Zoom Needs to Fix Stuff

So, this was a concerning development regarding Zoom that hit my feed yesterday.

From https://objective-see.com/blog/blog_0x56.html:

Today, we uncovered two (local) security issues affecting Zoom’s macOS application. Given Zoom’s privacy and security track record this should surprise absolutely zero people.

First, we illustrated how unprivileged attackers or malware may be able to exploit Zoom’s installer to gain root privileges.

Following this, due to an ‘exception’ entitlement, we showed how to inject a malicious library into Zoom’s trusted process context. This affords malware the ability to record all Zoom meetings, or, simply spawn Zoom in the background to access the mic and webcam at arbitrary times! 😱

The former is problematic as many enterprises (now) utilize Zoom for (likely) sensitive business meetings, while the latter is problematic as it affords malware the opportunity to surreptitious access either the mic or the webcam, with no macOS alerts and/or prompts.

Given most companies don’t really have a choice right now but to run meetings remotely, Zoom needs to fix its shit. This is not acceptable.

Using Drone, Gitea and Docker with Hugo

So I recently went on a little adventure to dockerify my personal website. Among other things, I wanted to be able to run Hugo to generate the site and have it publish using a CI system.

Read more →

Deleting Facebook

So, I’m deleting Facebook.

Read more →

Getting Started with Ansible

So, for the past week I’ve been using Ansible in anger. Genuine, bare knuckled, actually trying to get shit done with it. Oh yes, I’ve tinkered over the years, nothing serious. You know, to kick the tires. But I never really saw the point. I was pretty happy with puppet. But recently the team I work in decided as a group to adopt Ansible for our provisioning and management tasks. I think that it’s a good choice – for a bunch of reasons – but I don’t really want to go into them here.

EDIT: This is no longer how I feel about Ansible, and probably a lot of the information here is out of date.

Read more →

20 years

So, I was looking at the whois data for stupendous.net and I realised that I’ve owned this domain for nearly 20 years.

Read more →