netflix_and_FreeBSD.pdf
https://openconnect.netflix.com/fr_fr/appliances/

00:40:50 War Elastic / opensearch https://twitter.com/jedisct1/status/1424845714190917635?s=21
Réponse AWS : https://aws.amazon.com/fr/blogs/opensource/keeping-clients-of-opensearch-and-elasticsearch-compatible-with-open-source/

00:47:14 Apple is releasing a client-side tool for CSAM scanning https://twitter.com/matthew_d_green/status/1423071186616000513

01:02:51 Sortir de route sur les APIs des gros services https://twitter.com/TechEmails

01:18:40 La production des M1X Debute, et si c’était l’arrivée du Macboom vraiment pour les pros? https://www.macg.co/mac/2021/08/la-production-de-masse-des-macbook-pro-m1x-aurait-debute-123285

01:23:45 GitHub feedback https://github.com/github/feedback/discussions

01:28:00 Qualité de code sur Tous Anti Covid ? https://twitter.com/gilbsgilbs/status/1422235658836344835?s=19
https://github.com/betagouv

https://www.reddit.com/r/dataisbeautiful/comments/oyoved/oc_i_created_200_fake_facebook_accounts_half_to/

https://www.youtube.com/c/TroncheEnBiais-Zetetique

02:02:00 VSCodium https://vscodium.com/

02:03:30 GitDock https://www.producthunt.com/posts/gitdock

Choix musical Baptiste :

Shaka Ponk, reprise de Kids in America: https://www.youtube.com/watch?v=B73lfb8RL14

#41 – Le Train De Crypto Troll Roule Sur Les Rails De Mon Indifférence

Clément Nivolle — Wed, 28 Apr 2021 11:41:20 +0000

Avec par ordre d’apparition : @ldoguin @hsablonniere @gcouprie @valeriane_IT

Conférence et sustentation https://mixitconf.org/fr/
https://monkigras.com/

Ainsi que l’imprimante 3d Chocolat https://www.youtube.com/watch?v=8S-usumuaWo

cloudflare vs les patent trolls, round 2 https://blog.cloudflare.com/project-jengo-redux-cloudflares-prior-art-search-bounty-returns/

Twilio rapport sur l’engagement client https://www.twilio.com/fr/state-of-customer-engagement

les crypto miners qui profitent du temps CPU gratuit https://layerci.com/blog/crypto-miners-are-killing-free-ci/

et puis les cryptomonnaies nous bouffent aussi les disques https://decrypt.co/68617/home-mining-crypto-chia-sparks-hard-drive-shortage-ahead-of-trading-debut

Nvidia GPU passthrough https://www.youtube.com/watch?v=JGvrXXonoqM

L’université du Minnesota bannie des contributions au kernel https://lore.kernel.org/linux-nfs/YH%2FfM%2FTsbmcZzwnX@kroah.com/

Signal vs Cellebrite https://twitter.com/signalapp/status/1384906127360548869?s=19

Rails changelog https://guides.rubyonrails.org/6_0_release_notes.html

Basecamp https://www.platformer.news/p/-what-really-happened-at-basecamp

NodeJs 16 https://nodejs.medium.com/node-js-16-available-now-7f5099a97e70

https://nodejs.org/en/about/releases/

Safari 14.1 (via iOS 14.5)

https://developer.apple.com/documentation/safari-release-notes

https://firt.dev/ios-14.5/

Google lance Lit, une librairie pour faire des Web Component https://www.youtube.com/watch?v=f1j7b696L-E

Astro: A New Architecture for the Modern Web (Fred K. Schott) https://www.youtube.com/watch?v=mgkwZqVkrwo

Islands Architecture https://jasonformat.com/islands-architecture/

Some useful regular expressions for programmers https://lemire.me/blog/2021/04/22/some-useful-regular-expressions-for-programmers/

Les puzzles regex https://regexcrossword.com/challenges/hexagonal/puzzles/1

You can’t parse [X]HTML with regex. https://stackoverflow.com/a/1732454

Grex, a command-line tool and library for generating regular expressions from user-provided test cases https://github.com/pemistahl/grex

Disparition de Dr Alex Gouaillard

https://webrtcbydralex.com/index.php/2021/04/14/dr-alex/

https://github.com/webrtc/KITE

https://www.webrtcinwebkit.org/blog

Disparition de Dan Kaminsky

https://twitter.com/marcwrogers/status/1385961838735597572?s=19

http://unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html

On gagne du temps https://twitter.com/fanf/status/1386838657093586944?s=19

Le choix musical de Valériane https://www.youtube.com/watch?v=vPIaMZSmLc4

#38 – Crabe D’Avril

Clément Nivolle — Thu, 08 Apr 2021 15:28:00 +0000

Voici l’épisode 38 de Message à Caractère informatique.

00:00:00 Avec par ordre d’apparition : @ldoguin @hsablonniere @gcouprie @mnt_io

00:03:06 Leak FB (HIBP a été maj pour les phone numbers) https://www.businessinsider.fr/us/was-your-phone-number-leaked-facebook-breach-2021-4

00:07:00 RedisLabs Series G https://redislabs.com/press/redis-labs-110-million-series-g-led-by-tiger-global/

00:09:50 Richard Stallman réintègre la FSF https://arstechnica.com/gadgets/2021/03/red-hat-withdraws-from-the-stallman-led-free-software-foundation/

00:16:06 Les apps rails qui rentrent en violation de la GPL https://twitter.com/JellybobUK/status/1374836362159996934?s=19 & https://github.com/rails/rails/issues/41750

00:24:40 Lawsuit Orcale contre Google https://twitter.com/SCOTUSblog/status/1379071916741382144?s=19

00:32:12 Lancement de l’entreprise Deno https://deno.com/blog/the-deno-company

00:55:12 Plan 9 passe en open source sous la plan 9 foundation https://www.bell-labs.com/institute/blog/plan-9-bell-labs-cyberspace/

00:58:45 Latence et disque dur https://brooker.co.za/blog/2021/03/25/latency-bandwidth.html

01:04:37 Nouveau Plan et release de WebPageTest https://product.webpagetest.org/api & https://blog.webpagetest.org/posts/the-webpagetest-api-has-gone-public/

01:09:30 CSS Container queries https://piccalil.li/blog/container-queries-are-actually-coming

01:17:10 Travaux en cours sur AbortSignal https://nodejs.org/api/timers.html#timers_settimeout_callback_delay_args

01:19:50 SvelteKit en beta https://svelte.dev/blog/sveltekit-beta

01:36:20 Volta – gérer différentes version de tooling JS https://volta.sh/

01:41:06 La grande arrivée des const generics en rust https://blog.rust-lang.org/2021/03/25/Rust-1.51.0.html

01:47:35 Rust débarque sur Android https://security.googleblog.com/2021/04/rust-in-android-platform.html

01:54:05 Eliminating Data Races in Firefox – A Technical Report https://hacks.mozilla.org/2021/04/eliminating-data-races-in-firefox-a-technical-report/

01:58:21 FSelect https://github.com/jhspetersson/fselect

02:02:05 Un petit poisson d’avril pour gérer les typos dans le code JS https://github.com/marmelab/yolo

02:06:50 MAKING LOGIC GATES OUT OF CRABS https://hackaday.com/2012/09/28/making-logic-gates-out-of-crabs/

Des portes logiques pneumatiques en bois (Fabien Tregan) https://www.youtube.com/watch?v=L3UoWDWoJJE

02:09:32 Le choix musical d’Ivan: Album Rogue Monsters, par Al’Tarba + Senbeï, https://open.spotify.com/album/29F5MF6Q9VYlryDsYEQz6a?si=fh5eCKjDTgCrbwGY2WSIUg

En particulié More Pressure, https://open.spotify.com/track/4ejbqcbSuyulMaenjYKZbR?si=TMTsS5RwSWiX2mLR7m6nnw

#16 – Joey, Marky Et DeeDee Remplacent Leurs Cailloux Par Des Galets

Clément Nivolle — Thu, 24 Sep 2020 12:40:05 +0000

Avec par ordre d’apparition : @ldoguin @noisegrrrl @blackyoup @judu

Twitter is looking into why its photo preview appears to favor white faces over Black faces https://www.theverge.com/2020/9/20/21447998/twitter-photo-preview-white-black-faces

Millions of black people affected by racial bias in health-care algorithms https://www.nature.com/articles/d41586-019-03228-6

Predictive policing algorithms are racist. They need to be dismantled. https://www.technologyreview.com/2020/07/17/1005396/predictive-policing-algorithms-racist-dismantled-machine-learning-bias-criminal-justice/

Intervention de Mickael Roger sur l’ITAR @MickaelRoger https://twitter.com/MickaelRoger/status/1307374729666461697

RFC “Les portails captifs c’est de la daube mais faut faire avec”.
Portail Captif API + DHCP extensions

https://www.bortzmeyer.org/8910.html

https://www.bortzmeyer.org/8908.html

Le DNS ne répond pas https://www.bortzmeyer.org/8906.html

Percona a ajouté RocksDB comme alternative à InnoDB dans MySQL https://www.percona.com/blog/2020/02/20/when-to-use-myrocks-in-mysql/

CockroachDB remplace RocksDB par Pebble https://www.cockroachlabs.com/blog/pebble-rocksdb-kv-store

Nouvelle release Warp10 https://blog.senx.io/warp-10-release-2-7-0-flows

Nouvelle version de Firefox

https://www.mozilla.org/en-US/firefox/81.0/releasenotes/

https://support.mozilla.org/en-US/kb/view-pdf-files-firefox-or-choose-another-viewer

Voir comme le pire des daltoniens : ça fait quoi ? https://www.youtube.com/watch?v=bZRD9_waays

Visualisation dans la future release Wirehsark https://twitter.com/chrissanders88/status/1306262108665982976?s=20

IP Fragmentation: https://www.bortzmeyer.org/8900.html

Microsoft ressort son DC sousmarin https://www.bbc.com/news/technology-54146718

Choix musical de Judu: https://www.youtube.com/watch?v=xy1vUfk3Nqk

How to Deploy a Hugo Static Site

Laurent Doguin — Thu, 18 Jun 2020 12:35:00 +0000

⚡

Update Available

The process has been simplified! Check out our new static runtime with automatic build for Hugo with version management.

🚀 Discover easy Hugo deployment

Clever Cloud launched a french speaking podcast about two weeks ago. We decided to use the Hugo static site generator to make it available online. This post explains how we deployed it. There are many technical solutions out there to host your podcast, like Ausha or Anchor. They will allow you to configure everything needed and upload your material so you get a proper RSS feed in the end. Because Podcast subscribtions are basically RSS feed subscribtions. And these services can also go the extra mile and automatically distribute your podcast to other sites. This is actually the main reason why we use Ausha. It's way easier. That being said we still want to have a dedicated page on our existing website and host the RSS and media files ourselves. And it turns out there is a great Hugo theme for podcast hosting. If you are not familiar with Hugo it's one of the most popular static site generator. It's fast, mature, loaded with cool features and still in active development. Community is super helpful and you will find many different themes for different purposes like blog, documentation, FAQ or even podcast. To follow along you need to install git, hugo and clever-tools. Let's see how this works.

Create a new Hugo website

Creating a new Hugo website is pretty straightforward. Create a folder to contain your site and inside it run hugo new site. Then you can add the theme you want as a submodule, copy the theme sample configuration and you should be ready to start working on your site. Here's what I did:

mkdir mysite
cd mysite
hugo new site .
git init
git submodule add https://github.com/mattstratton/castanet themes/castanet
cp themes/castanet/exampleSite/config.toml config.toml 
git add .
git commit -m'init'

From here you can run hugo server and your site will be available at localhost:1313, with automatic reloading and file modification watching. This command will fail because it cannot find the theme. No worries, it's because we copied the config file from the theme directory, and its theme folder location is hardcoded. We don't need it anymore. So go ahead and edit config.toml. Start by removing or commenting themesdir on line 6. Then add your own configuration and create new content. I have set the baseUrl to clever-cloud.com/fr/podcast. Notice that this is not a traditional baseUrl as it's assuming something else is already running on clever-cloud.com. And this is fine, Clever Cloud knows how to manage this. From here you can add some content and finish your own configuration. Then it's time to deploy on Clever Cloud.

Deploy to Clever Cloud

At the root of your website create a file called hugo.sh with the following content:

wget https://github.com/gohugoio/hugo/releases/download/v$HUGO_VERSION/hugo_extended_"$HUGO_VERSION"_Linux-64bit.tar.gz
tar xvf hugo_extended_"$HUGO_VERSION"_Linux-64bit.tar.gz
chmod +x ./hugo
./hugo --gc --minify --destination public/fr/podcast

Don't forget to make it executable with chmod +x hugo.sh, add and commit it. This script will be executed by Clever Cloud thanks to our deployment hooks. It downloads Hugo with the version you specified in the environment variables then run the build of the website. The build destination is specified manually as public/fr/podcast, the default would be public. This is because we need to serve the content on clever-cloud.com/fr/podcast and not just clever-cloud.com. Now let's use clever-tools to create, configure and deploy the application. In the terminal run the following:

clever create --type static-apache mysite
clever domain add clever-cloud.com/fr/podcast
clever config set force-https enabled
clever env set CC_PRE_BUILD_HOOK "./hugo.sh"
clever env set CC_WEBROOT "/public"
clever env set HUGO_ENV "production"
clever env set HUGO_VERSION "0.68.3"
clever deploy

This will create the application on Clever Cloud, add the custom domain clever-cloud.com/fr/podcast, and yes this works even though we already have an application serving clever-cloud.com. The new domain will take precedence. Then we enforce HTTPS redirection and set a bunch of environment variable for our configuration. Last command deploys the website to Clever Cloud. From here you should see logs popping up. And this is it. You have deployed a static website in production that will be updated automatically each time you push new content, on top of an existing website. Please let us know if you have any questions about static site deployment.

#2 – Distribution De Certifs Pair-À-Pair Et Crypté Sous Winux

Clément Nivolle — Thu, 11 Jun 2020 11:57:56 +0000

Avec par ordre d’apparition: @geal @blackyoup @waxzce @ldoguin

Gérer le temps dans les systèmes distribués https://medium.com/distributed-knowledge/time-synchronization-in-distributed-systems-a21808928bc8

Nouvelle release de Windows Subsystem for Linux https://devblogs.microsoft.com/commandline/announcing-wsl-2/
https://docs.microsoft.com/en-us/windows/wsl/install-win10

Nouvelle release du Windows Terminal
https://devblogs.microsoft.com/commandline/introducing-windows-terminal/
https://github.com/microsoft/terminal/releases/tag/v1.0.1401.0

Espanso, nouveau text expander https://espanso.org/
Photon, Image processing en rust et wasm
https://silvia-odwyer.github.io/photon/

Nouveau projet P2P Matrix https://matrix.org/blog/2020/06/02/introducing-p-2-p-matrix

Problème d’expiration des CAs root https://scotthelme.co.uk/impending-doom-root-ca-expiring-legacy-clients/

Comprendre les premiers décodeurs Canal+ https://fabiensanglard.net/discret11/index.html

IBM release un toolkit pour la crypto homomorphique https://www.ibm.com/blogs/research/2020/06/ibm-releases-fully-homomorphic-encryption-toolkit-for-macos-and-ios-linux-and-android-coming-soon/
https://github.com/homenc/HElib

IBM arrêtes ses travaux sur la reconnaissance faciale.https://www.theverge.com/2020/6/8/21284683/ibm-no-longer-general-purpose-facial-recognition-analysis-software

Talk de Randall Thomas “Yeah, But Should We….” https://www.youtube.com/watch?v=iTfh3WD09ZE <- si quelqu’un cherche une keynote…

Comment déployer du Elixir/Phoenix sur Clever Cloud https://www.clever.cloud/blog/engineering/2020/06/09/deploy-elixir-phoenix/

Le choix musicale de ldoguin https://www.mixcloud.com/Le_Musicassette/080-charles-schillings-exclusive-mix-for-telerama-radio/