Feeds:
Posts
Comments

I was wondering: should I install the belgian Coronalert app to help me know whether or not I have been in contact with COVID-19 contaminators? Many solutions to such “contact tracing” apps from all over the world have been found to be guilty of privacy invasions. I like to be on the side of the maximum privacy camp, so I went looking for serious discussions about the Belgian app. Sorry to say so, but the only valid discussion I could find was the report of the official security assessment, on the website of the application:

https://coronalert.be/wp-content/uploads/2020/10/Report-Coronalert-Application-Security-Assessment-Public-Report_vFINAL.pdf

The report seems to be well done, and the conclusions in it are encouraging: there seem to be no serious issues when it comes to the security of the app and its data. I would have loved to see an independent review by one or more security researchers… But in the meantime it won’t hurt to install this; let’s just hope it does not drain the battery too much!

Thank you, BoingBoing, for pointing me to this beautiful and very understandable rendition of Lewis Caroll’s “Jabberwocky“:

And of course: thank you, TED-Ed, for making this video.

It’s good to see that Google’s security patches for Android (version 10 in this case) are distributed quickly. Even Samsung manages to get them out on time, at least for top devices like the Note 10+.

N975FXXS6DTI5 is the latest firmware update for the Samsung Galaxy Note 10+

So far I haven’t noticed any bugs or performance issues, so I assume that the essence of this update is indeed the security patch level…

Democracy only dies if a majority believe it no longer exists, or deem it not worth the effort to keep it alive. Dictators become dictators by puffing up their chests and talking tougher than they can walk. Mussolini marched on Rome with a mere 30,000 men; the authorities believed him when he said he had 300,000, so they gave in. “Give them faith that mountains can be moved,” Mussolini said, “they will accept that mountains are moveable. Thus an illusion may become reality.”

The article “The Strongman Con: How to stop worrying about Trump stealing the election” where this quote comes from is worth reading from start to finish!

September was a nice summer month in Belgium, except for the last days: storm Odette was not a hurricane, but still inflicted serious damage at the coast. In terms of sunshine, specifically: in terms of solar energy production on our roof, September was above average. The numbers for the meteorological summer in total (at least for our panels) aren’t the worst we’ve seen, but just about average.

The rain we’re having now is most welcome anyway, since those hot summer days left our garden hungry for water.

Just Wondering…

California wildfires? Must be a consequence of “bad forest management”.

Storms and hurricanes in the Mexican Gulf? That must be a consequence of “bad ocean management”, no?

I did not look at the Samsung Galaxy Note 10 Plus for a few weeks, but when I started it up yesterday there was a new update waiting for me – including the September 1, 2020 security patches for Android. The update introduces the possibility to use Samsung DeX without a cable, at least if you have a Samsung smart TV (which I don’t have :-( ).

N975FXXU6DTH7

And now we wait for Android 11, I guess?

Yes, August 2020 was hot, very hot even, certainly for Belgium. But hot does not equal sunny, and high temperatures above 25 degrees Celsius have a negative impact on the efficiency of solar panels. Still, for our installation a production equal to 98% of the estimate is not that bad.

You might think that I’m using a biblical reference to write about how special these Corona times are (technically, we should call that SARS-CoV-2 times, but it’s too late to change what we hear and read more than once every day in 2020). The opposite is true: this is not the first pandemic in human history, and it may not be the last one either, unless humanity finally smartens up and decides to figure out how to avoid them in the future.

In the seventeenth century, the bubonic plague ravaged Europe. In those days, Tuscany’s wine merchants used “sportelle“, or “buchette del vino” as they were named later, to sell wine in a manner that protected as best as possible from contagion: through a small window in the wall or a door, separate from the normal shop. Merchants collected the payment for the wine in metal recipients, so that they could disinfect the coins with vinegar…

A picture from the buchettedelvino.org website: “A cup of ice cream is passed through the Wine Window of the Vivoli ice cream parlor in Via delle Stinche” (Click on the image to go to the website)

Some of the remaining buchette are put to good use again in 2020, in order to sell ice cream, coffee and drinks!

The website of the cultural association “Buchette del Vino” has more to tell about these little windows, and I will admit that it is quite intriguing to learn about such a tangible remnant of the cultural changes caused by a pandemic. I wonder: will the year 2020 also produce  tangible cultural changes lasting centuries?

A few days ago, my Samsung Galaxy Note 10 Plus could already install the August 1, 2020 Android security patches. If only Samsung (and other phone manufacturers) were always so quick to support more devices for many more years: the latest Samsung Galaxy S7 security patch is dated March 1, 2020…

You must also study and learn the lessons of history because humanity has been involved in this soul-wrenching, existential struggle for a very long time. People on every continent have stood in your shoes, through decades and centuries before you. The truth does not change, and that is why the answers worked out long ago can help you find solutions to the challenges of our time.

John Robert Lewis (February 21, 1940 – July 17, 2020), in the New York Times of July 30, 2020

Ignoring the history you don’t like is not a victimless act, and a history of America that ignores white supremacy is a white supremacist’s history of America. Which matters, because while it might seem obvious history isn’t over yet. It’s still being written.

John Oliver, on in the video “Last Week Tonight” of August 2, 2020 on YouTube

It had been a while, many years actually, since I needed the Windows equivalent of “touch“. You don’t know that command? All it does is change to modification date and time of a file (or a series of files) to the current date and time of the computer. I used to turn to the Cygwin toolkit to get things done, in the days when corporate Windows PC’s weren’t so closed off and you could install your own tools.

Luckily for me there is an equivalent in Windows, on the command line. You can use this somewhat strange command to get the same result:

copy /b filename.ext +,,

Yes, that’s a plus sign followed by two commas at the end. I’m writing it up here because I know I won’t remember that correctly in a few days!

92% would be a good exam result for any student, but when it comes to solar electricity production I like to see numbers above 100% – especially in what are supposed to be the sunniest months of the year. But the Royal Meteorological Institute (in Dutch) tells us that July 2020 was a bit less warm than normal, had a bit less sunshine than normal, and had less rain than normal (normal being defined as the average since 1981). In fact, July 2020 only had a single day with non-stop clear blue skies. Since we’re going to have a real heat wave the coming days, I hope we’ll see some more “perfectly sunny days” in August.

Composer James Beckwith has been at work with the COVID-19 infection and mortality numbers. You could say that he lets the virus play a tune – and it’s not a pretty melody. Let this be a warning to all those who think that the epidemic is gone, or the virus weakened: the numbers are not getting better after June (even if that might seem to be the case in your little corner of the world)!

I hope James can provide one or more updated versions in the future.

Charlie Arehart is a well-known ColdFusion specialist. Two days ago, he wrote a blog post explaining why one should be careful about securing ColdFusion Archive (CAR) files. The Adobe ColdFusion team isn’t very explicit about the issue, telling us in small print that we should delete those files after using them – but does not explain why we should do so. So Charlie explains it in great detail – if you work with Adobe ColdFusion, you should check out his blog.

Now Charlie only mentions versions 2016 and 2018 of ColdFusion, and I know that there are still developers around that work with older versions – actually, I’m one of those: ColdFusion 11 is what I support (and occasionally develop for) since 2015. I have been using  .car files for installing CF servers, and I had already been looking at what they contained. But I had never seen the ‘seed’ and ‘algorithm’ strings Charlie writes about, but I could have overlooked them. So I went in again today, to verify things.

I can confirm that .car files created in CF11 do NOT contain those strings. But before you start celebrating, I must warn you that this probably means that the situation is even worse than for more recent versions. Because CF11 will write (encrypted) passwords into a .car file, and yes: those files can be used to reconfigure another server, passwords included ! Which probably means that all CF11 runtimes use the same seed and algorithm, rendering  CF11.car files containing passwords even more insecure than later versions

I did not know about all this until yesterday, but I seem to have circumvented the problem: I wrote an application to install datasource definitions on the servers rather than use CAR files. That offers multiple advantages: the code  (and hence the definitions) is under version control, and can only be accessed by authorized users; we have different definitions for different environments; etc. And the.car files I do use have no passwords in them – whew!

But it’s clear that it pays take this issue into account as a ColdFusion developer or administrator, whatever solution you choose (and Charlie has a few propositions).