SN 818: News From the Darkside

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

Steve got the time line for the Exim exploits wrong. He said that Qualys did the review 2 months ago.

According to the reports I read, the contacted the Exim team in October and worked closely with them through to March in secret, then, once the patches were finished, they contacted the key distributions to coordinate the release of the patches.

Then they announced their findings publicly last week.

1 Like

One thing that got me, at the end of the show, was the “planned” electricity outages. Steve mentioned those off the cuff, as if that is something normal.

I think I’ve had a 2 hour planned outage in the last 30 years. Certainly the last regular, “planned” outages were back in the 70s during the industrial action by the coal miners unions in the UK.

Other than the odd unplanned outage (every 3 or 4 years or so), I can’t remember the last unplanned outage, I think that might have been around 2012 or 2014, when they replaced a back-bone cable in our area, we had no power for about 4 hours.

Are outages more common in America?

I assume he was referring to public safety shutoffs, which is one of PG&E’s responses to wildfires in CA.

I’ve not checked the stats, but after working in both US and European electricity industries the impression I got was there were more unplanned outages in the US too. It’s a large, old transmission and distribution network, regulation is complex, lots of it is overground and the US has big weather events (hurricanes, NE winter storms etc.)

https://www.pge.com/en_US/residential/outages/public-safety-power-shuttoff/learn-about-psps.page?WT.mc_id=Vanity_psps

1 Like

Yes, I would say power outages are very common in the US. Whether it be bad weather, car accidents involving utility poles, or over usage to cause brownouts.
It’s also not uncommon (at least where I live) to go without power for days sometimes even weeks if it’s due to winter weather.

1 Like

Wow, that is amazing, I had no idea it was so bad. I think the worst I’ve had to put up with is 4 hours without power and 2 days without broadband (a builder dug through the main cable into the town! We had a workaround after 2 days, with 2mbps, after a week, we were back up with the usual speeds.

In total, we’ve probably had 3 incidents of less than an hour and the 4 hour, planned outage since I moved to Germany, 20 years ago

We recently had unseasonable ice storms here that were snapping trees like toothpicks and that also leads to power lines getting hit by the falling branches/trees along with the ones that just can’t bear the weight of the ice.
Anyways, power went out on a Wednesday and was out for a little over 2 weeks. Thankfully I have a backup generator so we still had essentials and heat. It is very common here for people to at least have a gas generator just incase

1 Like

I am not surprised that every week we hear so many security issues. You would think that problems with DNS and SMTP would have been addressed over so many years, but as was mentioned in a show about exim, though DNS is sort of the same … is that there are so many of the instances of older software running out there.
Also I wanted to mention about Google discussion. I believe that Leo @Leo was correct when talking about the prompts ( similar to some other solutions out there). What I wanted to add, which could be what the google guy meant is this. Google had multiple way to do 2FA for a while including but not limited to Google Authenticator, security keys and prompts. For a while when they came up with the prompts, I don’t think it was compatible with other options. I assume they would want to make prompts default way once 2FA is enabled, as it convenient and can be used on multiple devices ( not just one ) , if you have multiple devices registered under the same google account ( unlike some other solutions ).

I think Hippolyte Fizeau is related to something within the podcast. :wink:

Moderator note: I put spoiler tags on your post.

1 Like

Re: the car cartoon. Back in the late 1970s, MIT had some Selectric computer terminals that were used to log into MULTICS and the IBM mainframe computer. I remember they ran at 134.5 baud – which I confirmed in the Wikipedia article. Why do we remember things like that? It was faster than the old ASR 33 (110 baud) but far slower then the zippy little DEC LA 36 terminals (300 baud). That’s 11, 13, and 30 characters per second on those 3 terminals, and we were happy with those speeds. The old ARPANET machine MIT-AI didn’t even require passwords – anybody could log in as RMS. Those were the days.

Now the joke (spoiler mask for those who haven’t seen the cartoon): as I recall, those Selectric terminals had a black/red ribbon – and there was some code for the computer to shift the ink to red. This led to the joke: “Any terminal that can red-shift [the ink ribbon] is mighty fast.” Funny at the time; I guess you had to be there.

I also loved the discussion about that cartoon on Reddit. Someone there noted Terrell rotation, something I had never heard of before. It describes how the relativistic shifts would look if someone observed them. Fascinating!