Interesting bits this week(07/16/2017)

There has been a lot happening in the world this week. Some of them good and some bad. Here are some that are interesting. These are various bits of blogs, posts etc. I came across this week. I wish I had published them, but I did not.

Learn to read code

A neat post about why the ability to read code is directly related to your productivity, especially in the long term.

How Torch broke ls and made me vulnerable (or the hidden dangers of LD_LIBRARY_PATH)

Installing Torch broke the authors system because of the way ld.so interprets LD_LIBRARY_PATH. Two points to note are:

  • If your LD_LIBRARY_PATH was empty, installing Torch will result in an extra colon at the end of the path
  • If your path ends with a colon, ld.so will add your current working directory to path

This behavior can lead to unexpected problems since ld.so may end up loading wrong libc.so etc. from current working directory. This is a severe security hazard.

Malware Uses Obscure Intel CPU Feature to Steal Data and Avoid Firewalls

A hardware feature built for remote management of large networks bypasses OS network stack, making it invisible to firewalls. The technology is Intel’s Active Management Technology (AMT) Serial-over-LAN (SOL). Points to note are:

  • Intel AMT SOL runs on a separate processor embedded with CPU
  • Intel AMT SOL runs on its own OS and network stack
  • It is running even when the computer is powered off!
  • This feature is disabled by default on all Intel CPUs making it an explicit choice to turn it on