Cross-reading #2


Abstract

Cross-reading is a series in which I present articles that I have read in the last few days and which might be interesting for you as well.

Hackers use Google Analytics to steal credit cards (bleepingcomputer.com)

Typically, a digital skimmer (aka Magecart1) runs on dodgy servers in tax havens, and its location reveals its nefarious intent. But when a skimming campaign runs entirely on trusted Google servers, very few security systems will flag it as suspicious.

Journalist’s phone hacked by new ‘invisible’ technique: All he had to do was visit one website. Any website (thestar.com)

Forensic evidence gathered by Amnesty International on Radi’s phone shows that it was infected by “network injection,” a fully automated method where an attacker intercepts a cellular signal when it makes a request to visit a website.

Analysis of SwissCovid [PDF] (lasec.epfl.ch)

Besides, one author of this report was suggested by EPFL2 to correct some “incorrect” statements in the (unpublished at that time) report. For transparency, we decided to let the report as is and to augment it with this addendum.

The Pragmatic Engineer’s Developer Culture Test (blog.pragmaticengineer.com)

With this, I give you the Developer Culture Test: 3 areas with 5 questions each for a healthy organization, where developers thrive. In my experience, any tech company you’d call decent company should have the 3 basic points nailed, and cover at least 4 out of the 5 points in each area.

How Web Accessibility Works (blog.segunolalive.com)

Just as browsers generate the DOM3 and CSSOM4, they also generate an Accessibility Object Model. The AOM5 is a tree data structure similar to the Document Object Model (DOM) but for accessibility information.

Is WebP really better than JPEG? (siipo.la)

In any case, when converting images to WebP6, check that they are actually smaller than the JPEG7 equivalent. There’s no need to serve larger images to your users than needed.

The Return of the 90s Web (mxb.dev)

When I look at some of the trends on the web today, I wonder if we’re at that point yet. I wonder if we’re ready to revisit some of the ideas of the early web again.

Blogging is one of the best ways of learning (matuzo.at)

I’ve learned so much more in the last 4-5 years compared to the years before, just because I wrote and talked about the topics that interested me and not about things I already knew.

Cat sitting on keyboard crashes lightdm (bugs.launchpad.net)

Locked screen to go to lunch, upon return from lunch cat was sitting on keyboard, login screen was frozen & unresponsive. To replicate: In unity hit ctrl-alt-l, place keyboard on chair. Sit on keyboard.

An Intro to Compilers (nicoleorchard.com)

How to Speak to Computers, Pre-Siri

  1. Magecart is software used by a range of hacking groups for injecting malicious code into ecommerce sites to steal payment details. — Wikipedia
  2. École polytechnique fédérale de Lausanne
  3. The Document Object Model (DOM) is a cross-platform and language-independent interface that treats an XML or HTML document as a tree structure wherein each node is an object representing a part of the document. — Wikipedia
  4. The CSS Object Model is a set of APIs allowing the manipulation of CSS from JavaScript. It is much like the DOM, but for the CSS rather than the HTML. It allows users to read and modify CSS style dynamically. — MDN web docs
  5. This effort aims to create a JavaScript API to allow developers to modify (and eventually explore) the accessibility tree for an HTML page. — https://wicg.github.io/aom/
  6. WebP is an image format employing both lossy and lossless compression. It is currently developed by Google, based on technology acquired with the purchase of On2 Technologies. — Wikipedia
  7. JPEG is a commonly used method of lossy compression for digital images, particularly for those images produced by digital photography. — Wikipedia