04.28.2024 - By Allen Underwood, Michael Outlaw, Joe Zack
In this episode Joe introduces us to more security items you should be aware of in the world of CWE’s, Michael bends to the will of Joe and Allen in his favorite portion of the show, and Allen pontificates on the time spent setting up IDE’s and environments.
Reviews – Thank You!
iTunes: Vlad Bezden, Mom in VA, Make1977
Spotify: chutney3000, Xuraith
Upcoming Events
Atlanta Dev Con
September 7th, 2024
https://www.atldevcon.com/
Topics
Open Telemetry
The backend matters
https://opentelemetry.io/ecosystem/integrations/
Some backends are more fully featured than others
Splunk Trace Analyzer
https://docs.splunk.com/observability/en/apm/apm-spans-traces/trace-analyzer.html
Google Trace Explorer
https://cloud.google.com/trace/docs/finding-traces
Azure OTel Guide
https://learn.microsoft.com/en-us/azure/azure-monitor/app/opentelemetry-enable?tabs=aspnetcore
AWS OTel Information
https://aws.amazon.com/otel/
The processor can decouple you
https://opentelemetry.io/docs/collector/configuration/#processors
CNCF – Cloud Native Computing Foundation
If you’re working in a cloud environment, you should know the projects here
https://www.cncf.io/projects/
Super cool visualization tool for the projects
https://landscape.cncf.io/
Llama 3 – the next version of Meta’s AI engine
“Now available with both 8B and 70B pretrained and instruction-tuned versions to support a wide range of applications”
https://llama.meta.com/llama3/
Environmental concerns over the processing required for AI
Power requirements for processing some of the LLM’s
https://www.nnlabs.org/power-requirements-of-large-language-models/
The Microsoft underwater datacenter
https://news.microsoft.com/source/features/sustainability/project-natick-underwater-datacenter/
Setting up IDE’s and environments
IDE vs old school debugging
Setup can require a significant amount of time
Is it worth it?
What if you’re just working on a bug?
Security Resources
What’s the difference between CWE and OWASP?
CWE (Common Weakness Enumeration) is a community-developed list of common software and hardware weaknesses.
It’s similar to OWASP, but older (1999 vs 2001) and more general – including non web apps and (more recently) hardware
The infamous “NVD” database links CVE (Common Vulnerabilities and Exposures) to CWE
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
https://cwe.mitre.org/top25/archive/2023/2023_trends.html
Tips
Pre-warning – probably wouldn’t recommend installing this!
Saw a cool Windows utility called “Windrecorder” that records video and text from your desktop, and lets you rewind and search.
Uses ffmpeg to record screen into small 15-minute fragment files
Search(by window titles, text keywords, or descriptions of images)
Everything happens should only on your computer
Cons: No instant rewind (have to be out of the window), Storage is unencrypted, Not much LLM / ML fancy stuff…and security
https://tonoko.notion.site/I-made-an-open-source-app-to-rewind-search-everything-happened-on-your-screen-on-Windows-184d1a9d5edb494dba0c2f46d311ec5c
https://github.com/yuka-friends/Windrecorder
MacOS’s Spotlight is more powerful than you maybe knew
https://www.intego.com/mac-security-blog/spotlight-secrets-15-ways-to-use-spotlight-on-your-mac/
https://beebom.com/spotlight-tips-tricks/
If you’re grep command isn’t working like you thought it should, you might be a victim of content getting kicked out of the buffer
grep --line-buffered
iOS – get text from images
https://support.apple.com/guide/iphone/use-live-text-iphcf0b71b0e/ios